Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x CISCO sur FNAC.COM

 

 

Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
 
Click the links on the left to view the individual chapters in HTML format.


Voir également d'autres Guide CISCO :

Cisco-Security-Appliance-Command-Line-ASA-5500-version-7-2

Cisco-Introduction-to-the-Security-Appliance

Cisco-ASR-9000-Series-Aggregation-Configuration-Guide-Release-4-2-x

Cisco-IOS-XR-Carrier-Grade-NAT-Configuration-Guide-for-the-Cisco-CRS-Router-Release-4-2-x

Cisco-ASR-9000-Series-Aggregation-Services-Router-Interface-and-Hardware-Component-Configuration-Guide-Release-4-2-x

Cisco-ASR-9000-Series-Aggregation-Services-Router-IP-Addresses-and-Services-Configuration-Guide-Release-4-2-x

Cisco-ASR-9000-Series-Aggregation-Services-Router-L2VPN-et-services-Ethernet-Configuration-Guide-version-4-2-x

Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-26127-02© 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S P r e f a c e Preface v Changes to this Document v Obtaining Documentation and Submitting a Service Request v C H A P T E R 1 Configuring NetFlow 1 Prerequisites for Configuring NetFlow 2 Restrictions for Configuring NetFlow 2 Information About Configuring NetFlow 2 NetFlow Overview 2 Monitor Map Overview 3 Sampler Map Overview 3 Exporter Map Overview 3 NetFlow Configuration Submodes 4 Flow Exporter Map Configuration Submode 5 Flow Exporter Map Version Configuration Submode 5 Flow Monitor Map Configuration Submode 6 Sampler Map Configuration Submode 6 Enabling the NetFlow BGP Data Export Function 6 MPLS Flow Monitor with IPv4 and IPv6 Support 7 MPLS Cache Reorganization to Support Both IPv4 and IPv6 7 MPLS Packets with IPv6 Flows 7 Destination-based NetFlow Accounting 8 How to Configure NetFlow on Cisco IOS XR Software 9 Configuring an Exporter Map 9 Configuring a Sampler Map 12 Configuring a Monitor Map 14 Applying a Monitor Map and a Sampler Map to an Interface 18 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 iiiClearing NetFlow Data 19 Configuring NetFlow Collection of MPLS Packets with IPv6 Fields 20 Configuring Destination-based NetFlow Accounting 25 Trident Netflow 27 Supported features 27 Punt path policer rate 27 Calculating Punt path policer rate 27 Trident base line cards supported features 28 Configuration Examples for NetFlow 28 Sampler Map: Example 28 Exporter Map: Example 28 Flow Monitor Map: Examples 29 MPLS Flow Monitor with IPv4 and IPv6 Support: Examples 30 Destination-based NetFlow Accounting: Example 30 Additional References 31 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x iv OL-26127-02 ContentsPreface This guide describes the Cisco IOS XR Netflow configurations. The preface for the Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration guide contains the following sections • Changes to this Document, page v • Obtaining Documentation and Submitting a Service Request, page v Changes to this Document This table lists the changes made to this document since it was first printed Revision Date Change Summary Republished with documentation updates for Cisco IOS XR Release 4.2.1 OL-26127-02 June 2012 OL-26127-01 December 2011 Initial release of this document. Obtaining Documentation and Submitting a Service Request For information on obtaining documentation,submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 v Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x vi OL-26127-02 Preface Obtaining Documentation and Submitting a Service RequestC H A P T E R 1 Configuring NetFlow This module describes the configuration of NetFlow . A NetFlow flow is a unidirectional sequence of packets that arrive on a single interface (or subinterface), and have the same values for key fields. NetFlow is useful for the following: • Accounting/Billing—NetFlow data provides fine grained metering for highly flexible and detailed resource utilization accounting. • Network Planning and Analysis—NetFlow data provides key information forstrategic network planning. • Network Monitoring—NetFlow data enables near real-time network monitoring capabilities. Feature History for Configuring NetFlow Release Modification Release 3.9.1 This feature was introduced. Release 4.0.0 IPv6 Sampled NetFlow feature was introduced. Release 4.2.0 Destination-based Netflow Accounting feature was introduced. This module includes the following sections: • Prerequisites for Configuring NetFlow, page 2 • Restrictions for Configuring NetFlow, page 2 • Information About Configuring NetFlow, page 2 • How to Configure NetFlow on Cisco IOS XR Software, page 9 • Configuration Examples for NetFlow, page 28 • Additional References, page 31 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 1Prerequisites for Configuring NetFlow To perform these configuration tasks, your Cisco IOS XR software system administrator must assign you to a user group associated with a task group that includes the corresponding command task IDs. If you need assistance with your task group assignment, contact your system administrator. Restrictions for Configuring NetFlow Consider the following restrictions when configuring NetFlow in Cisco IOS XR software: • You must configure a source interface. If you do not configure a source interface, the exporter will remain in a disabled state. • Supports export format Version 9 only. • You must configure a valid record map name for every flow monitor map. We recommend that you do not use the management interface to export NetFlow packets. Exporting the management interface does not work efficiently. Tip Information About Configuring NetFlow To implement NetFlow, you must understand the following concepts: NetFlow Overview A flow is exported as part of a NetFlow export User Datagram Protocol (UDP) datagram under the following circumstances: • The flow has been inactive or active for too long. • The flow cache is getting full. • One of the counters (packets and or bytes) has wrapped. • The user forces the flow to export. NetFlow export UDP datagrams are sent to an external flow collector device that provides NetFlow export data filtering and aggregation. The export of data consists of expired flows and control information. The NetFlow infrastructure is based on the configuration and use of the following maps: • Monitor map • Sampler map • Exporter map Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 2 OL-26127-02 Configuring NetFlow Prerequisites for Configuring NetFlowThese maps are described in the sections that follow. Monitor Map Overview A monitor map contains name references to the flow record map and flow exporter map. Monitor maps are applied to an interface. You can configure the following monitor map attributes: • Number of entries in the flow cache • Type of cache (permanent or normal). Permanent caches do not have their entries removed from the cache unless they are explicitly cleared by the user • Active flow timeout • Inactive flow timeout • Update timeout • Default timeouts • Record type of packets sampled and collected The record name specifiesthe type of packetsthat NetFlow samples asthey passthrough the router. Currently, MPLS, IPv4, and IPv6 packet sampling is supported. Note The active flow and inactive flow timeouts are associated with a normal cache type. The update timeout is associated with the permanent cache type. Note Sampler Map Overview The sampler map specifies the rate at which packets (one out of n packets) are sampled. On high bandwidth interfaces, applying NetFlow processing to every single packet can result in significant CPU utilization. Sampler map configuration is typically geared towards such high speed interfaces. The Policer rate is based on the network processor (NP). If netflow is applied on 1 NP, the aggregated maximum flow packet processing rate per line card (LC) is 100k flow packets per second (irrespective of the direction and the number of interface netflow that is applied in that NP). However, depending on the Netflow monitor configuration distribution among NPs in an LC, policing of flow packet can take effect with an aggregated rate that is less than 100k. For example, if Netflow is applied to 1 interface per NP in a 4 NP LC, then the Policer rate per NP is 25K packets per second. Exporter Map Overview An exporter map contains user network specification and transport layer detailsfor the NetFlow export packet. The flow exporter-map command allows you to configure collector and version attributes. You can configure the following collector information: Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 3 Configuring NetFlow Monitor Map Overview• Export destination IP address • DSCP value for export packet • Source interface • UDP port number (This is where the collector is listening for NetFlow packets.) • Transport protocol for export packets Note In Cisco IOS XR Software, UDP is the only supported transport protocol for export packets. NetFlow export packets use the IP address that is assigned to the source interface. If the source interface does not have an IP address assigned to it, the exporter will be inactive. Note You can also configure the following export version attributes: • Template timeout • Template data timeout • Template options timeout • Interface table timeout • Sampler table timeout Note A single flow monitor map can support up to eight exporters. NetFlow Configuration Submodes In Cisco IOS XR Software, NetFlow map configuration takes place in map-specific submodes. Cisco IOS XR Software supports the following NetFlow map configuration submodes: The Cisco IOS XR Software allows you to issue most commands available under submodes as one single command string from global configuration mode. For example, you can issue the record ipv4 command from the flow monitor map configuration submode as follows: Note RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm RP/0/RSP0/CPU0:router(config-fmm)# record ipv4 Alternatively, you can issue the same command from global configuration mode, as shown in the following example: RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm record ipv4 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 4 OL-26127-02 Configuring NetFlow NetFlow Configuration SubmodesFlow Exporter Map Configuration Submode When you issue the flow exporter-map fem-name command in global configuration mode, the command-line interface (CLI) prompt changes to “config-fem,” indicating that you have entered the flow exporter map configuration submode. In the following sample output, the question mark (?) online help function displays all the commands available under the flow exporter map configuration submode: RP/0/RSP0/CPU0:router(config)# flow exporter-map fem RP/0/RSP0/CPU0:router(config-fem)# ? clear Clear the uncommitted configuration clear Clear the configuration commit Commit the configuration changes to running describe Describe a command without taking real actions destination Export destination configuration do Run an exec command dscp Specify DSCP value for export packets exit Exit from this submode no Negate a command or set its defaults pwd Commands used to reach current submode root Exit to the global configuration mode show Show contents of configuration source Source interface transport Specify the transport protocol for export packets version Specify export version parameters Note If you enter the version command, you enter the flow exporter map version configuration submode. Note A single flow monitor map can support up to eight exporters. Flow Exporter Map Version Configuration Submode When you issue the version v9 command in the flow exporter map configuration submode, the CLI prompt changes to “config-fem-ver,” indicating that you have entered the flow exporter map version configuration submode. In the following sample output, the question mark (?) online help function displays all the commands available under the flow exporter map version configuration submode: RP/0/RSP0/CPU0:router(config-fem)# version v9 RP/0/RSP0/CPU0:router(config-fem-ver)# ? commit Commit the configuration changes to running describe Describe a command without taking real actions do Run an exec command exit Exit from this submode no Negate a command or set its defaults options Specify export of options template show Show contents of configuration template Specify template export parameters Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 5 Configuring NetFlow NetFlow Configuration SubmodesFlow Monitor Map Configuration Submode When you issue the flow monitor-map map_name command in global configuration mode, the CLI prompt changes to “config-fmm,” indicating that you have entered the flow monitor map configuration submode. In the following sample output, the question mark (?) online help function displays all the commands available under the flow monitor map configuration submode: RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm RP/0/RSP0/CPU0:router(config-fmm)# ? cache Specify flow cache attributes commit Commit the configuration changes to running describe Describe a command without taking real actions do Run an exec command exit Exit from this submode exporter Specify flow exporter map name no Negate a command or set its defaults record Specify a flow record map name show Show contents of configuration Sampler Map Configuration Submode When you issue the sampler-map map_name command in global configuration mode, the CLI prompt changes to “config-sm,” indicating that you have entered the sampler map configuration submode. In the following sample output, the question mark (?) online help function displays all the commands available under the sampler map configuration submode: RP/0/RSP0/CPU0(config)# sampler-map fmm RP/0/RSP0/CPU0:router(config-sm)# ? clear Clear the uncommitted configuration clear Clear the configuration commit Commit the configuration changes to running describe Describe a command without taking real actions do Run an exec command exit Exit from this submode no Negate a command or set its defaults pwd Commands used to reach current submode random Use random mode for sampling packets root Exit to the global configuration mode show Show contents of configuration RP/0/RSP0/CPU0(config-sm)#RP/0/RP0/CP0:router(config-sm)# Enabling the NetFlow BGP Data Export Function Use the bgp attribute-download command to enable NetFlow BGP routing attribute collection. The routing attributes are then exported. When no routing attributes are collected, zeroes (0) are exported. When BGP attribute download is enabled, BGP downloads the attribute information for prefixes (community, extended community, and as-path) to the Routing Information Base (RIB) and Forwarding Information Base (FIB). This enables FIB to associate the prefixes with attributes and send the NetFlow statistics along with the associated attributes. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 6 OL-26127-02 Configuring NetFlow NetFlow Configuration SubmodesMPLS Flow Monitor with IPv4 and IPv6 Support Cisco IOS XR Software supports the NetFlow collection of MPLS packets. It also supports the NetFlow collection of MPLS packets carrying IPv4, IPv6, or both IPv4 and IPv6 payloads. MPLS Cache Reorganization to Support Both IPv4 and IPv6 In Cisco IOS XR Software, at a time, you can have only one MPLS flow monitor running on an interface. If you apply an additional MPLS flow monitor to the interface, the new flow monitor overwrites the existing one. At a time, you can apply only one flow monitor on an interface per direction. You can apply either the same flow monitor to an interface in both directions, or each direction can have its own flow monitor. You can configure the MPLS flow monitor to collect IPv4 fields, IPv6 fields, or IPv4-IPv6 fields. IPv4-IPv6 configuration collects both IPv4 and IPv6 addresses using one MPLS flow monitor. IPv4 configuration collects only IPv4 addresses. IPv6 configuration collects only IPv6 addresses. The MPLS flow monitor supports up to 1,000,000 cache entries. NetFlow entries include the following types of fields: • IPv4 fields • IPv6 fields • MPLS with IPv4 fields • MPLS with IPv6 fields The maximum number of bytes per NetFlow cache entry is as follows: • IPv4–88 bytes per entry • MPLS–88 bytes per entry • IPv6–108 bytes per entry • MPLS with IPv4 fields–108 bytes per entry • MPLS with IPv6 fields–128 bytes per entry The different types of NetFlow entries are stored in separate caches. Consequently, the number of NetFlow entries on a line card can significantly impact the amount of available memory on the line card. Also, even though the sampling rate for IPv6 is the same as the sampling rate for IPv4, the CPU utilization for IPv6 is higher due to the longer keys used by the IPv6 fields. Note MPLS Packets with IPv6 Flows The collection of IPv6 flows in MPLS packets is an option. The CPU uses 128 bytes for each IPv6 field. IPv6 flows may contain the following types of information: • Source IP address Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 7 Configuring NetFlow MPLS Flow Monitor with IPv4 and IPv6 Support• Destination IP address • Traffic class value • Layer 4 protocol number • Layer 4 source port number • Layer 4 destination port number • Flow ID • Header option mask To collect the IPv6 fields in MPLS packets, you must activate the MPLS record type, ipv6-fields by running the record mpls ipv6-fields command. You can also specify the number of labels to be used for aggregation with this command. Destination-based NetFlow Accounting Destination-based NetFlow accounting (DBA) is a usage-based billing application that tracks and records traffic according to its destination and enables service providers to do destination-specific accounting and billing. The destination-based NetFlow accounting record includes the destination peer autonomous system (AS) number and the BGP next-hop IP address. DBA is supported on ASR9000 Gigabit Ethernet and ASR9000 Enhanced Gigabit Ethernet linecards. In destination-based NetFlow accounting, the following fields are collected and exported: • Destination peer AS number • BGP next-hop IP address • Ingress interface • Egress interface • Forwarding status • Incoming IPv4 TOS • Counter of packets in the flow • Counter of bytes in the flow • Timestamp for the first and last packets in the flow Destination-based NetFlow accounting supports the following features: • Only IPv4 addresses • Configuration on physical interfaces, bundle interfaces, and logical subinterfaces • IPv4 unicast and multicast traffic • Only ingress traffic • Only full mode NetFlow • NetFlow export format Version 9 over User Datagram Protocols (UDPs) Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 8 OL-26127-02 Configuring NetFlow Destination-based NetFlow AccountingDestination-based NetFlow accounting does not support the following features : • IPv6 addresses • MPLS IPv4 and IPv6 • Configuration for individual Modular QoS Command-Line Interface (MQC) classes • Simultaneous configuration of destination-based NetFlow accounting with IPv4 sampled NetFlow on the same interface, in the same direction. • Layer 2 switched MPLS traffic • Egress traffic • Sampled mode NetFlow • NetFlow export formats version 5, version 8, IP Flow Information Export (IPFIX), or Stream Control Transmission Protocol (SCTP). How to Configure NetFlow on Cisco IOS XR Software The steps that follow provide a general overview of NetFlow configuration: SUMMARY STEPS 1. Create and configure an exporter map. 2. Create and configure a monitor map and a sampler map. 3. Apply the monitor map and sampler map to an interface. DETAILED STEPS Step 1 Create and configure an exporter map. Step 2 Create and configure a monitor map and a sampler map. The monitor map must reference the exporter map you created in Step 1. If you do not apply an exporter-map to the monitor-map, the flow records are not exported, and aging is done according to the cache parameters specified in the monitor-map. Note Step 3 Apply the monitor map and sampler map to an interface. These steps are described in detail in the following sections: Configuring an Exporter Map Configure an exporter map and apply it to the monitor map with the flow monitor-map map_name exporter map_name command. You can configure the exporter map prior to configuring the monitor map, or you can configure the monitor map first and then configure and apply an exporter map later on. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 9 Configuring NetFlow How to Configure NetFlow on Cisco IOS XR SoftwareNote Cisco IOS XR Software supports the configuration of a single collector only in the exporter map. The steps that follow describe how to create and configure an exporter map. SUMMARY STEPS 1. configure 2. flow exporter-map map_name 3. destination hostname_or_IP_address 4. dscp dscp_value 5. source type interface-path-id 6. transport udp port 7. version v9 8. options {interface-table | sampler-table} [timeout seconds] 9. template [data | options] timeout seconds 10. Use one of these commands: • end • commit 11. exit 12. exit 13. show flow exporter-map map_name DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Creates an exporter map, configures the exporter map name, and enters flow exporter map configuration mode. flow exporter-map map_name Example: RP/0/RSP0/CPU0:router(config)# flow exporter-map fem Step 2 Configures the export destination for the flow exporter map. The destination can be a hostname or an IP address. destination hostname_or_IP_address Example: RP/0/RSP0/CPU0:router(config-fem)# destination nnn.nnn.nnn.nnn Step 3 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 10 OL-26127-02 Configuring NetFlow Configuring an Exporter MapCommand or Action Purpose (Optional) Specifies the differentiated services codepoint (DSCP) value for export packets. Replace the dscp_value argument with a value in the range from 0 through 63. dscp dscp_value Example: RP/0/RSP0/CPU0:router(config-fem)# dscp 55 Step 4 source type interface-path-id Specifies a source interface, in the format type interface-path-id. Example: RP/0/RSP0/CPU0:router(config-fem)# source gigabitEthernet 0/0/0/0 Step 5 (Optional) Specifiesthe destination port for UDP packets. Replace port with the destination UDP port value, in the range from 1024 through 65535. transport udp port Example: RP/0/RSP0/CPU0:router(config-fem)# transport udp 9991 Step 6 (Optional) Enters flow exporter map version configuration submode. version v9 Example: RP/0/RSP0/CPU0:router(config-fem-ver)# version v9 Step 7 (Optional) Configures the export timeout value for the sampler table. Replace seconds with the export timeout value, in the range from 1 through 604800 seconds. options {interface-table | sampler-table} [timeout seconds] Example: RP/0/RSP0/CPU0:router(config-fem-ver)# options sampler-table timeout 2000 Step 8 Default is 1800 seconds. (Optional) Configures the export period for data packets. Replace seconds with the export timeout value, in the range from 1 through 604800 seconds. template [data | options] timeout seconds Example: RP/0/RSP0/CPU0:router(config-fem-ver)# template data timeout 10000 Step 9 Step 10 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 11 Configuring NetFlow Configuring an Exporter MapCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. exit Exits flow exporter map version configuration submode. Example: RP/0/RSP0/CPU0:router(config-fem-ver)# exit Step 11 exit Enters EXEC mode. Example: RP/0/RSP0/CPU0:router(config)# exit Step 12 show flow exporter-map map_name Displays exporter map data. Example: RP/0/RSP0/CPU0:router# show flow exporter-map fem Step 13 Configuring a Sampler Map The steps that follow describe how to create and configure a sampler map. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 12 OL-26127-02 Configuring NetFlow Configuring a Sampler MapSUMMARY STEPS 1. configure 2. sampler-map map_name 3. random 1 out-of sampling_interval 4. Use one of these commands: • end • commit 5. exit 6. exit 7. show sampler-map map_name DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router configure Step 1 Step 2 sampler-map map_name Creates a sampler map and enters sampler map configuration mode. Example: RP/0/RSP0/CPU0:router(config)# Keep the following in mind when configuring a sampler map: • • sampler-map sm RP/0/RSP0/CPU0:router(config-sm)# Configures the sampling interval to use random mode for sampling packets. Replace the sampling_interval argument with a number, in the range from 1 through 65535 units. random 1 out-of sampling_interval Example: RP/0/RSP0/CPU0:router(config-sm)# random 1 out-of 65535 Step 3 Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 13 Configuring NetFlow Configuring a Sampler MapCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Exits sampler map configuration mode and enters global configuration mode. exit Example: RP/0/RSP0/CPU0:router(config-sm)# exit Step 5 exit Exits global configuration mode and enters EXEC mode. Example: RP/0/RSP0/CPU0:router(config)# exit Step 6 show sampler-map map_name Displays sampler map data. Example: RP/0/RSP0/CPU0:router# show sampler-map fsm Step 7 Configuring a Monitor Map The steps that follow describe how to create and configure a monitor map. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 14 OL-26127-02 Configuring NetFlow Configuring a Monitor MapSUMMARY STEPS 1. configure 2. flow monitor-map map_name 3. Do one of the following: • record ipv4 • record ipv4 [peer as] • record ipv6 • record mpls [labels number] • record mpls [ipv4-fields] [labels number] • record mpls [ipv6-fields] [labels number] • record mpls [ipv4-ipv6-fields] [labels number] 4. cache entries number 5. cache permanent 6. cache timeout {active timeout_value | inactive timeout_value | update timeout_value} 7. exporter map_name 8. Use one of these commands: • end • commit 9. exit 10. exit 11. show flow monitor-map map_name DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Creates a monitor map and configures a monitor map name and entersflow monitor map configuration submode. flow monitor-map map_name Example: RP/0/RSP0/CPU0:router(config)# flow Step 2 monitor-map fmm RP/0/RSP0/CPU0:router(config-fmm)# Step 3 Do one of the following: Configures the flow record map name for IPv4, IPv6, or MPLS. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 15 Configuring NetFlow Configuring a Monitor MapCommand or Action Purpose • Use the record ipv4 command to configure the flow record map name for IPv4. By default, you collect and export the originating autonomous system (AS) numbers. • record ipv4 • record ipv4 [peer as] • record ipv6 • Use the record ipv4 [peer as] command to record peer AS. Here, you collect and export the peer AS numbers. • record mpls [labels number] • record mpls [ipv4-fields] [labels number] Ensure that the bgp attribute-download command is configured. Else, no AS is collected when the record ipv4 [peer-as] command is configured. Note • record mpls [ipv6-fields] [labels number] • Use the record ipv6 command to configure the flow record map name for IPv6. • record mpls [ipv4-ipv6-fields] [labels number] • Use the record mpls labels command with the number argument to specify the number of labels that you want to aggregate. By default, Example: RP/0/RSP0/CPU0:router(config-fmm)# record ipv4 MPLS-aware NetFlow aggregates the top six labels of the MPLS label stack. The maximum value is 6. • Use the record mpls ipv4-fields command to collect IPv4 fields in the MPLS-aware NetFlow. • Use the record mpls ipv6-fields command to collect IPV6 fields in the MPLS-aware NetFlow. • Use the record mpls ipv4-ipv6-fields command to collect IPv4 and IPv6 fields in the MPLS-aware NetFlow. (Optional) Configures the number of entries in the flow cache. Replace the number argument with the number of flow entries allowed in the flow cache, in the range from 4096 through 1000000. cache entries number Example: RP/0/RSP0/CPU0:router(config-fmm)# cache entries 10000 Step 4 The default number of cache entries is 65535. cache permanent (Optional) Disables removal of entries from flow cache. Example: RP/0/RSP0/CPU0:router(config-fmm)# flow monitor-map fmm cache permanent Step 5 (Optional) Configures the active, inactive, or update flow cache timeout value. cache timeout {active timeout_value | inactive timeout_value | update timeout_value} Step 6 • The default timeout value for the inactive flow cache is 15 seconds. Example: RP/0/RSP0/CPU0:router(config-fmm)# cache timeout inactive 1000 • The default timeout value for the active flow cache is 1800 seconds. • The default timeout value for the update flow cache is 1800 seconds. The update timeout_value keyword argument is used for permanent caches only. It specifies the timeout value that is used to export entries from permanent caches. In this case, the entries are exported but remain the cache. Note Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 16 OL-26127-02 Configuring NetFlow Configuring a Monitor MapCommand or Action Purpose Step 7 exporter map_name Associates an exporter map with a monitor map. Example: RP/0/RSP0/CPU0:router(config-fmm)# exporter fem A single flow monitor map can support up to eight exporters. Note Step 8 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. exit Exits flow monitor map configuration submode. Example: RP/0/RSP0/CPU0:router(config-fmm)# exit Step 9 exit Exits global configuration mode. Example: RP/0/RSP0/CPU0:router(config)# exit Step 10 show flow monitor-map map_name Displays flow monitor map data. Example: RP/0/RSP0/CPU0:router# show flow monitor-map fmm Step 11 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 17 Configuring NetFlow Configuring a Monitor MapApplying a Monitor Map and a Sampler Map to an Interface SUMMARY STEPS 1. configure 2. interface type number 3. flow [ipv4 | ipv6 | mpls] monitor monitor_map sampler sampler_map {egress | ingress} 4. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 interface type number Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config)# interface Step 2 gigabitEthernet 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow [ipv4 | ipv6 | mpls] monitor monitor_map Associates a monitor map and a sampler map with an interface. sampler sampler_map {egress | ingress} Step 3 Enter ipv4 to enable IPV4 NetFlow on the specified interface. Enter ipv6 to enable IPV6 NetFlow on the specified interface. Enter mpls to enable Example: MPLS-aware NetFlow on the specified interface. RP/0/RSP0/CPU0:router(config-if)# flow ipv4 monitor fmm sampler fsm egress Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 18 OL-26127-02 Configuring NetFlow Applying a Monitor Map and a Sampler Map to an InterfaceCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Clearing NetFlow Data The steps that follow describe how to clear flow exporter map and flow monitor map data. SUMMARY STEPS 1. clear flow exporter [exporter_name] {restart | statistics} location node-id 2. clear flow monitor [monitor_name] cache [force-export | statistics] location node-id} DETAILED STEPS Command or Action Purpose clear flow exporter [exporter_name] {restart |statistics} Clears the flow exporter data. location node-id Step 1 Specify the statistics option to clear exporter statistics. Specify the restart option to export all of the templatesthat are currently Example: configured on the specified node. RP/0/RSP0/CPU0:router# clear flow exporter statistics location 0/0/CPU0 clear flow monitor [monitor_name] cache [force-export Clears the flow monitor data. | statistics] location node-id} Step 2 Specify the statistics option to clear cache statistics. Specify the force-export option to export the data from cache to server Example: first and then clear the entries from cache. RP/0/RSP0/CPU0:router# clear flow monitor cache force-export location 0/0/CPU0 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 19 Configuring NetFlow Clearing NetFlow DataConfiguring NetFlow Collection of MPLS Packets with IPv6 Fields The following steps show how to configure NetFlow collection of MPLS packets with IPv6 fields. SUMMARY STEPS 1. configure 2. flow exporter-map map_name 3. version v9 4. options {interface-table | sampler-table} [timeout seconds] 5. template [data | options] timeout seconds 6. exit 7. transport udp port 8. source type interface-path-id 9. destination hostname_or_IP_address 10. exit 11. flow monitor-map map_name 12. record mpls [ipv4-ipv6-fields] [labels number] 13. exporter map_name 14. cache entries number 15. cache timeout {active timeout_value | inactive timeout_value | update timeout_value} 16. cache permanent 17. exit 18. sampler-map map_name 19. random 1 out-of sampling_interval 20. exit 21. interface type number 22. flow [ipv4 | ipv6 | mpls] monitor monitor_map sampler sampler_map {egress | ingress} 23. Use one of these commands: • end • commit 24. exit 25. exit 26. show flow monitor-map map_name 27. show flow exporter-map map_name Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 20 OL-26127-02 Configuring NetFlow Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Creates an exporter map, configures the exporter map name, and enters flow exporter map configuration mode. flow exporter-map map_name Example: RP/0/RSP0/CPU0:router(config)# flow Step 2 exporter-map exp1 version v9 (Optional) Entersflow exporter map version configuration submode. Example: RP/0/RSP0/CPU0:router(config-fem)# version Step 3 v9 (Optional) Configures the export timeout value for the interface table or the sampler table. Replace seconds with the export timeout options {interface-table | sampler-table} [timeout seconds] Step 4 value, in the range from 1 through 604800 seconds. The default is 1800 seconds for both the interface table and the sample table. Example: RP/0/RSP0/CPU0:router(config-fem-ver)# options interface-table timeout 300 You must perform this step twice to configure the export timeout value for both an interface table and a sample table. (Optional) Configures the export period for data packets or options packets. Replace seconds with the export timeout value, in the range from 1 through 604800 seconds. template [data | options] timeout seconds Example: RP/0/RSP0/CPU0:router(config-fem-ver)# template data timeout 300 Step 5 You must perform this step twice to configure the export period for both data packets and options packets. Exits flow exporter map version configuration mode, and enters flow exporter map configuration mode. exit Example: RSP0/CPU0:router(config-fem-ver)# exit Step 6 (Optional) Specifies the destination port for UDP packets. Replace port with the destination UDP port value, in the range from 1024 through 65535. transport udp port Example: RP/0/RSP0/CPU0:router(config-fem)# transport udp 12515 Step 7 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 21 Configuring NetFlow Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose Specifies a source interface, in the format type interface-path-id. For example: POS 0/1/0/1 or Loopback0 source type interface-path-id Example: RP/0/RSP0/CPU0:router(config-fem)# source Loopback0 Step 8 Configures the export destination for the flow exporter map. The destination can be a hostname or an IP address. destination hostname_or_IP_address Example: RP/0/RSP0/CPU0:router(config-fem)# destination 170.1.1.11 Step 9 Exits flow exporter map configuration mode, and enters flow exporter map configuration mode. exit Example: RP/0/RSP0/CPU0:router(config-fem)# exit Step 10 Creates a monitor map and configures a monitor map name and enters flow monitor map configuration submode. flow monitor-map map_name Example: RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv6-fmm Step 11 Configures the flow record map name for IPv4, IPv6, or MPLS. Use the ipv4-ipv6-fields keyword to collect IPv4 and IPv6 fields in an MPLS-aware NetFlow. record mpls [ipv4-ipv6-fields] [labels number] Example: RP/0/RSP0/CPU0:router(config-fmm)# record mpls ipv6-fields labels 3 Step 12 Step 13 exporter map_name Associates an exporter map with a monitor map. Example: RP/0/RSP0/CPU0:router(config-fmm)# exporter exp1 A single flow monitor map can support up to eight exporters. Note (Optional) Configures the number of entries in the flow cache. Replace the number argument with the number of flow entries allowed in the flow cache, in the range from 4096 through 1000000. cache entries number Example: RP/0/RSP0/CPU0:router(config-fmm)# cache entries 10000 Step 14 The default number of cache entries is 65535. (Optional) Configures the active, inactive, or update flow cache timeout value. cache timeout {active timeout_value | inactive timeout_value | update timeout_value} Step 15 Example: RP/0/RSP0/CPU0:router(config-fmm)# cache timeout inactive 1800 • The default timeout value for the inactive flow cache is 15 seconds. • The default timeout value for the active flow cache is 1800 seconds. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 22 OL-26127-02 Configuring NetFlow Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose • The default timeout value for the update flow cache is 1800 seconds. The inactive and active keywords are not applicable to permanent caches. Note The update keyword is used for permanent caches only. It specifies the timeout value that is used to export entries from permanent caches. In this case, the entries are exported but remain the cache. Note cache permanent (Optional) Disables the removal of entries from flow cache. Example: RP/0/RSP0/CPU0:router(config-fmm)# flow monitor-map fmm cache permanent Step 16 exit Exits flow monitor map configuration submode. Example: RP/0/RSP0/CPU0:router(config-fmm)# exit Step 17 Step 18 sampler-map map_name Creates a sampler map and enterssampler map configuration mode. Example: RP/0/RSP0/CPU0:router(config)# sampler-map Keep the following in mind when configuring a sampler map: fsm RP/0/RSP0/CPU0:router(config-sm)# Configures the sampling interval to use random mode for sampling packets. Replace the sampling_interval argument with a number, in the range from 1 through 65535 units. random 1 out-of sampling_interval Example: RP/0/RSP0/CPU0:router(config-sm)# random 1 out-of 65535 Step 19 Exits sampler map configuration mode and enters global configuration mode. exit Example: RP/0/RSP0/CPU0:router(config-sm)#exit Step 20 interface type number Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config)# interface Step 21 gigabitEthernet 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow [ipv4 | ipv6 | mpls] monitor monitor_map Associates a monitor map and a sampler map with an interface. sampler sampler_map {egress | ingress} Step 22 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 23 Configuring NetFlow Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose Enter ipv4 to enable IPV4 NetFlow on the specified interface. Enter ipv6 to enable IPV6 NetFlow on the specified interface. Enter mpls to enable MPLS-aware NetFlow on the specified interface. Example: RP/0/RSP0/CPU0:router(config-if)# flow ipv4 monitor MPLS-IPv6-fmm sampler fsm egress Step 23 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. exit Exits interface configuration submode for the Ethernet interface. Example: RP/0/RSP0/CPU0:router(config-if)# exit Step 24 exit Exits global configuration mode. Example: RP/0/RSP0/CPU0:router(config)# exit Step 25 show flow monitor-map map_name Displays flow monitor map data. Example: RP/0/RSP0/CPU0:router# show flow monitor-map fmm Step 26 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 24 OL-26127-02 Configuring NetFlow Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose show flow exporter-map map_name Displays exporter map data. Example: RP/0/RSP0/CPU0:router# show flow exporter-map fem Step 27 Configuring Destination-based NetFlow Accounting You configure destination-based NetFlow accounting by configuring the flow monitor map, flow record, and flow monitor as described in the following steps. SUMMARY STEPS 1. configure 2. flow monitor-map map_name 3. record ipv4 destination 4. exit 5. interface type interface-path-id 6. flow ipv4 monitor name ingress 7. Use one of these commands: • end • commit 8. show flow exporter-map map_name DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Creates a monitor map and configures a monitor map name and enters flow monitor map configuration submode. flow monitor-map map_name Example: RP/0/RSP0/CPU0:router(config)# flow Step 2 monitor-map map1 RP/0/RSP0/CPU0:router(config-fmm)# Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 25 Configuring NetFlow Configuring Destination-based NetFlow AccountingCommand or Action Purpose Configures the flow record for an IPv4 destination-based NetFlow accounting record. The destination keyword specifies that the record is for IPv4 destination-based NetFlow accounting. record ipv4 destination Example: RP/0/RSP0/CPU0:router(config-fmm)# record ipv4 destination. Step 3 exit Exits flow monitor map mode to global configuration mode. Example: RP/0/RSP0/CPU0:router(config-fmm)# exit Step 4 Interface type and physical interface-path-id in the format type rack/slot/module/port. interface type interface-path-id Example: RP/0/RSP0/CPU0:router# interface POS 0/1/0/0 Step 5 type—POS, Ethernet, ATM, etc. rack—Chassis number of the rack. slot—Physical slot number of the line card or modular services card. module—Module number. A physical layer interface module (PLIM) is always 0. port—Physical port number of the interface. Configures an IPv4 flow monitor for the ingress direction and assigns the name of the monitor. flow ipv4 monitor name ingress Example: RP/0/RSP0/CPU0:router# flow ipv4 monitor monitor1 ingress Step 6 Step 7 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 26 OL-26127-02 Configuring NetFlow Configuring Destination-based NetFlow AccountingCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show flow exporter-map map_name Verifies exporter map data. Example: RP/0/RSP0/CPU0:router# show flow exporter-map fem Step 8 Trident Netflow Trident Netflow exports using only the V9 (Version 9) format. V9 is the most flexible NetFlow export. This format is flexible and extensible. It provides the flexibility to support new fields and record types. Supported features • Flow monitor type of IPv4, IPv6, and MPLS can all be configured to an interface per direction. • Sampled Netflow. There is no support for full mode sampling. • Non-deterministic Random Sampling Algorithm. • Different traffic types, including unicast and multicast traffic. Punt path policer rate In order to achieve the maximum flow processing without overloading the LC CPU, all flow packets that are punted from each Network Processor are policed. This is done to avoid overloading the CPU. The aggregate punt policer rate is 100 Kpps. To avoid having flow packets arrive at the CPU at a huge rate, the punt path policer needs to be applied on all NPs that have the netflow feature applied on them. The Punt path policer rate can be calculated in following way: Calculating Punt path policer rate The policer rate of each NP_NetflowMonitor is 100k, where NP_NetflowMonitor is NP that has Netflow monitor configured to its associated interfaces; or any of its associated interfaces are member of a bundle interfaces or bundle sub-interfaces that has Netflow monitor applied. Determining NP for NP_NetflowMonitor or non - NP_NetflowMonitor: 1 If any of its associated interface or sub-interface has any flow monitor applied, then it is NP_NetflowMonitor. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 27 Configuring NetFlow Trident Netflow2 If any of its interfaces is a member of a bundle interface or bundle sub-interface that has Netflow monitor configured, the NP is considered as non- NP_NetflowMonitor. Trident base line cards supported features • Supports ingress and egress Netflow (IPv4, IPv6, MPLS) on L3 physical interface, L3-sub-interface, L3-Bundle interface, and L3 bundle sub-interface. • Supports configurable Sampling Rate 1:1 ~ 1: 65535 • Supports only up to 4 Sampling Rates (or Intervals) per LC. • Supports up to 8k (Large memory LC) or 4k (Small Memory LC) interfaces/subinterfaces • Supports configuration with flow monitor per NP. • Supports maximum aggregate Netflow processing rate of 50k flow packets perseconds per LC, enforced by Netflow Punt Policer on each NPs. • Supports netflow processing of 100Kpps, with CPU utilization not exceeding 50%. • Supports up to 4 flow exporters per flow monitor. • Supports exporting packet rates of up to 100k flows per second. Configuration Examples for NetFlow The following examples show NetFlow configurations: Sampler Map: Example The following example shows how to create a new sampler map called “fsm1,” which samples 1 out of 65535 packets: RP/0/RSP0/CPU0:router# sampler-map fsm1 RP/0/RSP0/CPU0:router(config-sm)# random 1 out-of 65535 RP/0/RSP0/CPU0:router(config)# exit Exporter Map: Example The following example shows how to create a new flow exporter map called “fem1,” which uses the version 9 (V9) export format for NetFlow export packets. The data template flow-set is inserted into the V9 export packets once every 10 minutes, and the options interface table flow-set is inserted into the V9 export packet. The export packets are sent to the flow collector destination 10.1.1.1, where the source address is identical to the interface IP address of Loopback 0. The UDP destination port is 1024, and the DSCP value is 10: RP/0/RSP0/CPU0:router(config)# flow exporter-map fem1 RP/0/RSP0/CPU0:router(config-fem)# destination 10.1.1.1 RP/0/RSP0/CPU0:router(config-fem)# source Loopback 0 RP/0/RSP0/CPU0:router(config-fem)# transport udp 1024 RP/0/RSP0/CPU0:router(config-fem)# dscp 10 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 28 OL-26127-02 Configuring NetFlow Configuration Examples for NetFlowRP/0/RSP0/CPU0:router(config-fem)# exit RP/0/RSP0/CPU0:router(config-fem)# version v9 RP/0/RSP0/CPU0:router(config-fem-ver)# template data timeout 600 RP/0/RSP0/CPU0:router(config-fem-ver)# options interface-table RP/0/RSP0/CPU0:router(config-fem-ver)# exit Flow Monitor Map: Examples The following example shows how to create a new flow monitor map with name “fmm1”. This flow monitor map references the flow exporter map “fem1,” and sets the flow cache attributes to 10000 cache entries. The active entries from the cache are aged every 30 seconds, while the inactive entries from the cache are aged every 15 seconds. The record map for this monitor map is IPv4: RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm1 RP/0/RSP0/CPU0:router(config-fmm)# record ipv4 RP/0/RSP0/CPU0:router(config-fmm)# exporter fem1 RP/0/RSP0/CPU0:router(config-fmm)# cache entries 10000 RP/0/RSP0/CPU0:router(config-fmm)# cache timeout active 30 RP/0/RSP0/CPU0:router(config-fmm)# cache timeout inactive 15 RP/0/RSP0/CPU0:router(config-fmm)# exit The following example shows how to apply the flow monitor “fmm1”and the sampler “fsm1” to the TenGigE 0/0/0/0 interface in the ingress direction: RP/0/RSP0/CPU0:router(config)# interface TenGigE 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow ipv4 monitor fmm1 sampler fsm1 ingress RP/0/RSP0/CPU0:router(config-if)# exit The following example shows how to configure the NetFlow monitor to collect MPLS packets with IPv6 fields: RP/0/RSP0/CPU0:router# config RP/0/RSP0/CPU0:router(config)# flow exporter-map exp1 RP/0/RSP0/CPU0:router(config-fem)# version v9 RP/0/RSP0/CPU0:router(config-fem-ver)# options interface-table timeout 300 RP/0/RSP0/CPU0:router(config-fem-ver)# options sampler-table timeout 300 RP/0/RSP0/CPU0:router(config-fem-ver)# template data timeout 300 RP/0/RSP0/CPU0:router(config-fem-ver)# template options timeout 300 RP/0/RSP0/CPU0:router(config-fem-ver)# exit RP/0/RSP0/CPU0:router(config-fem)# transport udp 12515 RP/0/RSP0/CPU0:router(config-fem)# source Loopback0 RP/0/RSP0/CPU0:router(config-fem)# destination 170.1.1.11 RP/0/RSP0/CPU0:router(config-fmm)# exit RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv6-fmm RP/0/RSP0/CPU0:router(config-fmm)# record mpls ipv6-fields labels 3 RP/0/RSP0/CPU0:router(config-fmm)# exporter exp1 RP/0/RSP0/CPU0:router(config-fmm)# cache entries 10000 RP/0/RSP0/CPU0:router(config-fmm)# cache permanent RP/0/RSP0/CPU0:router(config-fmm)# exit RP/0/RSP0/CPU0:router(config)# sampler-map FSM RP/0/RSP0/CPU0:router(config-sm)# random 1 out-of 65535 RP/0/RSP0/CPU0:router(config-sm)# exit RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv6-fmm sampler FSM ingress Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 29 Configuring NetFlow Flow Monitor Map: ExamplesMPLS Flow Monitor with IPv4 and IPv6 Support: Examples The following configuration collects MPLS traffic, but no payload information is collected. RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-fmm RP/0/RSP0/CPU0:router(config-fmm)# record mpls labels 3 RP/0/RSP0/CPU0:router(config-fmm)# cache permanent RP/0/RSP0/CPU0:router(config)# exit RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-fmm sampler fsm ingress The following configuration collects MPLS traffic with IPv4 payloads. It also collects MPLS traffic without IPv4 payloads, but it populates the IPv4 fields with zeros (0). RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv4-fmm RP/0/RSP0/CPU0:router(config-fmm)# record mpls IPv4-fields labels 3 RP/0/RSP0/CPU0:router(config-fmm)# cache permanent RP/0/RSP0/CPU0:router(config-fmm)# exit RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv4-fmm sampler fsm ingress The following configuration collects MPLS traffic with IPv6 payloads. It also collects MPLS traffic without IPv6 payloads, but it populates the IPv6 fields with zeros (0). RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv6-fmm RP/0/RSP0/CPU0:router(config-fmm)# record mpls IPv6-fields labels 3 RP/0/RSP0/CPU0:router(config-fmm)# cache permanent RP/0/RSP0/CPU0:router(config-fmm)# exit RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv6-fmm sampler fsm ingress The following configuration collects MPLS traffic with both IPv6 and IPv4 fields. It also collects MPLS traffic without IPv4 or IPv6 payloads, but it populates the IPv6 and IPv4 fields with zeros (0). RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv4-IPv6-fmm RP/0/RSP0/CPU0:router(config-fmm)# record mpls IPv4-IPv6-fields labels 3 RP/0/RSP0/CPU0:router(config-fmm)# cache permanent RP/0/RSP0/CPU0:router(config-fmm)# exit RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv4-IPv6-fmm sampler fsm ingress Note Flow records are exported using the Version 9 format. Destination-based NetFlow Accounting: Example The following example shows how to configure an IPv4 flow record for destination-based NetFlow accounting: RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)# flow monitor-map map1 RP/0/RSP0/CPU0:router(config-fmm)# record ipv4 destination RP/0/RSP0/CPU0:router(config-fmm)# exporter fem RP/0/RSP0/CPU0:router(config-fmm)# exit RP/0/RSP0/CPU0:router(config)# interface pos 0/1/0/0 RP/0/RSP0/CPU0:router(config-if)# flow ipv4 monitor map1 ingress Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 30 OL-26127-02 Configuring NetFlow MPLS Flow Monitor with IPv4 and IPv6 Support: ExamplesRP/0/RSP0/CPU0:router(config-if)# end RP/0/RSP0/CPU0:router# show flow exporter-map fem RP/0/RSP0/CPU0:router# show flow monitor-map map1 Additional References The following sections provide references related to interface configuration. Related Documents Related Topic Document Title Cisco IOS XR master command reference Cisco IOS XR Master Commands List Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference Cisco IOS XR interface configuration commands Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Initial system bootup and configuration information for a router using the Cisco IOS XR software. Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference Information about user groups and task IDs Information about configuring interfaces and other Cisco Craft Works Interface User Guide components from a remote Craft Works Interface (CWI) client management application. Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 31 Configuring NetFlow Additional ReferencesRFCs RFCs Title 3954 NetFlow services export protocol Version 9. Technical Assistance Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 32 OL-26127-02 Configuring NetFlow Additional ReferencesI N D E X A accounting for IPv4, destination-based 8, 25 Additional References command 31 C cache entries command 14 cache permanent command 14 cache timeout command 14 Configuration Examples for NetFlow command 28 configuring 9 D destination command 9 Destination-based NetFlow Accounting 30 Example command 30 dscp command 9 E exporter command 14 exporter map 3 Exporter Map 28 Example command 28 F flow exporter map configuration submode 5 flow exporter map version configuration submode 5 flow exporter-map command 9 Flow Monitor Map 29 Examples 29 flow monitor map configuration submode 6 flow monitor-map command 9, 14, 25 M monitor map 3 MPLS Flow Monitor with IPv4 and IPv6 Support 30 Examples 30 N NetFlow 1, 2, 3, 5, 6, 8, 9, 25 accounting for IPv4, destination-based 8, 25 configuring 9 exporter map 3 flow exporter map configuration submode 5 flow exporter map version configuration submode 5 flow monitor map configuration submode 6 monitor map 3 overview 1, 2 restrictions 2 sampler map 3 sampler map configuration submode 6 O options command 9 overview 1, 2 R random command 12 record ipv4 command 14 record ipv4 destination command 25 record ipv6 command 14 restrictions 2 S sampler map 3 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 IN-1Sampler Map 28 Example command 28 sampler map configuration submode 6 sampler-map command 12 show flow exporter-map command 9, 25 show flow monitor map command 14 show sampler-map command 12 source command 9 T template command 9 transport udp command 9 Trident Netflow 27 V version v9 command 9 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x IN-2 OL-26127-02 Index Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide Cisco IOS XR Software Release 4.2.x Text Part Number: OL-26115-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide © 2012 Cisco Systems, Inc. All rights reserved.iii Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 C O N T E N T S Preface VPC-vii Implementing MPLS Layer 3 VPNs VPC-9 Contents VPC-10 Prerequisites for Implementing MPLS L3VPN VPC-10 MPLS L3VPN Restrictions VPC-11 Information About MPLS Layer 3 VPNs VPC-11 MPLS L3VPN Overview VPC-11 MPLS L3VPN Benefits VPC-12 How MPLS L3VPN Works VPC-13 Virtual Routing and Forwarding Tables VPC-13 VPN Routing Information: Distribution VPC-13 BGP Distribution of VPN Routing Information VPC-14 MPLS Forwarding VPC-14 Automatic Route Distinguisher Assignment VPC-15 MPLS L3VPN Major Components VPC-15 Inter-AS Support for L3VPN VPC-15 Inter-AS Support: Overview VPC-16 Inter-AS and ASBRs VPC-16 Confederations VPC-17 MPLS VPN Inter-AS BGP Label Distribution VPC-18 Exchanging IPv4 Routes with MPLS labels VPC-19 BGP Routing Information VPC-20 BGP Messages and MPLS Labels VPC-20 Sending MPLS Labels with Routes VPC-21 Generic Routing Encapsulation Support for L3VPN VPC-21 GRE Restriction for L3VPN VPC-21 VPNv4 Forwarding Using GRE Tunnels VPC-21 Carrier Supporting Carrier Support for L3VPN VPC-23 CSC Prerequisites VPC-23 CSC Benefits VPC-23 Configuration Options for the Backbone and Customer Carriers VPC-24 Customer Carrier: ISP with IP Core VPC-24 Customer Carrier: MPLS Service Provider VPC-25Contents iv Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 How to Implement MPLS Layer 3 VPNs VPC-26 Configuring the Core Network VPC-26 Assessing the Needs of MPLS VPN Customers VPC-26 Configuring Routing Protocols in the Core VPC-27 Configuring MPLS in the Core VPC-27 Determining if FIB Is Enabled in the Core VPC-27 Configuring Multiprotocol BGP on the PE Routers and Route Reflectors VPC-28 Connecting MPLS VPN Customers VPC-29 Defining VRFs on the PE Routers to Enable Customer Connectivity VPC-30 Configuring VRF Interfaces on PE Routers for Each VPN Customer VPC-32 Configuring BGP as the Routing Protocol Between the PE and CE Routers VPC-34 Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers VPC-38 Configuring Static Routes Between the PE and CE Routers VPC-41 Configuring OSPF as the Routing Protocol Between the PE and CE Routers VPC-42 Configuring EIGRP as the Routing Protocol Between the PE and CE Routers VPC-45 Configuring EIGRP Redistribution in the MPLS VPN VPC-48 Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels VPC-50 Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels VPC-50 Configuring the Route Reflectors to Exchange VPN-IPv4 Routes VPC-53 Configuring the Route Reflector to Reflect Remote Routes in its AS VPC-56 Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses VPC-59 Configuring the ASBRs to Exchange VPN-IPv4 Addresses VPC-59 Configuring a Static Route to an ASBR Peer VPC-62 Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a Confederation VPC-64 Configuring MPLS Forwarding for ASBR Confederations VPC-66 Configuring a Static Route to an ASBR Confederation Peer VPC-68 Configuring Carrier Supporting Carrier VPC-70 Identifying the Carrier Supporting Carrier Topology VPC-70 Configuring the Backbone Carrier Core VPC-71 Configuring the CSC-PE and CSC-CE Routers VPC-71 Configuring a Static Route to a Peer VPC-78 Verifying the MPLS Layer 3 VPN Configuration VPC-80 Configuring L3VPN over GRE VPC-83 Creating a GRE Tunnel between Provider Edge Routers VPC-83 Configuring IGP between Provider Edge Routers VPC-85 Configuring LDP/GRE on the Provider Edge Routers VPC-87 Configuring L3VPN VPC-89Contents v Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuration Examples for Implementing MPLS Layer 3 VPNs VPC-95 Configuring an MPLS VPN Using BGP: Example VPC-95 Configuring the Routing Information Protocol on the PE Router: Example VPC-96 Configuring the PE Router Using EIGRP: Example VPC-96 Configuration Examples for MPLS VPN CSC VPC-97 Configuring the Backbone Carrier Core: Examples VPC-97 Configuring the Links Between CSC-PE and CSC-CE Routers: Examples VPC-97 Configuring a Static Route to a Peer: Example VPC-98 Configuring L3VPN over GRE: Example VPC-98 Additional References VPC-102 Related Documents VPC-102 Standards VPC-102 MIBs VPC-102 RFCs VPC-103 Technical Assistance VPC-103 Implementing IPv6 VPN Provider Edge Transport over MPLS VPC-105 Contents VPC-105 Prerequisites for Implementing 6PE/VPE VPC-106 Information About 6PE/VPE VPC-106 Overview of 6PE/VPE VPC-106 Benefits of 6PE/VPE VPC-107 Deploying IPv6 over MPLS Backbones VPC-107 IPv6 on the Provider Edge and Customer Edge Routers VPC-107 IPv6 Provider Edge Multipath VPC-108 OSPFv3 6VPE VPC-108 Multiple VRF Support VPC-108 OSPFv3 PE-CE Extensions VPC-109 VRF Lite VPC-109 How to Implement 6PE/VPE VPC-109 Configuring 6PE/VPE VPC-109 Configuring PE to PE Core VPC-111 Configuring PE to CE Core VPC-115 Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers VPC-118 Configuration Examples for 6PE VPC-122 Configuring 6PE on a PE Router: Example VPC-122 Configuring 6VPE on a PE Router: Example VPC-122 Configuring OSPFv3 between PE to CE: Example: VPC-123 Additional References VPC-124Contents vi Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Related Document VPC-124 Standards VPC-124 MIBs VPC-124 RFCs VPC-124 Technical Assistance VPC-125 Indexvii Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Preface The preface consists of these sections: • Changes to This Document, page VPC-vii • Obtaining Documentation and Submitting a Service Request, page VPC-vii Changes to This Document Table 1 lists the technical changes made to this document since it was first printed. Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0. Table 1 Changes to This Document Revision Date Change Summary OL-26115-02 May 2012 Support for GRE tunnel interfaces was increased to 2000. OL-26115-01 December 2011 Initial release of this document.Preface viii Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-029 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Implementing MPLS Layer 3 VPNs A Multiprotocol Label Switching (MPLS) Layer 3 Virtual Private Network (VPN) consists of a set of sites that are interconnected by means of an MPLS provider core network. At each customer site, one or more customer edge (CE) routers attach to one or more provider edge (PE) routers. This module provides the conceptual and configuration information for MPLS Layer 3 VPNs on Cisco ASR 9000 Series Aggregation Services Routers. Note You must acquire an evaluation or permanent license in order to use MPLS Layer 3 VPN functionality. However, if you are upgrading from a previous version of the software, MPLS Layer 3 VPN functionality will continue to work using an implicit license for 90 days (during which time, you can purchase a permanent license). For more information about licenses, see the Software Entitlement on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide. Note For a complete description of the commands listed in this module, refer to the Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference . To locate documentation of other commands that appear in this chapter, use the command reference master index, or search online. Feature History for Implementing MPLS Layer 3 VPNs on Cisco ASR 9000 Series Routers Release Modification Release 3.7.2 This feature was introduced. Release 4.2.0 Support for Generic Routing Encapsulation (GRE) was added on A9K-SIP-700 line card. Release 4.2.1 The maximum number of supported tunnel interfaces was increased to 2000 for the ASR 9000 Enhanced Ethernet and ASR 9000 Ethernet line cards.Implementing MPLS Layer 3 VPNs Contents 10 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Contents • Prerequisites for Implementing MPLS L3VPN, page VPC-10 • MPLS L3VPN Restrictions, page VPC-11 • Information About MPLS Layer 3 VPNs, page VPC-11 • How to Implement MPLS Layer 3 VPNs, page VPC-26 • Configuration Examples for Implementing MPLS Layer 3 VPNs, page VPC-95 • Additional References, page VPC-102 Prerequisites for Implementing MPLS L3VPN These prerequisites are required to configure MPLS Layer 3 VPN: • You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. These prerequisites are required for configuring MPLS VPN Inter-AS with autonomous system boundary routers (ASBRs) exchanging VPN-IPV4 addresses or IPv4 routes and MPLS labels: • Before configuring external Border Gateway Protocol (eBGP) routing between autonomous systems or subautonomous systems in an MPLS VPN, ensure that all MPLS VPN routing instances and sessions are properly configured (see the How to Implement MPLS Layer 3 VPNs, page VPC-26 for procedures). • These tasks must be performed: – Define VPN routing instances – Configure BGP routing sessions in the MPLS core – Configure PE-to-PE routing sessions in the MPLS core – Configure BGP PE-to-CE routing sessions – Configure a VPN-IPv4 eBGP session between directly connected ASBRs To configure MPLS Layer 3 VPNs, routers must support MPLS forwarding and Forwarding Information Base (FIB).Implementing MPLS Layer 3 VPNs MPLS L3VPN Restrictions 11 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 MPLS L3VPN Restrictions These are restrictions for implementing MPLS Layer 3 VPNs: • Multihop VPN-IPv4 eBGP is not supported for configuring eBGP routing between autonomous systems or subautonomous systems in an MPLS VPN. • MPLS VPN supports only IPv4 address families. These restrictions apply when configuring MPLS VPN Inter-AS with ASBRs exchanging IPv4 routes and MPLS labels: • For networks configured with eBGP multihop, a label switched path (LSP) must be configured between nonadjacent routers. • Inter-AS supports IPv4 routes only. IPv6 is not supported. Note The physical interfaces that connect the BGP speakers must support FIB and MPLS. These restrictions apply to routing protocols OSPF and RIP: • IPv6 is not supported on OSPF and RIP. Information About MPLS Layer 3 VPNs To implement MPLS Layer 3 VPNs, you need to understand these concepts: • MPLS L3VPN Overview, page VPC-11 • MPLS L3VPN Benefits, page VPC-12 • How MPLS L3VPN Works, page VPC-13 • MPLS L3VPN Major Components, page VPC-15 • Generic Routing Encapsulation Support for L3VPN, page VPC-21 MPLS L3VPN Overview Before defining an MPLS VPN, VPN in general must be defined. A VPN is: • An IP-based network delivering private network services over a public infrastructure • A set of sites that are allowed to communicate with each other privately over the Internet or other public or private networks Conventional VPNs are created by configuring a full mesh of tunnels or permanent virtual circuits (PVCs) to all sites in a VPN. This type of VPN is not easy to maintain or expand, as adding a new site requires changing each edge device in the VPN. MPLS-based VPNs are created in Layer 3 and are based on the peer model. The peer model enables the service provider and the customer to exchange Layer 3 routing information. The service provider relays the data between the customer sites without customer involvement. MPLS VPNs are easier to manage and expand than conventional VPNs. When a new site is added to an MPLS VPN, only the edge router of the service provider that provides services to the customer site needs to be updated. Implementing MPLS Layer 3 VPNs Information About MPLS Layer 3 VPNs 12 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 The components of the MPLS VPN are described as follows: • Provider (P) router—Router in the core of the provider network. PE routers run MPLS switching and do not attach VPN labels to routed packets. VPN labels are used to direct data packets to the correct private network or customer edge router. • PE router—Router that attaches the VPN label to incoming packets based on the interface or subinterface on which they are received, and also attaches the MPLS core labels. A PE router attaches directly to a CE router. • Customer (C) router—Router in the Internet service provider (ISP) or enterprise network. • Customer edge (CE) router—Edge router on the network of the ISP that connects to the PE router on the network. A CE router must interface with a PE router. Figure 1 shows a basic MPLS VPN topology. Figure 1 Basic MPLS VPN Topology MPLS L3VPN Benefits MPLS L3VPN provides these benefits: • Service providers can deploy scalable VPNs and deliver value-added services. • Connectionless service guarantees that no prior action is necessary to establish communication between hosts. • Centralized Service: Building VPNs in Layer 3 permits delivery of targeted services to a group of users represented by a VPN. • Scalability: Create scalable VPNs using connection-oriented, point-to-point overlays, Frame Relay, or ATM virtual connections. • Security: Security is provided at the edge of a provider network (ensuring that packets received from a customer are placed on the correct VPN) and in the backbone. • Integrated Quality of Service (QoS) support: QoS provides the ability to address predictable performance and policy implementation and support for multiple levels of service in an MPLS VPN. MPLS Backbone Customer Site Customer Site Provider Edge (PE) router Provider Edge (PE) router Provider (P) routers Provider (P) routers 103875 Customer Edge (CE) router Customer Edge (CE) routerImplementing MPLS Layer 3 VPNs Information About MPLS Layer 3 VPNs 13 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 • Straightforward Migration: Service providers can deploy VPN services using a straightforward migration path. • Migration for the end customer is simplified. There is no requirement to support MPLS on the CE router and no modifications are required for a customer intranet. How MPLS L3VPN Works MPLS VPN functionality is enabled at the edge of an MPLS network. The PE router performs these tasks: • Exchanges routing updates with the CE router • Translates the CE routing information into VPN version 4 (VPNv4) routes • Exchanges VPNv4 routes with other PE routers through the Multiprotocol Border Gateway Protocol (MP-BGP) Virtual Routing and Forwarding Tables Each VPN is associated with one or more VPN routing and forwarding (VRF) instances. A VRF defines the VPN membership of a customer site attached to a PE router. A VRF consists of these components: • An IP version 4 (IPv4) unicast routing table • A derived FIB table • A set of interfaces that use the forwarding table • A set of rules and routing protocol parameters that control the information that is included in the routing table These components are collectively called a VRF instance. A one-to-one relationship does not necessarily exist between customer sites and VPNs. A site can be a member of multiple VPNs. However, a site can associate with only one VRF. A VRF contains all the routes available to the site from the VPNs of which it is a member. Packet forwarding information is stored in the IP routing table and the FIB table for each VRF. A separate set of routing and FIB tables is maintained for each VRF. These tables prevent information from being forwarded outside a VPN and also prevent packets that are outside a VPN from being forwarded to a router within the VPN. VPN Routing Information: Distribution The distribution of VPN routing information is controlled through the use of VPN route target communities, implemented by BGP extended communities. VPN routing information is distributed as follows: • When a VPN route that is learned from a CE router is injected into a BGP, a list of VPN route target extended community attributes is associated with it. Typically, the list of route target community extended values is set from an export list of route targets associated with the VRF from which the route was learned.Implementing MPLS Layer 3 VPNs Information About MPLS Layer 3 VPNs 14 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 • An import list of route target extended communities is associated with each VRF. The import list defines route target extended community attributes that a route must have for the route to be imported into the VRF. For example, if the import list for a particular VRF includes route target extended communities A, B, and C, then any VPN route that carries any of those route target extended communities—A, B, or C—is imported into the VRF. BGP Distribution of VPN Routing Information A PE router can learn an IP prefix from these sources: • A CE router by static configuration • An eBGP session with the CE router • A Routing Information Protocol (RIP) exchange with the CE router • Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), and RIP as Interior Gateway Protocols (IGPs) The IP prefix is a member of the IPv4 address family. After the PE router learns the IP prefix, the PE converts it into the VPN-IPv4 prefix by combining it with a 64-bit route distinguisher. The generated prefix is a member of the VPN-IPv4 address family. It uniquely identifies the customer address, even if the customer site is using globally nonunique (unregistered private) IP addresses. The route distinguisher used to generate the VPN-IPv4 prefix is specified by the rd command associated with the VRF on the PE router. BGP distributes reachability information for VPN-IPv4 prefixes for each VPN. BGP communication takes place at two levels: • Within the IP domain, known as an autonomous system. • Between autonomous systems. PE to PE or PE to route reflector (RR) sessions are iBGP sessions, and PE to CE sessions are eBGP sessions. PE to CE eBGP sessions can be directly or indirectly connected (eBGP multihop). BGP propagates reachability information for VPN-IPv4 prefixes among PE routers by the BGP protocol extensions (see RFC 2283, Multiprotocol Extensions for BGP-4), which define support for address families other than IPv4. Using the extensions ensures that the routes for a given VPN are learned only by other members of that VPN, enabling members of the VPN to communicate with each other. MPLS Forwarding Based on routing information stored in the VRF IP routing table and the VRF FIB table, packets are forwarded to their destination using MPLS. A PE router binds a label to each customer prefix learned from a CE router and includes the label in the network reachability information for the prefix that it advertises to other PE routers. When a PE router forwards a packet received from a CE router across the provider network, it labels the packet with the label learned from the destination PE router. When the destination PE router receives the labeled packet, it pops the label and uses it to direct the packet to the correct CE router. Label forwarding across the provider backbone is based on either dynamic label switching or traffic engineered paths. A customer data packet carries two levels of labels when traversing the backbone: • The top label directs the packet to the correct PE router. • The second label indicates how that PE router should forward the packet to the CE router.Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 15 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 More labels can be stacked if other features are enabled. For example, if traffic engineering (TE) tunnels with fast reroute (FRR) are enabled, the total number of labels imposed in the PE is four (Layer 3 VPN, Label Distribution Protocol (LDP), TE, and FRR). Automatic Route Distinguisher Assignment To take advantage of iBGP load balancing, every network VRF must be assigned a unique route distinguisher. VRFs require a route distinguisher for BGP to distinguish between potentially identical prefixes received from different VPNs. With thousands of routers in a network each supporting multiple VRFs, configuration and management of route distinguishers across the network can present a problem. Cisco IOS XR software simplifies this process by assigning unique route distinguisher to VRFs using the rd auto command. To assign a unique route distinguisher for each router, you must ensure that each router has a unique BGP router-id. If so, the rd auto command assigns a Type 1 route distinguisher to the VRF using this format: ip-address:number. The IP address is specified by the BGP router-id statement and the number (which is derived as an unused index in the 0 to 65535 range) is unique across the VRFs. Finally, route distinguisher values are checkpointed so that route distinguisher assignment to VRF is persistent across failover or process restart. If an route distinguisher is explicitely configured for a VRF, this value is not overridden by the autoroute distinguisher. MPLS L3VPN Major Components An MPLS-based VPN network has three major components: • VPN route target communities—A VPN route target community is a list of all members of a VPN community. VPN route targets need to be configured for each VPN community member. • Multiprotocol BGP (MP-BGP) peering of the VPN community PE routers—MP-BGP propagates VRF reachability information to all members of a VPN community. MP-BGP peering needs to be configured in all PE routers within a VPN community. • MPLS forwarding—MPLS transports all traffic between all VPN community members across a VPN service-provider network. A one-to-one relationship does not necessarily exist between customer sites and VPNs. A given site can be a member of multiple VPNs. However, a site can associate with only one VRF. A customer-site VRF contains all the routes available to the site from the VPNs of which it is a member. Inter-AS Support for L3VPN This section contains these topics: • Inter-AS Support: Overview, page VPC-16 • Inter-AS and ASBRs, page VPC-16 • Confederations, page VPC-17 • MPLS VPN Inter-AS BGP Label Distribution, page VPC-18 • Exchanging IPv4 Routes with MPLS labels, page VPC-19Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 16 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Inter-AS Support: Overview An autonomous system (AS) is a single network or group of networks that is controlled by a common system administration group and uses a single, clearly defined routing protocol. As VPNs grow, their requirements expand. In some cases, VPNs need to reside on different autonomous systems in different geographic areas. In addition, some VPNs need to extend across multiple service providers (overlapping VPNs). Regardless of the complexity and location of the VPNs, the connection between autonomous systems must be seamless. An MPLS VPN Inter-AS provides these benefits: • Allows a VPN to cross more than one service provider backbone. Service providers, running separate autonomous systems, can jointly offer MPLS VPN services to the same end customer. A VPN can begin at one customer site and traverse different VPN service provider backbones before arriving at another site of the same customer. Previously, MPLS VPN could traverse only a single BGP autonomous system service provider backbone. This feature lets multiple autonomous systems form a continuous, seamless network between customer sites of a service provider. • Allows a VPN to exist in different areas. A service provider can create a VPN in different geographic areas. Having all VPN traffic flow through one point (between the areas) allows for better rate control of network traffic between the areas. • Allows confederations to optimize iBGP meshing. Internal Border Gateway Protocol (iBGP) meshing in an autonomous system is more organized and manageable. You can divide an autonomous system into multiple, separate subautonomous systems and then classify them into a single confederation. This capability lets a service provider offer MPLS VPNs across the confederation, as it supports the exchange of labeled VPN-IPv4 Network Layer Reachability Information (NLRI) between the subautonomous systems that form the confederation. Inter-AS and ASBRs Separate autonomous systems from different service providers can communicate by exchanging IPv4 NLRI in the form of VPN-IPv4 addresses. The ASBRs use eBGP to exchange that information. Then an Interior Gateway Protocol (IGP) distributes the network layer information for VPN-IPV4 prefixes throughout each VPN and each autonomous system. These protocols are used for sharing routing information: • Within an autonomous system, routing information is shared using an IGP. • Between autonomous systems, routing information is shared using an eBGP. An eBGP lets service providers set up an interdomain routing system that guarantees the loop-free exchange of routing information between separate autonomous systems. The primary function of an eBGP is to exchange network reachability information between autonomous systems, including information about the list of autonomous system routes. The autonomous systems use EBGP border edge routers to distribute the routes, which include label switching information. Each border edge router rewrites the next-hop and MPLS labels. Inter-AS configurations supported in an MPLS VPN can include:Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 17 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 • Interprovider VPN—MPLS VPNs that include two or more autonomous systems, connected by separate border edge routers. The autonomous systems exchange routes using eBGP. No IGP or routing information is exchanged between the autonomous systems. • BGP Confederations—MPLS VPNs that divide a single autonomous system into multiple subautonomous systems and classify them as a single, designated confederation. The network recognizes the confederation as a single autonomous system. The peers in the different autonomous systems communicate over eBGP sessions; however, they can exchange route information as if they were iBGP peers. Confederations A confederation is multiple subautonomous systems grouped together. A confederation reduces the total number of peer devices in an autonomous system. A confederation divides an autonomous system into subautonomous systems and assigns a confederation identifier to the autonomous systems. A VPN can span service providers running in separate autonomous systems or multiple subautonomous systems that form a confederation. In a confederation, each subautonomous system is fully meshed with other subautonomous systems. The subautonomous systems communicate using an IGP, such as Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS). Each subautonomous system also has an eBGP connection to the other subautonomous systems. The confederation eBGP (CEBGP) border edge routers forward next-hop-self addresses between the specified subautonomous systems. The next-hop-self address forces the BGP to use a specified address as the next hop rather than letting the protocol choose the next hop. You can configure a confederation with separate subautonomous systems two ways: • Configure a router to forward next-hop-self addresses between only the CEBGP border edge routers (both directions). The subautonomous systems (iBGP peers) at the subautonomous system border do not forward the next-hop-self address. Each subautonomous system runs as a single IGP domain. However, the CEBGP border edge router addresses are known in the IGP domains. • Configure a router to forward next-hop-self addresses between the CEBGP border edge routers (both directions) and within the iBGP peers at the subautonomous system border. Each subautonomous system runs as a single IGP domain but also forwards next-hop-self addresses between the PE routers in the domain. The CEBGP border edge router addresses are known in the IGP domains. Figure 2 illustrates a typical MPLS VPN confederation configuration. In this configuration: • The two CEBGP border edge routers exchange VPN-IPv4 addresses with labels between the two autonomous systems. • The distributing router changes the next-hop addresses and labels and uses a next-hop-self address. • IGP-1 and IGP-2 know the addresses of CEBGP-1 and CEBGP-2.Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 18 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Figure 2 eBGP Connection Between Two Subautonomous Systems in a Confederation In this confederation configuration: • CEBGP border edge routers function as neighboring peers between the subautonomous systems. The subautonomous systems use eBGP to exchange route information. • Each CEBGP border edge router (CEBGP-1 and CEBGP-2) assigns a label for the router before distributing the route to the next subautonomous system. The CEBGP border edge router distributes the route as a VPN-IPv4 address by using the multiprotocol extensions of BGP. The label and the VPN identifier are encoded as part of the NLRI. • Each PE and CEBGP border edge router assigns its own label to each VPN-IPv4 address prefix before redistributing the routes. The CEBGP border edge routers exchange IPV-IPv4 addresses with the labels. The next-hop-self address is included in the label (as the value of the eBGP next-hop attribute). Within the subautonomous systems, the CEBGP border edge router address is distributed throughout the iBGP neighbors, and the two CEBGP border edge routers are known to both confederations. For more information about how to configure confederations, see the “Configuring MPLS Forwarding for ASBR Confederations” section on page MPC-66. MPLS VPN Inter-AS BGP Label Distribution Note This section is not applicable to Inter-AS over IP tunnels. You can set up the MPLS VPN Inter-AS network so that the ASBRs exchange IPv4 routes with MPLS labels of the provider edge (PE) routers. Route reflectors (RRs) exchange VPN-IPv4 routes by using multihop, multiprotocol external Border Gateway Protocol (eBGP). This method of configuring the Inter-AS system is often called MPLS VPN Inter-AS BGP Label Distribution. Configuring the Inter-AS system so that the ASBRs exchange the IPv4 routes and MPLS labels has these benefits: CE-1 CE-2 CE-3 CE-4 CE-5 PE-1 PE-2 PE-3 CEGBP-1 CEBGP-2 Core of P routers Core of P routers 43880 Sub-AS2 with IGP-2 Sub-AS1 with IGP-1 eBGP intraconfederation for VPNv4 routes with label distribution Service Provider 1 Service Provider 1 VPN 1 VPN 1Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 19 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 • Saves the ASBRs from having to store all the VPN-IPv4 routes. Using the route reflectors to store the VPN-IPv4 routes and forward them to the PE routers results in improved scalability compared with configurations in which the ASBR holds all the VPN-IPv4 routes and forwards the routes based on VPN-IPv4 labels. • Having the route reflectors hold the VPN-IPv4 routes also simplifies the configuration at the border of the network. • Enables a non-VPN core network to act as a transit network for VPN traffic. You can transport IPv4 routes with MPLS labels over a non-MPLS VPN service provider. • Eliminates the need for any other label distribution protocol between adjacent label switch routers (LSRs). If two adjacent LSRs are also BGP peers, BGP can handle the distribution of the MPLS labels. No other label distribution protocol is needed between the two LSRs. Exchanging IPv4 Routes with MPLS labels Note This section is not applicable to Inter-AS over IP tunnels. You can set up a VPN service provider network to exchange IPv4 routes with MPLS labels. You can configure the VPN service provider network as follows: • Route reflectors exchange VPN-IPv4 routes by using multihop, multiprotocol eBGP. This configuration also preserves the next-hop information and the VPN labels across the autonomous systems. • A local PE router (for example, PE1 in Figure 3) needs to know the routes and label information for the remote PE router (PE2). This information can be exchanged between the PE routers and ASBRs in one of two ways: – Internal Gateway Protocol (IGP) and Label Distribution Protocol (LDP): The ASBR can redistribute the IPv4 routes and MPLS labels it learned from eBGP into IGP and LDP and from IGP and LDP into eBGP. – Internal Border Gateway Protocol (iBGP) IPv4 label distribution: The ASBR and PE router can use direct iBGP sessions to exchange VPN-IPv4 and IPv4 routes and MPLS labels. Alternatively, the route reflector can reflect the IPv4 routes and MPLS labels learned from the ASBR to the PE routers in the VPN. This reflecting of learned IPv4 routes and MPLS labels is accomplished by enabling the ASBR to exchange IPv4 routes and MPLS labels with the route reflector. The route reflector also reflects the VPN-IPv4 routes to the PE routers in the VPN. For example, in VPN1, RR1 reflects to PE1 the VPN-IPv4 routes it learned and IPv4 routes and MPLS labels learned from ASBR1. Using the route reflectors to store the VPN-IPv4 routes and forward them through the PE routers and ASBRs allows for a scalable configuration.Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 20 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Figure 3 VPNs Using eBGP and iBGP to Distribute Routes and MPLS Labels BGP Routing Information BGP routing information includes these items: • Network number (prefix), which is the IP address of the destination. • Autonomous system (AS) path, which is a list of the other ASs through which a route passes on the way to the local router. The first AS in the list is closest to the local router; the last AS in the list is farthest from the local router and usually the AS where the route began. • Path attributes, which provide other information about the AS path, for example, the next hop. BGP Messages and MPLS Labels MPLS labels are included in the update messages that a router sends. Routers exchange these types of BGP messages: • Open messages—After a router establishes a TCP connection with a neighboring router, the routers exchange open messages. This message contains the number of the autonomous system to which the router belongs and the IP address of the router that sent the message. • Update messages—When a router has a new, changed, or broken route, it sends an update message to the neighboring router. This message contains the NLRI, which lists the IP addresses of the usable routes. The update message includes any routes that are no longer usable. The update message also includes path attributes and the lengths of both the usable and unusable paths. Labels for VPN-IPv4 routes are encoded in the update message, as specified in RFC 2858. The labels for the IPv4 routes are encoded in the update message, as specified in RFC 3107. • Keepalive messages—Routers exchange keepalive messages to determine if a neighboring router is still available to exchange routing information. The router sends these messages at regular intervals. (Sixty seconds is the default for Cisco routers.) The keepalive message does not contain routing data; it contains only a message header. • Notification messages—When a router detects an error, it sends a notification message. RR1 PE1 CE1 CE2 VPN1 VPN2 PE2 RR2 ASBR1 ASBR2 Multihop Multiprotocol VPNv4 BGP IPv4 routes and label with multipath support 59251Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 21 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Sending MPLS Labels with Routes When BGP (eBGP and iBGP) distributes a route, it can also distribute an MPLS label that is mapped to that route. The MPLS label mapping information for the route is carried in the BGP update message that contains the information about the route. If the next hop is not changed, the label is preserved. When you issue the show bgp neighbors ip-address command on both BGP routers, the routers advertise to each other that they can then send MPLS labels with the routes. If the routers successfully negotiate their ability to send MPLS labels, the routers add MPLS labels to all outgoing BGP updates. Generic Routing Encapsulation Support for L3VPN Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate many types of packets to enable data transmission using a tunnel. The GRE tunneling protocol enables: • High assurance Internet Protocol encryptor (HAIPE) devices for encryption over the public Internet and nonsecure connections. • Service providers (that do not run MPLS in their core network) to provide VPN services along with the security services. Note GRE is used with IP to create a virtual point-to-point link to routers at remote points in a network. For detailed information about configuring GRE tunnel interfaces, refer to the Cisco IOS XR Interfaces and Hardware Components Configuration Guide. For a PE to PE (core) link, enable LDP (with implicit null) on the GRE interfaces for L3VPN. GRE Restriction for L3VPN The following restrictions are applicable to L3VPN forwarding over GRE: • Carrier Supporting Carrier (CsC) or Inter-AS is not supported. • GRE-based L3VPN does not interwork with MPLS or IP VPNs. • GRE tunnel is supported only as a core link(PE-PE, PE-P, P-P, P-PE). A PE-CE (edge) link is not supported. • VPNv6 forwarding using GRE tunnels is not supported. VPNv4 Forwarding Using GRE Tunnels This section describes the working of VPNv4 forwarding over GRE tunnels. The following description assumes that GRE is used only as a core link between the encapsulation and decapsulation provider edge (PE) routers that are connected to one or more customer edge (CE) routers. Ingress of Encapsulation Router On receiving prefixes from the CE routers, Border Gateway Protocol (BGP) assigns the VPN label to the prefixes that need to be exported. These VPN prefixes are then forwarded to the Forwarding Information Base (FIB) using the Route Information Base (RIB) or the label switched database (LSD). The FIB then populates the prefix in the appropriate VRF table. The FIB also populates the label in the global label table. Using BGP, the prefixes are then relayed to the remote PE router (decapsulation router).Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 22 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Egress of Encapsulation Router The forwarding behavior on egress of the encapsulation PE router is similar to the MPLS VPN label imposition. Regardless of whether the VPN label imposition is performed on the ingress or egress side, the GRE tunnel forwards a packet that has an associated label. This labeled packet is then encapsulated with a GRE header and forwarded based on the IP header. Ingress of Decapsulation Router The decapsulation PE router learns the VPN prefixes and label information from the remote encapsulation PE router using BGP. The next-hop information for the VPN prefix is the address of the GRE tunnel interface connecting the two PE routers. BGP downloads these prefixes to the RIB. The RIB downloads the routes to the FIB and the FIB installs the routes in the hardware. Egress of Decapsulation Router The egress forwarding behavior on the decapsulation PE router is similar to VPN disposition and forwarding, based on the protocol type of the inner payload.Implementing MPLS Layer 3 VPNs Carrier Supporting Carrier Support for L3VPN 23 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Carrier Supporting Carrier Support for L3VPN This section provides conceptual information about MPLS VPN Carrier Supporting Carrier (CSC) functionality and includes these topics: • CSC Prerequisites, page VPC-23 • CSC Benefits, page VPC-23 • Configuration Options for the Backbone and Customer Carriers, page VPC-24 Throughout this document, the following terminology is used in the context of CSC: backbone carrier—Service provider that provides the segment of the backbone network to the other provider. A backbone carrier offers BGP and MPLS VPN services. customer carrier—Service provider that uses the segment of the backbone network. The customer carrier may be an Internet service provider (ISP) or a BGP/MPLS VPN service provider. CE router—A customer edge router is part of a customer network and interfaces to a provider edge (PE) router. In this document, the CE router sits on the edge of the customer carrier network. PE router—A provider edge router is part of a service provider's network connected to a customer edge (CE) router. In this document, the PE router sits on the edge of the backbone carrier network ASBR—An autonomous system boundary router connects one autonomous system to another. CSC Prerequisites These prerequisites are required to configure CSC: • You must be able to configure MPLS VPNs with end-to-end (CE-to-CE router) pings working. • You must be able to configure Interior Gateway Protocols (IGPs), MPLS Label Distribution Protocol (LDP), and Multiprotocol Border Gateway Protocol (MP-BGP). • You must ensure that CSC-PE and CSC-CE routers support BGP label distribution. Note BGP is the only supported label distribution protocol on the link between CE and PE. CSC Benefits This section describes the benefits of CSC to the backbone carrier and customer carriers. Benefits to the Backbone Carrier • The backbone carrier can accommodate many customer carriers and give them access to its backbone. • The MPLS VPN carrier supporting carrier feature is scalable. • The MPLS VPN carrier supporting carrier feature is a flexible solution. Benefits to the Customer Carriers • The MPLS VPN carrier supporting carrier feature removes from the customer carrier the burden of configuring, operating, and maintaining its own backbone.Implementing MPLS Layer 3 VPNs Carrier Supporting Carrier Support for L3VPN 24 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 • Customer carriers who use the VPN services provided by the backbone carrier receive the same level of security that Frame Relay or ATM-based VPNs provide. • Customer carriers can use any link layer technology to connect the CE routers to the PE routers. • The customer carrier can use any addressing scheme and still be supported by a backbone carrier. Benefits of Implementing MPLS VPN CSC Using BGP The benefits of using BGP to distribute IPv4 routes and MPLS label routes are: • BGP takes the place of an IGP and LDP in a VPN forwarding and routing instance (VRF) table. • BGP is the preferred routing protocol for connecting two ISPs, Configuration Options for the Backbone and Customer Carriers To enable CSC, the backbone and customer carriers must be configured accordingly: • The backbone carrier must offer BGP and MPLS VPN services. • The customer carrier can take several networking forms. The customer carrier can be: – An ISP with an IP core (see the “Customer Carrier: ISP with IP Core” section on page MPC-24). – An MPLS service provider with or without VPN services (see “Customer Carrier: MPLS Service Provider” section on page MPC-25). Note An IGP in the customer carrier network is used to distribute next hops and loopbacks to the CSC-CE. IBGP with label sessions are used in the customer carrier network to distribute next hops and loopbacks to the CSC-CE. Customer Carrier: ISP with IP Core Figure 4 shows a network configuration where the customer carrier is an ISP. The customer carrier has two sites, each of which is a point of presence (POP). The customer carrier connects these sites using a VPN service provided by the backbone carrier. The backbone carrier uses MPLS or IP tunnels to provide VPN services. The ISP sites use IP. Figure 4 Network: Customer Carrier Is an ISP The links between the CE and PE routers use eBGP to distribute IPv4 routes and MPLS labels. Between the links, the PE routers use multiprotocol iBGP to distribute VPNv4 routes. ISP site 1 CSC-CE1 IP IP MPLS CSC-PE1 CSC-PE2 CSC-CE2 Backbone carrier ISP site 2 50846Implementing MPLS Layer 3 VPNs Carrier Supporting Carrier Support for L3VPN 25 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Customer Carrier: MPLS Service Provider Figure 5 shows a network configuration where the backbone carrier and the customer carrier are BGP/MPLS VPN service providers. The customer carrier has two sites. The customer carrier uses MPLS in its network while the backbone carrier may use MPLS or IP tunnels in its network. Figure 5 Network: Customer Carrier Is an MPLS VPN Service Provider In this configuration (Figure 5), the customer carrier can configure its network in one of these ways: • The customer carrier can run an IGP and LDP in its core network. In this case, the CSC-CE1 router in the customer carrier redistributes the eBGP routes it learns from the CSC-PE1 router of the backbone carrier to an IGP. • The CSC-CE1 router of the customer carrier system can run an IPv4 and labels iBGP session with the PE1 router. CE1 PE1 Customer carrier MPLS VPN SP Backbone carrier MPLS VPN SP Customer carrier MPLS VPN SP CSC-CE1 CSC-PE1 CSC-PE2 IPv4 + labels IPv4 + labels CSC-CE2 PE2 CE2 MP-IBGP exchanging VPNv4 prefixes MP-IBGP exchanging VPNv4 prefixes 65682Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 26 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 How to Implement MPLS Layer 3 VPNs This section contains instructions for these tasks: • Configuring the Core Network, page VPC-26 • Connecting MPLS VPN Customers, page VPC-29 • Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels, page VPC-50 (optional) • Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses, page VPC-59 (optional) • Configuring Carrier Supporting Carrier, page VPC-70 (optional) • Verifying the MPLS Layer 3 VPN Configuration, page VPC-80 • Configuring L3VPN over GRE, page VPC-83 Configuring the Core Network Configuring the core network includes these tasks: • Assessing the Needs of MPLS VPN Customers, page VPC-26 • Configuring Routing Protocols in the Core, page VPC-27 • Configuring MPLS in the Core, page VPC-27 • Determining if FIB Is Enabled in the Core, page VPC-27 • Configuring Multiprotocol BGP on the PE Routers and Route Reflectors, page VPC-28 Assessing the Needs of MPLS VPN Customers Before configuring an MPLS VPN, the core network topology must be identified so that it can best serve MPLS VPN customers. Perform this task to identify the core network topology. SUMMARY STEPS 1. Identify the size of the network. 2. Identify the routing protocols in the core. 3. Determine if MPLS High Availability support is required. 4. Determine if BGP load sharing and redundant paths are required.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 27 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Configuring Routing Protocols in the Core To configure a routing protocol, see the Cisco ASR 9000 Series Aggregation Services Routers Routing Configuration Guide. Configuring MPLS in the Core To enable MPLS on all routers in the core, you must configure a Label Distribution Protocol (LDP). You can use either of these as an LDP: • MPLS LDP—See the Implementing MPLS Label Distribution Protocol on Cisco ASR 9000 Series Routersfor configuration information. • MPLS Traffic Engineering Resource Reservation Protocol (RSVP)—See Implementing RSVP for MPLS-TE on Cisco ASR 9000 Series Routers module in this document for configuration information. Determining if FIB Is Enabled in the Core Forwarding Information Base (FIB) must be enabled on all routers in the core, including the provider edge (PE) routers. For information on how to determine if FIB is enabled, see the Implementing Cisco Express Forwarding on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide. Command or Action Purpose Step 1 Identify the size of the network. Identify these to determine the number of routers and ports required: • How many customers will be supported? • How many VPNs are required for each customer? • How many virtual routing and forwarding (VRF) instances are there for each VPN? Step 2 Identify the routing protocols in the core. Determine which routing protocols are required in the core network. Step 3 Determine if MPLS High Availability support is required. MPLS VPN nonstop forwarding and graceful restart are supported on select routers and Cisco IOS XR software releases. Step 4 Determine if BGP load sharing and redundant paths are required. Determine if BGP load sharing and redundant paths in the MPLS VPN core are required.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 28 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring Multiprotocol BGP on the PE Routers and Route Reflectors Perform this task to configure multiprotocol BGP (MP-BGP) connectivity on the PE routers and route reflectors. SUMMARY STEPS 1. configure 2. router bgp autonomous-system-number 3. address-family vpnv4 unicast 4. neighbor ip-address remote-as autonomous-system-number 5. address-family vpnv4 unicast end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Enters BGP configuration mode allowing you to configure the BGP routing process. Step 3 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast Enters VPNv4 address family configuration mode for the VPNv4 address family. Step 4 neighbor ip-address remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 29 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Connecting MPLS VPN Customers To connect MPLS VPN customers to the VPN, perform these tasks: • Defining VRFs on the PE Routers to Enable Customer Connectivity, page VPC-30 • Configuring VRF Interfaces on PE Routers for Each VPN Customer, page VPC-32 • Configuring BGP as the Routing Protocol Between the PE and CE Routers, page VPC-34 (optional) • Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers, page VPC-38 (optional) • Configuring Static Routes Between the PE and CE Routers, page VPC-41 (optional) • Configuring OSPF as the Routing Protocol Between the PE and CE Routers, page VPC-42 (optional) • Configuring EIGRP as the Routing Protocol Between the PE and CE Routers, page VPC-45 (optional) • Configuring EIGRP Redistribution in the MPLS VPN, page VPC-48 (optional) Step 5 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast Enters VPNv4 address family configuration mode for the VPNv4 address family. Step 6 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting (yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 30 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Defining VRFs on the PE Routers to Enable Customer Connectivity Perform this task to define VPN routing and forwarding (VRF) instances. SUMMARY STEPS 1. configure 2. vrf vrf-name 3. address-family ipv4 unicast 4. import route-policy policy-name 5. import route-target [as-number:nn | ip-address:nn] 6. export route-policy policy-name 7. export route-target [as-number:nn | ip-address:nn] 8. exit 9. exit 10. router bgp autonomous-system-number 11. vrf vrf-name 12. rd {as-number | ip-address | auto} 13. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config)# vrf vrf_1 Configures a VRF instance and enters VRF configuration mode. Step 3 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Enters VRF address family configuration mode for the IPv4 address family. Step 4 import route-policy policy-name Example: RP/0/RSP0/CPU0:router(config-vrf-af)# import route-policy policy_A Specifies a route policy that can be imported into the local VPN.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 31 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 5 import route-target [as-number:nn | ip-address:nn] Example: RP/0/RSP0/CPU0:router(config-vrf-af)# import route-target 120:1 Allows exported VPN routes to be imported into the VPN if one of the route targets of the exported route matches one of the local VPN import route targets. Step 6 export route-policy policy-name Example: RP/0/RSP0/CPU0:router(config-vrf-af)# export route-policy policy_B Specifies a route policy that can be exported from the local VPN. Step 7 export route-target [as-number:nn | ip-address:nn] Example: RP/0/RSP0/CPU0:router(config-vrf-af)# export route-target 120:2 Associates the local VPN with a route target. When the route is advertised to other provider edge (PE) routers, the export route target is sent along with the route as an extended community. Step 8 exit Example: RP/0/RSP0/CPU0:router(config-vrf-af)# exit Exits VRF address family configuration mode and returns the router to VRF configuration mode. Step 9 exit Example: RP/0/RSP0/CPU0:router(config-vrf)# exit Exits VRF configuration mode and returns the router to global configuration mode. Step 10 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Enters BGP configuration mode allowing you to configure the BGP routing process. Step 11 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_1 Configures a VRF instance and enters VRF configuration mode for BGP routing. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 32 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring VRF Interfaces on PE Routers for Each VPN Customer Perform this task to associate a VPN routing and forwarding (VRF) instance with an interface or a subinterface on the PE routers. Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is rejected. SUMMARY STEPS 1. configure 2. interface type interface-path-id 3. vrf vrf-name 4. ipv4 address ipv4-address mask 5. end or commit Step 12 rd {as-number | ip-address | auto} Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# rd auto Automatically assigns a unique route distinguisher (RD) to vrf_1. Step 13 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# end or RP/0/RSP0/CPU0:router(config-bgp-vrf)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 33 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 0/3/0/0 Enters interface configuration mode. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-if)# vrf vrf_A Configures a VRF instance and enters VRF configuration mode. Step 4 ipv4 address ipv4-address mask Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 address 192.168.1.27 255.255.255.0 Configures a primary IPv4 address for the specified interface. Step 5 end or commit Example: RP/0/RSP0/CPU0:router(config-if)# end or RP/0/RSP0/CPU0:router(config-if)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 34 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring BGP as the Routing Protocol Between the PE and CE Routers Perform this task to configure PE-to-CE routing sessions using BGP. SUMMARY STEPS 1. configure 2. router bgp autonomous-system-number 3. bgp router-id {ip-address} 4. vrf vrf-name 5. label-allocation-mode per-ce 6. address-family ipv4 unicast 7. redistribute connected [metric metric-value] [route-policy route-policy-name] or redistribute isis process-id [level {1 | 1-inter-area | 2}] [metric metric-value] [route-policy route-policy-name] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [route-policy route-policy-name] or redistribute static [metric metric-value] [route-policy route-policy-name] 8. aggregate-address address/mask-length [as-set] [as-confed-set] [summary-only] [route-policy route-policy-name] 9. network {ip-address/prefix-length | ip-address mask} [route-policy route-policy-name] 10. exit 11. neighbor ip-address 12. remote-as autonomous-system-number 13. password {clear | encrypted} password 14. ebgp-multihop [ttl-value] 15. address-family ipv4 unicast 16. allowas-in [as-occurrence-number] 17. route-policy route-policy-name in 18. route-policy route-policy-name out 19. end or commitImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 35 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process. Step 3 bgp router-id {ip-address} Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp router-id 192.168.70.24 Configures the local router with a router ID of 192.168.70.24. Step 4 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_1 Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for BGP routing. Step 5 label-allocation-mode per-ce Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# label-allocation-mode per-ce Sets the MPLS VPN label allocation mode for each customer edge (CE) label mode allowing the provider edge (PE) router to allocate one label for every immediate next-hop. Step 6 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# address-family ipv4 unicast Enters VRF address family configuration mode for the IPv4 address family. Step 7 redistribute connected [metric metric-value] [route-policy route-policy-name] or redistribute isis process-id [level {1 | 1-inter-area | 2}] [metric metric-value] [route-policy route-policy-name] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [route-policy route-policy-name] or redistribute static [metric metric-value] [route-policy route-policy-name] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# redistribute connected Causes routes to be redistributed into BGP. The routes that can be redistributed into BGP are: • Connected • Intermediate System-to-Intermediate System (IS-IS) • Open Shortest Path First (OSPF) • StaticImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 36 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 8 aggregate-address address/mask-length [as-set] [as-confed-set] [summary-only] [route-policy route-policy-name] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# aggregate-address 10.0.0.0/8 as-set Creates an aggregate address. The path advertised for this route is an autonomous system set consisting of all elements contained in all paths that are being summarized. • The as-set keyword generates autonomous system set path information and community information from contributing paths. • The as-confed-set keyword generates autonomous system confederation set path information from contributing paths. • The summary-only keyword filters all more specific routes from updates. • The route-policy route-policy-name keyword and argument specify the route policy used to set the attributes of the aggregate route. Step 9 network {ip-address/prefix-length | ip-address mask} [route-policy route-policy-name] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# network 172.20.0.0/16 Configures the local router to originate and advertise the specified network. Step 10 exit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# exit Exits VRF address family configuration mode and returns the router to VRF configuration mode for BGP routing. Step 11 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 172.168.40.24 Places the router in VRF neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as a BGP peer. Step 12 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number. Step 13 password {clear | encrypted} password Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# password clear pswd123 Configures neighbor 172.168.40.24 to use MD5 authentication with the password pswd123. Step 14 ebgp-multihop [ttl-value] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# ebgp-multihop Allows a BGP connection to neighbor 172.168.40.24. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 37 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 15 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 unicast Enters VRF neighbor address family configuration mode for BGP routing. Step 16 allowas-in [as-occurrence-number] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# allowas-in 3 Replaces the neighbor autonomous system number (ASN) with the PE ASN in the AS path three times. Step 17 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy In-Ipv4 in Applies the In-Ipv4 policy to inbound IPv4 unicast routes. Step 18 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy In-Ipv4 in Applies the In-Ipv4 policy to outbound IPv4 unicast routes. Step 19 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 38 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions using Routing Information Protocol version 2 (RIPv2). SUMMARY STEPS 1. configure 2. router rip 3. vrf vrf-name 4. interface type instance 5. site-of-origin {as-number:number | ip-address:number} 6. exit 7. redistribute bgp as-number [[external | internal | local] [route-policy name] or redistribute connected [route-policy name] or redistribute isis process-id [level-1 | level-1-2 | level-2] [route-policy name] or redistribute eigrp as-number [route-policy name] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [route-policy name] or redistribute static [route-policy name] 8. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router rip Example: RP/0/RSP0/CPU0:router(config)# router rip Enters the Routing Information Protocol (RIP) configuration mode allowing you to configure the RIP routing process. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-rip)# vrf vrf_1 Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for RIP routing.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 39 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 4 interface type instance Example: RP/0/RSP0/CPU0:router(config-rip-vrf)# interface GigabitEthernet 0/3/0/0 Enters VRF interface configuration mode. Step 5 site-of-origin {as-number:number | ip-address:number} Example: RP/0/RSP0/CPU0:router(config-rip-vrf-if)# site-of-origin 200:1 Identifies routes that have originated from a site so that the re-advertisement of that prefix back to the source site can be prevented. Uniquely identifies the site from which a PE router has learned a route. Step 6 exit Example: RP/0/RSP0/CPU0:router(config-rip-vrf-if)# exit Exits VRF interface configuration mode, and returns the router to VRF configuration mode for RIP routing. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 40 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 7 redistribute bgp as-number [[external | internal | local] [route-policy name] or redistribute connected [route-policy name] or redistribute eigrp as-number [route-policy name] or redistribute isis process-id [level-1 | level-1-2 | level-2] [route-policy name] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [route-policy name] or redistribute static [route-policy name] Example: RP/0/RSP0/CPU0:router(config-rip-vrf)# redistribute connected Causes routes to be redistributed into RIP. The routes that can be redistributed into RIP are: • Border Gateway Protocol (BGP) • Connected • Enhanced Interior Gateway Routing Protocol (EIGRP) • Intermediate System-to-Intermediate System (IS-IS) • Open Shortest Path First (OSPF) • Static Step 8 end or commit Example: RP/0/RSP0/CPU0:router(config-rip-vrf)# end or RP/0/RSP0/CPU0:router(config-rip-vrf)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 41 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring Static Routes Between the PE and CE Routers Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use static routes. Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is rejected. SUMMARY STEPS 1. configure 2. router static 3. vrf vrf-name 4. address-family ipv4 unicast 5. prefix/mask [vrf vrf-name] {ip-address | type interface-path-id} 6. prefix/mask [vrf vrf-name] bfd fast-detect 7. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router static Example: RP/0/RSP0/CPU0:router(config)# router static Enters static routing configuration mode allowing you to configure the static routing process. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-static)# vrf vrf_1 Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for static routing. Step 4 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-static-vrf)# address-family ipv4 unicast Enters VRF address family configuration mode for the IPv4 address family.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 42 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring OSPF as the Routing Protocol Between the PE and CE Routers Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Open Shortest Path First (OSPF). SUMMARY STEPS 1. configure 2. router ospf process-name 3. vrf vrf-name 4. router-id {router-id | type interface-path-id} 5. redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] Step 5 prefix/mask [vrf vrf-name] {ip-address | type interface-path-id} Example: RP/0/RSP0/CPU0:router(config-static-vrf-afi)# 172.168.40.24/24 vrf vrf_1 10.1.1.1 Assigns the static route to vrf_1. Step 6 prefix/mask [vrf vrf-name] bfd fast-detect Example: RP/0/RSP0/CPU0:router(config-static-vrf-afi)# 172.168.40.24/24 vrf vrf_1 bfd fast-detect Enables bidirectional forwarding detection (BFD) to detect failures in the path between adjacent forwarding engines. This option is available is when the forwarding router address is specified in Step 5. Step 7 end or commit Example: RP/0/RSP0/CPU0:router(config-static-vrf-afi)# end or RP/0/RSP0/CPU0:router(config-static-vrf-afi)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 43 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] 6. area area-id 7. interface type interface-path-id 8. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router ospf process-name Example: RP/0/RSP0/CPU0:router(config)# router ospf 109 Enters OSPF configuration mode allowing you to configure the OSPF routing process. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-ospf)# vrf vrf_1 Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for OSPF routing. Step 4 router-id {router-id | type interface-path-id} Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# router-id 172.20.10.10 Configures the router ID for the OSPF routing process.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 44 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 5 redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]]}[metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# redistribute connected Causes routes to be redistributed into OSPF. The routes that can be redistributed into OSPF are: • Border Gateway Protocol (BGP) • Connected • Enhanced Interior Gateway Routing Protocol (EIGRP) • OSPF • Static • Routing Information Protocol (RIP) Step 6 area area-id Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# area 0 Configures the OSPF area as area 0. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 45 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring EIGRP as the Routing Protocol Between the PE and CE Routers Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Enhanced Interior Gateway Routing Protocol (EIGRP). Using EIGRP between the PE and CE routers allows you to transparently connect EIGRP customer networks through an MPLS-enable Border Gateway Protocol (BGP) core network so that EIGRP routes are redistributed through the VPN across the BGP network as internal BGP (iBGP) routes. Prerequisites BGP must configured in the network. See the Implementing BGP on Cisco ASR 9000 Series Routers module in Cisco ASR 9000 Series Aggregation Services Routers Routing Configuration Guide. Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is rejected. Step 7 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-ospf-vrf-ar)# interface GigabitEthernet 0/3/0/0 Associates interface GigabitEthernet 0/3/0/0 with area 0. Step 8 end or commit Example: RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)# end or RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 46 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 SUMMARY STEPS 1. configure 2. router eigrp as-number 3. vrf vrf-name 4. address-family ipv4 5. router-id router-id 6. autonomous-system as-number 7. default-metric bandwidth delay reliability loading mtu 8. redistribute {{bgp | connected | isis | ospf| rip | static} [as-number | instance-name]} [route-policy name] 9. interface type interface-path-id 10. site-of-origin {as-number:number | ip-address:number} 11. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 24 Enters EIGRP configuration mode allowing you to configure the EIGRP routing process. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf_1 Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for EIGRP routing. Step 4 address-family ipv4 Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address family ipv4 Enters VRF address family configuration mode for the IPv4 address family. Step 5 router-id router-id Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# router-id 172.20.0.0 Configures the router ID for the Enhanced Interior Gateway Routing Protocol (EIGRP) routing process.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 47 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 6 autonomous-system as-number Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# autonomous-system 6 Configures the EIGRP routing process to run within a VRF. Step 7 default-metric bandwidth delay reliability loading mtu Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# default-metric 100000 4000 200 45 4470 Sets the metrics for an EIGRP. Step 8 redistribute {{bgp | connected | isis | ospf| rip | static} [as-number | instance-name]} [route-policy name] Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# redistribute connected Causes connected routes to be redistributed into EIGRP. Step 9 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# interface GigabitEthernet 0/3/0/0 Associates interface GigabitEthernet 0/3/0/0 with the EIGRP routing process. Step 10 site-of-origin {as-number:number | ip-address:number} Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# site-of-origin 201:1 Configures site of origin (SoO) on interface GigabitEthernet 0/3/0/0. Step 11 end or commit Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# end or RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 48 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring EIGRP Redistribution in the MPLS VPN Perform this task for every provider edge (PE) router that provides VPN services to enable Enhanced Interior Gateway Routing Protocol (EIGRP) redistribution in the MPLS VPN. Prerequisites The metric can be configured in the route-policy configuring using the redistribute command (or configured with the default-metric command). If an external route is received from another EIGRP autonomous system or a non-EIGRP network without a configured metric, the route is not installed in the EIGRP database. If an external route is received from another EIGRP autonomous system or a non-EIGRP network without a configured metric, the route is not advertised to the CE router. See the Implementing EIGRP on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Routers Routing Configuration Guide. Restrictions Redistribution between native EIGRP VPN routing and forwarding (VRF) instances is not supported. This behavior is designed. SUMMARY STEPS 1. configure 2. router eigrp as-number 3. vrf vrf-name 4. address-family ipv4 5. redistribute bgp [as-number] [route-policy policy-name] 6. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 24 Enters EIGRP configuration mode allowing you to configure the EIGRP routing process. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf_1 Configures a VRF instance and enters VRF configuration mode for EIGRP routing.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 49 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 4 address-family ipv4 Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address family ipv4 Enters VRF address family configuration mode for the IPv4 address family. Step 5 redistribute bgp [as-number] [route-policy policy-name] Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# redistribute bgp 24 route-policy policy_A Causes Border Gateway Protocol (BGP) routes to be redistributed into EIGRP. Step 6 end or commit Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# end or RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 50 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels Note This section is not applicable to Inter-AS over IP tunnels. This section contains instructions for these tasks: • Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels, page VPC-50 • Configuring the Route Reflectors to Exchange VPN-IPv4 Routes, page VPC-53 • Configuring the Route Reflector to Reflect Remote Routes in its AS, page VPC-56 Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels Perform this task to configure the autonomous system boundary routers (ASBRs) to exchange IPv4 routes and MPLS labels. SUMMARY STEPS 1. configure 2. router bgp autonomous-system-number 3. address-family ipv4 unicast 4. allocate-label all 5. neighbor ip-address 6. remote-as autonomous-system-number 7. address-family ipv4 labeled-unicast 8. route-policy route-policy-name in 9. route-policy route-policy-name out 10. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)# Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 51 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 3 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)# Enters global address family configuration mode for the IPv4 unicast address family. Step 4 allocate-label all Example: RP/0/RSP0/CPU0:router(config-bgp-af)# allocate-label all Allocates the MPLS labels for a specific IPv4 unicast or VPN routing and forwarding (VRF) IPv4 unicast routes so that the BGP router can send labels with BGP routes to a neighboring router that is configured for a labeled-unicast session. Step 5 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 172.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as a BGP peer. Step 6 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number. Step 7 address-family ipv4 labeled-unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af) Enters neighbor address family configuration mode for the IPv4 labeled-unicast address family. Step 8 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in Applies a routing policy to updates that are received from a BGP neighbor. • Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. • Use the in keyword to define the policy for inbound routes. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 52 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 9 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out Applies a routing policy to updates that are sent to a BGP neighbor. • Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. • Use the out keyword to define the policy for outbound routes. Step 10 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 53 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring the Route Reflectors to Exchange VPN-IPv4 Routes Perform this task to enable the route reflectors to exchange VPN-IPv4 routes by using multihop. This task specifies that the next-hop information and the VPN label are to be preserved across the autonomous system. SUMMARY STEPS 1. configure 2. router bgp autonomous-system-number 3. neighbor ip-address 4. remote-as autonomous-system-number 5. ebgp-multihop [ttl-value] 6. update-source type interface-path-id 7. address-family vpnv4 unicast 8. route-policy route-policy-name in 9. route-policy route-policy-name out 10. next-hop-unchanged 11. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)# Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process. Step 3 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as a BGP peer. Step 4 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 54 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 5 ebgp-multihop [ttl-value] Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# ebgp-multihop Enables multihop peerings with external BGP neighbors. Step 6 update-source type interface-path-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0 Allows BGP sessions to use the primary IP address from a particular interface as the local address. Step 7 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Configures VPNv4 address family. Step 8 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in Applies a routing policy to updates that are received from a BGP neighbor. • Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. • Use the in keyword to define the policy for inbound routes. Step 9 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out Applies a routing policy to updates that are sent to a BGP neighbor. • Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. • Use the out keyword to define the policy for outbound routes. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 55 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 10 next-hop-unchanged Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# next-hop-unchanged Disables overwriting of the next hop before advertising to external Border Gateway Protocol (eBGP) peers. Step 11 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 56 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring the Route Reflector to Reflect Remote Routes in its AS Perform this task to enable the route reflector (RR) to reflect the IPv4 routes and labels learned by the autonomous system boundary router (ASBR) to the provider edge (PE) routers in the autonomous system. This task is accomplished by making the ASBR and PE route reflector clients of the RR. SUMMARY STEPS 1. configure 2. router bgp autonomous-system-number 3. address-family ipv4 unicast 4. allocate-label all 5. neighbor ip-address 6. remote-as autonomous-system-number 7. update-source type interface-path-id 8. address-family ipv4 labeled-unicast 9. route-reflector-client 10. neighbor ip-address 11. remote-as autonomous-system-number 12. update-source type interface-path-id 13. address-family ipv4 labeled-unicast 14. route-reflector-client 15. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process. Step 3 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)# Enters global address family configuration mode for the IPv4 unicast address family.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 57 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 4 allocate-label all Example: RP/0/RSP0/CPU0:router(config-bgp-af)# allocate-label all Allocates the MPLS labels for a specific IPv4 unicast or VPN routing and forwarding (VRF) IPv4 unicast routes so that the BGP router can send labels with BGP routes to a neighboring router that is configured for a labeled-unicast session. Step 5 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 172.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as an ASBR eBGP peer. Step 6 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number. Step 7 update-source type interface-path-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0 Allows BGP sessions to use the primary IP address from a particular interface as the local address. Step 8 address-family ipv4 labeled-unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Enters neighbor address family configuration mode for the IPv4 labeled-unicast address family. Step 9 route-reflector-client Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-reflector-client Configures the router as a BGP route reflector and neighbor 172.168.40.24 as its client. Step 10 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# neighbor 10.40.25.2 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 10.40.25.2 as an VPNv4 iBGP peer. Step 11 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 58 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 12 update-source type interface-path-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0 Allows BGP sessions to use the primary IP address from a particular interface as the local address. Step 13 address-family ipv4 labeled-unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Enters neighbor address family configuration mode for the IPv4 labeled-unicast address family. Step 14 route-reflector-client Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-reflector-client Configures the neighbor as a route reflector client. Step 15 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 59 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses This section contains instructions for these tasks: • Configuring the ASBRs to Exchange VPN-IPv4 Addresses, page VPC-59 • Configuring a Static Route to an ASBR Peer, page VPC-62 • Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a Confederation, page VPC-64 • Configuring MPLS Forwarding for ASBR Confederations, page VPC-66 • Configuring a Static Route to an ASBR Confederation Peer, page VPC-68 Configuring the ASBRs to Exchange VPN-IPv4 Addresses Perform this task to configure an external Border Gateway Protocol (eBGP) autonomous system boundary router (ASBR) to exchange VPN-IPv4 routes with another autonomous system. SUMMARY STEPS 1. configure 2. router bgp autonomous-system-number 3. address-family vpnv4 unicast 4. retain route-target {all | route-policy route-policy-name} 5. neighbor ip-address 6. remote-as autonomous-system-number 7. address-family vpnv4 unicast 8. route-policy route-policy-name in 9. route-policy route-policy-name out 10. neighbor ip-address 11. remote-as autonomous-system-number 12. update-source type interface-path-id 13. address-family vpnv4 unicast 14. end or commitImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 60 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)# Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process. Step 3 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)# Configures VPNv4 address family. Step 4 retain route-target {all | route-policy route-policy-name} Example: RP/0/RSP0/CPU0:router(config-bgp-af)# retain route-target route-policy policy1 Retrieves VPNv4 table from PE routers. The retain route-target command is required on an Inter-AS option B ASBR. You can use this command with either all or route-policy keyword Step 5 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 172.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as an ASBR eBGP peer. Step 6 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number. Step 7 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Configures VPNv4 address family.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 61 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 8 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in Applies a routing policy to updates that are received from a BGP neighbor. • Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. • Use the in keyword to define the policy for inbound routes. Step 9 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out Applies a routing policy to updates that are sent from a BGP neighbor. • Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. • Use the out keyword to define the policy for outbound routes. Step 10 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# neighbor 10.40.25.2 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 10.40.25.2 as an VPNv4 iBGP peer. Step 11 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number. Step 12 update-source type interface-path-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0 Allows BGP sessions to use the primary IP address from a particular interface as the local address. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 62 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring a Static Route to an ASBR Peer Perform this task to configure a static route to an ASBR peer. SUMMARY STEPS 1. configure 2. router static 3. address-family ipv4 unicast 4. A.B.C.D/length next-hop 5. end or commit Step 13 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Configures VPNv4 address family. Step 14 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 63 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router static Example: RP/0/RSP0/CPU0:router(config)# router static RP/0/RSP0/CPU0:router(config-static)# Enters router static configuration mode. Step 3 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-static)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-static-afi)# Enables an IPv4 address family. Step 4 A.B.C.D/length next-hop Example: RP/0/RSP0/CPU0:router(config-static-afi)# 10.10.10.10/32 10.9.9.9 Enters the address of the destination router (including IPv4 subnet mask). Step 5 end or commit Example: RP/0/RSP0/CPU0:router(config-static-afi)# end or RP/0/RSP0/CPU0:router(config-static-afi)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 64 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a Confederation Perform this task to configure external Border Gateway Protocol (eBGP) routing to exchange VPN routes between subautonomous systems in a confederation. Note To ensure that host routes for VPN-IPv4 eBGP neighbors are propagated (by means of the Interior Gateway Protocol [IGP]) to other routers and PE routers, specify the redistribute connected command in the IGP configuration portion of the confederation eBGP (CEBGP) router. If you are using Open Shortest Path First (OSPF), make sure that the OSPF process is not enabled on the CEBGP interface in which the “redistribute connected” subnet exists. SUMMARY STEPS 1. configure 2. router bgp autonomous-system-number 3. bgp confederation peers peer autonomous-system-number 4. bgp confederation identifier autonomous-system-number 5. address-family vpnv4 unicast 6. neighbor ip-address 7. remote-as autonomous-system-number 8. address-family vpnv4 unicast 9. route-policy route-policy-name in 10. route-policy route-policy-name out 11. next-hop-self 12. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)# Enters BGP configuration mode allowing you to configure the BGP routing process.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 65 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 3 bgp confederation peers peer autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation peers 8 Configures the peer autonomous system number that belongs to the confederation. Step 4 bgp confederation identifier autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation identifier 5 Specifies the autonomous system number for the confederation ID. Step 5 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)# Configures VPNv4 address family. Step 6 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 10.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 10.168.40.24 as a BGP peer. Step 7 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number. Step 8 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Configures VPNv4 address family. Step 9 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy In-Ipv4 in Applies a routing policy to updates received from a BGP neighbor. Step 10 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy Out-Ipv4 out Applies a routing policy to updates advertised to a BGP neighbor. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 66 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring MPLS Forwarding for ASBR Confederations Perform this task to configure MPLS forwarding for autonomous system boundary router (ASBR) confederations (in BGP) on a specified interface. Note This configuration adds the implicit NULL rewrite corresponding to the peer associated with the interface, which is required to prevent BGP from automatically installing rewrites by LDP (in multihop instances). SUMMARY STEPS 1. configure 2. router bgp as-number 3. mpls activate 4. interface type interface-path-id 5. end or commit Step 11 next-hop-self Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# next-hop-self Disables next-hop calculation and let you insert your own address in the next-hop field of BGP updates. Step 12 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 67 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp) Enters BGP configuration mode allowing you to configure the BGP routing process. Step 3 mpls activate Example: RP/0/RSP0/CPU0:router(config-bgp)# mpls activate RP/0/RSP0/CPU0:router(config-bgp-mpls)# Enters BGP MPLS activate configuration mode. Step 4 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-bgp-mpls)# interface GigabitEthernet 0/3/0/0 Enables MPLS on the interface. Step 5 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-mpls)# end or RP/0/RSP0/CPU0:router(config-bgp-mpls)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 68 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring a Static Route to an ASBR Confederation Peer Perform this task to configure a static route to an Inter-AS confederation peer. For more detailed information, see “Configuring a Static Route to a Peer” section on page MPC-78. SUMMARY STEPS 1. configure 2. router static 3. address-family ipv4 unicast 4. A.B.C.D/length next-hop 5. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router static Example: RP/0/RSP0/CPU0:router(config)# router static RP/0/RSP0/CPU0:router(config-static)# Enters router static configuration mode. Step 3 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-static)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-static-afi)# Enables an IPv4 address family.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 69 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 4 A.B.C.D/length next-hop Example: RP/0/RSP0/CPU0:router(config-static-afi)# 10.10.10.10/32 10.9.9.9 Enters the address of the destination router (including IPv4 subnet mask). Step 5 end or commit Example: RP/0/RSP0/CPU0:router(config-static-afi)# end or RP/0/RSP0/CPU0:router(config-static-afi)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 70 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring Carrier Supporting Carrier Perform the tasks in this section to configure Carrier Supporting Carrier (CSC): • Identifying the Carrier Supporting Carrier Topology, page VPC-70 • Configuring the Backbone Carrier Core, page VPC-71 • Configuring the CSC-PE and CSC-CE Routers, page VPC-71 • Configuring a Static Route to a Peer, page VPC-78 Identifying the Carrier Supporting Carrier Topology Before you configure the MPLS VPN CSC with BGP, you must identify both the backbone and customer carrier topology. Note You can connect multiple CSC-CE routers to the same PE, or you can connect a single CSC-CE router to multiple CSC-PEs using more than one CSC-CE interface to provide redundancy and multiple path support in a CSC topology. Perform this task to identify the carrier supporting carrier topology. SUMMARY STEPS 1. Identify the type of customer carrier, ISP, or MPLS VPN service provider. 2. Identify the CE routers. 3. Identify the customer carrier core router configuration. 4. Identify the customer carrier edge (CSC-CE) routers. 5. Identify the backbone carrier router configuration. DETAILED STEPS Command or Action Purpose Step 1 Identify the type of customer carrier, ISP, or MPLS VPN service provider. Sets up requirements for configuration of carrier supporting carrier network. Step 2 Identify the CE routers. Sets up requirements for configuration of CE to PE connections. Step 3 Identify the customer carrier core router configuration. Sets up requirements for configuration between core (P) routers and between P routers and edge routers (PE and CSC-CE routers). Step 4 Identify the customer carrier edge (CSC-CE) routers. Sets up requirements for configuration of CSC-CE to CSC-PE connections. Step 5 Identify the backbone carrier router configuration. Sets up requirements for configuration between CSC core routers and between CSC core routers and edge routers (CSC-CE and CSC-PE routers).Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 71 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring the Backbone Carrier Core Configuring the backbone carrier core requires setting up connectivity and routing functions for the CSC core and the CSC-PE routers. To do so, you must complete these high-level tasks: • Verify IP connectivity in the CSC core. • Verify LDP configuration in the CSC core. Note This task is not applicable to CSC over IP tunnels. • Configure VRFs for CSC-PE routers. • Configure multiprotocol BGP for VPN connectivity in the backbone carrier. Configuring the CSC-PE and CSC-CE Routers Perform these tasks to configure links between a CSC-PE router and the carrier CSC-CE router for an MPLS VPN CSC network that uses BGP to distribute routes and MPLS labels: • Configuring a CSC-PE • Configuring a CSC-CE Figure 6 shows the configuration for the peering with directly connected interfaces between CSC-PE and CSC-CE routers. This configuration is used as the example in the tasks that follow. Figure 6 Configuration for Peering with Directly Connected Interfaces Between CSC-PE and CSC-CE Routers Configuring a CSC-PE Perform this task to configure a CSC-PE. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family vpnv4 unicast 4. neighbor A.B.C.D 5. remote-as as-number 6. update-source type interface-path-id 7. address-family vpnv4 unicast 8. vrf vrf-name 9. rd {as-number:nn | ip-address:nn | auto} CSC-CE e1/0 e1/0 10.0.0.1 10.0.0.2 CSC-PE 121190Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 72 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 10. address-family ipv4 unicast 11. allocate-label all 12. neighbor A.B.C.D 13. remote-as as-number 14. address-family ipv4 labeled-unicast 15. route-policy route-policy-name in 16. route-policy route-policy-name out 17. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 2 RP/0/RSP0/CPU0:router(config-bgp)# Configures a BGP routing process and enters router configuration mode. • Range for 2-byte numbers is 1 to 65535. Range for 4-byte numbers is 1.0 to 65535.65535. Step 3 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)# Configures VPNv4 address family. Step 4 neighbor A.B.C.D Example: RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 10.10.10.0 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Configures the IP address for the BGP neighbor. Step 5 remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 888 Configures the AS number for the BGP neighbor. Step 6 update-source type interface-path-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0 Allows BGP sessions to use the primary IP address from a particular interface as the local address.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 73 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 7 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Configures VPNv4 unicast address family. Step 8 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# vrf 9999 RP/0/RSP0/CPU0:router(config-bgp-vrf)# Configures a VRF instance. Step 9 rd {as-number:nn | ip-address:nn | auto} Example: RP/0/RSP0/CPU0:router(onfig-bgp-vrf)# rd auto Configures a route distinguisher. Note Use the auto keyword to automatically assign a unique route distinguisher. Step 10 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# Configures IPv4 unicast address family. Step 11 allocate-label all Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# allocate-label all Allocate labels for all local prefixes and prefixes received with labels. Step 12 neighbor A.B.C.D Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# neighbor 10.10.10.0 RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# Configures the IP address for the BGP neighbor. Step 13 remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# remote-as 888 Enables the exchange of information with a neighboring BGP router. Step 14 address-family ipv4 labeled-unicast Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# Configures IPv4 labeled-unicast address family. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 74 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 15 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy pass-all in Applies the pass-all policy to all inbound routes. Step 16 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy pass-all out Applies the pass-all policy to all outbound routes. Step 17 end or commit Example: RP/0/RSP0/CPU0:router(cconfig-bgp-vrf-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 75 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring a CSC-CE Perform this task to configure a CSC-CE. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family ipv4 unicast 4. redistribute ospf instance-number 5. allocate-label route-policy route-policy-name 6. exit 7. neighbor A.B.C.D 8. remote-as as-number 9. address-family ipv4 labeled-unicast 10. route-policy route-policy-name in 11. route-policy route-policy-name out 12. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 1 Configures a BGP routing process and enters router configuration mode. • Range for 2-byte numbers is 1 to 65535. Range for 4-byte numbers is 1.0 to 65535.65535. Step 3 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast Configures IPv4 unicast address-family. Step 4 redistribute ospf instance-number Example: RP/0/RSP0/CPU0:router(config-router-af)# redistribute ospf 1 Redistributes OSPF routes into BGP.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 76 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 5 allocate-label route-policy route-policy-name Example: RP/0/RSP0/CPU0:router(config-router-af)# allocate-label route-policy internal-routes Allocates labels for those routes that match the route policy. These labeled routes are advertised to neighbors configured with address-family ipv4 labeled-unicast. Step 6 exit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# exit Exits the current configuration mode. Step 7 neighbor A.B.C.D Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.0.1 Configures the IP address for the BGP neighbor. Step 8 remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1 Enables the exchange of information with a neighboring BGP router. Step 9 address-family ipv4 labeled-unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Configures IPv4 labeled-unicast address family. Step 10 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in Applies the route-policy to all inbound routes. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 77 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 11 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out Applies the route-policy to all outbound routes. Step 12 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end or RP/0/RSP0/CPU0:router(config-bgp)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 78 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring a Static Route to a Peer Perform this task to configure a static route to an Inter-AS or CSC-CE peer. When you configure an Inter-AS or CSC peer, BGP allocates a label for a /32 route to that peer and performs a NULL label rewrite. When forwarding a labeled packet to the peer, the router removes the top label from the label stack; however, in such an instance, BGP expects a /32 route to the peer. This task ensures that there is, in fact, a /32 route to the peer. Please be aware of these facts before performing this task: • A /32 route is not required to establish BGP peering. A route using a shorter prefix length will also work. • A shorter prefix length route is not associated with the allocated label; even though the BGP session comes up between the peers, without the static route, forwarding will not work. Note To configure a static route on a CSC-PE, you must configure the router under the VRF (as noted in the detailed steps). SUMMARY STEPS 1. configure 2. router static 3. address-family ipv4 unicast 4. A.B.C.D/length next-hop 5. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router(config)# configure Enters global configuration mode. Step 2 router static Example: RP/0/RSP0/CPU0:router(config)# router static Enters router static configuration mode. Step 3 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-static)# address-family ipv4 unicast Enables an IPv4 address family. Note To configure a static route on a CSC-PE, you must first configure the VRF using the vrf command before address-family. Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 79 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 4 A.B.C.D/length next-hop Example: RP/0/RSP0/CPU0:router(config-static-afi)# 10.10.10.10/32 10.9.9.9 Enters the address of the destination router (including IPv4 subnet mask). Step 5 end or commit Example: RP/0/RSP0/CPU0:router(config-static-af)# end or RP/0/RSP0/CPU0:router(config-static-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 80 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Verifying the MPLS Layer 3 VPN Configuration Perform this task to verify the MPLS Layer 3 VPN configuration. SUMMARY STEPS 1. show running-config router bgp as-number vrf vrf-name 2. show running-config routes 3. show ospf vrf vrf-name database 4. show running-config router bgp as-number vrf vrf-name neighbor ip-address 5. show bgp vrf vrf-name summary 6. show bgp vrf vrf-name neighbors ip-address 7. show bgp vrf vrf-name 8. show route vrf vrf-name ip-address 9. show bgp vpn unicast summary 10. show running-config router isis 11. show running-config mpls 12. show isis adjacency 13. show mpls ldp forwarding 14. show bgp vpnv4 unicast show bgp vrf vrf-name 15. show bgp vrf vrf-name imported-routes 16. show route vrf vrf-name ip-address 17. show cef vrf vrf-name ip-address 18. show cef vrf vrf-name ip-address location node-id 19. show bgp vrf vrf-name ip-address 20. show ospf vrf vrf-name database DETAILED STEPS Command or Action Purpose Step 1 show running-config router bgp as-number vrf vrf-name Example: RP/0/RSP0/CPU0:router# show running-config router bgp 3 vrf vrf_A Displays the specified VPN routing and forwarding (VRF) content of the currently running configuration. Step 2 show running-config routes Example: RP/0/RSP0/CPU0:router# show running-config routes Displays the Open Shortest Path First (OSPF) routes table in the currently running configuration.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 81 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 3 show ospf vrf vrf-name database Example: RP/0/RSP0/CPU0:router# show ospf vrf vrf_A database Displays lists of information related to the OSPF database for a specified VRF. Step 4 show running-config router bgp as-number vrf vrf-name neighbor ip-address Example: RP/0/RSP0/CPU0:router# show running-config router bgp 3 vrf vrf_A neighbor 172.168.40.24 Displays the Border Gateway Protocol (BGP) VRF neighbor content of the currently running configuration. Step 5 show bgp vrf vrf-name summary Example: RP/0/RSP0/CPU0:router# show bgp vrf vrf_A summary Displays the status of the specified BGP VRF connections. Step 6 show bgp vrf vrf-name neighbors ip-address Example: RP/0/RSP0/CPU0:router# show bgp vrf vrf_A neighbors 172.168.40.24 Displays information about BGP VRF connections to the specified neighbors. Step 7 show bgp vrf vrf-name Example: RP/0/RSP0/CPU0:router# show bgp vrf vrf_A Displays information about a specified BGP VRF. Step 8 show route vrf vrf-name ip-address Example: RP/0/RSP0/CPU0:router# show route vrf vrf_A 10.0.0.0 Displays the current routes in the Routing Information Base (RIB) for a specified VRF. Step 9 show bgp vpn unicast summary Example: RP/0/RSP0/CPU0:router# show bgp vpn unicast summary Displays the status of all BGP VPN unicast connections. Step 10 show running-config router isis Example: RP/0/RSP0/CPU0:router# show running-config router isis Displays the Intermediate System-to-Intermediate System (IS-IS) content of the currently running configuration. Step 11 show running-config mpls Example: RP/0/RSP0/CPU0:router# show running-config mpls Displays the MPLS content of the currently running-configuration. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 82 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 12 show isis adjacency Example: RP/0/RSP0/CPU0:router# show isis adjacency Displays IS-IS adjacency information. Step 13 show mpls ldp forwarding Example: RP/0/RSP0/CPU0:router# show mpls ldp forwarding Displays the Label Distribution Protocol (LDP) forwarding state installed in MPLS forwarding. Step 14 show bgp vpnv4 unicast Example: RP/0/RSP0/CPU0:router# show bgp vpnv4 unicast Displays entries in the BGP routing table for VPNv4 unicast addresses. Step 15 show bgp vrf vrf-name Example: RP/0/RSP0/CPU0:router# show bgp vrf vrf_A Displays entries in the BGP routing table for VRF vrf_A. Step 16 show bgp vrf vrf-name imported-routes Example: RP/0/RSP0/CPU0:router# show bgp vrf vrf_A imported-routes Displays BGP information for routes imported into specified VRF instances. Step 17 show route vrf vrf-name ip-address Example: RP/0/RSP0/CPU0:router# show route vrf vrf_A 10.0.0.0 Displays the current specified VRF routes in the RIB. Step 18 show cef vrf vrf-name ip-address Example: RP/0/RSP0/CPU0:router# show cef vrf vrf_A 10.0.0.1 Displays the IPv4 Cisco Express Forwarding (CEF) table for a specified VRF. Step 19 show cef vrf vrf-name ip-address location node-id Example: RP/0/RSP0/CPU0:router# show cef vrf vrf_A 10.0.0.1 location 0/1/cpu0 Displays the IPv4 CEF table for a specified VRF and location. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 83 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring L3VPN over GRE Perform the following tasks to configure L3VPN over GRE: • Creating a GRE Tunnel between Provider Edge Routers • Configuring IGP between Provider Edge Routers • Configuring LDP/GRE on the Provider Edge Routers • Configuring L3VPN Creating a GRE Tunnel between Provider Edge Routers Perform this task to configure a GRE tunnel between provider edge routers. SUMMARY STEPS 1. configure 2. interface tunnel-ip number 3. ipv4 address ipv4-address subnet-mask 4. ipv6 address ipv6-prefix/prefix-length 5. tunnel mode gre ipv4 6. tunnel source type number 7. tunnel destination ip-address 8. end or commit Step 20 show bgp vrf vrf-name ip-address Example: RP/0/RSP0/CPU0:router# show bgp vrf vrf_A 10.0.0.0 Displays entries in the BGP routing table for VRF vrf_A. Step 21 show ospf vrf vrf-name database Example: RP/0/RSP0/CPU0:router# show ospf vrf vrf_A database Displays lists of information related to the OSPF database for a specified VRF. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 84 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 interface tunnel-ip number Example: RP/0/RSP0/CPU0:router(config)# interface tunnel-ip 4000 Enters tunnel interface configuration mode. • number is the number associated with the tunnel interface. Step 3 ipv4 address ipv4-address subnet-mask Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 address 10.1.1.1 255.255.255.0 Specifies the IPv4 address and subnet mask for the interface. • ipv4-address specifies the IP address of the interface. • subnet-mask specifies the subnet mask of the interface. Step 4 ipv6 address ipv6-prefix/prefix-length Example: RP/0/RSP0/CPU0:router(config-if)# ipv6 address 100:1:1:1::1/64 Specifies an IPv6 network assigned to the interface. Step 5 tunnel mode gre ipv4 Example: RP/0/RSP0/CPU0:router(config-if)# tunnel mode gre ipv4 Sets the encapsulation mode of the tunnel interface to GRE. Step 6 tunnel source type path-id Example: RP/0/RSP0/CPU0:router(config-if)# tunnel source TenGigE0/2/0/1 Specifies the source of the tunnel interface. Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 85 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring IGP between Provider Edge Routers Perform this task to configure IGP between provider edge routers. SUMMARY STEPS 1. configure 2. router ospf process-name 3. nsr 4. router-id {router-id} 5. mpls ldp sync 6. dead-interval seconds 7. hello-interval seconds 8. area area-id 9. interface tunnel-ip number 10. end or commit Step 7 tunnel destination ip-address Example: RP/0/RSP0/CPU0:router(config-if)# tunnel destination 145.12.5.2 Defines the tunnel destination. Step 8 end or commit Example: RP/0/RSP0/CPU0:router(config-if)# end or RP/0/RSP0/CPU0:router(config-if)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 86 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router ospf process-name Example: RP/0/RSP0/CPU0:router(config)# router ospf 1 Enables OSPF routing for the specified routing process and places the router in router configuration mode. Step 3 nsr Example: RP/0/RSP0/CPU0:router(config-ospf)# nsr Activates BGP NSR. Step 4 router-id {router-id} Example: RP/0/RSP0/CPU0:router(config-ospf)# router-id 1.1.1.1 Configures a router ID for the OSPF process. Note We recommend using a stable IP address as the router ID. Step 5 mpls ldp sync Example: RP/0/RSP0/CPU0:router(config-ospf)# mpls ldp sync Enables MPLS LDP synchronization. Step 6 dead-interval seconds Example: RP/0/RSP0/CPU0:router(config-ospf)# dead-interval 60 Sets the time to wait for a hello packet from a neighbor before declaring the neighbor down. Step 7 hello-interval seconds Example: RP/0/RSP0/CPU0:router(config-ospf)# hello-interval 15 Specifies the interval between hello packets that OSPF sends on the interface. Step 8 area area-id Example: RP/0/RSP0/CPU0:router(config-ospf)# area 0 Enters area configuration mode and configures an area for the OSPF process.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 87 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring LDP/GRE on the Provider Edge Routers Perform this task to configure LDP/GRE on the provider edge routers. SUMMARY STEPS 1. configure 2. mpls ldp 3. router-id {router-id} 4. discovery hello holdtime seconds 5. discovery hello interval seconds 6. nsr 7. graceful-restart 8. graceful-restart reconnect-timeout seconds 9. graceful-restart forwarding-state-holdtime seconds 10. holdtime seconds 11. neighbor ip-address 12. interface tunnel-ip number Step 9 interface tunnel-ip number Example: RP/0/RSP0/CPU0:router(config-ospf)# interface tunnel-ip 4 Enters tunnel interface configuration mode. • number is the number associated with the tunnel interface. Step 10 end or commit Example: RP/0/RSP0/CPU0:router(config-ospf)# end or RP/0/RSP0/CPU0:router(config-ospf)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 88 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 13. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 mpls ldp Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Enables MPLS LDP configuration mode. Step 3 router-id {router-id} Example: RP/0/RSP0/CPU0:router(config-ldp)# router-id 1.1.1.1 Configures a router ID for the OSPF process. Note We recommend using a stable IP address as the router ID. Step 4 discovery hello holdtime seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# discovery hello holdtime 40 Defines the period of time a discovered LDP neighbor is remembered without receipt of an LDP Hello message from the neighbor. Step 5 discovery hello interval seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# discovery hello holdtime 20 Defines the period of time between the sending of consecutive Hello messages. Step 6 nsr Example: RP/0/RSP0/CPU0:router(config-ldp)# nsr Activates BGP NSR. Step 7 graceful-restart Example: RP/0/RSP0/CPU0:router(config-ldp)# graceful-restart Enables graceful restart on the router. Step 8 graceful-restart reconnect-timeout seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# graceful-restart recoonect-timeout 180 Defines the time for which the neighbor should wait for a reconnection if the LDP session is lost. Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 89 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring L3VPN Perform this task to configure L3VPN. SUMMARY STEPS 1. configure 2. vrf vrf-name Step 9 graceful-restart forwarding-state-holdtime seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# graceful-restart forwarding-state-holdtime 300 Defines the time that the neighbor should retain the MPLS forwarding state during a recovery. Step 10 holdtime seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# holdtime 90 Configures the hold time for an interface. Step 11 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-ldp)# neighbor 10.1.1.0 Defines a neighboring router. Step 12 interface tunnel-ip number Example: RP/0/RSP0/CPU0:router(config-ldp)# interface tunnel-ip 4 Enters tunnel interface configuration mode. • number is the number associated with the tunnel interface. Step 13 end or commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end or RP/0/RSP0/CPU0:router(config-ldp)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 90 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 3. address-family { ipv4 | ipv6 } unicast 4. import route-target [as-number:nn | ip-address:nn] 5. export route-target [as-number:nn | ip-address:nn] 6. interface type interface-path-id 7. vrf vrf-name 8. ipv4 address ipv4-address subnet-mask 9. dot1q vlan vlan-id 10. router bgp process-name 11. nsr 12. bgp router-id ip-address 13. address-family {vpnv4 | vpnv6} unicast 14. neighbor ip-address 15. remote-as as-number 16. update-source type interface-path-id 17. address-family {vpnv4 | vpnv6} unicast 18. route-policy policy-name in 19. route-policy policy-name out 20. vrf vrf-name 21. rd {as-number:nn | ip-address:nn | auto} 22. address-family {ipv4 | ipv6} unicast 23. redistribute connected [metric metric-value] [route-policy route-policy-name] 24. redistribute static [metric metric-value] [route-policy route-policy-name] 25. neighbor ip-address 26. remote-as as-number 27. ebgp-multihop ttl-value 28. address-family {ipv4 | ipv6} unicast 29. route-policy policy-name in 30. route-policy policy-name out 31. end or commitImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 91 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config)# vrf vpn1 Configures a VRF instance. Step 3 address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family { ipv4 | ipv6 } unicast Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. Step 4 import route-target [as-number:nn | ip-address:nn] Example: RP/0/RSP0/CPU0:router(config-vrf)# import route-target 2:1 Specifies a list of route target (RT) extended communities. Only prefixes that are associated with the specified import route target extended communities are imported into the VRF. Step 5 export route-target [as-number:nn | ip-address:nn] Example: RP/0/RSP0/CPU0:router(config-vrf)# export route-target 1:1 Specifies a list of route target extended communities. Export route target communities are associated with prefixes when they are advertised to remote PEs. The remote PEs import them into VRFs which have import RTs that match these exported route target communities. Step 6 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config)#interface TenGigE0/2/0/0.1 Enters interface configuration mode and configures an interface. Step 7 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-if)# vrf vpn1 Configures a VRF instance. Step 8 ipv4 address ipv4-address subnet-mask Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 address 150.1.1.1 255.255.255.0 Specifies the IPv4 address and subnet mask for the interface. • ipv4-address specifies the IP address of the interface. • subnet-mask specifies the subnet mask of the interface. Step 9 dot1q native vlan vlan-id Example: RP/0/RSP0/CPU0:router(config-if)# dot1q native vlan 1 Assigns the native VLAN ID of a physical interface trunking 802.1Q VLAN traffic.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 92 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 10 router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. Step 11 nsr Example: RP/0/RSP0/CPU0:router(config-bgp)# nsr Activates BGP NSR. Step 12 bgp router-id ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp router-id 1.1.1.1 Configures the local router with a specified router ID. Step 13 address-family {vpnv4 | vpnv6} unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast Enters address family configuration submode for the specified address family. Step 14 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 4.4.4.4 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. Step 15 remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)#remote-as 1 Creates a neighbor and assigns a remote autonomous system number to it. Step 16 update-source type interface-path-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)#update-so urce Loopback0 Allows sessions to use the primary IP address from a specific interface as the local address when forming a session with a neighbor. Step 17 address-family {vpnv4 | vpnv6} unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast Enters address family configuration submode for the specified address family. Step 18 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy pass-all in Defines a route policy and enters route policy configuration mode. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 93 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 19 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy pass-all out Defines a route policy and enters route policy configuration mode. Step 20 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config)# vrf vpn1 Configures a VRF instance. Step 21 rd {as-number:nn | ip-address:nn | auto} Example: RP/0/RSP0/CPU0:router(config-vrf)#rd 1:1 Configures the route distinguisher. Step 22 address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. Step 23 redistribute connected [metric metric-value] [route-policy route-policy-name] Example: RP/0/RSP0/CPU0:router(config-vrf-af)# redistribute connected Causes routes from the specified instance to be redistributed into BGP. Step 24 redistribute static [metric metric-value] [route-policy route-policy-name] Example: RP/0/RSP0/CPU0:router(config-vrf-af)# redistribute static Causes routes from the specified instance to be redistributed into BGP. Step 25 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 150.1.1.2 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. Step 26 remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)#remote-as 7501 Creates a neighbor and assigns a remote autonomous system number to it. Step 27 ebg-multihop ttl-value Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)#ebgp-mult ihop 10 Configures the CE neighbor to accept and attempt BGP connections to external peers residing on networks that are not directly connected. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 94 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 28 address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. Step 29 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy BGP_pass_all in Defines a route policy and enters route policy configuration mode. Step 30 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy BGP_pass_all out Defines a route policy and enters route policy configuration mode. Step 31 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs 95 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuration Examples for Implementing MPLS Layer 3 VPNs This section provides these sample configurations for MPLS L3VPN features: • Configuring an MPLS VPN Using BGP: Example, page VPC-95 • Configuring the Routing Information Protocol on the PE Router: Example, page VPC-96 • Configuring the PE Router Using EIGRP: Example, page VPC-96 • Configuration Examples for MPLS VPN CSC, page VPC-97 • Configuring L3VPN over GRE: Example, page VPC-98 Configuring an MPLS VPN Using BGP: Example This example shows the configuration for an MPLS VPN using BGP on “vrf vpn1”: address-family ipv4 unicast import route-target 100:1 ! export route-target 100:1 ! ! ! route-policy pass-all pass end-policy ! interface Loopback0 ipv4 address 10.0.0.1 255.255.255.255 ! interface gigabitEthernet 0/1/0/0 vrf vpn1 ipv4 address 10.0.0.2 255.0.0.0 ! interface gigabitEthernet 0/1/0/1 ipv4 address 10.0.0.1 255.0.0.0 ! router ospf 100 area 100 interface loopback0 interface gigabitEthernet 0/1/0/1 ! ! router bgp 100 address-family vpnv4 unicast retain route-target route-policy policy1 neighbor 10.0.0.3 remote-as 100 update-source Loopback0 address-family vpnv4 unicast ! vrf vpn1 rd 100:1 address-family ipv4 unicast redistribute connected ! neighbor 10.0.0.1 remote-as 200Implementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs 96 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 address-family ipv4 unicast as-override route-policy pass-all in route-policy pass-all out ! advertisement-interval 5 ! ! ! mpls ldp route-id looback0 interface gigabitEthernet 0/1/0/1 ! Configuring the Routing Information Protocol on the PE Router: Example This example shows the configuration for the RIP on the PE router: vrf vpn1 address-family ipv4 unicast import route-target 100:1 ! export route-target 100:1 ! ! ! route-policy pass-all pass end-policy ! interface gigabitEthernet 0/1/0/0 vrf vpn1 ipv4 address 10.0.0.2 255.0.0.0 ! router rip vrf vpn1 interface GigabitEthernet0/1/0/0 ! timers basic 30 90 90 120 redistribute bgp 100 default-metric 3 route-policy pass-all in ! Configuring the PE Router Using EIGRP: Example This example shows the configuration for the Enhanced Interior Gateway Routing Protocol (EIGRP) on the PE router: Router eigrp 10 vrf VRF1 address-family ipv4 router-id 10.1.1.2 default-metric 100000 2000 255 1 1500 as 62 redistribute bgp 2000Implementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs 97 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 interface Loopback0 ! interface GigabitEthernet0/6/0/0 Configuration Examples for MPLS VPN CSC Configuration examples for the MPLS VPN CSC include: • Configuring the Backbone Carrier Core: Examples, page VPC-97 • Configuring the Links Between CSC-PE and CSC-CE Routers: Examples, page VPC-97 • Configuring a Static Route to a Peer: Example, page VPC-98 Configuring the Backbone Carrier Core: Examples Configuration examples for the backbone carrier core included in this section are as follows: • Configuring VRFs for CSC-PE Routers: Example, page VPC-97 • Configuring the Links Between CSC-PE and CSC-CE Routers: Examples, page VPC-97 Configuring VRFs for CSC-PE Routers: Example This example shows how to configure a VPN routing and forwarding instance (VRF) for a CSC-PE router: config vrf vpn1 address-family ipv4 unicast import route-target 100:1 export route-target 100:1 end Configuring the Links Between CSC-PE and CSC-CE Routers: Examples This section contains these examples: • Configuring a CSC-PE: Example, page VPC-97 • Configuring a CSC-CE: Example, page VPC-98 Configuring a CSC-PE: Example In this example, a CSC-PE router peers with a PE router, 10.1.0.2, in its own AS. It also has a labeled unicast peering with a CSC-CE router, 10.0.0.1. config router bgp 2 address-family vpnv4 unicast neighbor 10.1.0.2 remote-as 2 update-source loopback0 address-family vpnv4 unicast vrf customer-carrier rd 1:100 address-family ipv4 unicast allocate-label all redistribute static neighbor 10.0.0.1Implementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs 98 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 remote-as 1 address-family ipv4 labeled-unicast route-policy pass-all in route-policy pass-all out as-override end Configuring a CSC-CE: Example This example shows how to configure a CSC-CE router. In this example, the CSC-CE router peers CSC-PE router 10.0.0.2 in AS 2. config router bgp 1 address-family ipv4 unicast redistribute ospf 200 allocate-label all neighbor 10.0.0.2 remote-as 2 address-family ipv4 labeled-unicast route-policy pass-all in route-policy pass-all out end Configuring a Static Route to a Peer: Example This example shows how to configure a static route to an Inter-AS or CSC-CE peer: config router static address-family ipv4 unicast 10.0.0.2/32 40.1.1.1 end Configuring L3VPN over GRE: Example The following example shows how to configure L3VPN over GRE: Sample configuration to create a GRE tunnel between PE1 and PE2: RP/0/RSP0/CPU0:PE1#sh run int tunnel-ip 1 interface tunnel-ip1 ipv4 address 100.1.1.1 255.255.255.0 ipv6 address 100:1:1:1::1/64 tunnel mode gre ipv4 tunnel source TenGigE0/2/0/1 tunnel destination 145.12.5.2 ! RP/0/RSP0/CPU0:PE2#sh run int tunnel-ip 1 interface tunnel-ip1 ipv4 address 100.1.1.2 255.255.255.0 ipv6 address 100:1:1:1::2/64 tunnel mode gre ipv4 tunnel source TenGigE0/1/0/2 tunnel destination 145.12.1.1 Configure IGP between PE1 and PE2: Sample configuration for PE1 is given below. PE2 will also have a similar configuration. RP/0/RSP0/CPU0:PE1#sh run router ospf 1Implementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs 99 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 router ospf 1 nsr router-id 1.1.1.1 <=== Loopback0 mpls ldp sync mtu-ignore enable dead-interval 60 hello-interval 15 area 0 interface TenGigE0/2/0/1 ! RP/0/RSP0/CPU0:PE1#sh run router ospf 0 router ospf 0 nsr router-id 1.1.1.1 mpls ldp sync dead-interval 60 hello-interval 15 area 0 interface Loopback0 ! interface tunnel-ip1 ! * Check for OSPF neighbors RP/0/RSP0/CPU0:PE1#sh ospf neighbor Neighbors for OSPF 0 Neighbor ID Pri State Dead Time Address Interface 4.4.4.4 1 FULL/ - 00:00:47 100.1.1.2 tunnel-ip1 <== Neighbor PE2 Neighbor is up for 00:13:40 Neighbors for OSPF 1 Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 1 FULL/DR 00:00:50 145.12.1.2 TenGigE0/2/0/1 <== Neighbor P1 Neighbor is up for 00:13:43 Configure LDP/GRE on PE1 and PE2: RP/0/RSP0/CPU0:PE1#sh run mpls ldp mpls ldp router-id 1.1.1.1 <=== Loopback0 discovery hello holdtime 45 discovery hello interval 15 nsr graceful-restart graceful-restart reconnect-timeout 180 graceful-restart forwarding-state-holdtime 300 holdtime 90 log neighbor ! interface tunnel-ip1 ! *Check for mpls forwarding RP/0/RSP0/CPU0:PE1#sh mpls forwarding prefix 4.4.4.4/32 Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched Implementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs 100 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 ---- ------- -------------- -------- ----------- ---------- 16003 Pop 4.4.4.4/32 ti1 100.4.1.2 0 Configure L3VPN RP/0/RSP0/CPU0:PE1#sh run vrf vpn1 vrf vpn1 address-family ipv4 unicast import route-target 2:1 ! export route-target 1:1 ! RP/0/RSP0/CPU0:PE1#sh run int tenGigE 0/2/0/0.1 interface TenGigE0/2/0/0.1 vrf vpn1 ipv4 address 150.1.1.1 255.255.255.0 dot1q vlan 1 ! RP/0/RSP0/CPU0:PE1#sh run router bgp router bgp 1 nsr bgp router-id 1.1.1.1 <===Loopback0 address-family vpnv4 unicast ! neighbor 4.4.4.4 <===iBGP session with PE2 remote-as 1 update-source Loopback0 address-family vpnv4 unicast route-policy pass-all in route-policy pass-all out ! ! vrf vpn1 rd 1:1 address-family ipv4 unicast redistribute connected redistribute static ! neighbor 150.1.1.2 <=== VRF neighbor remote-as 7501 ebgp-multihop 10 address-family ipv4 unicast route-policy BGP_pass_all in route-policy BGP_pass_all out ! * Check vrf ping to the 150.1.1.2. RP/0/RSP0/CPU0:PE1#ping vrf vpn1 150.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 150.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms * Send traffic to vrf routes adverstised and verify that mpls counters increase in tunnel interface accounting RP/0/RSP0/CPU0:PE1#sh int tunnel-ip1 accounting tunnel-ip1 Protocol Pkts In Chars In Pkts Out Chars OutImplementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs 101 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 IPV4_MULTICAST 3 276 3 276 MPLS 697747 48842290 0 0Implementing MPLS Layer 3 VPNs Additional References 102 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Additional References For additional information, refer to these documents: Related Documents Standards MIBs Related Topic Document Title Cisco ASR 9000 Series Router L2VPN commands MPLS Virtual Private Network Commands on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference Routing (BGP, EIGRP, OSPF, and RIP) commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference Routing (BGP, EIGRP, OSPF, and RIP) configuration Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide MPLS LDP configuration: configuration concepts, task, and examples Implementing MPLS Label Distribution Protocol on Cisco ASR 9000 Series Routers module in this document. MPLS Traffic Engineering Resource Reservation Protocol configuration: configuration concepts, task, and examples Implementing RSVP for MPLS-TE on Cisco ASR 9000 Series Routers module in this document. Getting started material Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Standards Title No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. — MIBs MIBs Link — To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at this URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtmlImplementing MPLS Layer 3 VPNs Additional References 103 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 RFCs Technical Assistance RFCs Title RFC 1700 Assigned Numbers RFC 1918 Address Allocation for Private Internets RFC 1966 BGP Route Reflectors: An Alternative to Full Mesh iBGP RFC 2283 Multiprotocol Extensions for BGP-4 RFC 2547 BGP/MPLS VPNs RFC 2842 Capabilities Advertisement with BGP-4 RFC 2858 Multiprotocol Extensions for BGP-4 RFC 3107 Carrying Label Information in BGP-4 Description Link The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. http://www.cisco.com/techsupportImplementing MPLS Layer 3 VPNs Additional References 104 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02105 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Implementing IPv6 VPN Provider Edge Transport over MPLS This module describes how to implement IPv6 VPN Provider Edge Transport over MPLS on Cisco ASR 9000 Series Aggregation Services Routers. IPv6 VPN Provider Edge (6PE/VPE) uses the existing MPLS IPv4 core infrastructure for IPv6 transport. 6PE/VPE enables IPv6 sites to communicate with each other over an MPLS IPv4 core network using MPLS label switched paths (LSPs). This feature relies heavily on multiprotocol Border Gateway Protocol (BGP) extensions in the IPv4 network configuration on the provider edge (PE) router to exchange IPv6 reachability information (in addition to an MPLS label) for each IPv6 address prefix. Edge routers are configured as dual-stack, running both IPv4 and IPv6, and use the IPv4 mapped IPv6 address for IPv6 prefix reachability exchange. For detailed information about the commands used to configure L2TP functionality, see the Cisco ASR 9000 Aggregation Services Router Routing Command Reference. Feature History for Implementing 6PE on Cisco ASR 9000 Series Routers Contents • Prerequisites for Implementing 6PE/VPE, page VPC-106 • Information About 6PE/VPE, page VPC-106 • How to Implement 6PE/VPE, page VPC-109 • Configuration Examples for 6PE, page VPC-122 • Additional References, page VPC-124 Release Modification Release 3.9.1 This feature was introduced. Release 4.0.0 Support was added for the 6PE and 6VPE features for IPv6 L3VPN on A9K-SIP-700. Support was added for the BGP per VRF/CE label allocation for 6PE feature. Release 4.1.0 Support for the Open Shortest Path First version 3 (OSPFv3) IPv6 VPN Provider Edge (6VPE) feature was added.Implementing IPv6 VPN Provider Edge Transport over MPLS Prerequisites for Implementing 6PE/VPE 106 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Prerequisites for Implementing 6PE/VPE These prerequisites are required to implement 6PE: • You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. • Familiarity with MPLS and BGP4 configuration and troubleshooting. Information About 6PE/VPE To configure the 6PE feature, you should understand the concepts that are described in these sections: • Overview of 6PE/VPE, page VPC-106 • Benefits of 6PE/VPE, page VPC-107 • Deploying IPv6 over MPLS Backbones, page VPC-107 • IPv6 on the Provider Edge and Customer Edge Routers, page VPC-107 • IPv6 Provider Edge Multipath, page VPC-108 • OSPFv3 6VPE, page VPC-108 Overview of 6PE/VPE Multiple techniques are available to integrate IPv6 services over service provider core backbones: • Dedicated IPv6 network running over various data link layers • Dual-stack IPv4-IPv6 backbone • Existing MPLS backbone leverage These solutions are deployed on service providers’ backbones when the amount of IPv6 traffic and the revenue generated are in line with the necessary investments and the agreed-upon risks. Conditions are favorable for the introduction of native IPv6 services, from the edge, in a scalable way, without any IPv6 addressing restrictions and without putting a well-controlled IPv4 backbone in jeopardy. Backbone stability is essential for service providers that have recently stabilized their IPv4 infrastructure. Service providers running an MPLS/IPv4 infrastructure follow similar trends because several integration scenarios that offer IPv6 services on an MPLS network are possible. Cisco Systems has specially developed Cisco 6PE or IPv6 Provider Edge Router over MPLS, to meet all those requirements. Inter-AS support for 6PE requires support of Border Gateway Protocol (BGP) to enable address families and to allocate and distribute PE and ASBR labels.Implementing IPv6 VPN Provider Edge Transport over MPLS Information About 6PE/VPE 107 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Benefits of 6PE/VPE Service providers who currently deploy MPLS experience these benefits of Cisco 6PE: • Minimal operational cost and risk—No impact on existing IPv4 and MPLS services. • Only provider edge routers upgrade—A 6PE/VPE router can be an existing PE router or a new one dedicated to IPv6 traffic. • No impact on IPv6 customer edge routers—The ISP can connect to any customer CE running Static, IGP or EGP. • Production services ready—An ISP can delegate IPv6 prefixes. • IPv6 introduction into an existing MPLS service—6PE/VPE routers can be added at any time. Deploying IPv6 over MPLS Backbones Backbones enabled by 6PE (IPv6 over MPLS) allow IPv6 domains to communicate with each other over an MPLS IPv4 core network. This implementation requires no backbone infrastructure upgrades and no reconfiguration of core routers because forwarding is based on labels instead of the IP header itself. This provides a very cost-effective strategy for IPv6 deployment. Additionally, the inherent virtual private network (VPN) and traffic engineering (TE) services available within an MPLS environment allow IPv6 networks to be combined into VPNs or extranets over an infrastructure that supports IPv4 VPNs and MPLS-TE. IPv6 on the Provider Edge and Customer Edge Routers Service Provider Edge Routers 6PE is particularly applicable to service providers who currently run an MPLS network. One of its advantages is that there is no need to upgrade the hardware, software, or configuration of the core network, and it eliminates the impact on the operations and the revenues generated by existing IPv4 traffic. MPLS is used by many service providers to deliver services to customers. MPLS as a multiservice infrastructure technology is able to provide layer 3 VPN, QoS, traffic engineering, fast re-routing and integration of ATM and IP switching. Customer Edge Routers Using tunnels on the CE routers is the simplest way to deploy IPv6 over MPLS networks. It has no impact on the operation or infrastructure of MPLS, and requires no changes to the P routers in the core or to the PE routers. However, tunnel meshing is required as the number of CEs to connect increases, and it becomes difficult to delegate a global IPv6 prefix for an ISP. Figure 7 illustrates the network architecture using tunnels on the CE routers. Implementing IPv6 VPN Provider Edge Transport over MPLS Information About 6PE/VPE 108 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Figure 7 IPv6 Using Tunnels on the CE Routers IPv6 Provider Edge Multipath Internal and external BGP multipath for IPv6 allows the IPv6 router to balance load between several paths (for example, the same neighboring autonomous system (AS) or sub-AS, or the same metrics) to reach its destination. The 6PE multipath feature uses multiprotocol internal BGP (MP-IBGP) to distribute IPv6 routes over the MPLS IPv4 core network and to attach an MPLS label to each route. When MP-IBGP multipath is enabled on the 6PE router, all labeled paths are installed in the forwarding table with available MPLS information (label stack). This functionality enables 6PE to perform load balancing. OSPFv3 6VPE The Open Shortest Path First version 3 (OSPFv3) IPv6 VPN Provider Edge (6VPE) feature adds VPN routing and forwarding (VRF) and provider edge-to-customer edge(PE-CE) routing support to Cisco IOS XR OSPFv3 implementation. This feature allows: • Multiple VRF support per OSPFv3 routing process • OSPFV3 PE-CE extensions Multiple VRF Support OSPFv3 supports multiple VRFs in a single routing process that allows scaling to tens and hundreds of VRFs without consuming too much route processor (RP) resources. v6 IPv6 PE PE P OC-48/192 IPv6 over IPv4 tunnels v4 IPv4 v6 IPv6 v4 IPv4 v6 IPv6 IPv6 IPv4 v6 v4 P P P PE PE Dual stack IPv4-IPv6 CE routers Dual stack IPv4-IPv6 CE routers 210608Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 109 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Multiple OSPFv3 processes can be configured on a single router. In large-scale VRF deployments, this allows partition VRF processing across multiple RPs. It is also used to isolate default routing table or high impact VRFs from the regular VRFs. It is recommended to use a single process for all the VRFs. If needed, a second OSPFv3 process must be configured for IPv6 routing. Note The maximum of four OSPFv3 processes are supported. OSPFv3 PE-CE Extensions IPv6 protocol is being vastly deployed in today's customer networks. Service Providers (SPs) need to be able to offer Virtual Private Network (VPN) services to their customers for supporting IPv6 protocol, in addition to the already offered VPN services for IPv4 protocol. In order to support IPv6, routing protocols require additional extensions for operating in the VPN environment. Extensions to OSPFv3 are required in order for OSPFv3 to operate at the PE-CE links. VRF Lite VRF lite feature enables VRF deployment without BGP or MPLS based backbone. In VRF lite, the PE routers are directly connected using VRF interfaces. For OSPFv3, the following needs to operate differently in the VRF lite scenario, as opposed to the deployment with BGP or MPLS backbone: • DN bit processing—In VRF lite environment, the DN bit processing is disabled. • ABR status—In VRF context (except default VRF), OSPFv3 router is automatically set as an ABR, regardless to it’s connectivity to area 0. This automatic ABR status setting is disabled in the VRF lite environment. Note To enable VRF Lite, issue the capability vrf-lite command in the OSPFv3 VRF configuration submode. How to Implement 6PE/VPE This section includes these implementation procedures: • Configuring 6PE/VPE, page VPC-109 • Configuring PE to PE Core, page VPC-111 • Configuring PE to CE Core, page VPC-115 • Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers, page VPC-118 Configuring 6PE/VPE This task describes how to configure 6PE/VPE on PE routers to transport the IPv6 prefixes across the IPv4 cloud. Ensure that you configure 6PE/VPE on PE routers participating in both the IPv4 cloud and IPv6 clouds. Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 110 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Note For 6PE, you can use all routing protocols supported on Cisco IOS XR software such as BGP, OSPF, IS-IS, EIGRP, RIP, and Static to learn routes from both clouds. However, for 6VPE, you can use only the BGP, EIGRP and Static routing protocols to learn routes. SUMMARY STEPS 1. configure 2. router bgp as-number 3. neighbor ip-address 4. address-family ipv6 labeled-unicast 5. exit 6. exit 7. address-family ipv6 unicast 8. allocate-label [all | route-policy policy_name] 9. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 1 Enters the number that identifies the autonomous system (AS) in which the router resides. Range for 2-byte numbers is 1 to 65535. Range for 4-byte numbers is 1.0 to 65535.65535. Step 3 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 1.1.1.1 Enters neighbor configuration mode for configuring Border Gateway Protocol (BGP) routing sessions. Step 4 address-family ipv6 labeled-unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv6 labeled-unicast Specifies IPv6 labeled-unicast address prefixes. Note This option is also available in IPv6 neighbor configuration mode and VRF neighbor configuration mode. Step 5 exit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# exit Exits BGP address-family submode.Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 111 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring PE to PE Core This task describes how to configure a Provider Edge (PE) to PE Core. For information on configuring VPN Routing and Forwarding (VRF), refer to the Implementing BGP on Cisco ASR 9000 Series Router module of the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide. SUMMARY STEPS 1. configure 2. router bgp 3. address-family vpnv6 unicast Step 6 exit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# exit Exits BGP neighbor submode. Step 7 address-family ipv6 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv6 unicast Specifies IPv6 unicast address prefixes. Step 8 allocate-label [all | route-policy policy_name] Example: RP/0/RSP0/CPU0:router(config-bgp-af)# allocate-label all Allocates MPLS labels for specified IPv4 unicast routes. Note The route-policy keyword provides finer control to filter out certain routes from being advertised to the neighbor. Step 9 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end or RP/0/RSP0/CPU0:router(config-bgp-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 112 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 4. bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ] 5. bgp client-to-client reflection { cluster-id | disable } 6. neighbor ip-address 7. remote-as as-number 8. description text 9. password { clear | encrypted } password 10. shutdown 11. timers keepalive hold-time 12. update-source type interface-id 13. address-family vpnv6 unicast 14. route-policy route-policy-name { in | out } 15. exit 16. vrf vrf-name 17. rd { as-number : nn | ip-address : nn | auto } 18. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 10 Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. Step 3 address-family vpnv6 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv6 unicast Specifies the vpnv6 address family and enters address family configuration submode. Step 4 bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ] Example: RP/0/RSP0/CPU0:router(config-bgp-af)# bgp dampening 30 1500 10000 120 Configures BGP dampening for the specified address family.Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 113 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 5 bgp client-to-client reflection {cluster-id | disable } Example: RP/0/RSP0/CPU0:router(config-bgp-af)# bgp client-to-client reflection disable Configures client to client route reflection. Step 6 exit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# exit Exits the address family configuration submode. Step 7 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.1.1.1 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. Step 8 remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 100 Creates a neighbor and assigns a remote autonomous system number to it. Step 9 description text Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# description neighbor 172.16.1.1 Provides a description of the neighbor. The description is used to save comments and does not affect software function. Step 10 password { clear | encrypted } password Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# password encrypted 123abc Enables Message Digest 5 (MD5) authentication on the TCP connection between the two BGP neighbors. Step 11 shutdown Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# router bgp 1 Terminates any active sessions for the specified neighbor and removes all associated routing information. Step 12 timers keepalive hold-time Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# timers 12000 200 Set the timers for the BGP neighbor. Step 13 update-source type interface-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source gigabitEthernet 0/1/5/0 Allows iBGP sessions to use the primary IP address from a specific interface as the local address when forming an iBGP session with a neighbor. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 114 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 14 address-family vpnv6 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpvn6 unicast Enters VPN neighbor address family configuration mode. Step 15 route-policy route-policy-name { in | out } Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pe-pe-vpn-in in Specifies a routing policy for an inbound route. The policy can be used to filter routes or modify route attributes. Step 16 route-policy route-policy-name { in | out } Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pe-pe-vpn-out out Specifies a routing policy for an outbound route. The policy can be used to filter routes or modify route attributes. Step 17 exit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# exit Exits address family configuration and neighbor submode. Step 18 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf-pe Configures a VRF instance. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 115 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring PE to CE Core This task describes how to configure a PE to Customer Edge (CE) core. SUMMARY STEPS 1. configure 2. router bgp 3. vrf vrf-name 4. bgp router-id ip-address 5. label-allocation-mode { per-ce | per-vrf } 6. address-family ipv6 unicast 7. redistribute {connected | static | eigrp } 8. neighbor ip-address 9. remote-as as-number 10. ebgp-multihop { maximum hops | mpls } 11. address-family ipv6 unicast 12. site-of-origin [ as-number : nn | ip-address : nn ] Step 19 rd { as-number : nn | ip-address : nn | auto } Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# rd 345:567 Configures the route distinguisher. Use the auto keyword if you want the router to automatically assign a unique RD to the VRF. Step 20 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# end or RP/0/RSP0/CPU0:router(config-bgp-vrf)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 116 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 13. as-override 14. allowas-in [ as-occurrence-number ] 15. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 10 Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf-pe Configures a VRF instance. Step 4 bgp router-id ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)#bgp router-id 172.16.9.9 Configures a fixed router ID for a BGP-speaking router. Step 5 label-allocation-mode { per-ce | per-vrf } Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# label-allocation-mode per-ce Configures the per-CE label allocation mode to avoid an extra lookup on the PE router and conserve label space (per-prefix is the default label allocation mode). In this mode, the PE router allocates one label for every immediate next-hop (in most cases, this would be a CE router). This label is directly mapped to the next hop, so there is no VRF route lookup performed during data forwarding. However, the number of labels allocated would be one for each CE rather than one for each VRF. Because BGP knows all the next hops, it assigns a label for each next hop (not for each PE-CE interface). When the outgoing interface is a multiaccess interface and the media access control (MAC) address of the neighbor is not known, Address Resolution Protocol (ARP) is triggered during packet forwarding. The per-vrf keyword configures the same label to be used for all the routes advertised from a unique VRF.Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 117 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 6 address-family ipv6 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# address-family ipv6 unicast Specifies an IPv6 address family unicast and enters address family configuration submode. To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Step 7 redistribute {connected | static | eigrp } Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# Causes routes from the specified instance to be redistributed into BGP. Step 8 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 10.0.0.0 Configures a CE neighbor. The ip-address argument must be a private address. Step 9 remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# remote-as 2 Configures the remote AS for the CE neighbor. Step 10 ebgp-multihop { maximum hops | mpls } Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# ebgp-multihop 55 Configures the CE neighbor to accept and attempt BGP connections to external peers residing on networks that are not directly connected. Step 11 address-family ipv6 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# address-family ipv6 unicast Specifies an IPv6 address family unicast and enters address family configuration submode. To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Step 12 site-of-origin [as-number:nn | ip-address:nn ] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# site-of-origin 234:111 Configures the site-of-origin (SoO) extended community. Routes that are learned from this CE neighbor are tagged with the SoO extended community before being advertised to the rest of the PEs. SoO is frequently used to detect loops when as-override is configured on the PE router. If the prefix is looped back to the same site, the PE detects this and does not send the update to the CE. Step 13 as-override Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# as-override Configures AS override on the PE router. This causes the PE router to replace the CE’s ASN with its own (PE) ASN. Note This loss of information could lead to routing loops; to avoid loops caused by as-override, use it in conjunction with site-of-origin. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 118 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Open Shortest Path First version 3 (OSPFv3). SUMMARY STEPS 1. configure 2. router ospfv3 process-name 3. vrf vrf-name 4. capability vrf-lite 5. router-id {router-id | type interface-path-id} 6. domain-id type {0005 | 0105 | 0205 | 8005} value domain-id 7. redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or Step 14 allowas-in [ as-occurrence-number ] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# allowas-in 5 Allows an AS path with the PE autonomous system number (ASN) a specified number of times. Hub and spoke VPN networks need the looping back of routing information to the HUB PE through the HUB CE. When this happens, due to the presence of the PE ASN, the looped-back information is dropped by the HUB PE. To avoid this, use the allowas-in command to allow prefixes even if they have the PEs ASN up to the specified number of times. Step 15 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 119 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] 8. area area-id 9. interface type interface-path-id 10. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router ospf process-name Example: RP/0/RSP0/CPU0:router(config)# router ospf 109 Enters OSPF configuration mode allowing you to configure the OSPF routing process. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-ospf)# vrf vrf_1 Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for OSPF routing. Step 4 capability vrf-lite Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# capability vrf-lite Enables VRF Lite feature. Step 5 router-id {router-id | type interface-path-id} Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# router-id 172.20.10.10 Configures the router ID for the VRF. Note Router ID configuration is required for each VRF.Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 120 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 6 domain-id type {0005 | 0105 | 0205 | 8005} value domain-id Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# domain-id type 0005 value CAFE00112233 Specifies the domain ID. Step 7 redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]]}[metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# redistribute connected Causes routes to be redistributed into OSPF. The routes that can be redistributed into OSPF are: • Border Gateway Protocol (BGP) • Connected • Enhanced Interior Gateway Routing Protocol (EIGRP) • OSPF • Static • Routing Information Protocol (RIP) Step 8 area area-id Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# area 0 Configures the OSPF area as area 0. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 121 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 9 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-ospf-vrf-ar)# interface GigabitEthernet 0/3/0/0 Associates interface GigabitEthernet 0/3/0/0 with area 0. Step 10 end or commit Example: RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)# end or RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS Configuration Examples for 6PE 122 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuration Examples for 6PE This section includes these configuration example: • Configuring 6PE on a PE Router: Example, page VPC-122 • Configuring 6VPE on a PE Router: Example, page VPC-122 • Configuring 6PE on a PE Router: Example This sample configuration shows the configuration of 6PE on a PE router: interface GigabitEthernet0/3/0/0 ipv6 address 2001::1/64 ! router isis ipv6-cloud net 49.0000.0000.0001.00 address-family ipv6 unicast single-topology interface GigabitEthernet0/3/0/0 address-family ipv6 unicast ! ! router bgp 55400 bgp router-id 54.6.1.1 address-family ipv4 unicast ! address-family ipv6 unicast network 55:5::/64 redistribute connected redistribute isis ipv6-cloud allocate-label all ! neighbor 34.4.3.3 remote-as 55400 address-family ipv4 unicast ! address-family ipv6 labeled-unicast Configuring 6VPE on a PE Router: Example This sample configuration shows the configuration of 6VPE on a PE router: vrf vpn1 address-family ipv6 unicast import route-target 200:2 ! export route-target 200:2 interface Loopback0 ipv4 address 10.0.0.1 255.255.255.255 interface GigabitEthernet0/0/0/1 vrf vpn1 ipv6 address 2001:c003:a::2/64 Implementing IPv6 VPN Provider Edge Transport over MPLS Configuration Examples for 6PE 123 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 router bgp 1 bgp router-id 10.0.0.1 bgp redistribute-internal bgp graceful-restart address-family ipv4 unicast ! address-family vpnv6 unicast ! neighbor 10.0.0.2 >>>> Remote peer loopback address. remote-as 1 update-source Loopback0 address-family ipv4 unicast ! address-family vpnv6 unicast route-policy pass-all in route-policy pass-all out ! vrf vpn1 rd 100:2 bgp router-id 140.140.140.140 address-family ipv6 unicast redistribute connected ! neighbor 2001:c003:a::1 remote-as 6502 address-family ipv6 unicast route-policy pass-all in route-policy pass-all out ! Configuring OSPFv3 between PE to CE: Example: This example shows you how to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Open Shortest Path First version 3 (OSPFv3): router ospfv3 0 vrf V1 router-id 100.0.0.2 domain-id type 0005 value CAFE00112233 domain-id secondary type 0105 value beef00000001 domain-id secondary type 0205 value beef00000002 capability vrf-lite redistribute bgp 1 area 0 interface POS0/3/0/1 vrf V2 router-id 200.0.0.2 capability vrf-lite area 1 interface POS0/3/0/2Implementing IPv6 VPN Provider Edge Transport over MPLS Additional References 124 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Additional References For additional information related to this feature, refer to these references: Related Document Standards MIBs RFCs Related Topic Document Title Getting started material Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Standards 1 1. Not all supported standards are listed. Title No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. — MIBs MIBs Link — To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at this URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml RFCs Title — —Implementing IPv6 VPN Provider Edge Transport over MPLS Additional References 125 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Technical Assistance Description Link The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. http://www.cisco.com/techsupportImplementing IPv6 VPN Provider Edge Transport over MPLS Additional References 126 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02127 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 HC Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide IC Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide MCC Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide MNC Cisco ASR 9000 Series Aggregation Services Router System Monitoring Configuration Guide MPC Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide QC Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide RC Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide SC Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide SMC Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide LSC Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide I N D E X Numerics 6PE/VPE BGP multipath VPC-108 conditions for use VPC-106 how to configure VPC-109 how to deploy VPC-107 overview VPC-106 prerequisites VPC-106 service provider considerations VPC-106 supported protocols VPC-110 A automatic route distinguisher, MPLS Layer 3 VPN VPC-15 autonomous system VPC-16 B BGP confederations VPC-17 BGP (border gateway protocol) distributing routes VPC-21 messages and MPLS labels VPC-20 routing information VPC-20 BGP4 configuration VPC-106 BGP multipath 6PE/VPE VPC-108 C CSC (Carrier Supporting Carrier) configuration examples VPC-78 configuration options for backbone and customer carriers VPC-24 configuring a CSC-PE link VPC-71 configuring a static route to a peer VPC-78 customer carrier network options VPC-24 identifying topology VPC-70 CSC-CE link, how to configure VPC-75 CSC-PE link, how to configure VPC-71 customer edge router 6PE/VPE VPC-107 MPLS Layer 3 VPN VPC-12 customer edge router (CE) MPLS Layer 3 VPN VPC-12 E eBGP VPC-10Index 128 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 G Generic Routing Encapsulation (GRE over L3VPN) VPC-21 I Inter-AS configurations BGP VPC-17 interprovider VPN VPC-16 supported VPC-16 interprovider VPN, MPLS VPN VPC-17 M MPLS Layer 3 VPN automatic route distinguisher VPC-15 autonomous system VPC-16 components VPC-12 concepts VPC-11 customer edge router VPC-12 customer router VPC-12 defined VPC-11 defining VPC-11 distributed routing information VPC-13 FIB VPC-10 implementing VPC-11 major components VPC-15 MPLS forwarding VPC-14 PE router VPC-12 prerequisites VPC-10 provider router VPC-12 restrictions VPC-10 scalability VPC-12 security VPC-12 topology VPC-12 VPN routing information VPC-14 working VPC-13 MPLS VPN Inter-AS ASBRs VPC-15 major components VPC-15 P PE router MPLS Layer 3 VPN VPC-12 S service provider edge routers, 6PE VPC-107 service providers, 6PE VPC-106 static router to a peer, how to configure VPC-78 T tunnel types 6PE VPC-107 V verifying IP connectivity, CSC MPLS Layer 3 VPN VPC-71 VRF (virtual routing and forwarding) configuring backbone carrier core VPC-71 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-26056-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http:// www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. © 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S P r e f a c e Preface xiii Changes to This Document xiii Obtaining Documentation and Submitting a Service Request xiii C H A P T E R 1 Implementing MPLS Label Distribution Protocol 1 Prerequisites for Implementing Cisco MPLS LDP 2 Information About Implementing Cisco MPLS LDP 2 Overview of Label Distribution Protocol 2 Label Switched Paths 2 LDP Control Plane 3 Exchanging Label Bindings 4 LDP Forwarding 5 LDP Graceful Restart 6 Control Plane Failure 7 Phases in Graceful Restart 8 Recovery with Graceful-Restart 9 Label Advertisement Control (Outbound Filtering) 10 Label Acceptance Control (Inbound Filtering) 10 Local Label Allocation Control 11 Session Protection 11 IGP Synchronization 12 IGP Auto-configuration 13 LDP Nonstop Routing 13 IP LDP Fast Reroute Loop Free Alternate 14 Downstream on Demand 15 Explicit-Null and Implicit-Null Labels 16 How to Implement MPLS LDP 16 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 iiiConfiguring LDP Discovery Parameters 17 Configuring LDP Discovery Over a Link 19 Configuring LDP Discovery for Active Targeted Hellos 20 Configuring LDP Discovery for Passive Targeted Hellos 22 Configuring Label Advertisement Control (Outbound Filtering) 24 Setting Up LDP Neighbors 26 Setting Up LDP Forwarding 29 Setting Up LDP NSF Using Graceful Restart 31 Configuring Label Acceptance Control (Inbound Filtering) 34 Configuring Local Label Allocation Control 36 Configuring Session Protection 37 Configuring LDP IGP Synchronization: OSPF 39 Configuring LDP IGP Synchronization: ISIS 40 Enabling LDP Auto-Configuration for a Specified OSPF Instance 42 Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance 44 Disabling LDP Auto-Configuration 46 Configuring LDP Nonstop Routing 48 Configuring LDP Downstream on Demand mode 50 Redistributing MPLS LDP Routes into BGP 51 Setting Up Implicit-Null-Override Label 52 Configuration Examples for Implementing MPLS LDP 54 Configuring LDP with Graceful Restart: Example 54 Configuring LDP Discovery: Example 54 Configuring LDP Link: Example 54 Configuring LDP Discovery for Targeted Hellos: Example 55 Configuring Label Advertisement (Outbound Filtering): Example 55 Configuring LDP Neighbors: Example 56 Configuring LDP Forwarding: Example 56 Configuring LDP Nonstop Forwarding with Graceful Restart: Example 56 Configuring Label Acceptance (Inbound Filtering): Example 57 Configuring Local Label Allocation Control: Example 57 Configuring LDP Session Protection: Example 58 Configuring LDP IGP Synchronization—OSPF: Example 58 Configuring LDP IGP Synchronization—ISIS: Example 58 Configuring LDP Auto-Configuration: Example 59 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x iv OL-26056-02 ContentsConfigure IP LDP Fast Reroute Loop Free Alternate: Example 59 Verify IP LDP Fast Reroute Loop Free Alternate: Example 61 Additional References 63 C H A P T E R 2 Implementing RSVP for MPLS-TE 65 Prerequisites for Implementing RSVP for MPLS-TE 66 Information About Implementing RSVP for MPLS-TE 66 Overview of RSVP for MPLS-TE 66 LSP Setup 67 High Availability 67 Graceful Restart 67 Graceful Restart: Standard and Interface-Based 68 Graceful Restart: Figure 69 ACL-based Prefix Filtering 70 RSVP MIB 70 Information About Implementing RSVP Authentication 71 RSVP Authentication Functions 71 RSVP Authentication Design 71 Global, Interface, and Neighbor Authentication Modes 72 Security Association 73 Key-source Key-chain 74 Guidelines for Window-Size and Out-of-Sequence Messages 75 Caveats for Out-of-Sequence 75 How to Implement RSVP 75 Configuring Traffic Engineering Tunnel Bandwidth 76 Confirming DiffServ-TE Bandwidth 76 Enabling Graceful Restart 78 Configuring ACL-based Prefix Filtering 80 Configuring ACLs for Prefix Filtering 80 Configuring RSVP Packet Dropping 81 Verifying RSVP Configuration 83 Enabling RSVP Traps 86 How to Implement RSVP Authentication 88 Configuring Global Configuration Mode RSVP Authentication 88 Enabling RSVP Authentication Using the Keychain in Global Configuration Mode 88 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 v ContentsConfiguring a Lifetime for RSVP Authentication in Global Configuration Mode 90 Configuring the Window Size for RSVP Authentication in Global Configuration Mode 91 Configuring an Interface for RSVP Authentication 93 Specifying the RSVP Authentication Keychain in Interface Mode 93 Configuring a Lifetime for an Interface for RSVP Authentication 95 Configuring the Window Size for an Interface for RSVP Authentication 96 Configuring RSVP Neighbor Authentication 98 Specifying the Keychain for RSVP Neighbor Authentication 98 Configuring a Lifetime for RSVP Neighbor Authentication 100 Configuring the Window Size for RSVP Neighbor Authentication 102 Verifying the Details of the RSVP Authentication 104 Eliminating Security Associations for RSVP Authentication 104 Configuration Examples for RSVP 104 Bandwidth Configuration (Prestandard): Example 104 Bandwidth Configuration (MAM): Example 104 Bandwidth Configuration (RDM): Example 105 Refresh Reduction and Reliable Messaging Configuration: Examples 105 Refresh Interval and the Number of Refresh Messages Configuration: Example 105 Retransmit Time Used in Reliable Messaging Configuration: Example 105 Acknowledgement Times Configuration: Example 105 Summary Refresh Message Size Configuration: Example 106 Disable Refresh Reduction: Example 106 Configure Graceful Restart: Examples 106 Enable Graceful Restart: Example 106 Enable Interface-Based Graceful Restart: Example 106 Change the Restart-Time: Example 107 Change the Hello Interval: Example 107 Configure ACL-based Prefix Filtering: Example 107 Set DSCP for RSVP Packets: Example 107 Enable RSVP Traps: Example 108 Configuration Examples for RSVP Authentication 108 RSVP Authentication Global Configuration Mode: Example 108 RSVP Authentication for an Interface: Example 109 RSVP Neighbor Authentication: Example 109 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x vi OL-26056-02 ContentsRSVP Authentication by Using All the Modes: Example 110 Additional References 110 C H A P T E R 3 Implementing MPLS Forwarding 113 Prerequisites for Implementing Cisco MPLS Forwarding 113 Restrictions for Implementing Cisco MPLS Forwarding 113 Information About Implementing MPLS Forwarding 114 MPLS Forwarding Overview 114 Label Switching Functions 114 Distribution of Label Bindings 115 MFI Control-Plane Services 115 MFI Data-Plane Services 115 MPLS Maximum Transmission Unit 116 Additional References 116 C H A P T E R 4 Implementing MPLS Traffic Engineering 119 Prerequisites for Implementing Cisco MPLS Traffic Engineering 120 Restrictions for Implementing Cisco MPLS Traffic Engineering 120 Information About Implementing MPLS Traffic Engineering 121 Overview of MPLS Traffic Engineering 121 Benefits of MPLS Traffic Engineering 121 How MPLS-TE Works 121 MPLS Traffic Engineering 123 Backup AutoTunnels 123 AutoTunnel Attribute-set 123 Link Protection 124 Node Protection 124 Backup AutoTunnel Assignment 125 Explicit Paths 126 Periodic Backup Promotion 126 Protocol-Based CLI 126 Differentiated Services Traffic Engineering 127 Prestandard DS-TE Mode 127 IETF DS-TE Mode 127 Bandwidth Constraint Models 128 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 vii ContentsMaximum Allocation Bandwidth Constraint Model 128 Russian Doll Bandwidth Constraint Model 128 TE Class Mapping 129 Flooding 129 Flooding Triggers 129 Flooding Thresholds 130 Fast Reroute 130 MPLS-TE and Fast Reroute over Link Bundles 131 Ignore Intermediate System-to-Intermediate System Overload Bit Setting in MPLS-TE 131 Flexible Name-based Tunnel Constraints 132 MPLS Traffic Engineering Interarea Tunneling 133 Interarea Support 133 Multiarea Support 134 Loose Hop Expansion 134 Loose Hop Reoptimization 135 ABR Node Protection 135 Fast Reroute Node Protection 135 MPLS-TE Forwarding Adjacency 135 MPLS-TE Forwarding Adjacency Benefits 136 MPLS-TE Forwarding Adjacency Restrictions 136 MPLS-TE Forwarding Adjacency Prerequisites 136 Path Computation Element 136 Path Protection 138 Prerequisites for Path Protection 138 Restrictions for Path Protection 139 MPLS-TE Automatic Bandwidth 139 MPLS-TE Automatic Bandwidth Overview 139 Adjustment Threshold 141 Overflow Detection 141 Restrictions for MPLS-TE Automatic Bandwidth 141 Point-to-Multipoint Traffic-Engineering 142 Point-to-Multipoint Traffic-Engineering Overview 142 Point-to-Multipoint RSVP-TE 144 Point-to-Multipoint Fast Reroute 144 Point-to-Multipoint Label Switch Path 144 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x viii OL-26056-02 ContentsPath Option for Point-to-Multipoint RSVP-TE 145 MPLS Traffic Engineering Shared Risk Link Groups 146 Explicit Path 147 Fast ReRoute with SRLG Constraints 148 Importance of Protection 149 Delivery of Packets During a Failure 150 Multiple Backup Tunnels Protecting the Same Interface 150 SRLG Limitations 150 Soft-Preemption 151 Path Option Attributes 151 Configuration Hierarchy of Path Option Attributes 152 Traffic Engineering Bandwidth and Bandwidth Pools 152 Path Option Switchover 153 Path Option and Path Protection 153 Auto-Tunnel Mesh 154 Destination List (Prefix-List) 154 How to Implement Traffic Engineering 155 Building MPLS-TE Topology 155 Creating an MPLS-TE Tunnel 158 Configuring Forwarding over the MPLS-TE Tunnel 161 Protecting MPLS Tunnels with Fast Reroute 164 Enabling an AutoTunnel Backup 169 Removing an AutoTunnel Backup 170 Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPs 172 Establishing Next-Hop Tunnels with Link Protection 174 Configuring a Prestandard DS-TE Tunnel 176 Configuring an IETF DS-TE Tunnel Using RDM 178 Configuring an IETF DS-TE Tunnel Using MAM 181 Configuring MPLS -TE and Fast-Reroute on OSPF 184 Configuring the Ignore Integrated IS-IS Overload Bit Setting in MPLS-TE 187 Configuring Flexible Name-based Tunnel Constraints 188 Assigning Color Names to Numeric Values 188 Associating Affinity-Names with TE Links 190 Associating Affinity Constraints for TE Tunnels 192 Configuring IS-IS to Flood MPLS-TE Link Information 193 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 ix ContentsConfiguring an OSPF Area of MPLS-TE 195 Configuring Explicit Paths with ABRs Configured as Loose Addresses 197 Configuring MPLS-TE Forwarding Adjacency 199 Configuring a Path Computation Client and Element 200 Configuring a Path Computation Client 200 Configuring a Path Computation Element Address 202 Configuring PCE Parameters 203 Configuring Path Protection on MPLS-TE 206 Enabling Path Protection for an Interface 206 Assigning a Dynamic Path Option to a Tunnel 208 Forcing a Manual Switchover on a Path-Protected Tunnel 210 Configuring the Delay the Tunnel Takes Before Reoptimization 210 Configuring the Automatic Bandwidth 212 Configuring the Collection Frequency 212 Forcing the Current Application Period to Expire Immediately 214 Configuring the Automatic Bandwidth Functions 215 Configuring the Shared Risk Link Groups 218 Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link 218 Creating an Explicit Path With Exclude SRLG 220 Using Explicit Path With Exclude SRLG 222 Creating a Link Protection on Backup Tunnel with SRLG Constraint 226 Creating a Node Protection on Backup Tunnel with SRLG Constraint 229 Configuring Point-to-Multipoint TE 232 Enabling Multicast Routing on the Router 232 Configuring the Static Group for the Point-to-Multipoint Interface 235 Configuring Destinations for the Tunnel Interface 237 Disabling Destinations 241 Logging Per Destinations for Point-to-Multipoint 243 Enabling Soft-Preemption on a Node 245 Enabling Soft-Preemption on a Tunnel 247 Configuring Attributes within a Path-Option Attribute 249 Configuring Auto-Tunnel Mesh Tunnel ID 251 Configuring Auto-tunnel Mesh Unused Timeout 252 Configuring Auto-Tunnel Mesh Group 254 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x x OL-26056-02 ContentsConfiguring Tunnel Attribute-Set Templates 256 Enabling LDP on Auto-Tunnel Mesh 258 Configuration Examples for Cisco MPLS-TE 260 Build MPLS-TE Topology and Tunnels: Example 260 Configure IETF DS-TE Tunnels: Example 261 Configure MPLS-TE and Fast-Reroute on OSPF: Example 262 Configure the Ignore IS-IS Overload Bit Setting in MPLS-TE: Example 262 Configure Flexible Name-based Tunnel Constraints: Example 263 Configure an Interarea Tunnel: Example 264 Configure Forwarding Adjacency: Example 265 Configure PCE: Example 265 Configure Tunnels for Path Protection: Example 266 Configure Automatic Bandwidth: Example 267 Configure the MPLS-TE Shared Risk Link Groups: Example 267 Configure the MPLS-TE Auto-Tunnel Backup: Example 269 Configure Point-to-Multipoint TE: Examples 276 P2MP Topology Scenario: Example 276 Configure Point-to-Multipoint for the Source: Example 278 Configure the Point-to-Multipoint Tunnel: Example 278 Disable a Destination: Example 279 Configure the Point-to-Multipoint Solution: Example 279 Additional References 283 C H A P T E R 5 Implementing MPLS OAM 285 Prerequisites for MPLS LSP Ping and Traceroute for P2MP 285 MPLS Network Management with MPLS LSP Ping and MPLS LSP Traceroute 286 Roles of Various Routers 286 P2MP Ping 287 P2MP Traceroute 288 Configure the Ping and Traceroute: Example 288 C H A P T E R 6 Implementing MPLS Transport Profile 295 Restrictions for MPLS-TP 295 Information About Implementing MPLS Transport Profile 296 MPLS Transport Profile 296 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 xi ContentsBidirectional LSPs 297 MPLS-TP Path Protection 297 Fault OAM Support 297 MPLS-TP Links and Physical Interfaces 299 Tunnel LSPs 299 MPLS-TP IP-less support 300 How to Implement MPLS Transport Profile 300 Configuring the Node ID and Global ID 300 Configuring Pseudowire OAM Attributes 301 Configuring the Pseudowire Class 302 Configuring the Pseudowire 303 Configuring the MPLS TP Tunnel 304 Configuring MPLS-TP LSPs at Midpoint 307 Configuring MPLS-TP Links and Physical Interfaces 309 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x xii OL-26056-02 ContentsPreface The Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide preface contains these sections: • Changes to This Document, page xiii • Obtaining Documentation and Submitting a Service Request, page xiii Changes to This Document This table lists the technical changes made to this document since it was first printed. Table 1: Changes to This Document Revision Date Change Summary Republished with documentation updates for Cisco IOS XR Release 4.2.1. OL-26056-02 June 2012 OL-26056-01 December 2011 Initial release of this document. Obtaining Documentation and Submitting a Service Request For information on obtaining documentation,submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 xiii Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x xiv OL-26056-02 Preface Obtaining Documentation and Submitting a Service RequestC H A P T E R 1 Implementing MPLS Label Distribution Protocol This module describes how to implement MPLS Label Distribution Protocol on Cisco ASR 9000 Series Aggregation Services Routers. The Multiprotocol Label Switching (MPLS) is a standards-based solution driven by the Internet Engineering Task Force (IETF) that was devised to convert the Internet and IP backbones from best-effort networks into business-class transport mediums. MPLS, with its label switching capabilities, eliminates the need for an IP route look-up and creates a virtual circuit (VC)switching function, allowing enterprisesthe same performance on their IP-based network services as with those delivered over traditional networks such as Frame Relay or ATM. Label Distribution Protocol (LDP) performs label distribution in MPLS environments. LDP provides the following capabilities: • LDP performs hop-by-hop or dynamic path setup; it does not provide end-to-end switching services. • LDP assigns labels to routes using the underlying Interior Gateway Protocols (IGP) routing protocols. • LDP provides constraint-based routing using LDP extensions for traffic engineering. Finally, LDP is deployed in the core of the network and is one of the key protocols used in MPLS-based Layer 2 and Layer 3 virtual private networks (VPNs). Feature History for Implementing MPLS LDP Release Modification Release 3.7.2 This feature was introduced. Support was added for these features: • IP LDP Fast Reroute Loop Free Alternate • Downstream on Demand Release 4.0.1 Release 4.2.1 Support was added for LDP Implicit Null for IGP Routes. • Prerequisites for Implementing Cisco MPLS LDP, page 2 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 1• Information About Implementing Cisco MPLS LDP, page 2 • How to Implement MPLS LDP , page 16 • Configuration Examples for Implementing MPLS LDP, page 54 • Additional References, page 63 Prerequisites for Implementing Cisco MPLS LDP These prerequisites are required to implement MPLS LDP: • You must be in a user group associated with a task group that includesthe proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. • You must be running Cisco IOS XR software. • You must install a composite mini-image and the MPLS package. • You must activate IGP. • We recommend to use a lower session holdtime bandwidth such as neighbors so that a session down occurs before an adjacency-down on a neighbor. Therefore, the following default values for the hello times are listed: • Holdtime is 15 seconds. • Interval is 5 seconds. For example, the LDP session holdtime can be configured as 30 seconds by using the holdtime command. Information About Implementing Cisco MPLS LDP To implement MPLS LDP, you should understand these concepts: Overview of Label Distribution Protocol LDP performs label distribution in MPLS environments. LDP uses hop-by-hop or dynamic path setup, but does not provide end-to-end switching services. Labels are assigned to routesthat are chosen by the underlying IGP routing protocols. The Label Switched Paths (LSPs) that result from the routes, forward labeled traffic across the MPLS backbone to adjacent nodes. Label Switched Paths LSPs are created in the network through MPLS. They can be created statically, by RSVP traffic engineering (TE), or by LDP. LSPs created by LDP perform hop-by-hop path setup instead of an end-to-end path. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 2 OL-26056-02 Implementing MPLS Label Distribution Protocol Prerequisites for Implementing Cisco MPLS LDPLDP Control Plane The control plane enableslabelswitched routers(LSRs) to discover their potential peer routers and to establish LDP sessions with those peers to exchange label binding information. This figure shows the control messages exchanged between LDP peers. Figure 1: LDP Control Protocol LDP uses the hello discovery mechanism to discover its neighbor or peer on the network. When LDP is enabled on an interface, it sends hello messages to a link-local multicast address, and joins a specific multicast group to receive hellos from other LSRs present on the given link. When LSRs on a given link receive hellos, their neighbors are discovered and the LDP session (using TCP) is established. Hellos are not only used to discover and trigger LDP sessions; they are also required to maintain LDP sessions. If a certain number of hellos from a given peer are missed in sequence, LDP sessions are brought down until the peer is discovered again. Note LDP also supports non-link neighbors that could be multiple hops away on the network, using the targeted hello mechanism. In these cases, hellos are sent on a directed, unicast address. The first message in the session establishment phase is the initialization message, which is used to negotiate session parameters. After session establishment, LDP sends a list of all its interface addresses to its peers in an address message.Whenever a new address becomes available or unavailable, the peers are notified regarding such changes via ADDRESS or ADDRESS_WITHDRAW messages respectively. When MPLS LDP learns an IGP prefix it allocates a label locally as the inbound label. The local binding between the prefix label is conveyed to its peers via LABEL_MAPPING message. If the binding breaks and becomes unavailable, a LABEL_WITHDRAW message is sent to all its peers, which responds with LABEL_RELEASE messages. The local label binding and remote label binding received from its peer(s) is used to setup forwarding entries. Using routing information from the IGP protocol and the forwarding information base (FIB), the next active hop isselected. Label binding islearned from the next hop peer, and is used asthe outbound label while setting up the forwarding plane. The LDP session is also kept alive using the LDP keepalive mechanism, where an LSR sends a keepalive message periodically to its peers. If no messages are received and a certain number of keepalive messages are missed from a peer, the session is declared dead, and brought down immediately. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 3 Implementing MPLS Label Distribution Protocol Overview of Label Distribution ProtocolRelated Topics Configuring LDP Discovery Parameters, on page 17 Configuring LDP Discovery Over a Link, on page 19 Configuring LDP Link: Example, on page 54 Configuring LDP Discovery for Active Targeted Hellos, on page 20 Configuring LDP Discovery for Passive Targeted Hellos, on page 22 Configuring LDP Discovery for Targeted Hellos: Example, on page 55 Exchanging Label Bindings LDP creates LSPs to perform the hop-by-hop path setup so that MPLS packets can be transferred between the nodes on the MPLS network. This figure illustrates the process of label binding exchange for setting up LSPs. Figure 2: Setting Up Label Switched Paths For a given network (10.0.0.0), hop-by-hop LSPs are set up between each of the adjacent routers (or, nodes) and each node allocates a local label and passes it to its neighbor as a binding: 1 R4 allocates local label L4 for prefix 10.0.0.0 and advertises it to its neighbors (R3). 2 R3 allocates local label L3 for prefix 10.0.0.0 and advertises it to its neighbors (R1, R2, R4). 3 R1 allocates local label L1 for prefix 10.0.0.0 and advertises it to its neighbors (R2, R3). 4 R2 allocates local label L2 for prefix 10.0.0.0 and advertises it to its neighbors (R1, R3). 5 R1’s label information base (LIB) keeps local and remote labels bindings from its neighbors. 6 R2’s LIB keeps local and remote labels bindings from its neighbors. 7 R3’s LIB keeps local and remote labels bindings from its neighbors. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 4 OL-26056-02 Implementing MPLS Label Distribution Protocol Overview of Label Distribution Protocol8 R4’s LIB keeps local and remote labels bindings from its neighbors. Related Topics Setting Up LDP Neighbors, on page 26 Configuring LDP Neighbors: Example, on page 56 LDP Forwarding Once label bindings are learned, the LDP control plane is ready to setup the MPLS forwarding plane as shown in the following figure. Once label bindings are learned, the LDP control plane is ready to setup the MPLS forwarding plane as shown in this figure. Figure 3: Forwarding Setup 1 Because R3 is next hop for 10.0.0.0 as notified by the FIB, R1 selects label binding from R3 and installs forwarding entry (Layer 1, Layer 3). 2 Because R3 is next hop for 10.0.0.0 (as notified by FIB), R2 selects label binding from R3 and installs forwarding entry (Layer 2, Layer 3). 3 Because R4 is next hop for 10.0.0.0 (as notified by FIB), R3 selects label binding from R4 and installs forwarding entry (Layer 3, Layer 4). 4 Because next hop for 10.0.0.0 (as notified by FIB) is beyond R4, R4 uses NO-LABEL as the outbound and installs the forwarding entry (Layer 4); the outbound packet is forwarded IP-only. 5 Incoming IP traffic on ingress LSR R1 gets label-imposed and is forwarded as an MPLS packet with label L3. 6 Incoming IP traffic on ingress LSR R2 gets label-imposed and is forwarded as an MPLS packet with label L3. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 5 Implementing MPLS Label Distribution Protocol Overview of Label Distribution Protocol7 R3 receives an MPLS packet with label L3, looks up in the MPLS label forwarding table and switches this packet as an MPLS packet with label L4. 8 R4 receives an MPLS packet with label L4, looks up in the MPLS label forwarding table and finds that it should be Unlabeled, pops the top label, and passes it to the IP forwarding plane. 9 IP forwarding takes over and forwards the packet onward. Related Topics Setting Up LDP Forwarding, on page 29 Configuring LDP Forwarding: Example, on page 56 LDP Graceful Restart LDP (Label Distribution Protocol) graceful restart provides a control plane mechanism to ensure high availability and allows detection and recovery from failure conditions while preserving Nonstop Forwarding (NSF)services. Graceful restart is a way to recover from signaling and control plane failures without impacting forwarding. Without LDP graceful restart, when an established session fails, the corresponding forwarding states are cleaned immediately from the restarting and peer nodes. In this case LDP forwarding restarts from the beginning, causing a potential loss of data and connectivity. The LDP graceful restart capability is negotiated between two peers during session initialization time, in FT SESSION TLV. In this typed length value (TLV), each peer advertises the following information to its peers: Reconnect time Advertises the maximum time that other peer will wait for this LSR to reconnect after control channel failure. Recovery time Advertises the maximum time that the other peer has on its side to reinstate or refresh its states with this LSR. This time is used only during session reestablishment after earlier session failure. FT flag Specifies whether a restart could restore the preserved (local) node state for this flag. Once the graceful restart session parameters are conveyed and the session is up and running, graceful restart procedures are activated. When configuring the LDP graceful restart process in a network with multiple links, targeted LDP hello adjacencies with the same neighbor, or both, make sure that graceful restart is activated on the session before any hello adjacency times out in case of neighbor control plane failures. One way of achieving this is by configuring a lower session hold time between neighbors such that session timeout occurs before hello adjacency timeout. It is recommended to set LDP session hold time using the following formula: Session Holdtime <= (Hello holdtime - Hello interval) * 3 This meansthat for default values of 15 seconds and 5 secondsfor link Hello holdtime and interval respectively, session hold time should be set to 30 seconds at most. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 6 OL-26056-02 Implementing MPLS Label Distribution Protocol LDP Graceful RestartFor more information about LDP commands,see the Implementing MPLS Label Distribution Protocol module of the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide. Related Topics Setting Up LDP NSF Using Graceful Restart, on page 31 Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56 Control Plane Failure When a control plane failure occurs, connectivity can be affected. The forwarding statesinstalled by the router control planes are lost, and the in-transit packets could be dropped, thus breaking NSF. Thisfigure illustrates a control plane failure and showsthe process and results of a control plane failure leading to loss of connectivity. Figure 4: Control Plane Failure 1 The R4 LSR control plane restarts. 2 LIB is lost when the control plane restarts. 3 The forwarding states installed by the R4 LDP control plane are immediately deleted. 4 Any in-transit packets flowing from R3 to R4 (still labeled with L4) arrive at R4. 5 The MPLS forwarding plane at R4 performs a lookup on local label L4 which fails. Because of thisfailure, the packet is dropped and NSF is not met. 6 The R3 LDP peer detects the failure of the control plane channel and deletes its label bindings from R4. 7 The R3 control plane stops using outgoing labels from R4 and deletes the corresponding forwarding state (rewrites), which in turn causes forwarding disruption. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 7 Implementing MPLS Label Distribution Protocol LDP Graceful Restart8 The established LSPs connected to R4 are terminated at R3, resulting in broken end-to-end LSPs from R1 to R4. 9 The established LSPs connected to R4 are terminated at R3, resulting in broken LSPs end-to-end from R2 to R4. Phases in Graceful Restart The graceful restart mechanism is divided into different phases: Control communication failure detection Control communication failure is detected when the system detects either: • Missed LDP hello discovery messages • Missed LDP keepalive protocol messages • Detection of Transmission Control Protocol (TCP) disconnection a with a peer Forwarding state maintenance during failure Persistent forwarding states at each LSR are achieved through persistent storage (checkpoint) by the LDP control plane. While the control plane is in the process of recovering, the forwarding plane keeps the forwarding states, but marks them as stale. Similarly, the peer control plane also keeps (and marks as stale) the installed forwarding rewrites associated with the node that is restarting. The combination of local node forwarding and remote node forwarding plane states ensures NSF and no disruption in the traffic. Control state recovery Recovery occurs when the session isreestablished and label bindings are exchanged again. This process allows the peer nodes to synchronize and to refresh stale forwarding states. Related Topics Setting Up LDP NSF Using Graceful Restart, on page 31 Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 8 OL-26056-02 Implementing MPLS Label Distribution Protocol LDP Graceful RestartRecovery with Graceful-Restart This figure illustrates the process of failure recovery using graceful restart. Figure 5: Recovering with Graceful Restart 1 The router R4 LSR control plane restarts. 2 With the control plane restart, LIB is gone but forwarding states installed by R4’s LDP control plane are not immediately deleted but are marked as stale. 3 Any in-transit packets from R3 to R4 (still labeled with L4) arrive at R4. 4 The MPLS forwarding plane at R4 performs a successful lookup for the local label L4 as forwarding is still intact. The packet is forwarded accordingly. 5 The router R3 LDP peer detects the failure of the control plane and channel and deletes the label bindings from R4. The peer, however, does not delete the corresponding forwarding states but marks them as stale. 6 At this point there are no forwarding disruptions. 7 The peer also starts the neighbor reconnect timer using the reconnect time value. 8 The established LSPs going toward the router R4 are still intact, and there are no broken LSPs. When the LDP control plane recovers, the restarting LSR starts its forwarding state hold timer and restores its forwarding state from the checkpointed data. This action reinstates the forwarding state and entries and marks them as old. The restarting LSR reconnects to its peer, indicated in the FT Session TLV, that it either was or was not able to restore its state successfully. If it was able to restore the state, the bindings are resynchronized. The peer LSR stops the neighbor reconnect timer (started by the restarting LSR), when the restarting peer connects and starts the neighbor recovery timer. The peer LSR checks the FT Session TLV if the restarting Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 9 Implementing MPLS Label Distribution Protocol LDP Graceful Restartpeer was able to restore its state successfully. It reinstates the corresponding forwarding state entries and receives binding from the restarting peer. When the recovery timer expires, any forwarding state that is still marked as stale is deleted. If the restarting LSR fails to recover (restart), the restarting LSR forwarding state and entries will eventually timeout and is deleted, while neighbor-related forwarding states or entries are removed by the Peer LSR on expiration of the reconnect or recovery timers. Related Topics Setting Up LDP NSF Using Graceful Restart, on page 31 Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56 Label Advertisement Control (Outbound Filtering) By default, LDP advertises labels for all the prefixes to all its neighbors. When this is not desirable (for scalability and security reasons), you can configure LDP to perform outbound filtering for local label advertisement for one or more prefixes to one more peers. This feature is known as LDP outbound label filtering, or local label advertisement control. Related Topics Configuring Label Advertisement Control (Outbound Filtering), on page 24 Configuring Label Advertisement (Outbound Filtering): Example, on page 55 Label Acceptance Control (Inbound Filtering) By default, LDP accepts labels (as remote bindings) for all prefixes from all peers. LDP operates in liberal label retention mode, which instructs LDP to keep remote bindings from all peers for a given prefix. For security reasons, or to conserve memory, you can override this behavior by configuring label binding acceptance for set of prefixes from a given peer. The ability to filter remote bindings for a defined set of prefixes is also referred to as LDP inbound label filtering. Inbound filtering can also be implemented using an outbound filtering policy; however, you may not be able to implement this system if an LDP peer resides under a different administration domain. When both inbound and outbound filtering options are available, we recommend that you use outbound label filtering. Note Related Topics Configuring Label Acceptance Control (Inbound Filtering), on page 34 Configuring Label Acceptance (Inbound Filtering): Example, on page 57 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 10 OL-26056-02 Implementing MPLS Label Distribution Protocol Label Advertisement Control (Outbound Filtering)Local Label Allocation Control By default, LDP allocates local labels for all prefixes that are not Border Gateway Protocol (BGP) prefixes 1 . This is acceptable when LDP is used for applications other than Layer 3 virtual private networks (L3VPN) core transport. When LDP is used to set up transport LSPs for L3VPN traffic in the core, it is not efficient or even necessary to allocate and advertise local labels for, potentially, thousands of IGP prefixes. In such a case, LDP is typically required to allocate and advertise local label for loopback /32 addresses for PE routers. This is accomplished using LDP local label allocation control, where an access list can be used to limit allocation of local labels to a set of prefixes. Limiting local label allocation provides several benefits, including reduced memory usage requirements, fewer local forwarding updates, and fewer network and peer updates. You can configure label allocation using an IP access list to specify a set of prefixes that local labels can allocate and advertise. Tip Related Topics Configuring Local Label Allocation Control, on page 36 Configuring Local Label Allocation Control: Example, on page 57 Session Protection When a link comes up, IP converges earlier and much faster than MPLS LDP and may result in MPLS traffic loss until MPLS convergence. If a link flaps, the LDP session will also flap due to loss of link discovery. LDP session protection minimizestraffic loss, providesfaster convergence, and protects existing LDP (link)sessions by means of “parallel” source of targeted discovery hello. An LDP session is kept alive and neighbor label bindings are maintained when links are down. Upon reestablishment of primary link adjacencies, MPLS convergence is expedited as LDP need not relearn the neighbor label bindings. LDP session protection lets you configure LDP to automatically protect sessions with all or a given set of peers (as specified by peer-acl). When configured, LDP initiates backup targeted hellos automatically for neighbors for which primary link adjacencies already exist. These backup targeted hellos maintain LDP sessions when primary link adjacencies go down. The Session Protection figure illustrates LDP session protection between neighbors R1 and R3. The primary link adjacency between R1 and R3 is directly connected link and the backup; targeted adjacency is maintained between R1 and R3. If the direct link fails, LDP link adjacency is destroyed, but the session is kept up and 1 For L3VPN Inter-AS option C, LDP may also be required to assign local labels for some BGP prefixes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 11 Implementing MPLS Label Distribution Protocol Local Label Allocation Controlrunning using targeted hello adjacency (through R2). When the direct link comes back up, there is no change in the LDP session state and LDP can converge quickly and begin forwarding MPLS traffic. Figure 6: Session Protection When LDP session protection is activated (upon link failure), protection is maintained for an unlimited period time. Note Related Topics Configuring Session Protection, on page 37 Configuring LDP Session Protection: Example, on page 58 IGP Synchronization Lack of synchronization between LDP and IGP can cause MPLS traffic loss. Upon link up, for example, IGP can advertise and use a link before LDP convergence has occurred; or, a link may continue to be used in IGP after an LDP session goes down. LDP IGP synchronization synchronizes LDP and IGP so that IGP advertises links with regular metrics only when MPLS LDP is converged on that link. LDP considers a link converged when at least one LDP session is up and running on the link for which LDP has sent its applicable label bindings and received at least one label binding from the peer. LDP communicates this information to IGP upon link up or session down events and IGP acts accordingly, depending on sync state. In the event of an LDP graceful restart session disconnect, a session is treated as converged as long as the graceful restart neighbor is timed out. Additionally, upon local LDP restart, a checkpointed recovered LDP graceful restart session is used and treated as converged and is given an opportunity to connect and resynchronize. Under certain circumstances, it might be required to delay declaration of resynchronization to a configurable interval. LDP provides a configuration option to delay declaring synchronization up for up to 60 seconds. LDP communicates this information to IGP upon linkup or session down events. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 12 OL-26056-02 Implementing MPLS Label Distribution Protocol IGP SynchronizationThe configuration for LDP IGP synchronization resides in respective IGPs (OSPF and IS-IS) and there is no LDP-specific configuration for enabling of thisfeature. However, there is a specific LDP configuration for IGP sync delay timer. Note Related Topics Configuring LDP IGP Synchronization: OSPF, on page 39 Configuring LDP IGP Synchronization—OSPF: Example, on page 58 Configuring LDP IGP Synchronization: ISIS, on page 40 Configuring LDP IGP Synchronization—ISIS: Example, on page 58 IGP Auto-configuration To enable LDP on a large number of interfaces, IGP auto-configuration lets you automatically configure LDP on all interfaces associated with a specified IGP interface; for example, when LDP is used for transport in the core network. However, there needs to be one IGP set up to enable LDP auto-configuration. Typically, LDP assigns and advertises labels for IGP routes and must often be enabled on all active interfaces by an IGP. Without IGP auto-configuration, you must define the set of interfaces under LDP, a procedure that is time-intensive and error-prone. LDP auto-configuration is supported for IPv4 unicast family in the default VRF. The IGP is responsible for verifying and applying the configuration. Note You can also disable auto-configuration on a per-interface basis. This permits LDP to enable all IGP interfaces except those that are explicitly disabled and prevents LDP from enabling an interface when LDP auto-configuration is configured under IGP. Related Topics Enabling LDP Auto-Configuration for a Specified OSPF Instance, on page 42 Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance, on page 44 Disabling LDP Auto-Configuration, on page 46 Configuring LDP Auto-Configuration: Example, on page 59 LDP Nonstop Routing LDP nonstop routing (NSR) functionality makes failures, such as Route Processor (RP) or Distributed Route Processor (DRP) failover, invisible to routing peers with minimal to no disruption of convergence performance. By default, NSR is globally enabled on all LDP sessions except AToM. A disruption in service may include any of these events: • Route processor (RP) or distributed route processor (DRP) failover • LDP process restart • In-service system upgrade (ISSU) Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 13 Implementing MPLS Label Distribution Protocol IGP Auto-configuration• Minimum disruption restart (MDR) Unlike graceful restart functionality, LDP NSR does not require protocol extensions and does not force software upgrades on other routers in the network, nor does LDP NSR require peer routers to support NSR. L2VPN configuration is not supported on NSR. Note Process failures of active TCP or LDP results in session loss and, as a result, NSR cannot be provided unless RP switchover is configured as a recovery action. For more information about how to configure switchover as a recovery action for NSR, see the Configuring Transports module in Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide . Related Topics Configuring LDP Nonstop Routing, on page 48 IP LDP Fast Reroute Loop Free Alternate The IP Fast Reroute is a mechanism that enables a router to rapidly switch traffic, after an adjacent link failure, node failure, or both, towards a pre-programmed loop-free alternative (LFA) path. This LFA path is used to switch traffic until the router installs a new primary next hop again, as computed for the changed network topology. The goal of LFA FRR is to reduce failure reaction time to 50 milliseconds by using a pre-computed alternate next hop, in the event that the currently selected primary next hop fails, so that the alternate can be rapidly used when the failure is detected. This feature targets to address the fast convergence ability by detecting, computing, updating or enabling prefix independent pre-computed alternate loop-free paths at the time of failure. IGP pre-computes a backup path per IGP prefix. IGP selects one and only one backup path per primary path. RIB installs the best path and download path protection information to FIB by providing correct annotation for protected and protecting paths. FIB pre-installsthe backup path in dataplane. Upon the link or node failure, the routing protocol detects the failure, all the backup paths of the impacted prefixes are enabled in a prefix-independent manner. Prerequisites The Label Distribution Protocol (LDP) can use the loop-free alternates as long as these prerequisites are met: The Label Switching Router (LSR) running LDP must distribute its labels for the Forwarding Equivalence Classes (FECs) it can provide to all its neighbors, regardless of whether they are upstream, or not. There are two approaches in computing LFAs: • Link-based (per-link)--In link-based LFAs, all prefixes reachable through the primary (protected) link share the same backup information. This means that the whole set of prefixes, sharing the same primary, also share the repair or fast reroute (FRR) ability. The per-link approach protects only the next hop address. The per-link approach is suboptimal and not the best for capacity planning. This is because all traffic is redirected to the next hop instead of being spread over multiple paths, which may lead to potential congestion on link to the next hop. The per-link approach does not provide support for node protection. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 14 OL-26056-02 Implementing MPLS Label Distribution Protocol IP LDP Fast Reroute Loop Free Alternate• Prefix-based (per-prefix)--Prefix-based LFAs allow computing backup information per prefix. It protects the destination address. The per-prefix approach is the preferred approach due to its greater applicability, and the greater protection and better bandwidth utilization that it offers. The repair or backup information computed for a given prefix using prefix-based LFA may be different from the computed by link-based LFA. Note The per-prefix LFA approach is preferred for LDP IP Fast Reroute LFA for these reasons: • Better node failure resistance • Better capacity planning and coverage Features Not Supported These interfaces and features are not supported for the IP LDP Fast Reroute Loop Free Alternate feature: • BVI interface (IRB) is not supported either as primary or backup path. • GRE tunnel is not supported either as primary or backup path. • Cisco ASR 9000 Series SPA Interface Processor-700 POS line card on Cisco ASR 9000 Series Router is not supported as primary link. It can be used as LFA backup only on main interface. • In a multi-topology scenerio, the route in topology T can only use LFA within topology T. Hence, the availability of a backup path depends on the topology. For more information about configuring the IP Fast Reroute Loop-free alternate , see Implementing IS-IS on Cisco IOS XR Software module of the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide. Related Topics Configure IP LDP Fast Reroute Loop Free Alternate: Example, on page 59 Verify IP LDP Fast Reroute Loop Free Alternate: Example, on page 61 Downstream on Demand This Downstream on demand feature adds support for downstream-on-demand mode, where the label is not advertised to a peer, unlessthe peer explicitly requestsit. At the same time,since the peer does not automatically advertise labels, the label request is sent whenever the next-hop points out to a peer that no remote label has been assigned. In order to enable downstream-on-demand mode, this configuration must be applied at mplsldp configuration mode: mpls ldp downstream-on-demand with ACL The ACL contains a list of peer IDs that are configured for downstream-on-demand mode. When the ACL is changed or configured, the list of established neighbors is traversed. If a session's downstream-on-demand Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 15 Implementing MPLS Label Distribution Protocol Downstream on Demandconfiguration has changed, the session is reset in order that the new down-stream-on-demand mode can be configured. The reason for resetting the session is to ensure that the labels are properly advertised between the peers. When a new session is established, the ACL is verified to determine whether the session should negotiate for downstream-on-demand mode. If the ACL does not exist or is empty, downstream-on-demand mode is not configured for any neighbor. For it to be enabled, the Downstream on demand feature has to be configured on both peers of the session. If only one peer in the session has downstream-on-demand feature configured, then the session does not use downstream-on-demand mode. If, after, a label request is sent, and no remote label is received from the peer, the router will periodically resend the label request. After the peer advertises a label after receiving the label request, it will automatically readvertise the label if any label attribute changes subsequently. Related Topics Configuring LDP Downstream on Demand mode, on page 50 Explicit-Null and Implicit-Null Labels Cisco MPLS LDP uses null label, implicit or explicit, as local label for routes or prefixes that terminate on the given LSR. These routes include all local, connected, and attached networks. By default, the null label is implicit-null that allows LDP control plane to implement penultimate hop popping (PHOP) mechanism. When thisis not desirable, you can configure explicit-null that allows LDP control plane to implement ultimate hop popping (UHOP) mechanism. You can configure this explicit-null feature on the ultimate hop LSR. This configuration knob includes an access-list to specify the IP prefixes for which PHOP is desired. This new enhancement allows you to configure implicit-null local label for non-egress (ultimate hop LSR) prefixes by using the implicit-null-override command. This enforces implicit-null local label for a specific prefix even if the prefix requires a non-null label to be allocated by default. For example, by default, an LSR allocates and advertises a non-null label for an IGP route. If you wish to terminate LSP for this route on penultimate hop of the LSR, you can enforce implicit-null label allocation and advertisement for this prefix using implicit-null-override feature. If a given prefix is permitted in both explicit-null and implicit-null-override feature, then implicit-null-override supercedes and an implicit-null label is allocated and advertised for the prefix. Note In order to enable implicit-null-override mode, this configuration must be applied at MPLS LDP label configuration mode: mpls ldp label implicit-null-override for ! This feature works with any prefix including static, IGP, and BGP, when specified in the ACL. How to Implement MPLS LDP A typical MPLS LDP deployment requires coordination among several global neighbor routers. Various configuration tasks are required to implement MPLS LDP : Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 16 OL-26056-02 Implementing MPLS Label Distribution Protocol Explicit-Null and Implicit-Null LabelsConfiguring LDP Discovery Parameters Perform this task to configure LDP discovery parameters (which may be crucial for LDP operations). Note The LDP discovery mechanism is used to discover or locate neighbor nodes. SUMMARY STEPS 1. configure 2. mpls ldp 3. router-id { type number | ip-address } 4. discovery { hello | targeted-hello } holdtime seconds 5. discovery { hello | targeted-hello } interval seconds 6. Use one of the following commands: • end • commit 7. (Optional) show mpls ldp parameters DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Step 3 router-id { type number | ip-address } Specifies the router ID of the local node. Example: RP/0/RSP0/CPU0:router(config-ldp)# router-id loopback 1 • In Cisco IOS XR software, the router ID is specified as an interface name or IP address. By default, LDP uses the global router ID (configured by the global router ID process). Specifies the time that a discovered neighbor is kept without receipt of any subsequent hello messages. The default value for the seconds discovery { hello | targeted-hello } holdtime seconds Step 4 argument is 15 seconds for link hello and 90 seconds for targeted hello messages. Example: RP/0/RSP0/CPU0:router(config-ldp)# Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 17 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery ParametersCommand or Action Purpose discovery hello holdtime 30 RP/0/RSP0/CPU0:router(config-ldp)# discovery targeted-hello holdtime 180 Selects the period of time between the transmission of consecutive hello messages. The default value for the seconds argument is 5 discovery { hello | targeted-hello } interval seconds Step 5 seconds for link hello messages and 10 seconds for targeted hello messages. Example: RP/0/RSP0/CPU0:router(config-ldp)# discovery hello interval 15 RP/0/RSP0/CPU0:router(config-ldp)# discovery targeted-hello interval 20 Step 6 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. RP/0/RSP0/CPU0:router (config-ldp)# end or ? Entering no exits the configuration session and returns the router to EXEC mode without committing the RP/0/RSP0/CPU0:router configuration changes. (config-ldp)# commit ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays all the current MPLS LDP parameters. show mpls ldp parameters Example: Step 7 RP/0/RSP0/CPU0:router # show mpls ldp parameters Related Topics LDP Control Plane, on page 3 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 18 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery ParametersConfiguring LDP Discovery Over a Link Perform this task to configure LDP discovery over a link. Note There is no need to enable LDP globally. Before You Begin A stable router ID is required at either end of the link to ensure the link discovery (and session setup) is successful. If you do not assign a router ID to the routers, the system will default to the global router ID. Default router IDs are subject to change and may cause an unstable discovery. SUMMARY STEPS 1. configure 2. mpls ldp 3. router-id ip-address 4. interface type interface-path-id 5. Use one of the following commands: • end • commit 6. (Optional) show mpls ldp discovery DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Step 3 router-id ip-address Specifies the router ID of the local node. Example: RP/0/RSP0/CPU0:router(config-ldp)# router-id loopback 1 • In Cisco IOS XR software, the router ID is specified as an interface name or IP address. By default, LDP uses the global router ID (configured by the global router ID process). Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 19 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery Over a LinkCommand or Action Purpose Enters interface configuration mode for the LDP protocol. Interface type must be Tunnel-TE. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-ldp)# Step 4 interface tunnel-te 12001 RP/0/RSP0/CPU0:router(config-ldp-if)# Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns or the router to EXEC mode. RP/0/RSP0/CPU0:router(config-ldp-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays the status of the LDP discovery process. This command, without an interface filter, generates a list of interfaces over which the LDP show mpls ldp discovery Example: RP/0/RSP0/CPU0:router# show mpls ldp discovery Step 6 discovery process is running. The output information contains the state of the link (xmt/rcv hellos), local LDP identifier, the discovered peer’s LDP identifier, and holdtime values. Related Topics LDP Control Plane, on page 3 Configuring LDP Link: Example, on page 54 Configuring LDP Discovery for Active Targeted Hellos Perform this task to configure LDP discovery for active targeted hellos. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 20 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery for Active Targeted HellosNote The active side for targeted hellos initiates the unicast hello toward a specific destination. Before You Begin These prerequisites are required to configure LDP discovery for active targeted hellos: • Stable router ID is required at either end of the targeted session. If you do not assign a router ID to the routers, the system will default to the global router ID. Please note that default router IDs are subject to change and may cause an unstable discovery. • One or more MPLS Traffic Engineering tunnels are established between non-directly connected LSRs. SUMMARY STEPS 1. configure 2. mpls ldp 3. router-id ip-address 4. interface type interface-path-id 5. Use one of the following commands: • end • commit 6. (Optional) show mpls ldp discovery DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Step 3 router-id ip-address Specifies the router ID of the local node. Example: RP/0/RSP0/CPU0:router(config-ldp)# router-id loopback 1 In Cisco IOS XR software, the router ID is specified as an interface name or IP address. By default, LDP uses the global router ID (configured by global router ID process). Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 21 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery for Active Targeted HellosCommand or Action Purpose interface type interface-path-id Enters interface configuration mode for the LDP protocol. Example: RP/0/RSP0/CPU0:router(config-ldp)# interface tunnel-te 12001 Step 4 Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays the status of the LDP discovery process. This command, without an interface filter, generates a list of interfaces over which the LDP show mpls ldp discovery Example: RP/0/RSP0/CPU0:router# show mpls ldp discovery Step 6 discovery process is running. The output information contains the state of the link (xmt/rcv hellos), local LDP identifier, the discovered peer’s LDP identifier, and holdtime values. Related Topics LDP Control Plane, on page 3 Configuring LDP Discovery for Targeted Hellos: Example, on page 55 Configuring LDP Discovery for Passive Targeted Hellos Perform this task to configure LDP discovery for passive targeted hellos. A passive side for targeted hello is the destination router (tunnel tail), which passively waits for an incoming hello message. Because targeted hellos are unicast, the passive side waits for an incoming hello message to respond with hello toward its discovered neighbor. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 22 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery for Passive Targeted HellosBefore You Begin Stable router ID is required at either end of the link to ensure that the link discovery (and session setup) is successful. If you do not assign a router ID to the routers, the system defaults to the global router ID. Default router IDs are subject to change and may cause an unstable discovery. SUMMARY STEPS 1. configure 2. mpls ldp 3. router-id ip-address 4. discovery targeted-hello accept 5. Use one of the following commands: • end • commit 6. (Optional) show mpls ldp discovery DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Step 3 router-id ip-address Specifies the router ID of the local node. Example: RP/0/RSP0/CPU0:router(config-ldp)# router-id loopback 1 • In Cisco IOS XR software, the router ID is specified as an interface name or IP address. By default, LDP uses the global router ID (configured by global router ID process). Directs the system to accept targeted hello messages from any source and activates passive mode on the LSR for targeted hello acceptance. discovery targeted-hello accept Example: RP/0/RSP0/CPU0:router(config-ldp)# discovery targeted-hello accept Step 4 • This command is executed on the receiver node (with respect to a given MPLS TE tunnel). • You can control the targeted-hello acceptance using the discovery targeted-hello accept command. Step 5 Use one of the following commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 23 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery for Passive Targeted HellosCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays the status of the LDP discovery process. This command, without an interface filter, generates a list of interfaces over which the LDP discovery show mpls ldp discovery Example: RP/0/RSP0/CPU0:router# show mpls ldp discovery Step 6 process is running. The output information contains the state of the link (xmt/rcv hellos), local LDP identifier, the discovered peer’s LDP identifier, and holdtime values. Related Topics LDP Control Plane, on page 3 Configuring LDP Discovery for Targeted Hellos: Example, on page 55 Configuring Label Advertisement Control (Outbound Filtering) Perform this task to configure label advertisement (outbound filtering). By default, a label switched router (LSR) advertises all incoming label prefixes to each neighboring router. You can control the exchange of label binding information using the mpls ldp label advertise command. Using the optional keywords, you can advertise selective prefixesto all neighbors, advertise selective prefixes to defined neighbors, or disable label advertisement to all peers for all prefixes. Note Prefixes and peers advertised selectively are defined in the access list. Before You Begin Before configuring label advertisement, enable LDP and configure an access list. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 24 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring Label Advertisement Control (Outbound Filtering)SUMMARY STEPS 1. configure 2. mpls ldp 3. label advertise { disable | for prefix-acl [ to peer-acl ] | interface type interface-path-id } 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 label advertise { disable | for prefix-acl [ Configureslabel advertisement by specifying one of the following options: to peer-acl ] | interface type interface-path-id } Step 3 disable Disables label advertisement to all peers for all prefixes (if there Example: are no other conflicting rules). RP/0/RSP0/CPU0:router(config-ldp)# label interface advertise interface POS 0/1/0/0 RP/0/RSP0/CPU0:router(config-ldp)# for pfx_acl1 to peer_acl1 Specifies an interface for label advertisement of an interface address. for prefix-acl to peer-acl Specifies neighbors to advertise and receive label advertisements. Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 25 Implementing MPLS Label Distribution Protocol Configuring Label Advertisement Control (Outbound Filtering)Command or Action Purpose Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Label Advertisement Control (Outbound Filtering), on page 10 Configuring Label Advertisement (Outbound Filtering): Example, on page 55 Setting Up LDP Neighbors Perform this task to set up LDP neighbors. Before You Begin Stable router ID isrequired at either end of the link to ensure the link discovery (and session setup) issuccessful. If you do not assign a router ID to the routers, the system will default to the global router ID. Default router IDs are subject to change and may cause an unstable discovery. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 26 OL-26056-02 Implementing MPLS Label Distribution Protocol Setting Up LDP NeighborsSUMMARY STEPS 1. configure 2. mpls ldp 3. interface type interface-path-id 4. discovery transport-address [ ip-address | interface ] 5. exit 6. holdtime seconds 7. neighbor ip-address password [ encryption ] password 8. backoff initial maximum 9. Use one of the following commands: • end • commit 10. (Optional) show mpls ldp neighbor DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 interface type interface-path-id Enters interface configuration mode for the LDP protocol. Example: RP/0/RSP0/CPU0:router(config-ldp)# interface POS 0/1/0/0 Step 3 discovery transport-address [ ip-address | Provides an alternative transport address for a TCP connection. interface ] Step 4 • Default transport address advertised by an LSR (for TCP connections) to its peer is the router ID. Example: RP/0/RSP0/CPU0:router(config-ldp-if)# discovery transport-address 192.168.1.42 • Transport address configuration is applied for a given LDP-enabled interface. or RP/0/RSP0/CPU0:router(config-ldp)# discovery transport-address interface • If the interface version of the command is used, the configured IP address of the interface is passed to its neighbors as the transport address. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 27 Implementing MPLS Label Distribution Protocol Setting Up LDP NeighborsCommand or Action Purpose exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-ldp-if)# exit Step 5 Changes the time for which an LDP session is maintained in the absence of LDP messages from the peer. holdtime seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# holdtime 30 Step 6 • Outgoing keepalive interval is adjusted accordingly (to make three keepalives in a given holdtime) with a change in session holdtime value. • Session holdtime is also exchanged when the session is established. • In this example holdtime is set to 30 seconds, which causes the peer session to timeout in 30 seconds, as well as transmitting outgoing keepalive messages toward the peer every 10 seconds. Configures password authentication (using the TCP MD5 option) for a given neighbor. neighbor ip-address password [ encryption ] password Example: RP/0/RSP0/CPU0:router(config-ldp)# neighbor 192.168.2.44 password secretpasswd Step 7 Configures the parameters for the LDP backoff mechanism. The LDP backoff mechanism preventstwo incompatibly configured LSRsfrom backoff initial maximum Example: RP/0/RSP0/CPU0:router(config-ldp)# backoff 10 20 Step 8 engaging in an unthrottled sequence of session setup failures. If a session setup attempt fails due to such incompatibility, each LSR delays its next attempt (backs off), increasing the delay exponentially with each successive failure until the maximum backoff delay is reached. Step 9 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 28 OL-26056-02 Implementing MPLS Label Distribution Protocol Setting Up LDP NeighborsCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays the status of the LDP session with its neighbors. This command can be run with various filters as well as with the brief option. show mpls ldp neighbor Example: RP/0/RSP0/CPU0:router# show mpls ldp neighbor Step 10 Related Topics Configuring LDP Neighbors: Example, on page 56 Setting Up LDP Forwarding Perform this task to set up LDP forwarding. By default, the LDP control plane implements the penultimate hop popping (PHOP) mechanism. The PHOP mechanism requires that label switched routers use the implicit-null label as a local label for the given Forwarding Equivalence Class (FEC) for which LSR is the penultimate hop. Although PHOP has certain advantages, it may be required to extend LSP up to the ultimate hop under certain circumstances(for example, to propagate MPL QoS). This is done using a special local label (explicit-null) advertised to the peers after which the peers use this label when forwarding traffic toward the ultimate hop (egress LSR). Before You Begin Stable router ID isrequired at either end of the link to ensure the link discovery (and session setup) issuccessful. If you do not assign a router ID to the routers, the system will default to the global router ID. Default router IDs are subject to change and may cause an unstable discovery. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 29 Implementing MPLS Label Distribution Protocol Setting Up LDP ForwardingSUMMARY STEPS 1. configure 2. mpls ldp 3. explicit-null 4. Use one of the following commands: • end • commit 5. (Optional) show mpls ldp forwarding 6. (Optional) show mpls forwarding 7. (Optional) ping ip-address DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Causes a router to advertise an explicit null label in situations where it normally advertises an implicit null label (for example, to enable an ultimate-hop disposition instead of PHOP). explicit-null Example: RP/0/RSP0/CPU0:router(config-ldp)# explicit-null Step 3 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. RP/0/RSP0/CPU0:router(config-ldp)# commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 30 OL-26056-02 Implementing MPLS Label Distribution Protocol Setting Up LDP ForwardingCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays the MPLS LDP view of installed forwarding states (rewrites). show mpls ldp forwarding Example: RP/0/RSP0/CPU0:router# show mpls ldp forwarding Step 5 (Optional) Displays a global view of all MPLS installed forwarding states (rewrites) by various applications (LDP, TE, and static). show mpls forwarding Example: RP/0/RSP0/CPU0:router# show mpls forwarding Step 6 (Optional) Checks for connectivity to a particular IP address (going through MPLS LSP as shown in the show mpls forwarding command). ping ip-address Example: RP/0/RSP0/CPU0:router# ping 192.168.2.55 Step 7 Related Topics LDP Forwarding, on page 5 Configuring LDP Forwarding: Example, on page 56 Setting Up LDP NSF Using Graceful Restart Perform this task to set up NSF using LDP graceful restart. LDP graceful restart is a way to enable NSF for LDP. The correct way to set up NSF using LDP graceful restart is to bring up LDP neighbors (link or targeted) with additional configuration related to graceful restart. Before You Begin Stable router ID isrequired at either end of the link to ensure the link discovery (and session setup) issuccessful. If you do not assign a router ID to the routers, the system will default to the global router ID. Default router IDs are subject to change and may cause an unstable discovery. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 31 Implementing MPLS Label Distribution Protocol Setting Up LDP NSF Using Graceful RestartSUMMARY STEPS 1. configure 2. mpls ldp 3. interface type interface-path-id 4. exit 5. graceful-restart 6. graceful-restart forwarding-state-holdtime seconds 7. graceful-restart reconnect-timeout seconds 8. Use one of the following commands: • end • commit 9. (Optional) show mpls ldp parameters 10. (Optional) show mpls ldp neighbor 11. (Optional) show mpls ldp graceful-restart DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 interface type interface-path-id Enters interface configuration mode for the LDP protocol. Example: RP/0/RSP0/CPU0:router(config-ldp)# Step 3 interface POS 0/1/0/0 RP/0/RSP0/CPU0:router(config-ldp-if)# exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-ldp-if)# exit Step 4 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 32 OL-26056-02 Implementing MPLS Label Distribution Protocol Setting Up LDP NSF Using Graceful RestartCommand or Action Purpose graceful-restart Enables the LDP graceful restart feature. Example: RP/0/RSP0/CPU0:router(config-ldp)# graceful-restart Step 5 Specifies the length of time that forwarding can keep LDP-installed forwarding states and rewrites, and specifies wh en the LDP control plane restarts. graceful-restart forwarding-state-holdtime seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# Step 6 • After restart of the control plane, when the forwarding state holdtime expires, any previously installed LDP forwarding state or rewrite that is not yet refreshed is deleted from the forwarding. graceful-restart forwarding-state-holdtime 180 • Recovery time sent after restart is computed as the current remaining value of the forwarding state hold timer. Specifies the length of time a neighbor waits before restarting the node to reconnect before declaring an earlier graceful restart session graceful-restart reconnect-timeout seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# graceful-restart reconnect-timeout 169 Step 7 as down. This command is used to start a timer on the peer (upon a neighbor restart). Thistimer isreferred to as Neighbor Livenesstimer. Step 8 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 33 Implementing MPLS Label Distribution Protocol Setting Up LDP NSF Using Graceful RestartCommand or Action Purpose (Optional) Displays all the current MPLS LDP parameters. show mpls ldp parameters Example: RP/0/RSP0/CPU0:router# show mpls ldp parameters Step 9 (Optional) Displays the status of the LDP session with its neighbors. This command can be run with various filters as well as with the brief option. show mpls ldp neighbor Example: RP/0/RSP0/CPU0:router# show mpls ldp neighbor Step 10 (Optional) Displays the status of the LDP graceful restart feature. The output of this command not only shows states of different graceful restart show mpls ldp graceful-restart Example: RP/0/RSP0/CPU0:router# show mpls ldp graceful-restart Step 11 timers, but also a list of graceful restart neighbors, their state, and reconnect count. Related Topics LDP Graceful Restart, on page 6 Phases in Graceful Restart, on page 8 Recovery with Graceful-Restart, on page 9 Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56 Configuring Label Acceptance Control (Inbound Filtering) Perform this task to configure LDP inbound label filtering. By default, there is no inbound label filtering performed by LDP and thus an LSR accepts (and retains) all remote label bindings from all peers. Note SUMMARY STEPS 1. configure 2. mpls ldp 3. label accept for prefix-acl from ip-address 4. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 34 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring Label Acceptance Control (Inbound Filtering)DETAILED STEPS Command or Action Purpose configure Enters the configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters the MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Configuresinbound label acceptance for prefixesspecified by prefix-acl from neighbor (as specified by its IP address). label accept for prefix-acl from ip-address Example: RP/0/RSP0/CPU0:router(config-ldp)# label Step 3 accept for pfx_acl_1 from 192.168.1.1 RP/0/RSP0/CPU0:router(config-ldp)# label accept for pfx_acl_2 from 192.168.2.2 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Label Acceptance Control (Inbound Filtering), on page 10 Configuring Label Acceptance (Inbound Filtering): Example, on page 57 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 35 Implementing MPLS Label Distribution Protocol Configuring Label Acceptance Control (Inbound Filtering)Configuring Local Label Allocation Control Perform this task to configure label allocation control. Note By default, local label allocation control is disabled and all non-BGP prefixes are assigned local labels. SUMMARY STEPS 1. configure 2. mpls ldp 3. label allocate for prefix-acl 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters the configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters the MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 label allocate for prefix-acl Configures label allocation control for prefixes as specified by prefix-acl. Example: RP/0/RSP0/CPU0:router(config-ldp)# label allocate for pfx_acl_1 Step 3 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 36 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring Local Label Allocation ControlCommand or Action Purpose ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Local Label Allocation Control, on page 11 Configuring Local Label Allocation Control: Example, on page 57 Configuring Session Protection Perform this task to configure LDP session protection. By default, there is no protection is done for link sessions by means of targeted hellos. SUMMARY STEPS 1. configure 2. mpls ldp 3. session protection [ for peer-acl ] [ duration seconds ] 4. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 37 Implementing MPLS Label Distribution Protocol Configuring Session ProtectionDETAILED STEPS Command or Action Purpose configure Enters the configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters the MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Configures LDP session protection for peers specified by peer-acl with a maximum duration, in seconds. session protection [ for peer-acl ] [ duration seconds ] Example: RP/0/RSP0/CPU0:router(config-ldp)# Step 3 session protection for peer_acl_1 duration 60 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Session Protection, on page 11 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 38 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring Session ProtectionConfiguring LDP Session Protection: Example, on page 58 Configuring LDP IGP Synchronization: OSPF Perform this task to configure LDP IGP Synchronization under OSPF. Note By default, there is no synchronization between LDP and IGPs. SUMMARY STEPS 1. configure 2. router ospf process-name 3. Use one of the following commands: • mpls ldp sync • area area-id mpls ldp sync • area area-id interface name mpls ldp sync 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Identifies the OSPF routing process and enters OSPF configuration mode. router ospf process-name Example: RP/0/RSP0/CPU0:router(config)# router ospf 100 Step 2 Step 3 Use one of the following commands: Enables LDP IGP synchronization on an interface. • mpls ldp sync • area area-id mpls ldp sync • area area-id interface name mpls ldp sync Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 39 Implementing MPLS Label Distribution Protocol Configuring LDP IGP Synchronization: OSPFCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-ospf)# mpls ldp sync Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ospf)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ospf)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics IGP Synchronization, on page 12 Configuring LDP IGP Synchronization—OSPF: Example, on page 58 Configuring LDP IGP Synchronization: ISIS Perform this task to configure LDP IGP Synchronization under ISIS. Note By default, there is no synchronization between LDP and ISIS. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 40 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP IGP Synchronization: ISISSUMMARY STEPS 1. configure 2. router isis instance-id 3. interface type interface-path-id 4. address-family ipv4 unicast 5. mpls ldp sync 6. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables the Intermediate System-to-Intermediate System (IS-IS) routing protocol and defines an IS-IS instance. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis Step 2 100 RP/0/RSP0/CPU0:router(config-isis)# Configures the IS-IS protocol on an interface and enters ISIS interface configuration mode. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-isis)# Step 3 interface POS 0/2/0/0 RP/0/RSP0/CPU0:router(config-isis-if)# Enters address family configuration mode for configuring IS-IS routing for a standard IP Version 4 (IPv4) address prefix. address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-isis-if)# Step 4 address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-isis-if-af)# mpls ldp sync Enables LDP IGP synchronization. Example: RP/0/RSP0/CPU0:router(config-isis-if-af)# mpls ldp sync Step 5 Step 6 Use one of the following commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 41 Implementing MPLS Label Distribution Protocol Configuring LDP IGP Synchronization: ISISCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-isis-if-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis-if-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics IGP Synchronization, on page 12 Configuring LDP IGP Synchronization—ISIS: Example, on page 58 Enabling LDP Auto-Configuration for a Specified OSPF Instance Perform this task to enable IGP auto-configuration globally for a specified OSPF process name. You can disable auto-configuration on a per-interface basis. This lets LDP enable all IGP interfaces except those that are explicitly disabled. Note This feature is supported for IPv4 unicast family in default VRF only. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 42 OL-26056-02 Implementing MPLS Label Distribution Protocol Enabling LDP Auto-Configuration for a Specified OSPF InstanceSUMMARY STEPS 1. configure 2. router ospf process-name 3. mpls ldp auto-config 4. area area-id 5. interface type interface-path-id 6. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters a uniquely identifiable OSPF routing process. The process name is any alphanumeric string no longer than 40 characters withoutspaces. router ospf process-name Example: RP/0/RSP0/CPU0:router(config)# router ospf Step 2 190 RP/0/RSP0/CPU0:router(config-ospf)# mpls ldp auto-config Enables LDP auto-configuration. Example: RP/0/RSP0/CPU0:router(config-ospf)# mpls ldp auto-config Step 3 Step 4 area area-id Configures an OSPF area and identifier. Example: RP/0/RSP0/CPU0:router(config-ospf)# area 8 area-id Either a decimal value or an IP address. Step 5 interface type interface-path-id Enables LDP auto-configuration on the specified interface. Example: RP/0/RSP0/CPU0:router(config-ospf-ar)# interface pos 0/6/0/0 LDP configurable limit for maximum number of interfaces does not apply to IGP auto-configuration interfaces. Note Step 6 Use one of the following commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 43 Implementing MPLS Label Distribution Protocol Enabling LDP Auto-Configuration for a Specified OSPF InstanceCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-ospf-ar-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ospf-ar-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics IGP Auto-configuration, on page 13 Configuring LDP Auto-Configuration: Example, on page 59 Disabling LDP Auto-Configuration, on page 46 Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance Perform this task to enable IGP auto-configuration in a defined area with a specified OSPF process name. You can disable auto-configuration on a per-interface basis. This lets LDP enable all IGP interfaces except those that are explicitly disabled. Note This feature is supported for IPv4 unicast family in default VRF only. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 44 OL-26056-02 Implementing MPLS Label Distribution Protocol Enabling LDP Auto-Configuration in an Area for a Specified OSPF InstanceSUMMARY STEPS 1. configure 2. router ospf process-name 3. area area-id 4. mpls ldp auto-config 5. interface type interface-path-id 6. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters a uniquely identifiable OSPF routing process. The process name is any alphanumeric string no longer than 40 characters without spaces. router ospf process-name Example: RP/0/RSP0/CPU0:router(config)# router ospf Step 2 100 RP/0/RSP0/CPU0:router(config-ospf)# Step 3 area area-id Configures an OSPF area and identifier. Example: RP/0/RSP0/CPU0:router(config-ospf)# area area-id Either a decimal value or an IP address. 8 RP/0/RSP0/CPU0:router(config-ospf-ar)# mpls ldp auto-config Enables LDP auto-configuration. Example: RP/0/RSP0/CPU0:router(config-ospf-ar)# mpls ldp auto-config Step 4 Enables LDP auto-configuration on the specified interface. The LDP configurable limit for maximum number of interfaces does not apply to IGP auto-config interfaces. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-ospf-ar)# Step 5 interface pos 0/6/0/0 RP/0/RSP0/CPU0:router(config-ospf-ar-if) Step 6 Use one of the following commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 45 Implementing MPLS Label Distribution Protocol Enabling LDP Auto-Configuration in an Area for a Specified OSPF InstanceCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-ospf-ar-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ospf-ar-if)# commit ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics IGP Auto-configuration, on page 13 Configuring LDP Auto-Configuration: Example, on page 59 Disabling LDP Auto-Configuration, on page 46 Disabling LDP Auto-Configuration Perform this task to disable IGP auto-configuration. You can disable auto-configuration on a per-interface basis. This lets LDP enable all IGP interfaces except those that are explicitly disabled. SUMMARY STEPS 1. configure 2. mpls ldp 3. interface type interface-path-id 4. igp auto-config disable 5. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 46 OL-26056-02 Implementing MPLS Label Distribution Protocol Disabling LDP Auto-ConfigurationDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters the MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp RP/0/RSP0/CPU0:router(config-ldp)# Step 2 interface type interface-path-id Enters interface configuration mode and configures an interface. Example: RP/0/RSP0/CPU0:router(config-ldp)# interface pos 0/6/0/0 Step 3 igp auto-config disable Disables auto-configuration on the specified interface. Example: RP/0/RSP0/CPU0:router(config-ldp-if)# igp auto-config disable Step 4 Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp-if)# commit ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 47 Implementing MPLS Label Distribution Protocol Disabling LDP Auto-ConfigurationRelated Topics IGP Auto-configuration, on page 13 Configuring LDP Auto-Configuration: Example, on page 59 Configuring LDP Nonstop Routing Perform this task to configure LDP NSR. Note By default, NSR is globally-enabled on all LDP sessions except AToM. SUMMARY STEPS 1. configure 2. mpls ldp 3. nsr 4. Use one of the following commands: • end • commit 5. show mpls ldp nsr statistics 6. show mpls ldp nsr summary 7. show mpls ldp nsr pending DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters the MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 48 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP Nonstop RoutingCommand or Action Purpose nsr Enables LDP nonstop routing. Example: RP/0/RSP0/CPU0:router(config-ldp)# nsr Step 3 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show mpls ldp nsr statistics Displays MPLS LDP NSR statistics. Example: RP/0/RSP0/CPU0:router# show mpls ldp nsr statistics Step 5 show mpls ldp nsr summary Displays MPLS LDP NSR summarized information. Example: RP/0/RSP0/CPU0:router# show mpls ldp nsr summary Step 6 show mpls ldp nsr pending Displays MPLS LDP NSR pending information. Example: RP/0/RSP0/CPU0:router# show mpls ldp nsr pending Step 7 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 49 Implementing MPLS Label Distribution Protocol Configuring LDP Nonstop RoutingRelated Topics LDP Nonstop Routing, on page 13 Configuring LDP Downstream on Demand mode SUMMARY STEPS 1. configure 2. mpls ldp 3. downstream-on-demand 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Enters downstream on demand label advertisement mode. The ACL contains the list of peer IDs that are configured for downstream-on-demand mode. downstream-on-demand Example: RP/0/RSP0/CPU0:router(config-ldp)# Step 3 When the ACL is changed or configured, the list of established neighbor is traversed. downstream-on-demand with access-list Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 50 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP Downstream on Demand modeCommand or Action Purpose ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Downstream on Demand, on page 15 Redistributing MPLS LDP Routes into BGP Perform this task to redistribute Border Gateway Protocol (BGP) autonomous system into an MPLS LDP. SUMMARY STEPS 1. configure 2. mpls ldp 3. redistribute bgp 4. Use one of these commands: • end • commit 5. show run mpls ldp DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 51 Implementing MPLS Label Distribution Protocol Redistributing MPLS LDP Routes into BGPCommand or Action Purpose mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(conf)# mpls Step 2 ldp Step 3 redistribute bgp Allows the redistribution of BGP routes into an MPLS LDP processes. Example: RP/0/RSP0/CPU0:router(config-ldp)# Autonomoussystem numbers(ASNs) are globally unique identifiers used to identify autonomous systems (ASs) and enable ASs to exchange exterior routing information between neighboring ASs. A unique ASN is allocated to each AS for use in BGP routing. ASNs are encoded as 2-byte numbers and 4-byte numbers in BGP. Note redistribute bgp {advertise-to access-list | as} Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show run mpls ldp Displays information about the redistributed route information. Example: RP/0/RSP0/CPU0:router# show run mpls Step 5 ldp Setting Up Implicit-Null-Override Label Perform this task to configure implicit-null label for non-egress prefixes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 52 OL-26056-02 Implementing MPLS Label Distribution Protocol Setting Up Implicit-Null-Override LabelSUMMARY STEPS 1. configure 2. mpls ldp 3. label 4. implicit-null-override for access-list 5. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 label Configures the allocation, advertisement ,and acceptance of labels. Example: RP/0/RSP0/CPU0:router(config-ldp)# label Step 3 Step 4 implicit-null-override for access-list Configures implicit-null local label for non-egress prefixes. Example: RP/0/RSP0/CPU0:router(config-ldp-lbl)# implicit-null-override for 70 This feature works with any prefix including static, IGP, and BGP, when specified in the ACL. Note Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 53 Implementing MPLS Label Distribution Protocol Setting Up Implicit-Null-Override LabelCommand or Action Purpose or ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuration Examples for Implementing MPLS LDP These configuration examples are provided to implement LDP: Configuring LDP with Graceful Restart: Example The example shows how to enable LDP with graceful restart on the POS interface 0/2/0/0. mpls ldp graceful-restart interface pos0/2/0/0 ! Configuring LDP Discovery: Example The example shows how to configure LDP discovery parameters. mpls ldp router-id loopback0 discovery hello holdtime 15 discovery hello interval 5 ! show mpls ldp parameters show mpls ldp discovery Configuring LDP Link: Example The example shows how to configure LDP link parameters. mpls ldp Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 54 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuration Examples for Implementing MPLS LDPinterface pos 0/1/0/0 ! ! show mpls ldp discovery Related Topics Configuring LDP Discovery Over a Link, on page 19 LDP Control Plane, on page 3 Configuring LDP Discovery for Targeted Hellos: Example The examples show how to configure LDP Discovery to accept targeted hello messages. Active (tunnel head) mpls ldp router-id loopback0 interface tunnel-te 12001 ! ! Passive (tunnel tail) mpls ldp router-id loopback0 discovery targeted-hello accept ! Related Topics Configuring LDP Discovery for Active Targeted Hellos, on page 20 Configuring LDP Discovery for Passive Targeted Hellos, on page 22 LDP Control Plane, on page 3 Configuring Label Advertisement (Outbound Filtering): Example The example shows how to configure LDP label advertisement control. mpls ldp label advertise disable for pfx_acl_1 to peer_acl_1 for pfx_acl_2 to peer_acl_2 for pfx_acl_3 interface POS 0/1/0/0 interface POS 0/2/0/0 ! ! ! ipv4 access-list pfx_acl_1 10 permit ip host 1.0.0.0 any ! Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 55 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery for Targeted Hellos: Exampleipv4 access-list pfx_acl_2 10 permit ip host 2.0.0.0 any ! ipv4 access-list peer_acl_1 10 permit ip host 1.1.1.1 any 20 permit ip host 1.1.1.2 any ! ipv4 access-list peer_acl_2 10 permit ip host 2.2.2.2 any ! show mpls ldp binding Related Topics Configuring Label Advertisement Control (Outbound Filtering), on page 24 Label Advertisement Control (Outbound Filtering), on page 10 Configuring LDP Neighbors: Example The example shows how to disable label advertisement. mpls ldp router-id Loopback0 neighbor 1.1.1.1 password encrypted 110A1016141E neighbor 2.2.2.2 implicit-withdraw ! Related Topics Setting Up LDP Neighbors, on page 26 Configuring LDP Forwarding: Example The example shows how to configure LDP forwarding. mpls ldp explicit-null ! show mpls ldp forwarding show mpls forwarding Related Topics Setting Up LDP Forwarding, on page 29 LDP Forwarding, on page 5 Configuring LDP Nonstop Forwarding with Graceful Restart: Example The example shows how to configure LDP nonstop forwarding with graceful restart. mpls ldp log graceful-restart Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 56 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP Neighbors: Example! graceful-restart graceful-restart forwarding state-holdtime 180 graceful-restart reconnect-timeout 15 interface pos0/1/0/0 ! show mpls ldp graceful-restart show mpls ldp neighbor gr show mpls ldp forwarding show mpls forwarding Related Topics Setting Up LDP NSF Using Graceful Restart, on page 31 LDP Graceful Restart, on page 6 Phases in Graceful Restart, on page 8 Recovery with Graceful-Restart, on page 9 Configuring Label Acceptance (Inbound Filtering): Example The example shows how to configure inbound label filtering. mpls ldp label accept for pfx_acl_2 from 192.168.2.2 ! ! ! Related Topics Configuring Label Acceptance Control (Inbound Filtering), on page 34 Label Acceptance Control (Inbound Filtering), on page 10 Configuring Local Label Allocation Control: Example The example shows how to configure local label allocation control. mpls ldp label allocate for pfx_acl_1 ! ! Related Topics Configuring Local Label Allocation Control, on page 36 Local Label Allocation Control, on page 11 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 57 Implementing MPLS Label Distribution Protocol Configuring Label Acceptance (Inbound Filtering): ExampleConfiguring LDP Session Protection: Example The example shows how to configure session protection. mpls ldp session protection duration 60 for peer_acl_1 ! Related Topics Configuring Session Protection, on page 37 Session Protection, on page 11 Configuring LDP IGP Synchronization—OSPF: Example The example shows how to configure LDP IGP synchronization for OSPF. router ospf 100 mpls ldp sync ! mpls ldp igp sync delay 30 ! Related Topics Configuring LDP IGP Synchronization: OSPF, on page 39 IGP Synchronization, on page 12 Configuring LDP IGP Synchronization—ISIS: Example The example shows how to configure LDP IGP synchronization. router isis 100 interface POS 0/2/0/0 address-family ipv4 unicast mpls ldp sync ! ! ! mpls ldp igp sync delay 30 ! Related Topics Configuring LDP IGP Synchronization: ISIS, on page 40 IGP Synchronization, on page 12 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 58 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP Session Protection: ExampleConfiguring LDP Auto-Configuration: Example The example shows how to configure the IGP auto-configuration feature globally for a specific OSPF interface ID. router ospf 100 mpls ldp auto-config area 0 interface pos 1/1/1/1 The example shows how to configure the IGP auto-configuration feature on a given area for a given OSPF interface ID. router ospf 100 area 0 mpls ldp auto-config interface pos 1/1/1/1 Related Topics Enabling LDP Auto-Configuration for a Specified OSPF Instance, on page 42 Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance, on page 44 Disabling LDP Auto-Configuration, on page 46 IGP Auto-configuration, on page 13 Configure IP LDP Fast Reroute Loop Free Alternate: Example The following examples show how to configure the IP LDP FRR LFA on the router. The following example shows how to configure LFA FRR with default tie-break configuration: router isis TEST net 49.0001.0000.0000.0001.00 address-family ipv4 unicast metric-style wide interface GigabitEthernet0/6/0/13 point-to-point address-family ipv4 unicast fast-reroute per-prefix # primary path GigabitEthernet0/6/0/13 will exclude the interface # GigabitEthernet0/6/0/33 in LFA backup path computation. fast-reroute per-prefix exclude interface GigabitEthernet0/6/0/33 ! interface GigabitEthernet0/6/0/23 point-to-point address-family ipv4 unicast ! interface GigabitEthernet0/6/0/24 point-to-point address-family ipv4 unicast ! interface GigabitEthernet0/6/0/33 point-to-point address-family ipv4 unicast ! Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 59 Implementing MPLS Label Distribution Protocol Configuring LDP Auto-Configuration: ExampleThe following example shows how to configure TE tunnel as LFA backup: router isis TEST net 49.0001.0000.0000.0001.00 address-family ipv4 unicast metric-style wide interface GigabitEthernet0/6/0/13 point-to-point address-family ipv4 unicast fast-reroute per-prefix # primary path GigabitEthernet0/6/0/13 will exclude the interface # GigabitEthernet0/6/0/33 in LFA backup path computation. TE tunnel 1001 # is using the link GigabitEthernet0/6/0/33. fast-reroute per-prefix exclude interface GigabitEthernet0/6/0/33 fast-reroute per-prefix lfa-candidate interface tunnel-te1001 ! interface GigabitEthernet0/6/0/33 point-to-point address-family ipv4 unicast ! The following example shows how to configure LFA FRR with configurable tie-break configuration: router isis TEST net 49.0001.0000.0000.0001.00 address-family ipv4 unicast metric-style wide fast-reroute per-prefix tiebreaker ? downstream Prefer backup path via downstream node lc-disjoint Prefer line card disjoint backup path lowest-backup-metric Prefer backup path with lowest total metric node-protecting Prefer node protecting backup path primary-path Prefer backup path from ECMP set secondary-path Prefer non-ECMP backup path fast-reroute per-prefix tiebreaker lc-disjoint index ? <1-255> Index fast-reroute per-prefix tiebreaker lc-disjoint index 10 Sample configuration: router isis TEST net 49.0001.0000.0000.0001.00 address-family ipv4 unicast metric-style wide fast-reroute per-prefix tiebreaker downstream index 60 fast-reroute per-prefix tiebreaker lc-disjoint index 10 fast-reroute per-prefix tiebreaker lowest-backup-metric index 40 fast-reroute per-prefix tiebreaker node-protecting index 30 fast-reroute per-prefix tiebreaker primary-path index 20 fast-reroute per-prefix tiebreaker secondary-path index 50 ! interface GigabitEthernet0/6/0/13 point-to-point address-family ipv4 unicast fast-reroute per-prefix ! interface GigabitEthernet0/1/0/13 point-to-point address-family ipv4 unicast fast-reroute per-prefix ! interface GigabitEthernet0/3/0/0.1 point-to-point address-family ipv4 unicast ! interface GigabitEthernet0/3/0/0.2 point-to-point address-family ipv4 unicast Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 60 OL-26056-02 Implementing MPLS Label Distribution Protocol Configure IP LDP Fast Reroute Loop Free Alternate: ExampleRelated Topics IP LDP Fast Reroute Loop Free Alternate, on page 14 Verify IP LDP Fast Reroute Loop Free Alternate: Example The following examples show how to verify the IP LDP FRR LFA feature on the router. The following example shows how to verify ISIS FRR output: RP/0/RSP0/CPU0:router#show isis fast-reroute summary IS-IS 1 IPv4 Unicast FRR summary Critical High Medium Low Total Priority Priority Priority Priority Prefixes reachable in L1 All paths protected 0 0 4 1008 1012 Some paths protected 0 0 0 0 0 Unprotected 0 0 0 0 0 Protection coverage 0.00% 0.00% 100.00% 100.00% 100.00% Prefixes reachable in L2 All paths protected 0 0 1 0 1 Some paths protected 0 0 0 0 0 Unprotected 0 0 0 0 0 Protection coverage 0.00% 0.00% 100.00% 0.00% 100.00% The following example shows how to verify the IGP route 211.1.1.1/24 in ISIS Fast Reroute output: RP/0/RSP0/CPU0:router#show isis fast-reroute 211.1.1.1/24 L1 211.1.1.1/24 [40/115] via 12.0.0.2, GigabitEthernet0/6/0/13, NORTH FRR backup via 14.0.2.2, GigabitEthernet0/6/0/0.3, SOUTH RP/0/RSP0/CPU0:router#show isis fast-reroute 211.1.1.1/24 detail L1 211.1.1.1/24 [40/115] low priority via 12.0.0.2, GigabitEthernet0/6/0/13, NORTH FRR backup via 14.0.2.2, GigabitEthernet0/6/0/0.3, SOUTH P: No, TM: 130, LC: No, NP: Yes, D: Yes src sr1.00-00, 173.1.1.2 L2 adv [40] native, propagated The following example shows how to verify the IGP route 211.1.1.1/24 in RIB output: RP/0/RSP0/CPU0:router#show route 211.1.1.1/24 Routing entry for 211.1.1.0/24 Known via "isis 1", distance 115, metric 40, type level-1 Installed Nov 27 10:22:20.311 for 1d08h Routing Descriptor Blocks 12.0.0.2, from 173.1.1.2, via GigabitEthernet0/6/0/13, Protected Route metric is 40 14.0.2.2, from 173.1.1.2, via GigabitEthernet0/6/0/0.3, Backup Route metric is 0 No advertising protos. The following example shows how to verify the IGP route 211.1.1.1/24 in FIB output: RP/0/RSP0/CPU0:router#show cef 211.1.1.1/24 211.1.1.0/24, version 0, internal 0x40040001 (ptr 0x9d9e1a68) [1], 0x0 \ (0x9ce0ec40), 0x4500 (0x9e2c69e4) Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 61 Implementing MPLS Label Distribution Protocol Verify IP LDP Fast Reroute Loop Free Alternate: ExampleUpdated Nov 27 10:22:29.825 remote adjacency to GigabitEthernet0/6/0/13 Prefix Len 24, traffic index 0, precedence routine (0) via 12.0.0.2, GigabitEthernet0/6/0/13, 0 dependencies, weight 0, class 0, \ protected [flags 0x400] path-idx 0, bkup-idx 1 [0x9e5b71b4 0x0] next hop 12.0.0.2 local label 16080 labels imposed {16082} via 14.0.2.2, GigabitEthernet0/6/0/0.3, 3 dependencies, weight 0, class 0, \ backup [flags 0x300] path-idx 1 next hop 14.0.2.2 remote adjacency local label 16080 labels imposed {16079} RP/0/RSP0/CPU0:router#show cef 211.1.1.1/24 detail 211.1.1.0/24, version 0, internal 0x40040001 (ptr 0x9d9e1a68) [1], 0x0 \ (0x9ce0ec40), 0x4500 (0x9e2c69e4) Updated Nov 27 10:22:29.825 remote adjacency to GigabitEthernet0/6/0/13 Prefix Len 24, traffic index 0, precedence routine (0) gateway array (0x9cc622f0) reference count 1158, flags 0x28000d00, source lsd \ (2), [387 type 5 flags 0x101001 (0x9df32398) ext 0x0 (0x0)] LW-LDI[type=5, refc=3, ptr=0x9ce0ec40, sh-ldi=0x9df32398] via 12.0.0.2, GigabitEthernet0/6/0/13, 0 dependencies, weight 0, class 0, \ protected [flags 0x400] path-idx 0, bkup-idx 1 [0x9e5b71b4 0x0] next hop 12.0.0.2 local label 16080 labels imposed {16082} via 14.0.2.2, GigabitEthernet0/6/0/0.3, 3 dependencies, weight 0, class 0, \ backup [flags 0x300] path-idx 1 next hop 14.0.2.2 remote adjacency local label 16080 labels imposed {16079} Load distribution: 0 (refcount 387) Hash OK Interface Address 0 Y GigabitEthernet0/6/0/13 remote The following example shows how to verify the IGP route 211.1.1.1/24 in MPLS LDP output: RP/0/RSP0/CPU0:router#show mpls ldp forwarding 211.1.1.1/24 Prefix Label Label Outgoing Next Hop GR Stale In Out Interface ---------------- ------- ---------- ------------ ------------------- -- ----- 211.1.1.0/24 16080 16082 Gi0/6/0/13 12.0.0.2 Y N 16079 Gi0/6/0/0.3 14.0.2.2 (!) Y N RP/0/RSP0/CPU0:router#show mpls ldp forwarding 211.1.1.1/24 detail Prefix Label Label Outgoing Next Hop GR Stale In Out Interface ---------------- ------- ---------- ------------ ------------------- -- ----- 211.1.1.0/24 16080 16082 Gi0/6/0/13 12.0.0.2 Y N [ Protected; path-id 1 backup-path-id 33; peer 20.20.20.20:0 ] 16079 Gi0/6/0/0.3 14.0.2.2 (!) Y N [ Backup; path-id 33; peer 40.40.40.40:0 ] Routing update : Nov 27 10:22:19.560 (1d08h ago) Forwarding update: Nov 27 10:22:29.060 (1d08h ago) Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 62 OL-26056-02 Implementing MPLS Label Distribution Protocol Verify IP LDP Fast Reroute Loop Free Alternate: ExampleRelated Topics IP LDP Fast Reroute Loop Free Alternate, on page 14 Additional References For additional information related to Implementing MPLS Label Distribution Protocol, refer to the following references: Related Documents Related Topic Document Title MPLS Label Distribution Protocol Commands on Cisco ASR 9000 Series Router module in the Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference LDP commands on Cisco ASR 9000 Series Router Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Getting started material Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — RFCs RFCs Title RFC 3031 Multiprotocol Label Switching Architecture RFC 3036 LDP Specification Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 63 Implementing MPLS Label Distribution Protocol Additional ReferencesRFCs Title RFC 3037 LDP Applicability Graceful Restart Mechanism for Label Distribution Protocol RFC 3478 RFC 3815 Definitions of Managed Objects for MPLS LDP Label Distribution and Management Downstream on Demand Label Advertisement RFC 5036 Basic Specification for IP Fast Reroute: Loop-Free Alternates RFC 5286 Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 64 OL-26056-02 Implementing MPLS Label Distribution Protocol Additional ReferencesC H A P T E R 2 Implementing RSVP for MPLS-TE This module describes how to implement Resource Reservation Protocol (RSVP) for MPLS Traffic Engineering (MPLS-TE) on Cisco ASR 9000 Series Aggregation Services Routers. The Multiprotocol Label Switching (MPLS) is a standards-based solution, driven by the Internet Engineering Task Force (IETF), devised to convert the Internet and IP backbones from best-effort networks into business-class transport media. Resource Reservation Protocol (RSVP) is a signaling protocol that enables systems to request resource reservations from the network. RSVP processes protocol messages from other systems, processes resource requests from local clients, and generates protocol messages. As a result, resources are reserved for data flows on behalf of local and remote clients. RSVP creates, maintains, and deletes these resource reservations. RSVP provides a secure method to control quality-of-service (QoS) access to a network. MPLS Traffic Engineering (MPLS-TE) uses RSVP to signal label switched paths (LSPs). Feature History for Implementing RSVP for MPLS-TE Release Modification Release 3.7.2 This feature was introduced. Release 3.9.0 The RSVP MIB feature was added. • Prerequisites for Implementing RSVP for MPLS-TE , page 66 • Information About Implementing RSVP for MPLS-TE , page 66 • Information About Implementing RSVP Authentication, page 71 • How to Implement RSVP, page 75 • How to Implement RSVP Authentication, page 88 • Configuration Examples for RSVP, page 104 • Configuration Examples for RSVP Authentication, page 108 • Additional References, page 110 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 65Prerequisites for Implementing RSVP for MPLS-TE These prerequisites are required to implement RSVP for MPLS-TE : • You must be in a user group associated with a task group that includesthe proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. • Either a composite mini-image plus an MPLS package, or a full image, must be installed. Information About Implementing RSVP for MPLS-TE To implement MPLS RSVP, you must understand the these concepts: Related Topics How to Implement RSVP Authentication, on page 88 Overview of RSVP for MPLS-TE RSVP is a network control protocol that enables Internet applications to signal LSPs for MPLS-TE . The RSVP implementation is compliant with the IETF RFC 2205, and RFC 3209. RSVP is automatically enabled on interfaces on which MPLS-TE is configured. For MPLS-TE LSPs with nonzero bandwidth, the RSVP bandwidth has to be configured on the interfaces. There is no need to configure RSVP, if all MPLS-TE LSPs have zero bandwidth . RSVP Refresh Reduction, defined in RFC 2961, includes support for reliable messages and summary refresh messages. Reliable messages are retransmitted rapidly if the message is lost. Because each summary refresh message contains information to refresh multiple states, this greatly reduces the amount of messaging needed to refresh states. For refresh reduction to be used between two routers, it must be enabled on both routers. Refresh Reduction is enabled by default. Message rate limiting for RSVP allows you to set a maximum threshold on the rate at which RSVP messages are sent on an interface. Message rate limiting is disabled by default. The process that implements RSVP is restartable. A software upgrade, process placement or process failure of RSVP or any of its collaborators, has been designed to ensure Nonstop Forwarding (NSF) of the data plane. RSVP supports graceful restart, which is compliant with RFC 3473. It follows the procedures that apply when the node reestablishes communication with the neighbor’s control plane within a configured restart time. It is important to note that RSVP is not a routing protocol. RSVP works in conjunction with routing protocols and installs the equivalent of dynamic access lists along the routes that routing protocols calculate. Because of this, implementing RSVP in an existing network does not require migration to a new routing protocol. Related Topics Configuring RSVP Packet Dropping, on page 81 Set DSCP for RSVP Packets: Example, on page 107 Verifying RSVP Configuration, on page 83 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 66 OL-26056-02 Implementing RSVP for MPLS-TE Prerequisites for Implementing RSVP for MPLS-TELSP Setup LSP setup is initiated when the LSP head node sends path messages to the tail node (see the RSVP Operation figure ). Figure 7: RSVP Operation The Path messagesreserve resources along the path to each node, creating Path softstates on each node.When the tail node receives a path message, it sends a reservation (RESV) message with a label back to the previous node. When the reservation message arrives at the previous node, it causes the reserved resources to be locked and forwarding entries are programmed with the MPLS label sent from the tail-end node. A new MPLS label is allocated and sent to the next node upstream. When the reservation message reaches the head node, the label is programmed and the MPLS data starts to flow along the path. High Availability RSVP is designed to ensure nonstop forwarding under the following constraints: • Ability to tolerate the failure of one RP of a 1:1 redundant pair. • Hitless software upgrade. The RSVP high availability (HA) design followsthe constraints of the underlying architecture where processes can fail without affecting the operation of other processes. A processfailure of RSVP or any of its collaborators does not cause any traffic loss or cause established LSPs to go down. When RSVP restarts, it recovers its signaling states from its neighbors. No special configuration or manual intervention are required. You may configure RSVP graceful restart, which offers a standard mechanism to recover RSVP state information from neighbors after a failure. Graceful Restart RSVP graceful restart provides a control plane mechanism to ensure high availability (HA), which allows detection and recovery from failure conditions while preserving nonstop forwarding services on the systems running Cisco IOS XR software. RSVP graceful restart provides a mechanism that minimizes the negative effects on MPLS traffic caused by these types of faults: • Disruption of communication channels between two nodes when the communication channels are separate from the data channels. This is called control channel failure. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 67 Implementing RSVP for MPLS-TE LSP Setup• Control plane of a node fails but the node preservesits data forwarding states. Thisis called node failure. The procedure for RSVP graceful restart is described in the “Fault Handling” section of RFC 3473, Generalized MPLS Signaling, RSVP-TE Extensions. One of the main advantages of using RSVP graceful restart isrecovery of the control plane while preserving nonstop forwarding and existing labels. Graceful Restart: Standard and Interface-Based When you configure RSVP graceful restart, Cisco IOS XR software sends and expects node-id address based Hello messages (that is, Hello Request and Hello Ack messages). The RSVP graceful restart Hello session is not established if the neighbor router does not respond with a node-id based Hello Ack message. You can also configure graceful restart to respond (send Hello Ack messages) to interface-address based Hello messages sent from a neighbor router in order to establish a graceful restart Hello session on the neighbor router. If the neighbor router does not respond with node-id based Hello Ack message, however, the RSVP graceful restart Hello session is not established. Cisco IOS XR software provides two commands to configure graceful restart: • signalling hello graceful-restart • signalling hello graceful-restart interface-based By default, graceful restart is disabled. To enable interface-based graceful restart, you must first enable standard graceful restart. You cannot enable interface-based graceful restart independently. Note Related Topics Enabling Graceful Restart, on page 78 Enable Graceful Restart: Example, on page 106 Enable Interface-Based Graceful Restart: Example, on page 106 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 68 OL-26056-02 Implementing RSVP for MPLS-TE Graceful RestartGraceful Restart: Figure This figure illustrates how RSVP graceful restart handles a node failure condition. Figure 8: Node Failure with RSVP RSVP graceful restart requires the use of RSVP hello messages. Hello messages are used between RSVP neighbors. Each neighbor can autonomously issue a hello message containing a hello request object. A receiver that supports the hello extension replies with a hello message containing a hello acknowledgment (ACK) object. This means that a hello message contains either a hello Request or a hello ACK object. These two objects have the same format. The restart cap object indicates a node’s restart capabilities. It is carried in hello messages if the sending node supports state recovery. The restart cap object has the following two fields: Restart Time Time after a lossin Hello messages within which RSVP hello session can be reestablished. It is possible for a user to manually configure the Restart Time. Recovery Time Time that the sender waits for the recipient to re-synchronize states after the re-establishment of hello messages. This value is computed and advertised based on number of states that existed before the fault occurred. For graceful restart, the hello messages are sent with an IP Time to Live (TTL) of 64. This is because the destination of the hello messages can be multiple hops away. If graceful restart is enabled, hello messages (containing the restart cap object) are send to an RSVP neighbor when RSVP states are shared with that neighbor. Restart cap objects are sent to an RSVP neighbor when RSVP states are shared with that neighbor. If the neighbor replies with hello messages containing the restart cap object, the neighbor is considered to be graceful restart capable. If the neighbor does not reply with hello messages or replies with hello messages that do not Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 69 Implementing RSVP for MPLS-TE Graceful Restartcontain the restart cap object, RSVP backs off sending hellos to that neighbor. If graceful restart is disabled, no hello messages (Requests or ACKs) are sent. If a hello Request message is received from an unknown neighbor, no hello ACK is sent back. ACL-based Prefix Filtering RSVP provides for the configuration of extended access lists (ACLs) to forward, drop, or perform normal processing on RSVP router-alert (RA) packets. Prefix filtering is designed for use at core access routers in order that RA packets (identified by a source/destination address) can be seamlessly forwarded across the core from one access point to another (or, conversely to be dropped at this node). RSVP applies prefix filtering rules only to RA packets because RA packets contain source and destination addresses of the RSVP flow. RA packets forwarded due to prefix filtering must not be sent as RSVP bundle messages, because bundle messages are hop-by-hop and do not contain RA. Forwarding a Bundle message does not work, because the node receiving the messages is expected to apply prefix filtering rules only to RA packets. Note For each incoming RSVP RA packet, RSVP inspectsthe IP header and attemptsto match the source/destination IP addresses with a prefix configured in an extended ACL. The results are as follows: • If an ACL does not exist, the packet is processed like a normal RSVP packet. • If the ACL match yields an explicit permit (and if the packet is not locally destined), the packet is forwarded. The IP TTL is decremented on all forwarded packets. • If the ACL match yields an explicit deny, the packet is dropped. If there is no explicit permit or explicit deny, the ACL infrastructure returns an implicit (default) deny. RSVP can be configured to drop the packet. By default, RSVP processes the packet if the ACL match yields an implicit (default) deny. Related Topics Configuring ACLs for Prefix Filtering, on page 80 Configure ACL-based Prefix Filtering: Example, on page 107 RSVP MIB RFC 2206, RSVP Management Information Base Using SMIv2 defines all the SNMP MIB objects that are relevant to RSVP. By implementing the RSVP MIB, you can perform these functions: • Specifies two traps (NetFlow and LostFlow) which are triggered when a new flow is created or deleted. • Lets you use SNMP to access objects belonging to RSVP. Related Topics Enabling RSVP Traps, on page 86 Enable RSVP Traps: Example, on page 108 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 70 OL-26056-02 Implementing RSVP for MPLS-TE ACL-based Prefix FilteringInformation About Implementing RSVP Authentication Before implementing RSVP authentication, you must configure a keychain first. The name of the keychain must be the same as the one used in the keychain configuration. For more information about configuring keychains, see Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide . Note RSVP authentication supports only keyed-hash message authentication code (HMAC) type algorithms. To implement RSVP authentication on Cisco IOS XR software, you must understand the following concepts: RSVP Authentication Functions You can carry out these tasks with RSVP authentication: • Set up a secure relationship with a neighbor by using secret keys that are known only to you and the neighbor. • Configure RSVP authentication in global, interface, or neighbor configuration modes. • Authenticate incoming messages by checking if there is a valid security relationship that is associated based on key identifier, incoming interface, sender address, and destination address. • Add an integrity object with message digest to the outgoing message. • Use sequence numbers in an integrity object to detect replay attacks. RSVP Authentication Design Network administrators need the ability to establish a security domain to control the set ofsystemsthat initiates RSVP requests. The RSVP authentication feature permits neighborsin an RSVP network to use a secure hash to sign all RSVP signaling messages digitally, thus allowing the receiver of an RSVP message to verify the sender of the message without relying solely on the sender's IP address. The signature is accomplished on a per-RSVP-hop basis with an RSVP integrity object in the RSVP message as defined in RFC 2747. This method provides protection against forgery or message modification. However, the receiver must know the security key used by the sender to validate the digital signature in the received RSVP message. Network administrators manually configure a common key for each RSVP neighbor on the shared network. The following reasons explain how to choose between global, interface, or neighbor configuration modes: • Global configuration mode is optimal when a router belongs to a single security domain (for example, part of a set of provider core routers). A single common key set is expected to be used to authenticate all RSVP messages. • Interface, or neighbor configuration mode, is optimal when a router belongs to more than one security domain. For example, a provider router is adjacent to the provider edge (PE), or a PE is adjacent to an edge device. Different keys can be used but not shared. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 71 Implementing RSVP for MPLS-TE Information About Implementing RSVP AuthenticationGlobal configuration mode configures the defaults for interface and neighbor interface modes. These modes, unless explicitly configured, inherit the parameters from global configuration mode, as follows: • Window-size is set to 1. • Lifetime is set to 1800. • key-source key-chain command is set to none or disabled. Related Topics Configuring a Lifetime for an Interface for RSVP Authentication, on page 95 RSVP Authentication by Using All the Modes: Example, on page 110 Global, Interface, and Neighbor Authentication Modes You can configure global defaults for all authentication parameters including key, window size, and lifetime. These defaults are inherited when you configure authentication for each neighbor or interface. However, you can also configure these parameters individually on a neighbor or interface basis, in which case the global values (configured or default) are no longer inherited. RSVP uses the following rules when choosing which authentication parameter to use when that parameter is configured at multiple levels (interface, neighbor, or global). RSVP goes from the most specific to least specific; that is, neighbor, interface, and global. Note Global keys simplify the configuration and eliminate the chances of a key mismatch when receiving messages from multiple neighbors and multiple interfaces. However, global keys do not provide the best security. Interface keys are used to secure specific interfaces between two RSVP neighbors. Because many of the RSVP messages are IP routed, there are many scenarios in which using interface keys are not recommended. If all keys on the interfaces are not the same, there is a risk of a key mismatch for the following reasons: • When the RSVP graceful restart is enabled, RSVP hello messages are sent with a source IP address of the local router ID and a destination IP address of the neighbor router ID. Because multiple routes can exist between the two neighbors, the RSVP hello message can traverse to different interfaces. • When the RSVP fast reroute (FRR) is active, the RSVP Path and Resv messages can traverse multiple interfaces. • When Generalized Multiprotocol Label Switching (GMPLS) optical tunnels are configured, RSVP messages are exchanged with router IDs as the source and destination IP addresses. Since multiple control channels can exist between the two neighbors, the RSVP messages can traverse different interfaces. Neighbor-based keys are particularly useful in a network in which some neighborssupport RSVP authentication procedures and others do not. When the neighbor-based keys are configured for a particular neighbor, you are advised to configure all the neighbor’s addresses and router IDs for RSVP authentication. Related Topics Configuring a Lifetime for RSVP Authentication in Global Configuration Mode, on page 90 RSVP Authentication Global Configuration Mode: Example, on page 108 Specifying the RSVP Authentication Keychain in Interface Mode, on page 93 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 72 OL-26056-02 Implementing RSVP for MPLS-TE Global, Interface, and Neighbor Authentication ModesRSVP Authentication by Using All the Modes: Example, on page 110 Security Association A security association (SA) is defined as a collection of information that is required to maintain secure communications with a peer to counter replay attacks, spoofing, and packet corruption. This table lists the main parameters that define a security association. Table 2: Security Association Main Parameters Parameter Description src IP address of the sender. dst IP address of the final destination. interface Interface of the SA. direction Send or receive type of the SA. Expiration timer value that is used to collect unused security association data. Lifetime Lastsequence number that was eithersent or accepted (dependent of the direction type). Sequence Number key-source Source of keys for the configurable parameter. Key number (returned form the key-source) that was last used. keyID digest Algorithm last used (returned from the key-source). Specifiesthe tolerance for the configurable parameter. The parameter is applicable when the direction parameter is the receive type. Window Size Specifiesthe last window size value sequence number that is received or accepted. The parameter is applicable when the direction parameter isthe receive type. Window An SA is created dynamically when sending and receiving messagesthat require authentication. The neighbor, source, and destination addresses are obtained either from the IP header or from an RSVP object, such as a HOP object, and whether the message is incoming or outgoing. When the SA is created, an expiration timer is created. When the SA authenticates a message, it is marked as recently used. The lifetime timer periodically checks if the SA is being used. If so, the flag is cleared and is cleaned up for the next period unless it is marked again. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 73 Implementing RSVP for MPLS-TE Security AssociationThis table shows how to locate the source and destination address keys for an SA that is based on the message type. Table 3: Source and Destination Address Locations for Different Message Types Message Type Source Address Location Destination Address Location Path HOP object SESSION object PathTear HOP object SESSION object PathError HOP object IP header Resv HOP object IP header ResvTear HOP object IP header ResvError HOP object IP header ResvConfirm IP header CONFIRM object Ack IP header IP header Srefresh IP header IP header Hello IP header IP header Bundle — — Related Topics Specifying the Keychain for RSVP Neighbor Authentication, on page 98 RSVP Neighbor Authentication: Example, on page 109 Configuring a Lifetime for RSVP Neighbor Authentication, on page 100 RSVP Authentication Global Configuration Mode: Example, on page 108 Key-source Key-chain The key-source key-chain is used to specify which keys to use. You configure a list of keys with specific IDs and have different lifetimes so that keys are changed at predetermined intervals automatically, without any disruption of service. Rollover enhances network security by minimizing the problems that could result if an untrusted source obtained, deduced, or guessed the current key. RSVP handles rollover by using the following key ID types: • On TX, use the youngest eligible key ID. • On RX, use the key ID that is received in an integrity object. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 74 OL-26056-02 Implementing RSVP for MPLS-TE Key-source Key-chainFor more information about implementing keychain management,see Cisco ASR 9000 Series Router System Security Configuration Guide Cisco ASR 9000 Series Router . Related Topics Enabling RSVP Authentication Using the Keychain in Global Configuration Mode, on page 88 RSVP Authentication Global Configuration Mode: Example, on page 108 Specifying the Keychain for RSVP Neighbor Authentication, on page 98 RSVP Neighbor Authentication: Example, on page 109 Guidelines for Window-Size and Out-of-Sequence Messages These guidelines are required for window-size and out-of-sequence messages: • Default window-size is set to 1. If a single message is received out-of-sequence, RSVP rejects it and displays a message. • When RSVP messages are sent in burst mode (for example, tunnel optimization), some messages can become out-of-sequence for a short amount of time. • Window size can be increased by using the window-size command. When the window size is increased, replay attacks can be detected with duplicate sequence numbers. Related Topics Configuring the Window Size for RSVP Authentication in Global Configuration Mode, on page 91 Configuring the Window Size for an Interface for RSVP Authentication, on page 96 Configuring the Window Size for RSVP Neighbor Authentication, on page 102 RSVP Authentication by Using All the Modes: Example, on page 110 RSVP Authentication for an Interface: Example, on page 109 Caveats for Out-of-Sequence These caveats are listed for out-of-sequence: • When RSVP messages traverse multiple interface types with different maximum transmission unit (MTU) values, some messages can become out-of-sequence if they are fragmented. • Packets with some IP options may be reordered. • Change in QoS configurations may lead to a transient reorder of packets. • QoS policies can cause a reorder of packets in a steady state. Because all out-of-sequence messages are dropped, the sender must retransmit them. Because RSVP state timeouts are generally long, out-of-sequence messages during a transient state do not lead to a state timeout. How to Implement RSVP RSVP requires coordination among several routers, establishing exchange of RSVP messages to set up LSPs. Depending on the client application, RSVP requires some basic configuration, as described in these topics: Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 75 Implementing RSVP for MPLS-TE Guidelines for Window-Size and Out-of-Sequence MessagesConfiguring Traffic Engineering Tunnel Bandwidth To configure traffic engineering tunnel bandwidth, you must firstset up TE tunnels and configure the reserved bandwidth per interface (there is no need to configure bandwidth for the data channel or the control channel). Cisco IOS XR software supports two MPLS DS-TE modes: Prestandard and IETF. For prestandard DS-TE you do not need to configure bandwidth for the data channel or the control channel. There is no other specific RSVP configuration required for this application. When no RSVP bandwidth is specified for a particular interface, you can specify zero bandwidth in the LSP setup if it is configured under RSVP interface configuration mode or MPLS-TE configuration mode. Note Related Topics Configuring a Prestandard DS-TE Tunnel, on page 176 Configuring an IETF DS-TE Tunnel Using RDM, on page 178 Configuring an IETF DS-TE Tunnel Using MAM, on page 181 Confirming DiffServ-TE Bandwidth Perform this task to confirm DiffServ-TE bandwidth. In RSVP global and subpools, reservable bandwidths are configured per interface to accommodate TE tunnels on the node. Available bandwidth from all configured bandwidth pools is advertised using IGP. RSVP signals the TE tunnel with appropriate bandwidth pool requirements. SUMMARY STEPS 1. configure 2. rsvp 3. interface type interface-path-id 4. bandwidth total-bandwidth max-flow sub-pool sub-pool-bw 5. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 76 OL-26056-02 Implementing RSVP for MPLS-TE Configuring Traffic Engineering Tunnel BandwidthDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp Enters RSVP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 interface type interface-path-id Enters interface configuration mode for the RSVP protocol. Example: RP/0/RSP0/CPU0:router(config-rsvp)# Step 3 interface pos 0/2/0/0 Sets the reservable bandwidth, the maximum RSVP bandwidth available for a flow and the sub-pool bandwidth on this interface. bandwidth total-bandwidth max-flow sub-pool sub-pool-bw Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# Step 4 bandwidth 1000 100 sub-pool 150 Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and or returns the router to EXEC mode. RP/0/RSP0/CPU0:router(config-rsvp-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 77 Implementing RSVP for MPLS-TE Confirming DiffServ-TE BandwidthCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Differentiated Services Traffic Engineering, on page 127 Bandwidth Configuration (MAM): Example, on page 104 Bandwidth Configuration (RDM): Example, on page 105 Enabling Graceful Restart Perform this task to enable graceful restart for implementations using both node-id and interface-based hellos. RSVP graceful restart provides a control plane mechanism to ensure high availability, which allows detection and recovery from failure conditions while preserving nonstop forwarding services. SUMMARY STEPS 1. configure 2. rsvp 3. signalling graceful-restart 4. signalling graceful-restart interface-based 5. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 78 OL-26056-02 Implementing RSVP for MPLS-TE Enabling Graceful RestartCommand or Action Purpose rsvp Enters the RSVP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 signalling graceful-restart Enables the graceful restart process on the node. Example: RP/0/RSP0/CPU0:router(config-rsvp)# Step 3 signalling graceful-restart signalling graceful-restart interface-based Enables interface-based graceful restart process on the node. Example: RP/0/RSP0/CPU0:router(config-rsvp)# Step 4 signalling graceful-restart interface-based Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-rsvp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Graceful Restart: Standard and Interface-Based, on page 68 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 79 Implementing RSVP for MPLS-TE Enabling Graceful RestartEnable Graceful Restart: Example, on page 106 Enable Interface-Based Graceful Restart: Example, on page 106 Configuring ACL-based Prefix Filtering Two procedures are provided to show how RSVP Prefix Filtering is associated: • Configuring ACLs for Prefix Filtering, on page 80 • Configuring RSVP Packet Dropping, on page 81 Configuring ACLs for Prefix Filtering Perform this task to configure an extended access list ACL that identifies the source and destination prefixes used for packet filtering. Note The extended ACL needs to be configured separately using extended ACL configuration commands. SUMMARY STEPS 1. configure 2. rsvp 3. signalling prefix-filtering access-list 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp Enters the RSVP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 80 OL-26056-02 Implementing RSVP for MPLS-TE Configuring ACL-based Prefix FilteringCommand or Action Purpose signalling prefix-filtering access-list Enter an extended access list name as a string. Example: RP/0/RSP0/CPU0:router(config-rsvp)# Step 3 signalling prefix-filtering access-list banks Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-rsvp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics ACL-based Prefix Filtering, on page 70 Configure ACL-based Prefix Filtering: Example, on page 107 Configuring RSVP Packet Dropping Perform this task to configure RSVP to drop RA packets when the ACL match returns an implicit (default) deny. The default behavior performs normal RSVP processing on RA packets when the ACL match returns an implicit (default) deny. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 81 Implementing RSVP for MPLS-TE Configuring ACL-based Prefix FilteringSUMMARY STEPS 1. configure 2. rsvp 3. signalling prefix-filtering default-deny-action 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp Enters the RSVP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 signalling prefix-filtering default-deny-action Drops RA messages. Example: RP/0/RSP0/CPU0:router(config-rsvp)# Step 3 signalling prefix-filtering default-deny-action Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-rsvp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 82 OL-26056-02 Implementing RSVP for MPLS-TE Configuring ACL-based Prefix FilteringCommand or Action Purpose ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Overview of RSVP for MPLS-TE , on page 66 Set DSCP for RSVP Packets: Example, on page 107 Verifying RSVP Configuration This figure illustrates the topology. Figure 9: Sample Topology Perform the following steps to verify RSVP configuration. SUMMARY STEPS 1. show rsvp session 2. show rsvp counters messages summary 3. show rsvp counters events 4. show rsvp interface type interface-path-id [detail] 5. show rsvp graceful-restart 6. show rsvp graceful-restart [neighbors ip-address | detail] 7. show rsvp interface 8. show rsvp neighbor DETAILED STEPS Step 1 show rsvp session Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 83 Implementing RSVP for MPLS-TE Verifying RSVP ConfigurationVerifiesthat all routers on the path of the LSP are configured with at least one Path State Block (PSB) and one Reservation State Block (RSB) per session. Example: RP/0/RSP0/CPU0:router# show rsvp session Type Destination Add DPort Proto/ExtTunID PSBs RSBs Reqs ---- --------------- ----- --------------- ----- ----- ----- LSP4 172.16.70.70 6 10.51.51.51 1 1 0 In the example , the output represents an LSP from ingress (head) router 10.51.51.51 to egress (tail) router 172.16.70.70. The tunnel ID (also called the destination port) is 6. Example: If no states can be found for a session that should be up, verify the application (for example, MPLS-TE ) to see if everything is in order. If a session has one PSB but no RSB, this indicates that either the Path message is not making it to the egress (tail) router or the reservation message is not making it back to the router R1 in question. Go to the downstream router R2 and display the session information: Example: If R2 has no PSB, either the path message is not making it to the router or the path message is being rejected (for example, due to lack of resources). If R2 has a PSB but no RSB, go to the next downstream router R3 to investigate. If R2 has a PSB and an RSB, this means the reservation is not making it from R2 to R1 or is being rejected. Step 2 show rsvp counters messages summary Verifies whether the RSVP message is being transmitted and received. Example: RP/0/RSP0/CPU0:router# show rsvp counters messages summary All RSVP Interfaces Recv Xmit Recv Xmit Path 0 25 Resv 30 0 PathError 0 0 ResvError 0 1 PathTear 0 30 ResvTear 12 0 ResvConfirm 0 0 Ack 24 37 Bundle 0 Hello 0 5099 SRefresh 8974 9012 OutOfOrder 0 Retransmit 20 Rate Limited 0 Step 3 show rsvp counters events Verifies how many RSVP states have expired. Because RSVP uses a soft-state mechanism, some failures will lead to RSVP states to expire due to lack of refresh from the neighbor. Example: RP/0/RSP0/CPU0:router# show rsvp counters events mgmtEthernet0/0/0/0 tunnel6 Expired Path states 0 Expired Path states 0 Expired Resv states 0 Expired Resv states 0 NACKs received 0 NACKs received 0 POS0/3/0/0 POS0/3/0/1 Expired Path states 0 Expired Path states 0 Expired Resv states 0 Expired Resv states 0 NACKs received 0 NACKs received 0 POS0/3/0/2 POS0/3/0/3 Expired Path states 0 Expired Path Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 84 OL-26056-02 Implementing RSVP for MPLS-TE Verifying RSVP Configurationstates 0 Expired Resv states 0 Expired Resv states 1 NACKs received 0 NACKs received 1 Step 4 show rsvp interface type interface-path-id [detail] Verifies that refresh reduction is working on a particular interface. Example: RP/0/RSP0/CPU0:router# show rsvp interface pos0/3/0/3 detail INTERFACE: POS0/3/0/3 (ifh=0x4000D00). BW (bits/sec): Max=1000M. MaxFlow=1000M. Allocated=1K (0%). MaxSub=0. Signalling: No DSCP marking. No rate limiting. States in: 1. Max missed msgs: 4. Expiry timer: Running (every 30s). Refresh interval: 45s. Normal Refresh timer: Not running. Summary refresh timer: Running. Refresh reduction local: Enabled. Summary Refresh: Enabled (4096 bytes max). Reliable summary refresh: Disabled. Ack hold: 400 ms, Ack max size: 4096 bytes. Retransmit: 900ms. Neighbor information: Neighbor-IP Nbor-MsgIds States-out Refresh-Reduction Expiry(min::sec) -------------- -------------- ---------- ------------------ ---------------- 64.64.64.65 1 1 Enabled 14::45 Step 5 show rsvp graceful-restart Verifies that graceful restart is enabled locally. Example: RP/0/RSP0/CPU0:router# show rsvp graceful-restart Graceful restart: enabled Number of global neighbors: 1 Local MPLS router id: 10.51.51.51 Restart time: 60 seconds Recovery time: 0 seconds Recovery timer: Not running Hello interval: 5000 milliseconds Maximum Hello miss-count: 3 Step 6 show rsvp graceful-restart [neighbors ip-address | detail] Verifies that graceful restart is enabled on the neighbor(s). These examples show that neighbor 192.168.60.60 is not responding to hello messages. Example: RP/0/RSP0/CPU0:router# show rsvp graceful-restart neighbors 192.168.60.60 Neighbor App State Recovery Reason Since LostCnt --------------- ----- ------ -------- ------------ -------------------- -------- 192.168.60.60 MPLS INIT DONE N/A 12/06/2003 19:01:49 0 RP/0/RSP0/CPU0:router# show rsvp graceful-restart neighbors detail Neighbor: 192.168.60.60 Source: 10.51.51.51 (MPLS) Hello instance for application MPLS Hello State: INIT (for 3d23h) Number of times communications with neighbor lost: 0 Reason: N/A Recovery State: DONE Number of Interface neighbors: 1 address: 10.64.64.65 Restart time: 0 seconds Recovery time: 0 seconds Restart timer: Not running Recovery timer: Not running Hello interval: 5000 milliseconds Maximum allowed missed Hello messages: 3 Step 7 show rsvp interface Verifies the available RSVP bandwidth. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 85 Implementing RSVP for MPLS-TE Verifying RSVP ConfigurationExample: RP/0/RSP0/CPU0:router# show rsvp interface Interface MaxBW MaxFlow Allocated MaxSub ----------- -------- -------- --------------- -------- Et0/0/0/0 0 0 0 ( 0%) 0 PO0/3/0/0 1000M 1000M 0 ( 0%) 0 PO0/3/0/1 1000M 1000M 0 ( 0%) 0 PO0/3/0/2 1000M 1000M 0 ( 0%) 0 PO0/3/0/3 1000M 1000M 1K ( 0%) 0 Step 8 show rsvp neighbor Verifies the RSVP neighbors. Example: RP/0/RSP0/CPU0:router# show rsvp neighbor detail Global Neighbor: 40.40.40.40 Interface Neighbor: 1.1.1.1 Interface: POS0/0/0/0 Refresh Reduction: "Enabled" or "Disabled". Remote epoch: 0xXXXXXXXX Out of order messages: 0 Retransmitted messages: 0 Interface Neighbor: 2.2.2.2 Interface: POS0/1/0/0 Refresh Reduction: "Enabled" or "Disabled". Remote epoch: 0xXXXXXXXX Out of order messages: 0 Retransmitted messages: 0 Related Topics Overview of RSVP for MPLS-TE , on page 66 Enabling RSVP Traps With the exception of the RSVP MIB traps, no action is required to activate the MIBs. This MIB feature is automatically enabled when RSVP is turned on; however, RSVP traps must be enabled. Perform this task to enable all RSVP MIB traps, NewFlow traps, and LostFlow traps. SUMMARY STEPS 1. configure 2. snmp-server traps rsvp lost-flow 3. snmp-server traps rsvp new-flow 4. snmp-server traps rsvp all 5. Use one of these commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 86 OL-26056-02 Implementing RSVP for MPLS-TE Enabling RSVP TrapsDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 snmp-server traps rsvp lost-flow Sends RSVP notifications to enable RSVP LostFlow traps. Example: RP/0/RSP0/CPU0:router(config)# snmp-server Step 2 traps rsvp lost-flow snmp-server traps rsvp new-flow Sends RSVP notifications to enable RSVP NewFlow traps. Example: RP/0/RSP0/CPU0:router(config)# snmp-server Step 3 traps rsvp new-flow snmp-server traps rsvp all Sends RSVP notifications to enable all RSVP MIB traps. Example: RP/0/RSP0/CPU0:router(config)# snmp-server Step 4 traps rsvp all Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 87 Implementing RSVP for MPLS-TE Enabling RSVP TrapsCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics RSVP MIB, on page 70 Enable RSVP Traps: Example, on page 108 How to Implement RSVP Authentication There are three types of RSVP authentication modes—global, interface, and neighbor. These topics describe how to implement RSVP authentication for each mode: Configuring Global Configuration Mode RSVP Authentication These tasks describe how to configure RSVP authentication in global configuration mode: Enabling RSVP Authentication Using the Keychain in Global Configuration Mode Perform this task to enable RSVP authentication for cryptographic authentication by specifying the keychain in global configuration mode. You must configure a keychain before completing this task (see Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide ). Note SUMMARY STEPS 1. configure 2. rsvp authentication 3. key-source key-chain key-chain-name 4. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 88 OL-26056-02 Implementing RSVP for MPLS-TE How to Implement RSVP AuthenticationDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp authentication Enters RSVP authentication configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 authentication RP/0/RSP0/CPU0:router(config-rsvp-auth)# Specifies the source of the key information to authenticate RSVP signaling messages. key-source key-chain key-chain-name Example: RP/0/RSP0/CPU0:router(config-rsvp-auth)# Step 3 key-chain-name Name of the keychain. The maximum number of charactersis 32. key-source key-chain mpls-keys Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp-auth)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns or the router to EXEC mode. RP/0/RSP0/CPU0:router(config-rsvp-auth)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 89 Implementing RSVP for MPLS-TE Configuring Global Configuration Mode RSVP AuthenticationRelated Topics Key-source Key-chain, on page 74 RSVP Authentication Global Configuration Mode: Example, on page 108 Configuring a Lifetime for RSVP Authentication in Global Configuration Mode Perform this task to configure a lifetime value for RSVP authentication in global configuration mode. SUMMARY STEPS 1. configure 2. rsvp authentication 3. life-time seconds 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp authentication Enters RSVP authentication configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 authentication RP/0/RSP0/CPU0:router(config-rsvp-auth)# Controls how long RSVP maintains security associations with other trusted RSVP neighbors. life-time seconds Example: RP/0/RSP0/CPU0:router(config-rsvp-auth)# Step 3 seconds Length of time (in seconds) that RSVP maintains idle security associations with other trusted RSVP neighbors. Range is from 30 to 86400. The default value is 1800. life-time 2000 Step 4 Use one of the following commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 90 OL-26056-02 Implementing RSVP for MPLS-TE Configuring Global Configuration Mode RSVP AuthenticationCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-rsvp-auth)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-rsvp-auth)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Global, Interface, and Neighbor Authentication Modes, on page 72 RSVP Authentication Global Configuration Mode: Example, on page 108 Configuring the Window Size for RSVP Authentication in Global Configuration Mode Perform this task to configure the window size for RSVP authentication in global configuration mode. SUMMARY STEPS 1. configure 2. rsvp authentication 3. window-size N 4. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 91 Implementing RSVP for MPLS-TE Configuring Global Configuration Mode RSVP AuthenticationDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp authentication Enters RSVP authentication configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 authentication RP/0/RSP0/CPU0:router(config-rsvp-auth)# Specifies the maximum number of RSVP authenticated messages that can be received out-of-sequence. window-size N Example: RP/0/RSP0/CPU0:router(config-rsvp-auth)# Step 3 N Size of the window to restrict out-of-sequence messages. The range is from 1 to 64. The default value is 1, in which case all out-of-sequence messages are dropped. window-size 33 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp-auth)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns or the router to EXEC mode. RP/0/RSP0/CPU0:router(config-rsvp-auth)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 92 OL-26056-02 Implementing RSVP for MPLS-TE Configuring Global Configuration Mode RSVP AuthenticationRelated Topics Guidelines for Window-Size and Out-of-Sequence Messages, on page 75 RSVP Authentication by Using All the Modes: Example, on page 110 RSVP Authentication for an Interface: Example, on page 109 Configuring an Interface for RSVP Authentication These tasks describe how to configure an interface for RSVP authentication: Specifying the RSVP Authentication Keychain in Interface Mode Perform this task to specify RSVP authentication keychain in interface mode. You must configure a keychain first (see Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide ). SUMMARY STEPS 1. configure 2. rsvp interface type interface-path-id 3. authentication 4. key-source key-chain key-chain-name 5. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp interface type interface-path-id Enters RSVP interface configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 interface POS 0/2/1/0 RP/0/RSP0/CPU0:router(config-rsvp-if)# Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 93 Implementing RSVP for MPLS-TE Configuring an Interface for RSVP AuthenticationCommand or Action Purpose authentication Enters RSVP authentication configuration mode. Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# Step 3 authentication RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# Specifies the source of the key information to authenticate RSVP signaling messages. key-source key-chain key-chain-name Example: RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# Step 4 key-chain-name Name of the keychain. The maximum number of characters is 32. key-source key-chain mpls-keys Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and or returns the router to EXEC mode. RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Global, Interface, and Neighbor Authentication Modes, on page 72 RSVP Authentication by Using All the Modes: Example, on page 110 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 94 OL-26056-02 Implementing RSVP for MPLS-TE Configuring an Interface for RSVP AuthenticationConfiguring a Lifetime for an Interface for RSVP Authentication Perform this task to configure a lifetime for the security association for an interface. SUMMARY STEPS 1. configure 2. rsvp interface type interface-path-id 3. authentication 4. life-time seconds 5. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp interface type interface-path-id Enters RSVP interface configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 interface POS 0/2/1/0 RP/0/RSP0/CPU0:router(config-rsvp-if)# authentication Enters RSVP authentication configuration mode. Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# Step 3 authentication RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# Controls how long RSVP maintains security associations with other trusted RSVP neighbors. life-time seconds Example: RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# Step 4 seconds Length of time (in seconds) that RSVP maintainsidle security associations with other trusted RSVP neighbors. Range isfrom 30 to 86400. The default value is 1800. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 95 Implementing RSVP for MPLS-TE Configuring an Interface for RSVP AuthenticationCommand or Action Purpose life-time 2000 Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and or returns the router to EXEC mode. RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics RSVP Authentication Design, on page 71 RSVP Authentication by Using All the Modes: Example, on page 110 Configuring the Window Size for an Interface for RSVP Authentication Perform this task to configure the window size for an interface for RSVP authentication to check the validity of the sequence number received. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 96 OL-26056-02 Implementing RSVP for MPLS-TE Configuring an Interface for RSVP AuthenticationSUMMARY STEPS 1. configure 2. rsvp interface type interface-path-d 3. authentication 4. window-size N 5. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp interface type interface-path-d Enters RSVP interface configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 interface POS 0/2/1/0 RP/0/RSP0/CPU0:router(config-rsvp-if)# authentication Enters RSVP interface authentication configuration mode. Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# Step 3 authentication RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# Specifies the maximum number of RSVP authenticated messages that can be received out-of-sequence. window-size N Example: RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# Step 4 N Size of the window to restrict out-of-sequence messages. The range is from 1 to 64. The default value is 1, in which case all out-of-sequence messages are dropped. window-size 33 Step 5 Use one of the following commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 97 Implementing RSVP for MPLS-TE Configuring an Interface for RSVP AuthenticationCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Guidelines for Window-Size and Out-of-Sequence Messages, on page 75 RSVP Authentication by Using All the Modes: Example, on page 110 RSVP Authentication for an Interface: Example, on page 109 Configuring RSVP Neighbor Authentication These tasks describe how to configure the RSVP neighbor authentication: • Specifying the Keychain for RSVP Neighbor Authentication, on page 98 • Configuring a Lifetime for RSVP Neighbor Authentication, on page 100 • Configuring the Window Size for RSVP Neighbor Authentication, on page 102 Specifying the Keychain for RSVP Neighbor Authentication Perform this task to specify the keychain RSVP neighbor authentication. You must configure a keychain first (see Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide ). Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 98 OL-26056-02 Implementing RSVP for MPLS-TE Configuring RSVP Neighbor AuthenticationSUMMARY STEPS 1. configure 2. rsvp neighbor IP-address authentication 3. key-source key-chain key-chain-name 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters neighbor authentication configuration mode. Use the rsvp neighbor command to activate RSVP cryptographic authentication for a neighbor. rsvp neighbor IP-address authentication Example: RP/0/RSP0/CPU0:router(config)# rsvp neighbor Step 2 IP address 1.1.1.1 authentication IP address of the neighbor. A single IP address for a specific neighbor; usually one of the neighbor's physical or logical (loopback) interfaces. RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)# authentication Configures the RSVP authentication parameters. Specifies the source of the key information to authenticate RSVP signaling messages. key-source key-chain key-chain-name Example: RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)# Step 3 key-chain-name Name of the keychain. The maximum number of characters is 32. key-source key-chain mpls-keys Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 99 Implementing RSVP for MPLS-TE Configuring RSVP Neighbor AuthenticationCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. or RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)# commit ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Key-source Key-chain, on page 74 Security Association, on page 73 RSVP Neighbor Authentication: Example, on page 109 Configuring a Lifetime for RSVP Neighbor Authentication Perform this task to configure a lifetime for security association for RSVP neighbor authentication mode. SUMMARY STEPS 1. configure 2. rsvp neighbor IP-address authentication 3. life-time seconds 4. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 100 OL-26056-02 Implementing RSVP for MPLS-TE Configuring RSVP Neighbor AuthenticationDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters RSVP neighbor authentication configuration mode. Use the rsvp neighbor command to specify a neighbor under RSVP. rsvp neighbor IP-address authentication Example: RP/0/RSP0/CPU0:router(config)# rsvp neighbor Step 2 IP address IP address of the neighbor. A single IP address for a specific neighbor; usually one of the neighbor's physical or logical (loopback) interfaces. 1.1.1.1 authentication RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)# authentication Configures the RSVP authentication parameters. Controls how long RSVP maintains security associations with other trusted RSVP neighbors. The argument specifies the life-time seconds Example: RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)# Step 3 seconds Length of time (in seconds) that RSVP maintainsidle security associations with other trusted RSVP neighbors. Range is from 30 to 86400. The default value is 1800. life-time 2000 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and or returns the router to EXEC mode. RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 101 Implementing RSVP for MPLS-TE Configuring RSVP Neighbor AuthenticationCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Security Association, on page 73 RSVP Authentication Global Configuration Mode: Example, on page 108 Configuring the Window Size for RSVP Neighbor Authentication Perform this task to configure the RSVP neighbor authentication window size to check the validity of the sequence number received. SUMMARY STEPS 1. configure 2. rsvp neighbor IP address authentication 3. window-size N 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters RSVP neighbor authentication configuration mode. Use the rsvp neighbor command to specify a neighbor under RSVP. rsvp neighbor IP address authentication Example: RP/0/RSP0/CPU0:router(config)# rsvp neighbor Step 2 IP address IP address of the neighbor. A single IP address for a specific neighbor; usually one of the neighbor's physical or logical (loopback) interfaces. 1.1.1.1 authentication RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)# Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 102 OL-26056-02 Implementing RSVP for MPLS-TE Configuring RSVP Neighbor AuthenticationCommand or Action Purpose authentication Configures the RSVP authentication parameters. Specifies the maximum number of RSVP authenticated messages that is received out-of-sequence. window-size N Example: RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)# window-size 33 Step 3 N Size of the window to restrict out-of-sequence messages. The range is from 1 to 64. The default value is 1, in which case all out-of-sequence messages are dropped. Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. RP/0/RSP0/CPU0:router (config-rsvp-nbor-auth)# end or ? Entering no exits the configuration session and returns the router to EXEC mode without committing the RP/0/RSP0/CPU0:router configuration changes. (config-rsvp-nbor-auth)# commit ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Guidelines for Window-Size and Out-of-Sequence Messages, on page 75 RSVP Authentication by Using All the Modes: Example, on page 110 RSVP Authentication for an Interface: Example, on page 109 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 103 Implementing RSVP for MPLS-TE Configuring RSVP Neighbor AuthenticationVerifying the Details of the RSVP Authentication To display the security associations that RSVP has established with other RSVP neighbors, use the show rsvp authentication command. Eliminating Security Associations for RSVP Authentication To eliminate RSVP authentication SA’s, use the clear rsvp authentication command. To eliminate RSVP counters for each SA, use the clear rsvp counters authentication command. Configuration Examples for RSVP Sample RSVP configurations are provided for some of the supported RSVP features. • Bandwidth Configuration (Prestandard): Example, on page 104 • Bandwidth Configuration (MAM): Example, on page 104 • Bandwidth Configuration (RDM): Example, on page 105 • Refresh Reduction and Reliable Messaging Configuration: Examples, on page 105 • Configure Graceful Restart: Examples, on page 106 • Configure ACL-based Prefix Filtering: Example, on page 107 • Set DSCP for RSVP Packets: Example, on page 107 • Enable RSVP Traps: Example, on page 108 Bandwidth Configuration (Prestandard): Example The example shows the configuration of bandwidth on an interface using prestandard DS-TE mode. The example configures an interface for a reservable bandwidth of 7500, specifies the maximum bandwidth for one flow to be 1000 and adds a sub-pool bandwidth of 2000. rsvp interface pos 0/3/0/0 bandwidth 7500 1000 sub-pool 2000 Bandwidth Configuration (MAM): Example The example shows the configuration of bandwidth on an interface using MAM. The example shows how to limit the total of all RSVP reservations on POS interface 0/3/0/0 to 7500 kbps, and allows each single flow to reserve no more than 1000 kbps. rsvp interface pos 0/3/0/0 bandwidth mam 7500 1000 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 104 OL-26056-02 Implementing RSVP for MPLS-TE Verifying the Details of the RSVP AuthenticationRelated Topics Confirming DiffServ-TE Bandwidth, on page 76 Differentiated Services Traffic Engineering, on page 127 Bandwidth Configuration (RDM): Example The example shows the configuration of bandwidth on an interface using RDM. The example shows how to limit the total of all RSVP reservations on POS interface 0/3/0/0 to 7500 kbps, and allows each single flow to reserve no more than 1000 kbps. rsvp interface pos 0/3/0/0 bandwidth rdm 7500 1000 Related Topics Confirming DiffServ-TE Bandwidth, on page 76 Differentiated Services Traffic Engineering, on page 127 Refresh Reduction and Reliable Messaging Configuration: Examples Refresh reduction feature as defined by RFC 2961 issupported and enabled by default. The examplesillustrate the configuration for the refresh reduction feature. Refresh reduction is used with a neighbor only if the neighbor supports it also. Refresh Interval and the Number of Refresh Messages Configuration: Example The example shows how to configure the refresh interval to 30 seconds on POS 0/3/0/0 and how to change the number of refresh messages the node can miss before cleaning up the state from the default value of 4 to 6. rsvp interface pos 0/3/0/0 signalling refresh interval 30 signalling refresh missed 6 Retransmit Time Used in Reliable Messaging Configuration: Example The example shows how to set the retransmit timer to 2 seconds. To prevent unnecessary retransmits, the retransmit time value configured on the interface must be greater than the ACK hold time on its peer. rsvp interface pos 0/4/0/1 signalling refresh reduction reliable retransmit-time 2000 Acknowledgement Times Configuration: Example The example shows how to change the acknowledge hold time from the default value of 400 ms, to delay or speed up sending of ACKs, and the maximum acknowledgment message size from default size of 4096 bytes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 105 Implementing RSVP for MPLS-TE Bandwidth Configuration (RDM): ExampleThe example shows how to change the acknowledge hold time from the default value of 400 ms and how to delay or speed up sending of ACKs. The maximum acknowledgment message default size is from 4096 bytes. rsvp interface pos 0/4/0/1 signalling refresh reduction reliable ack-hold-time 1000 rsvp interface pos 0/4/0/1 signalling refresh reduction reliable ack-max-size 1000 Ensure retransmit time on the peers’ interface is at least twice the amount of the ACK hold time to prevent unnecessary retransmissions. Note Summary Refresh Message Size Configuration: Example The example shows how to set the summary refresh message maximum size to 1500 bytes. rsvp interface pos 0/4/0/1 signalling refresh reduction summary max-size 1500 Disable Refresh Reduction: Example If the peer node does notsupport refresh reduction, or for any other reason you want to disable refresh reduction on an interface, the example shows how to disable refresh reduction on that interface. rsvp interface pos 0/4/0/1 signalling refresh reduction disable Configure Graceful Restart: Examples RSVP graceful restart is configured globally or per interface (as are refresh-related parameters). These examples show how to enable graceful restart, set the restart time, and change the hello message interval. Enable Graceful Restart: Example The example shows how to enable the RSVP graceful restart by default. If disabled, enable it with the following command. rsvp signalling graceful-restart Related Topics Enabling Graceful Restart, on page 78 Graceful Restart: Standard and Interface-Based, on page 68 Enable Interface-Based Graceful Restart: Example The example shows how to enable the RSVP graceful restart feature on an interface. signalling hello graceful-restart interface-based Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 106 OL-26056-02 Implementing RSVP for MPLS-TE Configure Graceful Restart: ExamplesRelated Topics Enabling Graceful Restart, on page 78 Graceful Restart: Standard and Interface-Based, on page 68 Change the Restart-Time: Example The example shows how to change the restart time that is advertised in hello messages sent to neighbor nodes. rsvp signalling graceful-restart restart-time 200 Change the Hello Interval: Example The example shows how to change the interval at which RSVP graceful restart hello messages are sent per neighbor, and change the number of hellos missed before the neighbor is declared down. rsvp signalling hello graceful-restart refresh interval 4000 rsvp signalling hello graceful-restart refresh misses 4 Configure ACL-based Prefix Filtering: Example The example shows when RSVP receives a Router Alert (RA) packet from source address 1.1.1.1 and 1.1.1.1 is not a local address. The packet is forwarded with IP TTL decremented. Packets destined to 2.2.2.2 are dropped. All other RA packets are processed as normal RSVP packets. show run ipv4 access-list ipv4 access-list rsvpacl 10 permit ip host 1.1.1.1 any 20 deny ip any host 2.2.2.2 ! show run rsvp rsvp signalling prefix-filtering access-list rsvpacl ! Related Topics Configuring ACLs for Prefix Filtering, on page 80 ACL-based Prefix Filtering, on page 70 Set DSCP for RSVP Packets: Example The configuration example setsthe Differentiated Services Code Point (DSCP) field in the IP header of RSVP packets. rsvp interface pos0/2/0/1 signalling dscp 20 Related Topics Configuring RSVP Packet Dropping, on page 81 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 107 Implementing RSVP for MPLS-TE Configure ACL-based Prefix Filtering: ExampleOverview of RSVP for MPLS-TE , on page 66 Enable RSVP Traps: Example The example enables the router to send all RSVP traps: configure snmp-server traps rsvp all The example enables the router to send RSVP LostFlow traps: configure snmp-server traps rsvp lost-flow The example enables the router to send RSVP RSVP NewFlow traps: configure snmp-server traps rsvp new-flow Related Topics Enabling RSVP Traps, on page 86 RSVP MIB, on page 70 Configuration Examples for RSVP Authentication These configuration examples are used for RSVP authentication: • RSVP Authentication Global Configuration Mode: Example, on page 108 • RSVP Authentication for an Interface: Example, on page 109 • RSVP Neighbor Authentication: Example, on page 109 • RSVP Authentication by Using All the Modes: Example, on page 110 RSVP Authentication Global Configuration Mode: Example The configuration example enables authentication of all RSVP messages and increases the default lifetime of the SAs. rsvp authentication key-source key-chain default_keys life-time 3600 ! ! Note The specified keychain (default_keys) must exist and contain valid keys, or signaling will fail. Related Topics Enabling RSVP Authentication Using the Keychain in Global Configuration Mode, on page 88 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 108 OL-26056-02 Implementing RSVP for MPLS-TE Enable RSVP Traps: ExampleKey-source Key-chain, on page 74 Configuring a Lifetime for RSVP Authentication in Global Configuration Mode, on page 90 Global, Interface, and Neighbor Authentication Modes, on page 72 Configuring a Lifetime for RSVP Neighbor Authentication, on page 100 Security Association, on page 73 RSVP Authentication for an Interface: Example The configuration example enables authentication of all RSVP messages that are being sent or received on one interface only, and sets the window-size of the SAs. rsvp interface GigabitEthernet0/6/0/0 authentication window-size 64 ! ! Because the key-source keychain configuration is not specified, the global authentication mode keychain is used and inherited. The global keychain must exist and contain valid keys or signaling fails. Note Related Topics Configuring the Window Size for RSVP Authentication in Global Configuration Mode, on page 91 Configuring the Window Size for an Interface for RSVP Authentication, on page 96 Configuring the Window Size for RSVP Neighbor Authentication, on page 102 Guidelines for Window-Size and Out-of-Sequence Messages, on page 75 RSVP Neighbor Authentication: Example The configuration example enables authentication of all RSVP messages that are being sent to and received from only a particular IP address. rsvp neighbor 10.0.0.1 authentication key-source key-chain nbr_keys ! ! ! Related Topics Specifying the Keychain for RSVP Neighbor Authentication, on page 98 Key-source Key-chain, on page 74 Security Association, on page 73 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 109 Implementing RSVP for MPLS-TE RSVP Authentication for an Interface: ExampleRSVP Authentication by Using All the Modes: Example The configuration example shows how to perform the following functions: • Authenticates all RSVP messages. • Authenticates the RSVP messages to or from 10.0.0.1 by setting the keychain for the key-source key-chain command to nbr_keys, SA lifetime is set to 3600, and the default window-size is set to 1. • Authenticates the RSVP messages not to or from 10.0.0.1 by setting the keychain for the key-source key-chain command to default_keys, SA lifetime is set to 3600, and the window-size is set 64 when using GigabitEthernet0/6/0/0; otherwise, the default value of 1 is used. rsvp interface GigabitEthernet0/6/0/0 authentication window-size 64 ! ! neighbor 10.0.0.1 authentication key-source key-chain nbr_keys ! ! authentication key-source key-chain default_keys life-time 3600 ! ! If a keychain does not exist or contain valid keys, this is considered a configuration error because signaling fails. However, this can be intended to preventsignaling. For example, when using the above configuration, if the nbr_keys does not contain valid keys, all signaling with 10.0.0.1 fails. Note Related Topics Configuring the Window Size for RSVP Authentication in Global Configuration Mode, on page 91 Configuring the Window Size for an Interface for RSVP Authentication, on page 96 Configuring the Window Size for RSVP Neighbor Authentication, on page 102 Guidelines for Window-Size and Out-of-Sequence Messages, on page 75 Specifying the RSVP Authentication Keychain in Interface Mode, on page 93 Global, Interface, and Neighbor Authentication Modes, on page 72 Configuring a Lifetime for an Interface for RSVP Authentication, on page 95 RSVP Authentication Design, on page 71 Additional References These references are related to implementing MPLS RSVP: Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 110 OL-26056-02 Implementing RSVP for MPLS-TE RSVP Authentication by Using All the Modes: ExampleRelated Documents Related Topic Document Title RSVP Infrastructure Commands on Cisco ASR 9000 Series Router module in Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference Cisco IOS XR MPLS RSVP commands Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Getting started material Configuring AAA Services on Cisco ASR 9000 Series Router module in Information about user groups and task IDs Standards Standard Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/ mibs.shtml — RFCs RFCs Title Resource Reservation Protocol Version 1 Functional Specification RFC 2205 RFC 2206 RSVP Management Information Base using SMIv2 RFC 2747 RSVP Cryptographic Authentication RFC 2961 RSVP Refresh Overhead Reduction Extensions Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 111 Implementing RSVP for MPLS-TE Additional ReferencesRFCs Title RFC 3209 RSVP-TE: Extensions to RSVP for LSP Tunnels RFC 3473 Generalized MPLS Signaling, RSVP-TE Extensions RFC 4090 Fast Reroute Extensionsto RSVP-TE for LSP Tunnels Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 112 OL-26056-02 Implementing RSVP for MPLS-TE Additional ReferencesC H A P T E R 3 Implementing MPLS Forwarding This module describes how to implement MPLS Forwarding on Cisco ASR 9000 Series Aggregation Services Routers. All Multiprotocol Label Switching (MPLS) features require a core set of MPLS label management and forwarding services; the MPLS Forwarding Infrastructure (MFI) supplies these services. Feature History for Implementing MPLS-TE Release Modification Release 3.7.2 This feature was introduced. • Prerequisites for Implementing Cisco MPLS Forwarding, page 113 • Restrictions for Implementing Cisco MPLS Forwarding, page 113 • Information About Implementing MPLS Forwarding, page 114 • Additional References, page 116 Prerequisites for Implementing Cisco MPLS Forwarding These prerequisites are required to implement MPLS Forwarding: • You must be in a user group associated with a task group that includesthe proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. • Router that runs Cisco IOS XR software. • Installed composite mini-image and the MPLS package, or a full composite image. Restrictions for Implementing Cisco MPLS Forwarding • Label switching on a Cisco router requires that Cisco Express Forwarding (CEF) be enabled. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 113• CEF is mandatory for Cisco IOS XR software and it does not need to be enabled explicitly. Information About Implementing MPLS Forwarding To implement MPLS Forwarding, you should understand these concepts: MPLS Forwarding Overview MPLS combines the performance and capabilities of Layer 2 (data link layer) switching with the proven scalability of Layer 3 (network layer) routing. MPLS enables service providers to meet the challenges of growth in network utilization while providing the opportunity to differentiate services without sacrificing the existing network infrastructure. The MPLS architecture is flexible and can be employed in any combination of Layer 2 technologies. MPLS support is offered for all Layer 3 protocols, and scaling is possible well beyond that typically offered in today’s networks. Based on routing information that is stored in the VRF IP routing table and VRF CEF table, packets are forwarded to their destination using MPLS. A PE router binds a label to each customer prefix learned from a CE router and includes the label in the network reachability information for the prefix that it advertisesto other PE routers. When a PE router forwards a packet received from a CE router across the provider network, it labels the packet with the label learned from the destination PE router. When the destination PE router receives the labeled packet it pops the label and uses it to direct the packet to the correct CE router. Label forwarding across the provider backbone, is based on either dynamic label switching or traffic engineered paths. A customer data packet carries two levels of labels when traversing the backbone: • Top label directs the packet to the correct PE router • Second label indicates how that PE router should forward the packet to the CE router Label Switching Functions In conventional Layer 3 forwarding mechanisms, as a packet traverses the network, each router extracts all the information relevant to forwarding the packet from the Layer 3 header. This information is then used as an index for a routing table lookup to determine the next hop for the packet. In the most common case, the only relevant field in the header is the destination address field, but in some cases, other header fields might also be relevant. As a result, the header analysis must be done independently at each router through which the packet passes. In addition, a complicated table lookup must also be done at each router. In label switching, the analysis of the Layer 3 header is done only once. The Layer 3 header is then mapped into a fixed-length, unstructured value called a label. Many different headers can map to the same label, as long as those headers always result in the same choice of next hop. In effect, a label represents a forwarding equivalence class—that is, a set of packets which, however different they may be, are indistinguishable by the forwarding function. The initial choice of a label need not be based exclusively on the contents of the Layer 3 packet header; for example, forwarding decisions at subsequent hops can also be based on routing policy. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 114 OL-26056-02 Implementing MPLS Forwarding Information About Implementing MPLS ForwardingOnce a label is assigned, a short label header is added at the front of the Layer 3 packet. This header is carried across the network as part of the packet. At subsequent hops through each MPLS router in the network, labels are swapped and forwarding decisions are made by means of MPLS forwarding table lookup for the label carried in the packet header. Hence, the packet header does not need to be reevaluated during packet transit through the network. Because the label is of fixed length and unstructured, the MPLS forwarding table lookup process is both straightforward and fast. Distribution of Label Bindings Each labelswitching router (LSR) in the network makes an independent, local decision asto which label value to use to represent a forwarding equivalence class. This association is known as a label binding. Note The distribution of label bindings cannot be done statically for the Layer 2 VPN pseudowire. Each LSR informs its neighbors of the label bindings it has made. This awareness of label bindings by neighboring routers is facilitated by these protocols: Label Distribution Protocol (LDP) Supports MPLS forwarding along normally routed paths. Resource Reservation Protocol (RSVP) Supports MPLS traffic engineering. Border Gateway Protocol (BGP) Supports MPLS virtual private networks (VPNs). When a labeled packet is sent from LSR A to the neighboring LSR B, the label value carried by the IP packet is the label value that LSR B assigned to represent the forwarding equivalence class of the packet. Thus, the label value changes as the IP packet traverses the network. MFI Control-Plane Services The MFI control-plane provides services to MPLS applications, such as Label Distribution Protocol (LDP) and Traffic Engineering (TE), that include enabling and disabling MPLS on an interface, local label allocation, MPLS rewrite setup (including backup links), management of MPLS label tables, and the interaction with other forwarding paths (IP Version 4 [IPv4] for example) to set up imposition and disposition. MFI Data-Plane Services The MFI data-plane provides a software implementation of MPLS forwarding in all of these forms: • Imposition • Disposition • Label swapping Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 115 Implementing MPLS Forwarding Distribution of Label BindingsMPLS Maximum Transmission Unit MPLS maximum transmission unit (MTU) indicates that the maximum size of the IP packet can still be sent on a data link, without fragmenting the packet. In addition, data linksin MPLS networks have a specific MTU, but for labeled packets. All IPv4 packets have one or more labels. This does imply that the labeled packets are slightly bigger than the IP packets, because for every label, four bytes are added to the packet. So, if n is the number of labels, n * 4 bytes are added to the size of the packet when the packet is labeled. The MPLS MTU parameter pertains to labeled packets. Additional References For additional information related to implementing MPLS Forwarding, refer to the following references: Related Documents Related Topic Document Title MPLS Forwarding Commands on Cisco ASR 9000 Series Router module in Cisco ASR 9000 Series Aggregation Services Routers MPLS Command Reference MPLS Forwarding commands Cisco ASR 9000 Series Aggregation Services Routers Getting Started Guide Getting started material Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 116 OL-26056-02 Implementing MPLS Forwarding MPLS Maximum Transmission UnitRFCs RFCs Title RFC 3031 Multiprotocol Label Switching Architecture Time to Live (TTL) Processing in Multi-Protocol Label Switching (MPLS) Networks RFC 3443 Requirements for Inter-Area MPLS Traffic Engineering RFC 4105 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 117 Implementing MPLS Forwarding Additional References Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 118 OL-26056-02 Implementing MPLS Forwarding Additional ReferencesC H A P T E R 4 Implementing MPLS Traffic Engineering This module describes how to implement MPLS Traffic Engineering on Cisco ASR 9000 Series Router. Multiprotocol Label Switching (MPLS) is a standards-based solution driven by the Internet Engineering Task Force (IETF) that was devised to convert the Internet and IP backbones from best-effort networks into business-class transport mediums. MPLS, with its label switching capabilities, eliminates the need for an IP route look-up and creates a virtual circuit (VC)switching function, allowing enterprisesthe same performance on their IP-based network services as with those delivered over traditional networks such as Frame Relay or Asynchronous Transfer Mode (ATM). MPLS traffic engineering (MPLS-TE) software enables an MPLS backbone to replicate and expand upon the TE capabilities of Layer 2 ATM and Frame Relay networks. MPLS is an integration of Layer 2 and Layer 3 technologies. By making traditional Layer 2 features available to Layer 3, MPLS enablestraffic engineering. Thus, you can offer in a one-tier network what now can be achieved only by overlaying a Layer 3 network on a Layer 2 network. Feature History for Implementing MPLS-TE Release Modification Release 3.7.2 This feature was introduced. The MPLS Traffic Engineering (TE): Path Protection feature was added. Release 3.9.0 Release 3.9.1 The MPLS-TE automatic bandwidth feature is supported. Support was added for the following features: • AutoTunnel Backup • MPLS-TE Automatic Bandwidth • SRLG (Shared Risk Link Groups) Release 4.0.0 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 119Release Modification Support was added for the following features: • Ignore Intermediate System-to-Intermediate System Overload Bit Setting in MPLS-TE • Point-to-Multipoint Traffic-Engineering Release 4.1.0 Release 4.1.1 The Auto-Tunnel Mesh feature was added. Support was added for the following features: • Soft-Preemption • Path Option Attributes Release 4.2.0 The Auto-Tunnel Attribute-set feature was added for auto-backup tunnels. Release 4.2.1 • Prerequisites for Implementing Cisco MPLS Traffic Engineering, page 120 • Restrictions for Implementing Cisco MPLS Traffic Engineering, page 120 • Information About Implementing MPLS Traffic Engineering, page 121 • How to Implement Traffic Engineering, page 155 • Configuration Examples for Cisco MPLS-TE, page 260 • Additional References, page 283 Prerequisites for Implementing Cisco MPLS Traffic Engineering These prerequisites are required to implement MPLS TE: • You must be in a user group associated with a task group that includesthe proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. • Router that runs Cisco IOS XR software . • Installed composite mini-image and the MPLS package, or a full composite image. • IGP activated. Restrictions for Implementing Cisco MPLS Traffic Engineering In addition to the MPLS-TE Fast Reroute feature supporting the GigabitEthernet and TenGigE line cards, this current release also supports the 8-port OC-12 SPA, 2-port OC-48 SPA, 1-port OC-192 SPA, along with the Cisco ASR 9000 Series SPA Interface Processor-700. This feature is also supported on the main interfaces Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 120 OL-26056-02 Implementing MPLS Traffic Engineering Prerequisites for Implementing Cisco MPLS Traffic Engineeringon the SPA line cards, not on sub-interfaces. There is no support for the MPLS-TE Fast Reroute feature on the 2-port channelized OC-12 SPA or on the 1-port channelized OC-48 SPA. Information About Implementing MPLS Traffic Engineering To implement MPLS-TE, you should understand these concepts: Overview of MPLS Traffic Engineering MPLS-TE software enables an MPLS backbone to replicate and expand upon the traffic engineering capabilities of Layer 2 ATM and Frame Relay networks. MPLS is an integration of Layer 2 and Layer 3 technologies. By making traditional Layer 2 features available to Layer 3, MPLS enables traffic engineering. Thus, you can offer in a one-tier network what now can be achieved only by overlaying a Layer 3 network on a Layer 2 network. MPLS-TE is essential for service provider and Internet service provider (ISP) backbones. Such backbones must support a high use of transmission capacity, and the networks must be very resilient so that they can withstand link or node failures. MPLS-TE provides an integrated approach to traffic engineering.With MPLS, traffic engineering capabilities are integrated into Layer 3, which optimizes the routing of IP traffic, given the constraints imposed by backbone capacity and topology. Related Topics Configuring Forwarding over the MPLS-TE Tunnel, on page 161 Benefits of MPLS Traffic Engineering MPLS-TE enables ISPs to route network traffic to offer the best service to their users in terms of throughput and delay. By making the service provider more efficient, traffic engineering reduces the cost of the network. Currently, some ISPs base their services on an overlay model. In the overlay model, transmission facilities are managed by Layer 2 switching. The routers see only a fully meshed virtual topology, making most destinations appear one hop away. If you use the explicit Layer 2 transit layer, you can precisely control how traffic uses available bandwidth. However, the overlay model has numerous disadvantages. MPLS-TE achieves the TE benefits of the overlay model without running a separate network and without a non-scalable, full mesh of router interconnects. How MPLS-TE Works MPLS-TE automatically establishes and maintains label switched paths (LSPs) across the backbone by using RSVP. The path that an LSP uses is determined by the LSP resource requirements and network resources, such as bandwidth. Available resources are flooded by means of extensions to a link-state-based Interior Gateway Protocol (IGP). MPLS-TE tunnels are calculated at the LSP headend router, based on a fit between the required and available resources (constraint-based routing). The IGP automatically routes the traffic to these LSPs. Typically, a packet crossing the MPLS-TE backbone travels on a single LSP that connects the ingress point to the egress point. MPLS-TE is built on these mechanisms: Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 121 Implementing MPLS Traffic Engineering Information About Implementing MPLS Traffic EngineeringTunnel interfaces From a Layer 2 standpoint, an MPLS tunnel interface represents the headend of an LSP. It is configured with a set of resource requirements, such as bandwidth and media requirements, and priority. From a Layer 3 standpoint, an LSP tunnel interface is the headend of a unidirectional virtual link to the tunnel destination. MPLS-TE path calculation module This calculation module operates at the LSP headend. The module determines a path to use for an LSP. The path calculation uses a link-state database containing flooded topology and resource information. RSVP with TE extensions RSVP operates at each LSP hop and is used to signal and maintain LSPs based on the calculated path. MPLS-TE link management module This module operates at each LSP hop, performs link call admission on the RSVP signaling messages, and performs bookkeeping on topology and resource information to be flooded. Link-state IGP (Intermediate System-to-Intermediate System [IS-IS] or Open Shortest Path First [OSPF]—each with traffic engineering extensions) These IGPs are used to globally flood topology and resource information from the link management module. Enhancements to the shortest path first (SPF) calculation used by the link-state IGP (IS-IS or OSPF) The IGP automatically routes traffic to the appropriate LSP tunnel, based on tunnel destination. Static routes can also be used to direct traffic to LSP tunnels. Label switching forwarding This forwarding mechanism provides routers with a Layer 2-like ability to direct traffic across multiple hops of the LSP established by RSVP signaling. One approach to engineering a backbone is to define a mesh of tunnels from every ingress device to every egress device. The MPLS-TE path calculation and signaling modules determine the path taken by the LSPs for these tunnels, subject to resource availability and the dynamic state of the network. The IGP (operating at an ingress device) determines which traffic should go to which egress device, and steers that traffic into the tunnel from ingress to egress. A flow from an ingress device to an egress device might be so large that it cannot fit over a single link, so it cannot be carried by a single tunnel. In this case, multiple tunnels between a given ingress and egress can be configured, and the flow is distributed using load sharing among the tunnels. Related Topics Building MPLS-TE Topology, on page 155 Creating an MPLS-TE Tunnel, on page 158 Build MPLS-TE Topology and Tunnels: Example, on page 260 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 122 OL-26056-02 Implementing MPLS Traffic Engineering Overview of MPLS Traffic EngineeringMPLS Traffic Engineering Multiprotocol Label Switching (MPLS) is an Internet Engineering Task Force (IETF)-specified framework that provides efficient designation, routing, forwarding, and switching of traffic flows through the network. TE is the process of adjusting bandwidth allocations to ensure that enough bandwidth is available for high-priority traffic. In MPLS TE, the upstream router creates a network tunnel for a particular traffic stream and setsthe bandwidth available for that tunnel. Backup AutoTunnels The MPLS Traffic Engineering AutoTunnel Backup feature enables a router to dynamically build backup tunnels on the interfacesthat are configured with MPLS TE tunnels. Thisfeature enables a router to dynamically build backup tunnels when they are needed. This prevents you from having to build MPLS TE tunnelsstatically. The MPLS Traffic Engineering (TE)—AutoTunnel Backup feature has these benefits: • Backup tunnels are built automatically, eliminating the need for usersto preconfigure each backup tunnel and then assign the backup tunnel to the protected interface. • Protection is expanded—FRR does not protect IP traffic that is not using the TE tunnel or Label Distribution Protocol (LDP) labels that are not using the TE tunnel. This feature protects against these failures: • P2P Tunnel NHOP protection—Protects against link failure for the associated P2P protected tunnel • P2P Tunnel NNHOP protection—Protects against node failure for the associated P2P protected tunnel • P2MP Tunnel NHOP protection—Protects against link failure for the associated P2MP protected tunnel Related Topics Enabling an AutoTunnel Backup, on page 169 Removing an AutoTunnel Backup, on page 170 Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPs, on page 172 Establishing Next-Hop Tunnels with Link Protection, on page 174 Configure the MPLS-TE Auto-Tunnel Backup: Example, on page 269 AutoTunnel Attribute-set This feature supports auto-tunnels configuration using attribute templates, known as attribute-set. The TE attribute-set template that specifies a set of TE tunnel attributes, is locally configured at the head-end of auto-tunnels. The control plane triggers the automatic provisioning of a corresponding TE tunnel, whose characteristics are specified in the respective attribute-set. Currently, auto-tunnel backups are created with the default values of all tunnel attributes. To support configurable attributes for auto-tunnel backup, it is required to configure attribute-set and assign it to the backup tunnels. The attribute-set consists of a set of tunnel attributes such as priority, affinity, signaled bandwidth, logging, policy-class, record-route and so on. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 123 Implementing MPLS Traffic Engineering MPLS Traffic EngineeringThe following rules (consistent across all auto-tunnels) apply while configuring the attribute-set: • If no attribute-set template is defined, the auto-tunnels is created using default attribute values. • If an attribute-set is defined and the attribute-set template is already configured, the auto-tunnel is created using the attributes specified in the associated attribute-set. • If an attribute-set is assigned, but it is not defined or configured, auto-tunnel is not created. • Any number of attribute-sets can be configured with same attribute settings. • Empty tunnel attribute implies all parameters have default values. • When specific attribute is not specified in the attribute-set, a default value for that attribute is used. Link Protection The backup tunnels that bypass only a single link of the LSP path provide link protection. They protect LSPs, if a link along their path fails, by rerouting the LSP traffic to the next hop, thereby bypassing the failed link. These are referred to as NHOP backup tunnels because they terminate at the LSP's next hop beyond the point of failure. This figure illustrates link protection. Figure 10: Link Protection Node Protection The backup tunnels that bypass next-hop nodes along LSP paths are called NNHOP backup tunnels because they terminate at the node following the next-hop node of the LSPs, thereby bypassing the next-hop node. They protect LSPs by enabling the node upstream of a link or node failure to reroute the LSPs and their traffic around a node failure to the next-hop node. NNHOP backup tunnels also provide protection from link failures because they bypass the failed link and the node. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 124 OL-26056-02 Implementing MPLS Traffic Engineering MPLS Traffic EngineeringThis figure illustrates node protection. Figure 11: Node Protection Backup AutoTunnel Assignment At the head or mid points of a tunnel, the backup assignment finds an appropriate backup to protect a given primary tunnel for FRR protection. The backup assignment logic is performed differently based on the type of backup configured on the output interface used by the primary tunnel. Configured backup types are: • Static Backup • AutoTunnel Backup • No Backup (In this case no backup assignment is performed and the tunnels is unprotected.) Static backup and Backup AutoTunnel cannot exist together on the same interface or link. Note Node protection is always preferred over link protection in the Backup AutoTunnel assignment. Note In order that the Backup AutoTunnel feature operatessuccessfully, the following configuration must be applied at global configuration level: ipv4 unnumbered mpls traffic-eng Loopback 0 Note The Loopback 0 is used as router ID. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 125 Implementing MPLS Traffic Engineering MPLS Traffic EngineeringExplicit Paths Explicit paths are used to create backup autotunnels as follows: For NHOP Backup Autotunnels: • NHOP excludes the protected link's local IP address. • NHOP excludes the protected link’s remote IP address. • The explicit-path name is _autob_nhop_tunnelxxx, where xxx matches the dynamically created backup tunnel ID. For NNHOP Backup Autotunnels: • NNHOP excludes the protected link’s local IP address. • NNHOP excludes the protected link’s remote IP address (link address on next hop). • NNHOP excludes the NHOP router ID of the protected primary tunnel next hop. • The explicit-path name is _autob_nnhop_tunnelxxx, where xxx matchesthe dynamically created backup tunnel ID. Periodic Backup Promotion The periodic backup promotion attemptsto find and assign a better backup for primary tunnelsthat are already protected. With AutoTunnel Backup, the only scenario where two backups can protect the same primary tunnel is when both an NHOP and NNHOP AutoTunnel Backups get created. The backup assignment takes place as soon as the NHOP and NNHOP backup tunnels come up. So, there is no need to wait for the periodic promotion. Although there is no exception for AutoTunnel Backups, periodic backup promotion has no impact on primary tunnels protected by AutoTunnel Backup. One exception is when a manual promotion is triggered by the user using the mpls traffic-eng fast-reroute timers promotion command, where backup assignment or promotion istriggered on all FRR protected primary tunnels--even unprotected ones. This may trigger the immediate creation of some AutoTunnel Backup, if the command is entered within the time window when a required AutoTunnel Backup has not been yet created. You can configure the periodic promotion timer using the global configuration mpls traffic-eng fast-reroute timers promotion sec command. The range is 0 to 604800 seconds. Note A value of 0 for the periodic promotion timer disables the periodic promotion. Protocol-Based CLI Cisco IOS XR software provides a protocol-based command line interface. The CLI provides commands that can be used with the multiple IGP protocols supported by MPLS-TE. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 126 OL-26056-02 Implementing MPLS Traffic Engineering Protocol-Based CLIDifferentiated Services Traffic Engineering MPLS Differentiated Services (Diff-Serv) Aware Traffic Engineering (DS-TE) is an extension of the regular MPLS-TE feature. Regular traffic engineering does not provide bandwidth guarantees to different traffic classes. A single bandwidth constraint is used in regular TE that is shared by all traffic. To support various classes of service (CoS), users can configure multiple bandwidth constraints. These bandwidth constraints can be treated differently based on the requirement for the traffic class using that constraint. MPLS DS-TE providesthe ability to configure multiple bandwidth constraints on an MPLS-enabled interface. Available bandwidths from all configured bandwidth constraints are advertised using IGP. TE tunnel is configured with bandwidth value and class-type requirements. Path calculation and admission control take the bandwidth and class-type into consideration. RSVP is used to signal the TE tunnel with bandwidth and class-type requirements. MPLS DS-TE is deployed with either Russian Doll Model (RDM) or Maximum Allocation Model (MAM) for bandwidth calculations. Cisco IOS XR software supports two DS-TE modes: Prestandard and IETF. Related Topics Confirming DiffServ-TE Bandwidth, on page 76 Bandwidth Configuration (MAM): Example, on page 104 Bandwidth Configuration (RDM): Example, on page 105 Prestandard DS-TE Mode Prestandard DS-TE uses the Cisco proprietary mechanisms for RSVP signaling and IGP advertisements. This DS-TE mode does not interoperate with third-party vendor equipment. Note that prestandard DS-TE is enabled only after configuring the sub-pool bandwidth values on MPLS-enabled interfaces. Prestandard Diff-Serve TE mode supports a single bandwidth constraint model a Russian Doll Model (RDM) with two bandwidth pools: global-pool and sub-pool. TE class map is not used with Prestandard DS-TE mode. Related Topics Configuring a Prestandard DS-TE Tunnel, on page 176 Configure IETF DS-TE Tunnels: Example, on page 261 IETF DS-TE Mode IETF DS-TE mode usesIETF-defined extensionsfor RSVP and IGP. This mode interoperates with third-party vendor equipment. IETF mode supports multiple bandwidth constraint models, including RDM and MAM, both with two bandwidth pools. In an IETF DS-TE network, identical bandwidth constraint models must be configured on all nodes. TE class map is used with IETF DS-TE mode and must be configured the same way on all nodes in the network. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 127 Implementing MPLS Traffic Engineering Differentiated Services Traffic EngineeringBandwidth Constraint Models IETF DS-TE mode provides support for the RDM and MAM bandwidth constraints models. Both models support up to two bandwidth pools. Cisco IOS XR software provides global configuration for the switching between bandwidth constraint models. Both models can be configured on a single interface to preconfigure the bandwidth constraints before swapping to an alternate bandwidth constraint model. Note NSF is not guaranteed when you change the bandwidth constraint model or configuration information. By default, RDM is the default bandwidth constraint model used in both pre-standard and IETF mode. Maximum Allocation Bandwidth Constraint Model The MAM constraint model has the following characteristics: • Easy to use and intuitive. • Isolation across class types. • Simultaneously achieves isolation, bandwidth efficiency, and protection against QoS degradation. Related Topics Configuring an IETF DS-TE Tunnel Using MAM, on page 181 Russian Doll Bandwidth Constraint Model The RDM constraint model has these characteristics: • Allows greater sharing of bandwidth among different class types. • Ensures bandwidth efficiency simultaneously and protection against QoS degradation of all class types. • Specifies that it is used in conjunction with preemption to simultaneously achieve isolation across class-types such that each class-type is guaranteed its share of bandwidth, bandwidth efficiency, and protection against QoS degradation of all class types. We recommend that RDM not be used in DS-TE environmentsin which the use of preemption is precluded. Although RDM ensures bandwidth efficiency and protection against QoS degradation of class types, it does guarantee isolation across class types. Note Related Topics Configuring an IETF DS-TE Tunnel Using RDM, on page 178 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 128 OL-26056-02 Implementing MPLS Traffic Engineering Differentiated Services Traffic EngineeringTE Class Mapping Each of the eight available bandwidth values advertised in the IGP corresponds to a TE class. Because the IGP advertises only eight bandwidth values, there can be a maximum of only eight TE classes supported in an IETF DS-TE network. TE class mapping must be exactly the same on all routers in a DS-TE domain. It is the responsibility of the operator configure these settings properly as there is no way to automatically check or enforce consistency. The operator must configure TE tunnel class types and priority levels to form a valid TE class. When the TE class map configuration is changed, tunnels already up are brought down. Tunnels in the down state, can be set up if a valid TE class map is found. The default TE class and attributes are listed. The default mapping includes four class types. Table 4: TE Classes and Priority TE Class Class Type Priority 0 0 7 1 1 7 2 Unused — 3 Unused — 4 0 0 5 1 0 6 Unused — 7 Unused — Flooding Available bandwidth in all configured bandwidth poolsisflooded on the network to calculate accurate constraint paths when a new TE tunnel is configured. Flooding usesIGP protocol extensions and mechanismsto determine when to flood the network with bandwidth. Flooding Triggers TE Link Management (TE-Link) notifies IGP for both global pool and sub-pool available bandwidth and maximum bandwidth to flood the network in these events: • Periodic timer expires (this does not depend on bandwidth pool type). • Tunnel origination node has out-of-date information for either available global pool orsub-pool bandwidth, causing tunnel admission failure at the midpoint. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 129 Implementing MPLS Traffic Engineering Flooding• Consumed bandwidth crosses user-configured thresholds. The same threshold is used for both global pool and sub-pool. If one bandwidth crosses the threshold, both bandwidths are flooded. Flooding Thresholds Flooding frequently can burden a network because all routers must send out and process these updates. Infrequent flooding causes tunnel heads (tunnel-originating nodes) to have out-of-date information, causing tunnel admission to fail at the midpoints. You can control the frequency of flooding by configuring a set of thresholds. When locked bandwidth (at one or more priority levels) crosses one of these thresholds, flooding is triggered. Thresholds apply to a percentage of the maximum available bandwidth (the global pool), which is locked, and the percentage of maximum available guaranteed bandwidth (the sub-pool), which is locked. If, for one or more priority levels, either of these percentages crosses a threshold, flooding is triggered. Setting up a global pool TE tunnel can cause the locked bandwidth allocated to sub-pool tunnels to be reduced (and hence to cross a threshold). A sub-pool TE tunnel setup can similarly cause the locked bandwidth for global pool TE tunnels to cross a threshold. Thus, sub-pool TE and global pool TE tunnels can affect each other when flooding is triggered by thresholds. Note Fast Reroute Fast Reroute (FRR) provides link protection to LSPs enabling the traffic carried by LSPs that encounter a failed link to be rerouted around the failure. The reroute decision is controlled locally by the router connected to the failed link. The headend router on the tunnel is notified of the link failure through IGP or through RSVP. When it is notified of a link failure, the headend router attempts to establish a new LSP that bypasses the failure. This provides a path to reestablish links that fail, providing protection to data transfer. FRR (link or node) is supported over sub-pool tunnels the same way as for regular TE tunnels. In particular, when link protection is activated for a given link, TE tunnels eligible for FRR are redirected into the protection LSP, regardless of whether they are sub-pool or global pool tunnels. The ability to configure FRR on a per-LSP basis makes it possible to provide different levels of fast restoration to tunnels from different bandwidth pools. Note You should be aware of these requirements for the backup tunnel path: • Backup tunnel must not pass through the element it protects. • Primary tunnel and a backup tunnel should intersect at least at two points (nodes) on the path: point of local repair (PLR) and merge point (MP). PLR isthe headend of the backup tunnel, and MP isthe tailend of the backup tunnel. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 130 OL-26056-02 Implementing MPLS Traffic Engineering Fast RerouteWhen you configure TE tunnel with multiple protection on its path and merge point is the same node for more than one protection, you must configure record-route for that tunnel. Note Related Topics Protecting MPLS Tunnels with Fast Reroute, on page 164 MPLS-TE and Fast Reroute over Link Bundles MPLS Traffic Engineering (TE) and Fast Reroute (FRR) are supported over bundle interfaces and virtual local area network (VLAN) interfaces. Bidirectional forwarding detection (BFD) over VLAN is used as an FRR trigger to obtain less than 50 milliseconds of switchover time. These link bundle types are supported for MPLS-TE/FRR: • Over Ethernet link bundles. • Over VLANs over Ethernet link bundles. • Number of links are limited to 100 for MPLS-TE and FRR. • VLANs go over any Ethernet interface (for example, GigabitEthernet and TenGigE). FRR is supported over bundle interfaces in the following ways: • Uses minimum links as a threshold to trigger FRR over a bundle interface. • Uses the minimum total available bandwidth as a threshold to trigger FRR. Ignore Intermediate System-to-Intermediate System Overload Bit Setting in MPLS-TE The Ignore Intermediate System-to-Intermediate System (IS-IS) overload bit avoidance feature allows network administrators to prevent RSVP-TE label switched paths (LSPs) from being disabled, when a router in that path has its Intermediate System-to-Intermediate System (IS-IS) overload bit set. The IS-IS overload bit avoidance feature is activated using this command: mpls traffic-eng path-selection ignore overload The IS-IS overload bit avoidance feature is deactivated using the no form of this command: no mpls traffic-eng path-selection ignore overload When the IS-IS overload bit avoidance feature is activated, all nodes, including head nodes, mid nodes, and tail nodes, with the overload bit set, are ignored. This means that they are still available for use with RSVP-TE label switched paths (LSPs). This feature enables you to include an overloaded node in CSPF. Enhancement Options of IS-IS OLA You can restrict configuring IS-IS overload bit avoidance with the following enhancement options: • path-selection ignore overload head Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 131 Implementing MPLS Traffic Engineering MPLS-TE and Fast Reroute over Link BundlesThe tunnels stay up if set-overload-bit is set by IS-IS on the head router. Ignores overload during CSPF for LSPs originating from an overloaded node. In all other cases (mid, tail, or both), the tunnel stays down. • path-selection ignore overload mid The tunnels stay up if set-overload-bit is set by IS-IS on the mid router. Ignores overload during CSPF for LSPs transiting from an overloaded node. In all other cases (head, tail, or both), the tunnel stays down. • path-selection ignore overload tail The tunnels stay up if set-overload-bit is set by IS-IS on the tail router. Ignores overload during CSPF for LSPs terminating at an overloaded node. In all other cases (head, mid, or both), the tunnel stays down. • path-selection ignore overload The tunnels stay up irrespective of on which router the set-overload-bit is set by IS-IS. When you do not select any of the options, including head nodes, mid nodes, and tail nodes, you get a behavior that is applicable to all nodes. This behavior is backward compatible in nature. Note For more information related to IS-IS overload avoidance related commands, see Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference. Related Topics Configuring the Ignore Integrated IS-IS Overload Bit Setting in MPLS-TE, on page 187 Configure the Ignore IS-IS Overload Bit Setting in MPLS-TE: Example, on page 262 Flexible Name-based Tunnel Constraints MPLS-TE Flexible Name-based Tunnel Constraints provides a simplified and more flexible means of configuring link attributes and path affinities to compute paths for MPLS-TE tunnels. In the traditional TE scheme, links are configured with attribute-flags that are flooded with TE link-state parameters using Interior Gateway Protocols (IGPs), such as Open Shortest Path First (OSPF). MPLS-TE Flexible Name-based Tunnel Constraints lets you assign, or map, up to 32 color names for affinity and attribute-flag attributes instead of 32-bit hexadecimal numbers. After mappings are defined, the attributes can be referred to by the corresponding color name in the command-line interface (CLI). Furthermore, you can define constraints using include, include-strict, exclude, and exclude-all arguments, where each statement can contain up to 10 colors, and define include constraints in both loose and strict sense. You can configure affinity constraints using attribute flags or the Flexible Name Based Tunnel Constraints scheme; however, when configurations for both schemes exist, only the configuration pertaining to the new scheme is applied. Note Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 132 OL-26056-02 Implementing MPLS Traffic Engineering Flexible Name-based Tunnel ConstraintsRelated Topics Assigning Color Names to Numeric Values, on page 188 Associating Affinity-Names with TE Links, on page 190 Associating Affinity Constraints for TE Tunnels, on page 192 Configure Flexible Name-based Tunnel Constraints: Example, on page 263 MPLS Traffic Engineering Interarea Tunneling These topics describe the following new extensions of MPLS-TE: • Interarea Support, on page 133 • Multiarea Support, on page 134 • Loose Hop Expansion, on page 134 • Loose Hop Reoptimization, on page 135 • Fast Reroute Node Protection, on page 135 Interarea Support The MPLS-TE interarea tunneling feature allows you to establish P2P tunnels spanning multiple Interior Gateway Protocol (IGP) areas and levels, thereby eliminating the requirement that headend and tailend routers reside in a single area. Interarea support allowsthe configuration of a TE LSP thatspans multiple areas, where its headend and tailend label switched routers (LSRs) reside in different IGP areas. Multiarea and Interarea TE are required by the customers running multiple IGP area backbones (primarily for scalability reasons). This lets you limit the amount of flooded information, reduces the SPF duration, and lessens the impact of a link or node failure within an area, particularly with large WAN backbones split in multiple areas. This figure shows a typical interarea TE network. Figure 12: Interarea (OSPF) TE Network Diagram Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 133 Implementing MPLS Traffic Engineering MPLS Traffic Engineering Interarea TunnelingMultiarea Support Multiarea support allows an area border router (ABR) LSR to support MPLS-TE in more than one IGP area. A TE LSP is still confined to a single area. Multiarea and Interarea TE are required when you run multiple IGP area backbones. The Multiarea and Interarea TE allows you to: • Limit the volume of flooded information. • Reduce the SPF duration. • Decrease the impact of a link or node failure within an area. Figure 13: Interlevel (IS-IS) TE Network As shown in the figure, R2, R3, R7, and R4 maintain two databases for routing and TE information. For example, R3 has TE topology information related to R2, flooded through Level-1 IS-IS LSPs plus the TE topology information related to R4, R9, and R7, flooded as Level 2 IS-IS Link State PDUs (LSPs) (plus, its own IS-IS LSP). You can configure multiple areas within an IS-IS Level 1. This is transparent to TE. TE has topology information about the IS-IS level, but not the area ID. Note Loose Hop Expansion Loose hop optimization allows the reoptimization of tunnels spanning multiple areas and solves the problem which occurs when an MPLS-TE LSP traverses hops that are not in the LSP's headend's OSPF area and IS-IS level. Interarea MPLS-TE allows you to configure an interarea traffic engineering (TE) label switched path (LSP) by specifying a loose source route of ABRs along the path. It is the then the responsibility of the ABR (having a complete view of both areas) to find a path obeying the TE LSP constraints within the next area to reach the next hop ABR (as specified on the headend). The same operation is performed by the last ABR connected to the tailend area to reach the tailend LSR. You must be aware of these considerations when using loose hop optimization: • You must specify the router ID of the ABR node (as opposed to a link address on the ABR). Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 134 OL-26056-02 Implementing MPLS Traffic Engineering MPLS Traffic Engineering Interarea Tunneling• When multiarea is deployed in a network that contains subareas, you must enable MPLS-TE in the subarea for TE to find a path when loose hop is specified. • You must specify the reachable explicit path for the interarea tunnel. Loose Hop Reoptimization Loose hop reoptimization allows the reoptimization of the tunnels spanning multiple areas and solves the problem which occurs when an MPLS-TE headend does not have visibility into other IGP areas. Whenever the headend attempts to reoptimize a tunnel, it tries to find a better path to the ABR in the headend area. If a better path is found then the headend initiates the setup of a new LSP. In case a suitable path is not found in the headend area, the headend initiates a querying message. The purpose of this message is to query the ABRs in the areas other than the headend area to check if there exist any better paths in those areas. The purpose of this message is to query the ABRs in the areas other than the headend area, to check if a better path exists. If a better path does not exist, ABR forwardsthe query to the next router downstream. Alternatively, if better path is found, ABR responds with a special Path Error to the headend to indicate the existence of a better path outside the headend area. Upon receiving the Path Error that indicates the existence of a better path, the headend router initiates the reoptimization. ABR Node Protection Because one IGP area does not have visibility into another IGP area, it is not possible to assign backup to protect ABR node. To overcome this problem, node ID sub-object is added into the record route object of the primary tunnel so that at a PLR node, backup destination address can be checked against primary tunnel record-route object and assign a backup tunnel. Fast Reroute Node Protection If a link failure occurs within an area, the upstream router directly connected to the failed link generates an RSVP path error message to the headend. As a response to the message, the headend sends an RSVP path tear message and the corresponding path option is marked as invalid for a specified period and the next path-option (if any) is evaluated. To retry the ABR immediately, a second path option (identical to the first one) should be configured. Alternatively, the retry period (path-option hold-down, 2 minutes by default) can be tuned to achieve a faster retry. Related Topics Protecting MPLS Tunnels with Fast Reroute, on page 164 MPLS-TE Forwarding Adjacency The MPLS-TE Forwarding Adjacency feature allows a network administrator to handle a traffic engineering, label-switched path (LSP) tunnel as a link in an Interior Gateway Protocol (IGP) network based on the Shortest Path First (SPF) algorithm. A forwarding adjacency can be created between routers regardless of their location in the network. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 135 Implementing MPLS Traffic Engineering MPLS-TE Forwarding AdjacencyMPLS-TE Forwarding Adjacency Benefits TE tunnel interfaces are advertised in the IGP network just like any other links. Routers can then use these advertisements in their IGPs to compute the SPF even if they are not the head end of any TE tunnels. Related Topics Configuring MPLS-TE Forwarding Adjacency, on page 199 Configure Forwarding Adjacency: Example, on page 265 MPLS-TE Forwarding Adjacency Restrictions The following restrictions are listed for the MPLS-TE Forwarding Adjacency feature: • Using the MPLS-TE Forwarding Adjacency feature increasesthe size of the IGP database by advertising a TE tunnel as a link. • The MPLS-TE Forwarding Adjacency feature is supported by Intermediate System-to-Intermediate System (IS-IS). • When the MPLS-TE Forwarding Adjacency feature is enabled on a TE tunnel, the link is advertised in the IGP network as a Type-Length-Value (TLV) 22 without any TE sub-TLV. • MPLS-TE forwarding adjacency tunnels must be configured bidirectionally. MPLS-TE Forwarding Adjacency Prerequisites Your network must support the following features before enabling the MPLS -TE Forwarding Adjacency feature: • MPLS • IP Cisco Express Forwarding • Intermediate System-to-Intermediate System (IS-IS) Path Computation Element Path Computation Element (PCE) solves the specific issue of inter-domain path computation for MPLS-TE label switched path (LSPs), when the head-end router does not possess full network topology information (for example, when the head-end and tail-end routers of an LSP reside in different IGP areas). PCE uses area border routers(ABRs) to compute a TE LSP spanning multiple IGP areas as well as computation of Inter-AS TE LSP. PCE is usually used to define an overall architecture, which is made of several components, as follows: Path Computation Element (PCE) Represents a software module (which can be a component or application) that enables the router to compute paths applying a set of constraints between any pair of nodes within the router’s TE topology database. PCEs are discovered through IGP. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 136 OL-26056-02 Implementing MPLS Traffic Engineering Path Computation ElementPath Computation Client (PCC) Represents a software module running on a router that is capable of sending and receiving path computation requests and responses to and from PCEs. The PCC is typically an LSR (Label Switching Router). PCC-PCE communication protocol (PCEP) Specifiesthat PCEP is a TCP-based protocol defined by the IETF PCEWG, and defines a set of messages and objects used to manage PCEP sessions and to request and send paths for multi-domain TE LSPs. PCEP is used for communication between PCC and PCE (as well as between two PCEs) and employs IGP extensions to dynamically discover PCE. This figure shows a typical PCE implementation. Figure 14: Path Computation Element Network Diagram Path computation elements provides support for the following message types and objects: • Message types: Open, PCReq, PCRep, PCErr, Close • Objects: OPEN, CLOSE, RP, END-POINT, LSPA, BANDWIDTH, METRIC, and NO-PATH Related Topics Configuring a Path Computation Client, on page 200 Configuring a Path Computation Element Address, on page 202 Configuring PCE Parameters, on page 203 Configure PCE: Example, on page 265 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 137 Implementing MPLS Traffic Engineering Path Computation ElementPath Protection Path protection provides an end-to-end failure recovery mechanism (that is, full path protection) for MPLS-TE tunnels. A secondary Label Switched Path (LSP) is established, in advance, to provide failure protection for the protected LSP that is carrying a tunnel's TE traffic. When there is a failure on the protected LSP, the source router immediately enables the secondary LSP to temporarily carry the tunnel's traffic. If there is a failure on the secondary LSP, the tunnel no longer has path protection until the failure along the secondary path is cleared. Path protection can be used with a single area (OSPF or IS-IS), external BGP [eBGP], and static). The failure detection mechanisms trigger a switchover to a secondary tunnel: • Path error or resv-tear from Resource Reservation Protocol (RSVP) signaling • Notification from the Bidirectional Forwarding Detection (BFD) protocol that a neighbor is lost • Notification from the Interior Gateway Protocol (IGP) that the adjacency is down • Local teardown of the protected tunnel's LSP due to preemption in order to signal higher priority LSPs, a Packet over SONET (POS) alarm, online insertion and removal (OIR), and so forth An alternate recovery mechanism is Fast Reroute (FRR), which protects MPLS-TE LSPs only from link and node failures by locally repairing the LSPs at the point of failure. Co-existence of FRR and path protection is supported, that means FRR and path-protection can be configured on the same tunnel at the same time. Although not as fast as link or node protection, presignaling a secondary LSP is faster than configuring a secondary primary path option or allowing the tunnel's source router to dynamically recalculate a path. The actual recovery time is topology-dependent, and affected by delay factors such as propagation delay or switch fabric latency. Related Topics Enabling Path Protection for an Interface, on page 206 Assigning a Dynamic Path Option to a Tunnel, on page 208 Forcing a Manual Switchover on a Path-Protected Tunnel, on page 210 Configuring the Delay the Tunnel Takes Before Reoptimization, on page 210 Configure Tunnels for Path Protection: Example, on page 266 Prerequisites for Path Protection • Ensure that your network supports MPLS-TE, Cisco Express Forwarding, and Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF). • Enable MPLS. • Configure TE on the routers. • Configure a TE tunnel with a dynamic path option by using the path-option command with the dynamic keyword. Related Topics Enabling Path Protection for an Interface, on page 206 Assigning a Dynamic Path Option to a Tunnel, on page 208 Forcing a Manual Switchover on a Path-Protected Tunnel, on page 210 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 138 OL-26056-02 Implementing MPLS Traffic Engineering Path ProtectionConfiguring the Delay the Tunnel Takes Before Reoptimization, on page 210 Configure Tunnels for Path Protection: Example, on page 266 Restrictions for Path Protection • Only Point-to-Point (P2P) tunnels are supported. • Point-to-Multipoint (P2MP) TE tunnels are not supported. • A maximum of one standby LSP is supported. • There can be only one secondary path for each dynamic path option. • Explicit path option can be configured for the path protected TE with the secondary path option as dynamic. • Do not use link and node protection with path protection on the headend router. • A maximum number of path protected tunnel TE heads is 2000. • A maximum number of TE tunnel heads is equal to 4000. Related Topics Enabling Path Protection for an Interface, on page 206 Assigning a Dynamic Path Option to a Tunnel, on page 208 Forcing a Manual Switchover on a Path-Protected Tunnel, on page 210 Configuring the Delay the Tunnel Takes Before Reoptimization, on page 210 Configure Tunnels for Path Protection: Example, on page 266 MPLS-TE Automatic Bandwidth The MPLS-TE automatic bandwidth feature measures the traffic in a tunnel and periodically adjusts the signaled bandwidth for the tunnel. These topics provide information about MPLS-TE automatic bandwidth: MPLS-TE Automatic Bandwidth Overview MPLS-TE automatic bandwidth is configured on individual Label Switched Paths (LSPs) at every head-end. MPLS-TE monitors the traffic rate on a tunnel interface. Periodically, MPLS-TE resizes the bandwidth on the tunnel interface to align it closely with the traffic in the tunnel. MPLS-TE automatic bandwidth can perform these functions: • Monitors periodic polling of the tunnel output rate • Resizes the tunnel bandwidth by adjusting the highest rate observed during a given period For every traffic-engineered tunnel that is configured for an automatic bandwidth, the average output rate is sampled, based on various configurable parameters. Then, the tunnel bandwidth is readjusted automatically based upon either the largest average output rate that was noticed during a certain interval, or a configured maximum bandwidth value. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 139 Implementing MPLS Traffic Engineering MPLS-TE Automatic BandwidthThis table lists the automatic bandwidth functions. Table 5: Automatic Bandwidth Variables Function Command Description Default Value Configures how often the 24 hours tunnel bandwidths changed for each tunnel. The application period is the period of A minutes between the bandwidth applications during which the output rate collection is done. Application frequency application command Limits the range of 0 Kbps bandwidth within the automatic-bandwidth feature that can request a bandwidth. Requested bandwidth bw-limit command Configures how often the 5 min tunnel output rate is polled globally for all tunnels. auto-bw collect command Collection frequency You cannot configure this — value. Highest collected — bandwidth You cannot configure this — value. Delta — The output rate on a tunnel is collected at regular intervals that are configured by using the application command in MPLS-TE auto bandwidth interface configuration mode. When the application period timer expires, and when the difference between the measured and the current bandwidth exceeds the adjustment threshold, the tunnel is reoptimized. Then, the bandwidth samples are cleared to record the new largest output rate at the next interval. When reoptimizing the LSP with the new bandwidth, a new path request is generated. If the new bandwidth is not available, the last good LSP continues to be used. This way, the network experiences no traffic interruptions. If minimum or maximum bandwidth values are configured for a tunnel, the bandwidth, which the automatic bandwidth signals, stays within these values. When more than 100 tunnels are auto-bw enabled, the algorithm will jitter the first application of every tunnel by a maximum of 20% (max 1hour). The algorithm does this to avoid too many tunnels running auto bandwidth applications at the same time. Note Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 140 OL-26056-02 Implementing MPLS Traffic Engineering MPLS-TE Automatic BandwidthIf a tunnel is shut down, and is later brought again, the adjusted bandwidth is lost and the tunnel is brought back with the initial configured bandwidth. In addition, the application period is reset when the tunnel is brought back. Related Topics Configuring the Collection Frequency, on page 212 Configuring the Automatic Bandwidth Functions, on page 215 Configure Automatic Bandwidth: Example, on page 267 Adjustment Threshold Adjustment Threshold is defined as a percentage of the current tunnel bandwidth and an absolute (minimum) bandwidth. Both thresholds must be fulfilled for the automatic bandwidth to resignal the tunnel. The tunnel bandwidth is resized only if the difference between the largest sample output rate and the current tunnel bandwidth is larger than the adjustment thresholds. For example, assume that the automatic bandwidth is enabled on a tunnel in which the highest observed bandwidth B is 30 Mbps. Also, assume that the tunnel was initially configured for 45 Mbps. Therefore, the difference is 15 mbit/s. Now, assuming the default adjustment thresholds of 10% and 10kbps, the tunnel is signalled with 30 Mbps when the application timer expires. This is because 10% of 45Mbit/s is 4.5 Mbit/s, which is smaller than 15 Mbit/s. The absolute threshold, which by default is 10kbps, is also crossed. Overflow Detection Overflow detection is used if a bandwidth must be resized assoon as an overflow condition is detected, without having to wait for the expiry of an automatic bandwidth application frequency interval. For overflow detection one configures a limit N, a percentage threshold Y% and optionally, a minimum bandwidth threshold Z. The percentage threshold is defined as the percentage of the actual signalled tunnel bandwidth. When the difference between the measured bandwidth and the actual bandwidth are both larger than Y% and Z threshold, for N consecutive times, then the system triggers an overflow detection. The bandwidth adjustment by the overflow detection is triggered only by an increase of traffic volume through the tunnel, and not by a decrease in the traffic volume. When you trigger an overflow detection, the automatic bandwidth application interval is reset. By default, the overflow detection is disabled and needs to be manually configured. Restrictions for MPLS-TE Automatic Bandwidth When the automatic bandwidth cannot update the tunnel bandwidth, the following restrictions are listed: • Tunnel is in a fast reroute (FRR) backup, active, or path protect active state. This occurs because of the assumption that protection is a temporary state, and there is no need to reserve the bandwidth on a backup tunnel. You should prevent taking away the bandwidth from other primary or backup tunnels. • Reoptimization fails to occur during a lockdown. In this case, the automatic bandwidth does not update the bandwidth unless the bandwidth application is manually triggered by using the mpls traffic-eng auto-bw apply command in EXEC mode. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 141 Implementing MPLS Traffic Engineering MPLS-TE Automatic BandwidthPoint-to-Multipoint Traffic-Engineering Point-to-Multipoint Traffic-Engineering Overview The Point-to-Multipoint (P2MP) Resource Reservation Protocol-Traffic Engineering (RSVP-TE) solution allows service providers to implement IP multicast applications, such as IPTV and real-time video, broadcast over the MPLS label switch network. The RSVP-TE protocol is extended to signal point-to-point (P2P) and P2MP label switched paths (LSPs) across the MPLS networks. By using RSVP-TE extensions as defined in RFC 4875, multiple subLSPs are signaled for a given TE source. The P2MP tunnel is considered as a set of Source-to-Leaf (S2L) subLSPs that connect the TE source to multiple leaf Provider Edge (PE) nodes. At the TE source, the ingress point of the P2MP-TE tunnel, IP multicast traffic is encapsulated with a unique MPLS label, which is associated with the P2MP-TE tunnel. The traffic continues to be label-switched in the P2MP tree. If needed, the labeled packet is replicated at branch nodes along the P2MP tree. When the labeled packet reaches the egress leaf (PE) node, the MPLS label is removed and forwarded onto the IP multicast tree across the PE-CE link. To enable end-to-end IP multicast connectivity, RSVP is used in the MPLS-core for P2MP-TE signaling and PIM is used for PE-CE link signaling. • All edge routers are running PIM-SSM or Source-Specific Multicast (SSM) to exchange multicast routing information with the directly-connected Customer Edge (CE) routers. • In the MPLS network, RSVP P2MP-TE replaces PIM as the tree building mechanism, RSVP-TE grafts or prunes a given P2MP tree when the end-points are added or removed in the TE source configuration (explicit user operation). These are the definitions for Point-to-Multipoint (P2MP) tunnels: Source Configures the node in which Label Switched Path (LSP) signaling is initiated. Mid-point Specifies the transit node in which LSP signaling is processed (for example, not a source or receiver). Receiver, Leaf, and Destination Specifies the node in which LSP signaling ends. Branch Point Specifies the node in which packet replication is performed. Bud Node Specifies the node that not only acts as a transit for some S2Ls but also acts as a termination point for a S2L of a P2MP TE tunnel. Source-to-Leaf (S2L) SubLSP Specifies the P2MP-TE LSP segment that runs from the source to one leaf. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 142 OL-26056-02 Implementing MPLS Traffic Engineering Point-to-Multipoint Traffic-EngineeringPoint-to-Multipoint Traffic-Engineering Features • P2MP RSVP-TE (RFC 4875) is supported. RFC 4875 is based on nonaggregate signaling; for example, per S2L signaling. Only P2MP LSP is supported. • interface tunnel-mte command identifies the P2MP interface type. • P2MP tunnel setup is supported with label replication. • Fast-Reroute (FRR) link protection is supported with sub-50 msec for traffic loss. • Explicit routing is supported by using under utilized links. • Reoptimization is supported by calculating a better set of paths to the destination with no traffic loss. Note Per-S2L reoptimization is not supported. • IPv4 and IPv6 payloads are supported. • IPv4 and IPv6 multicast forwarding are supported on a P2MP tunnel interface through a static IGMP and MLD group configuration. • Both IP multicast and P2MP Label Switch Multicast (LSM) coexist in the same network; therefore, both use the same forwarding plane (LFIB or MPLS Forwarding Infrastructure [MFI]). • P2MP label replication supports only Source-Specific Multicast (SSM) traffic. SSM configuration supports the default value, none. • Static mapping for multicast groups to the P2MP-TE tunnel is required. Point-to-Multipoint Traffic-Engineering Benefits • Single point of traffic control ensures that signaling and path engineering parameters (for example, protection and diversity) are configured only at the TE source node. • Ability to configure explicit paths to enable optimized traffic distribution and prevention of single point of failures in the network. • Link protection of MPLS-labeled traffic traversing branch paths of the P2MP-TE tree. • Ability to do bandwidth Admission Control (AC) during set up and signaling of P2MP-TE paths in the MPLS network. Related Topics Configure Point-to-Multipoint for the Source: Example, on page 278 Configure the Point-to-Multipoint Solution: Example, on page 279 Disable a Destination: Example, on page 279 Configure the Point-to-Multipoint Tunnel: Example, on page 278 Configure the Point-to-Multipoint Solution: Example, on page 279 Point-to-Multipoint RSVP-TE , on page 144 Path Option for Point-to-Multipoint RSVP-TE, on page 145 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 143 Implementing MPLS Traffic Engineering Point-to-Multipoint Traffic-EngineeringPoint-to-Multipoint RSVP-TE RSVP-TE signals a P2MP tunnel base that is based on a manual configuration. If all Source-to-Leaf (S2L)s use an explicit path, the P2MP tunnel creates a static tree that follows a predefined path based on a constraint such as a deterministic Label Switched Path (LSP). If the S2L uses a dynamic path, RSVP-TE creates a P2MP tunnel base on the best path in the RSVP-TE topology. RSVP-TE supports bandwidth reservation for constraint-based routing. RSVP-TE distributes stream information in which the topology tree does not change often (where the source and receivers are). For example, large scale video distribution between major sites is suitable for a subset of multicast applications. Because multicast traffic is already in the tunnel, the RSVP-TE tree is protected as long as you build a backup path. Fast-Reroute (FRR) capability is supported for P2MP RSVP-TE by using the unicast link protection. You can choose the type of traffic to go to the backup link. The P2MP tunnel is signaled by the dynamic and explicit path option in the IGP intra area. Only interArea and interAS, which are used for the P2MP tunnels, are signaled by the verbatim path option. Related Topics Configure Point-to-Multipoint for the Source: Example, on page 278 Configure the Point-to-Multipoint Solution: Example, on page 279 Point-to-Multipoint Fast Reroute, on page 144 Path Option for Point-to-Multipoint RSVP-TE, on page 145 Point-to-Multipoint Fast Reroute MPLS-TE Fast Reroute (FRR) is a mechanism to minimize interruption in traffic delivery to a TE Label Switched Path (LSP) destination as a result of link or node failures. FRR enables temporarily fast switching of LSP traffic along an alternative backup path around a network failure, until the TE tunnel source signals a new end-to-end LSP. The Point-of-Local Repair (PLR) is a node that selects a backup tunnel and switches the LSP traffic onto the backup tunnel in case a failure is detected. The receiver of the backup tunnel is referred to as the Merge Point (MP). Both Point-to-Point (P2P) and P2MP-TE support only the Facility FRR method from RFC 4090. Fast reroutable LSPs can coexist with fast reroutable P2P LSPs in a network. Node, link, and bandwidth protection for P2P LSPs are supported. Both MPLS-TE link and node protection rely on the fact that labels for all primary LSPs and subLSPs are using the MPLS global label allocation. For example, one single (global) label space is used for all MPLS-TE enabled physical interfaces on a given MPLS node. Related Topics Point-to-Multipoint Traffic-Engineering Overview, on page 142 Point-to-Multipoint RSVP-TE , on page 144 Point-to-Multipoint Label Switch Path The Point-to-Multipoint Label Switch Path (P2MP LSP) has only a single root, which is the Ingress Label Switch Router (LSR). The P2MP LSP is created based on a receiver that is connected to the Egress LSR. The Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 144 OL-26056-02 Implementing MPLS Traffic Engineering Point-to-Multipoint Traffic-EngineeringEgress LSR initiates the creation of the tree (for example, tunnel grafting or pruning is done by performing an individual sub-LSP operation) by creating the Forwarding Equivalency Class (FEC) and Opaque Value. Note Grafting and pruning operate on a per destination basis. The Opaque Value contains the stream information that uniquely identifies the tree to the root. To receive label switched multicast packets, the Egress Provider Edge (PE) indicates to the upstream router (the next hop closest to the root) which label it uses for the multicast source by applying the label mapping message. The upstream router does not need to have any knowledge of the source; it needs only the received FEC to identify the correct P2MP LSP. If the upstream router does not have any FEC state, it creates it and installs the assigned downstream outgoing label into the label forwarding table. If the upstream router is not the root of the tree, it must forward the label mapping message to the next hop upstream. This process is repeated hop-by-hop until the root is reached. By using downstream allocation, the router that wants to receive the multicast traffic assigns the label for it. The label request, which is sent to the upstream router, is similar to an unsolicited label mapping (that is, the upstream does not request it). The upstream router that receives that label mapping uses the specific label to send multicast packets downstream to the receiver. The advantage isthat the router, which allocatesthe labels, does not get into a situation where it has the same label for two different multicast sources. This is because it manages its own label space allocation locally. Path Option for Point-to-Multipoint RSVP-TE P2MP tunnels are signaled by using the dynamic and explicit path-options in an IGP intra area. InterArea and InterAS cases for P2MP tunnels are signaled by the verbatim path option. Path optionsfor P2MP tunnels are individually configured for each sub-LSP. Only one path option persub-LSP (destination) is allowed. You can choose whether the corresponding sub-LSP is dynamically or explicitly routed. For the explicit option, you can configure the verbatim path option to bypass the topology database lookup and verification for the specified destination. Both dynamic and explicit path options are supported on a per destination basis by using the path-option (P2MP-TE) command. In addition, you can combine both path options. Explicit Path Option Configuresthe intermediate hopsthat are traversed by a sub-LSP going from the TE source to the egress MPLS node. Although an explicit path configuration enables granular control sub-LSP paths in an MPLS network, multiple explicit paths are configured for specific network topologies with a limited number of (equal cost) links or paths. Dynamic Path Option Computes the IGP path of a P2MP tree sub-LSP that is based on the OSPF and ISIS algorithm. The TE source is dynamically calculated based on the IGP topology. Dynamic Path Calculation Requirements Dynamic path calculation for each sub-LSP uses the same path parameters as those for the path calculation of regular point-to-point TE tunnels. As part of the sub-LSP path calculation, the link resource (bandwidth) is included, which is flooded throughout the MPLS network through the existing RSVP-TE extensions to Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 145 Implementing MPLS Traffic Engineering Point-to-Multipoint Traffic-EngineeringOSPF and ISIS. Instead of dynamic calculated paths, explicit paths are also configured for one or more sub-LSPs that are associated with the P2MP-TE tunnel. • OSPF or ISIS are used for each destination. • TE topology and tunnel constraints are used to input the path calculation. • Tunnel constraints such as affinity, bandwidth, and priorities are used for all destinations in a tunnel. • Path calculation yields an explicit route to each destination. Static Path Calculation Requirements The static path calculation does not require any new extensions to IGP to advertise link availability. • Explicit path is required for every destination. • Offline path calculation is used. • TE topology database is not needed. • If the topology changes, reoptimization is not required. Related Topics Configure the Point-to-Multipoint Tunnel: Example, on page 278 Configure the Point-to-Multipoint Solution: Example, on page 279 Point-to-Multipoint Traffic-Engineering Overview, on page 142 Point-to-Multipoint RSVP-TE , on page 144 MPLS Traffic Engineering Shared Risk Link Groups Shared Risk Link Groups (SRLG) in MPLS traffic engineering refer to situations in which links in a network share a common fiber (or a common physical attribute). These links have a shared risk, and that is when one link fails, other links in the group might fail too. OSPF and Intermediate System-to-Intermediate System (IS-IS) flood the SRLG value information (including other TE link attributes such as bandwidth availability and affinity) using a sub-type length value (sub-TLV), so that all routers in the network have the SRLG information for each link. To activate the SRLG feature, configure the SRLG value of each link that has a shared risk with another link. A maximum of 30 SRLGs per interface is allowed. You can configure this feature on multiple interfaces including the bundle interface. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 146 OL-26056-02 Implementing MPLS Traffic Engineering MPLS Traffic Engineering Shared Risk Link GroupsFigure 15: Shared Risk Link Group illustrates the MPLS TE SRLG values configured on the bundle interface. Figure 15: Shared Risk Link Group Related Topics Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218 Creating an Explicit Path With Exclude SRLG, on page 220 Using Explicit Path With Exclude SRLG, on page 222 Creating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226 Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229 Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267 Explicit Path The Explicit Path configuration allows you to configure the explicit path. An IP explicit path is a list of IP addresses, each representing a node or link in the explicit path. The MPLS Traffic Engineering (TE)—IP Explicit Address Exclusion feature provides a means to exclude a link or node from the path for an Multiprotocol Label Switching (MPLS) TE label-switched path (LSP). This feature is enabled through the explicit-path command that allows you to create an IP explicit path and enter a configuration submode for specifying the path. The feature adds to the submode commands of the exclude-address command for specifying addresses to exclude from the path. The feature also adds to the submode commands of the exclude-srlg command that allows you to specify the IP address to get SRLGs to be excluded from the explicit path. If the excluded address or excluded srlg for an MPLS TE LSP identifies a flooded link, the constraint-based shortest path first (CSPF) routing algorithm does not consider that link when computing paths for the LSP. If the excluded address specifies a flooded MPLS TE router ID, the CSPF routing algorithm does not allow paths for the LSP to traverse the node identified by the router ID. Related Topics Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218 Creating an Explicit Path With Exclude SRLG, on page 220 Using Explicit Path With Exclude SRLG, on page 222 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 147 Implementing MPLS Traffic Engineering MPLS Traffic Engineering Shared Risk Link GroupsCreating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226 Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229 Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267 Fast ReRoute with SRLG Constraints Fast ReRoute (FRR) protects MPLS TE Label Switch Paths (LSPs) from link and node failures by locally repairing the LSPs at the point of failure. This protection allows data to continue to flow on LSPs, while their headend routers attempt to establish new end-to-end LSPs to replace them. FRR locally repairs the protected LSPs by rerouting them over backup tunnels that bypass failed links or nodes. Backup tunnels that bypass only a single link of the LSP's path provide Link Protection. They protect LSPs by specifying the protected link IP addresses to extract SRLG values that are to be excluded from the explicit path, thereby bypassing the failed link. These are referred to as next-hop (NHOP) backup tunnels because they terminate at the LSP's next hop beyond the point of failure. Figure 16: NHOP Backup Tunnel with SRLG constraint illustrates an NHOP backup tunnel. Figure 16: NHOP Backup Tunnel with SRLG constraint In the topology shown in the above figure, the backup tunnel path computation can be performed in this manner: • Get all SRLG values from the exclude-SRLG link (SRLG values 5 and 6) • Mark all the links with the same SRLG value to be excluded from SPF • Path computation as CSPF R2->R6->R7->R3 FRR provides Node Protection for LSPs. Backup tunnels that bypass next-hop nodes along LSP paths are called NNHOP backup tunnels because they terminate at the node following the next-hop node of the LSP paths, thereby bypassing the next-hop node. They protect LSPs when a node along their path fails, by enabling the node upstream to the point of failure to reroute the LSPs and their traffic, around the failed node to the next-next hop. They also protect LSPs by specifying the protected link IP addresses that are to be excluded from the explicit path, and the SRLG values associated with the IP addresses excluded from the explicit path. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 148 OL-26056-02 Implementing MPLS Traffic Engineering MPLS Traffic Engineering Shared Risk Link GroupsNNHOP backup tunnels also provide protection from link failures by bypassing the failed link as well as the node. Figure 17: NNHOP Backup Tunnel with SRLG constraint illustrates an NNHOP backup tunnel. Figure 17: NNHOP Backup Tunnel with SRLG constraint In the topology shown in the above figure, the backup tunnel path computation can be performed in this manner: • Get all SRLG values from the exclude-SRLG link (SRLG values 5 and 6) • Mark all links with the same SRLG value to be excluded from SPF • Verify path with SRLG constraint • Path computation as CSPF R2->R9->R10->R4 Related Topics Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218 Creating an Explicit Path With Exclude SRLG, on page 220 Using Explicit Path With Exclude SRLG, on page 222 Creating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226 Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229 Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267 Importance of Protection This section describes the following: • Delivery of Packets During a Failure • Multiple Backup Tunnels Protecting the Same Interface Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 149 Implementing MPLS Traffic Engineering MPLS Traffic Engineering Shared Risk Link GroupsRelated Topics Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218 Creating an Explicit Path With Exclude SRLG, on page 220 Using Explicit Path With Exclude SRLG, on page 222 Creating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226 Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229 Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267 Delivery of Packets During a Failure Backup tunnels that terminate at the NNHOP protect both the downstream link and node. This provides protection for link and node failures. Related Topics Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218 Creating an Explicit Path With Exclude SRLG, on page 220 Using Explicit Path With Exclude SRLG, on page 222 Creating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226 Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229 Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267 Multiple Backup Tunnels Protecting the Same Interface • Redundancy—If one backup tunnel is down, other backup tunnels protect LSPs. • Increased backup capacity—If the protected interface is a high-capacity link and no single backup path exists with an equal capacity, multiple backup tunnels can protect that one high-capacity link. The LSPs using thislink falls over to different backup tunnels, allowing all of the LSPsto have adequate bandwidth protection during failure (rerouting). If bandwidth protection is not desired, the router spreads LSPs across all available backup tunnels (that is, there is load balancing across backup tunnels). Related Topics Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218 Creating an Explicit Path With Exclude SRLG, on page 220 Using Explicit Path With Exclude SRLG, on page 222 Creating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226 Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229 Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267 SRLG Limitations There are few limitations to the configured SRLG feature: • The exclude-address and exclude-srlg options are not allowed in the IP explicit path strict-address network. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 150 OL-26056-02 Implementing MPLS Traffic Engineering MPLS Traffic Engineering Shared Risk Link Groups• Whenever SRLG values are modified after tunnels are signalled, they are verified dynamically in the next path verification cycle. Related Topics Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218 Creating an Explicit Path With Exclude SRLG, on page 220 Using Explicit Path With Exclude SRLG, on page 222 Creating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226 Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229 Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267 Soft-Preemption MPLS-TE preemption consists of freeing the resources of an established LSP, and assigning them to a new LSP. The freeing of resources causes a traffic disruption to the LSP that is being preempted. Soft preemption is an extension to the RSVP-TE protocol to minimize and even eliminate such traffic disruption over the preempted LSP. The soft-preemption feature attempts to preempt the LSPs in a graceful manner to minimize or eliminate traffic loss. However, the link might be over-subscribed for a period of time. In a network that implements soft preemption, zero traffic loss is achieved in this manner: • When signaling a new LSP, the ingress router indicates to all the intermediate nodes that the existing LSP is to be softly preempted, in case its resources are needed and is to be reassigned. • When a given intermediate node needs to soft-preempt the existing LSP, it sends a new or special path error (preemption pending) to the ingress router. The intermediate node does not dismantle the LSP and maintains its state. • When the ingress router receives the path error (preemption pending) from the intermediate node, it immediately starts a re-optimization that avoids the link that caused the preemption. • When the re-optimization is complete, the ingress router tears down the soft-preempted LSP. Related Topics Enabling Soft-Preemption on a Node, on page 245 Enabling Soft-Preemption on a Tunnel, on page 247 Path Option Attributes The path option attributes are configurable through a template configuration. Thistemplate, named attribute-set, is configured globally in the MPLS traffic-engineering mode. You can apply an attribute-set to a path option on a per-LSP basis. The path option configuration is extended to take a path option attribute name. LSPs computed with a particular path option usesthe attributes asspecified by the attribute-set under that path option. These prerequisites are required to implement path option attributes: • Path option type attribute-set is configured in the MPLS TE mode Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 151 Implementing MPLS Traffic Engineering Soft-Preemption• Path option CLI extended to accept an attribute-set name Note The signalled-bandwidth and affinity attributes are supported under the attribute-set template. Related Topics Configuring Attributes within a Path-Option Attribute, on page 249 Configuration Hierarchy of Path Option Attributes You can specify a value for an attribute within a path option attribute-set template. This does not prevent the configuring of the same attribute at a tunnel level. However, it is important to note that only one level is taken into account. So, the configuration at the LSP level is considered more specific than the one at the level of the tunnel, and it is used from this point onwards. Attributes that are not specified within an attribute-set take their values as usual--configuration at the tunnel level, configuration at the global MPLS level, or default values. Here is an example: attribute-set path-option MYSET affinity 0xBEEF mask 0xBEEF interface tunnel-te 10 affinity 0xCAFE mask 0xCAFE signalled-bandwidth 1000 path-option 1 dynamic attribute-set name MYSET path-option 2 dynamic In this example, the attribute-set named MYSET is specifying affinity as 0xBEEF. The signalled bandwidth has not been configured in this MYSET. The tunnel 10, meanwhile, has affinity 0xCAFE configured. LSPs computed from path-option 1 uses the affinity 0xBEEF/0xBEEF, while LSPs computed from path-option 2 uses the affinity 0xCAFE/0xCAFE. All LSPs computed using any of these path-options use signalled-bandwidth as 1000, as this is the only value that is specified only at the tunnel level. The attributes configured in a path option attribute-set template takes precedence over the same attribute configured under a tunnel. An attribute configured under a tunnel is used only if the equivalent attribute is not specified by the in-use path option attribute-set template. Note Related Topics Configuring Attributes within a Path-Option Attribute, on page 249 Traffic Engineering Bandwidth and Bandwidth Pools MPLS traffic engineering allows constraint-based routing (CBR) of IP traffic. One of the constraints satisfied by CBR is the availability of required bandwidth over a selected path. Regular TE tunnel bandwidth is called the global pool. The subpool bandwidth is a portion of the global pool. If it is not in use, the subpool bandwidth is not reserved from the global pool. Therefore, subpool tunnels require a priority higher than that of non-subpool tunnels. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 152 OL-26056-02 Implementing MPLS Traffic Engineering Path Option AttributesYou can configure the signalled-bandwidth path option attribute to use either the global pool (default) or the subpool bandwidth. The signalled-bandwidth value for the path option may be any valid value and the pool does not have to be the same as that which is configured on the tunnel. When you configure signalled-bandwidth for path options with the signalled-bandwidth bandwidth [sub-pool | global] kbps command, use either allsubpool bandwidths or all global-pool bandwidth values. Note Related Topics Configuring Attributes within a Path-Option Attribute, on page 249 Path Option Switchover Reoptimization to a particular path option is not possible if the in-use path option and the new path option do not share the same bandwidth class. The path option switchover operation would fail in such a scenario. Use this command at the EXEC configuration mode to switchover to a newer path option : mpls traffic-eng switchover tunnel-xx ID path-option index The switchover to a newer path option is achieved, in these instances: • when a lower index path option is available • when any signalling message or topology update causes the primary LSP to go down • when a local interface fails on the primary LSP or a path error is received on the primary LSP Note Path option switchover between various path options with different bandwidth classes is not allowed. Related Topics Configuring Attributes within a Path-Option Attribute, on page 249 Path Option and Path Protection When path-protection is enabled, a standby LSP is established to protect traffic going over the tunnel. The standby LSP may be established using either the same path option as the primary LSP, or a different one. The standby LSP is computed to be diverse from the primary LSP, so bandwidth class differences does not matter. This is true in all cases of diversity except node-diversity. With node diversity, it is possible for the standby LSP to share up to two links with the primary LSP, the link exiting the head node, and the link entering the tail node. If you want to switchover from one path option to another path option and these path options have different classes, the path option switchover is rejected. However, the path option switchover can not be blocked in the path-protection feature. When the standby LSP becomes active using another path option of a different class type, the path option switchover cannot be rejected at the head end. It might get rejected by the downstream node. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 153 Implementing MPLS Traffic Engineering Path Option AttributesNode-diversity is only possible under limited conditions. The conditions that must be met are: • there is no second path that is both node and link diverse • the current LSP uses a shared-media link at the head egress or tail ingress • the shared-media link used by the current LSP permits computation of a node-diverse path In Cisco IOS XR, reoptimization between different class types would actually be rejected by the next hop. This rejection will occur by an admission failure. Related Topics Configuring Attributes within a Path-Option Attribute, on page 249 Auto-Tunnel Mesh The MPLS traffic engineering auto-tunnel mesh (Auto-mesh) feature allows you to set up full mesh of TE P2P tunnels automatically with a minimal set of MPLS traffic engineering configurations. You may configure one or more mesh-groups. Each mesh-group requires a destination-list (IPv4 prefix-list) listing destinations, which are used as destinations for creating tunnels for that mesh-group. You may configure MPLS TE auto-mesh type attribute-sets (templates) and associate them to mesh-groups. LSR creates tunnels using the tunnel properties defined in the attribute-set. Auto-Tunnel mesh provides benefits: • Minimizes the initial configuration of the network. You may configure tunnel properties template and mesh-groups or destination-lists on each TE LSRs that further creates full mesh of TE tunnels between those LSRs. • Minimizes future configurations resulting due to network growth. It eliminates the need to reconfigure each existing TE LSR in order to establish a full mesh of TE tunnels whenever a new TE LSR is added in the network. Related Topics Configuring Auto-Tunnel Mesh Tunnel ID, on page 251 Configuring Auto-tunnel Mesh Unused Timeout, on page 252 Configuring Auto-Tunnel Mesh Group, on page 254 Configuring Tunnel Attribute-Set Templates, on page 256 Enabling LDP on Auto-Tunnel Mesh, on page 258 Destination List (Prefix-List) Auto-mesh tunnels can be automatically created using prefix-list. Each TE enabled router in the network learns about the TE router IDs through a existing IGP extension. You can view the router IDs on the router using this command: show mpls traffic-eng topology | include TE Id IGP Id: 0001.0000.0010.00, MPLS TE Id:100.1.1.1 Router Node (ISIS 1 level-2) Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 154 OL-26056-02 Implementing MPLS Traffic Engineering Auto-Tunnel MeshIGP Id: 0001.0000.0011.00, MPLS TE Id:100.2.2.2 Router Node (ISIS 1 level-2) IGP Id: 0001.0000.0012.00, MPLS TE Id:100.3.3.3 Router Node (ISIS 1 level-2) A prefix-list may be configured on each TE router to match a desired set of router IDs (MPLS TE ID as shown in the above output). For example, if a prefix-list is configured to match addresses of 100.0.0.0 with wildcard 0.255.255.255, then all 100.x.x.x router IDs are included in the auto-mesh group. When a new TE router is added in the network and its router ID is also in the block of addresses described by the prefix-list, for example, 100.x.x.x, then it is added in the auto-mesh group on each existing TE router without having to explicitly modify the prefix-list or perform any additional configuration. Auto-mesh does not create tunnels to its own (local) TE router IDs. When prefix-list configurations on all routers are not identical, it can result in non- symmetrical mesh of tunnels between those routers. Note Related Topics Configuring Auto-Tunnel Mesh Tunnel ID, on page 251 Configuring Auto-tunnel Mesh Unused Timeout, on page 252 Configuring Auto-Tunnel Mesh Group, on page 254 Configuring Tunnel Attribute-Set Templates, on page 256 Enabling LDP on Auto-Tunnel Mesh, on page 258 How to Implement Traffic Engineering Traffic engineering requires coordination among several global neighbor routers, creating traffic engineering tunnels, setting up forwarding across traffic engineering tunnels, setting up FRR, and creating differential service. These procedures are used to implement MPLS-TE: Building MPLS-TE Topology Perform this task to configure MPLS-TE topology (required for traffic engineering tunnel operations). Before You Begin Before you start to build the MPLS-TE topology, you must have enabled: • IGP such as OSPF or IS-IS for MPLS-TE. • MPLS Label Distribution Protocol (LDP). • RSVP on the port interface. • Stable router ID is required at either end of the link to ensure that the link is successful. If you do not assign a router ID, the system defaults to the global router ID. Default router IDs are subject to change, which can result in an unstable link. • If you are going to use nondefault holdtime or intervals, you must decide the values to which they are set. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 155 Implementing MPLS Traffic Engineering How to Implement Traffic EngineeringSUMMARY STEPS 1. configure 2. mpls traffic-eng 3. interface type interface-path-id 4. exit 5. exit 6. router ospf process-name 7. area area-id 8. exit 9. mpls traffic-eng router-id type interface-path-id 10. Use one of the following commands: • end • commit 11. (Optional) show mpls traffic-eng topology 12. (Optional) show mpls traffic-eng link-management advertisements DETAILED STEPS Command or Action Purpose configure Enters the configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 2 RP/0/RSP0/CPU0:router(config-mpls-te)# Enables traffic engineering on a particular interface on the originating node and enters MPLS-TE interface configuration mode. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-mpls-te)#interface Step 3 POS0/6/0/0 RP/0/RSP0/CPU0:router(config-mpls-te-if)# exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-mpls-te-if)# exit Step 4 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 156 OL-26056-02 Implementing MPLS Traffic Engineering Building MPLS-TE TopologyCommand or Action Purpose RP/0/RSP0/CPU0:router(config-mpls-te)# exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# exit Step 5 RP/0/RSP0/CPU0:router(config)# router ospf process-name Enters a name for the OSPF process. Example: RP/0/RSP0/CPU0:router(config)# router ospf 1 Step 6 Step 7 area area-id Configures an area for the OSPF process. Example: RP/0/RSP0/CPU0:router(config-router)# area 0 • Backbone areas have an area ID of 0. • Non-backbone areas have a non-zero area ID. exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-ospf-ar)# exit Step 8 RP/0/RSP0/CPU0:router(config-ospf)# mpls traffic-eng router-id type interface-path-id Sets the MPLS-TE loopback interface. Example: RP/0/RSP0/CPU0:router(config-ospf)# mpls Step 9 traffic-eng router-id Loopback0 Step 10 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ospf)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ospf)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 157 Implementing MPLS Traffic Engineering Building MPLS-TE TopologyCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Verifies the traffic engineering topology. show mpls traffic-eng topology Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 11 topology (Optional) Displays all the link-management advertisements for the links on this node. show mpls traffic-eng link-management advertisements Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 12 link-management advertisements Related Topics How MPLS-TE Works, on page 121 Build MPLS-TE Topology and Tunnels: Example, on page 260 Creating an MPLS-TE Tunnel Creating an MPLS-TE tunnel is a process of customizing the traffic engineering to fit your network topology. Perform this task to create an MPLS-TE tunnel after you have built the traffic engineering topology. Before You Begin The following prerequisites are required to create an MPLS-TE tunnel: • You must have a router ID for the neighboring router. • Stable router ID is required at either end of the link to ensure that the link is successful. If you do not assign a router ID to the routers, the system defaultsto the global router ID. Default router IDs are subject to change, which can result in an unstable link. • If you are going to use nondefault holdtime or intervals, you must decide the values to which they are set. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 158 OL-26056-02 Implementing MPLS Traffic Engineering Creating an MPLS-TE TunnelSUMMARY STEPS 1. configure 2. interface tunnel-te tunnel-id 3. destination ip-address 4. ipv4 unnumbered type interface-path-id 5. path-option preference - priority dynamic 6. signalled- bandwidth {bandwidth [class-type ct ] | sub-pool bandwidth} 7. Use one of these commands: • end • commit 8. (Optional) show mpls traffic-eng tunnels 9. (Optional) show ipv4 interface brief 10. (Optional) show mpls traffic-eng link-management admission-control DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface. Example: RP/0/RSP0/CPU0:router# interface tunnel-te Step 2 1 Step 3 destination ip-address Assigns a destination address on the new tunnel. Example: RP/0/RSP0/CPU0:router(config-if)# destination The destination address is the remote node’s MPLS-TE router ID. 192.168.92.125 Assigns a source address so that forwarding can be performed on the new tunnel. Loopback is commonly used as the interface type. ipv4 unnumbered type interface-path-id Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 Step 4 unnumbered Loopback0 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 159 Implementing MPLS Traffic Engineering Creating an MPLS-TE TunnelCommand or Action Purpose path-option preference - priority dynamic Sets the path option to dynamic and assigns the path ID. Example: RP/0/RSP0/CPU0:router(config-if)# path-option Step 5 l dynamic Sets the CT0 bandwidth required on this interface. Because the default tunnel priority is 7, tunnels use the default TE class map (namely, class-type 1, priority 7). signalled- bandwidth {bandwidth [class-type ct ] | sub-pool bandwidth} Example: RP/0/RSP0/CPU0:router(config-if)# Step 6 signalled-bandwidth 100 Step 7 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Verifiesthat the tunnel is connected (in the UP state) and displays all configured TE tunnels. show mpls traffic-eng tunnels Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 8 tunnels (Optional) Displays all TE tunnel interfaces. show ipv4 interface brief Example: RP/0/RSP0/CPU0:router# show ipv4 interface Step 9 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 160 OL-26056-02 Implementing MPLS Traffic Engineering Creating an MPLS-TE TunnelCommand or Action Purpose brief (Optional) Displays all the tunnels on this node. show mpls traffic-eng link-management admission-control Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 10 link-management admission-control Related Topics How MPLS-TE Works, on page 121 Build MPLS-TE Topology and Tunnels: Example, on page 260 Building MPLS-TE Topology, on page 155 Configuring Forwarding over the MPLS-TE Tunnel Perform this task to configure forwarding over the MPLS-TE tunnel created in the previous task . This task allows MPLS packets to be forwarded on the link between network neighbors. Before You Begin The following prerequisites are required to configure forwarding over the MPLS-TE tunnel: • You must have a router ID for the neighboring router. • Stable router ID is required at either end of the link to ensure that the link is successful. If you do not assign a router ID to the routers, the system defaultsto the global router ID. Default router IDs are subject to change, which can result in an unstable link. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 161 Implementing MPLS Traffic Engineering Configuring Forwarding over the MPLS-TE TunnelSUMMARY STEPS 1. configure 2. interface tunnel-te tunnel-id 3. ipv4 unnumbered type interface-path-id 4. autoroute announce 5. exit 6. router static address-family ipv4 unicast prefix mask ip-address interface type 7. Use one of these commands: • end • commit 8. (Optional) ping {ip-address | hostname} 9. (Optional) show mpls traffic-eng autoroute DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 interface tunnel-te tunnel-id Enters MPLS-TE interface configuration mode. Example: RP/0/RSP0/CPU0:router(config)# interface Step 2 tunnel-te 1 Assigns a source address so that forwarding can be performed on the new tunnel. ipv4 unnumbered type interface-path-id Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 Step 3 unnumbered Loopback0 Enables messages that notify the neighbor nodes about the routes that are forwarding. autoroute announce Example: RP/0/RSP0/CPU0:router(config-if)# autoroute Step 4 announce Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 162 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Forwarding over the MPLS-TE TunnelCommand or Action Purpose exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-if)# exit Step 5 Enables a route using IP version 4 addressing, identifies the destination address and the tunnel where forwarding is enabled. router static address-family ipv4 unicast prefix mask ip-address interface type Step 6 Example: RP/0/RSP0/CPU0:router(config)# router static This configuration is used for static routes when the autoroute announce command is not used. address-family ipv4 unicast 2.2.2.2/32 tunnel-te 1 Step 7 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Checks for connectivity to a particular IP address or host name. ping {ip-address | hostname} Example: RP/0/RSP0/CPU0:router# ping 192.168.12.52 Step 8 (Optional) Verifies forwarding by displaying what is advertised to IGP for the TE tunnel. show mpls traffic-eng autoroute Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 9 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 163 Implementing MPLS Traffic Engineering Configuring Forwarding over the MPLS-TE TunnelCommand or Action Purpose autoroute Related Topics Overview of MPLS Traffic Engineering, on page 121 Creating an MPLS-TE Tunnel, on page 158 Protecting MPLS Tunnels with Fast Reroute Perform this task to protect MPLS-TE tunnels, as created in the previous task. Although this task is similar to the previous task, its importance makes it necessary to present as part of the tasks required for traffic engineering on Cisco IOS XR software. Note Before You Begin The following prerequisites are required to protect MPLS-TE tunnels: • You must have a router ID for the neighboring router. • Stable router ID is required at either end of the link to ensure that the link is successful. If you do not assign a router ID to the routers, the system defaultsto the global router ID. Default router IDs are subject to change, which can result in an unstable link. • You must first configure a primary tunnel. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 164 OL-26056-02 Implementing MPLS Traffic Engineering Protecting MPLS Tunnels with Fast RerouteSUMMARY STEPS 1. configure 2. interface tunnel-te tunnel-id 3. fast-reroute 4. exit 5. mpls traffic-eng 6. interface type interface-path-id 7. backup-path tunnel-te tunnel-number 8. exit 9. exit 10. interface tunnel-te tunnel-id 11. backup-bw {backup bandwidth |sub-pool {bandwidth | unlimited} | global-pool {bandwidth | unlimited} } 12. ipv4 unnumbered type interface-path-id 13. path-option preference-priority {explicit name explicit-path-name} 14. destination ip-address 15. Use one of these commands: • end • commit 16. (Optional) show mpls traffic-eng tunnels backup 17. (Optional) show mpls traffic-eng tunnels protection frr 18. (Optional) show mpls traffic-eng fast-reroute database DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface. Example: RP/0/RSP0/CPU0:router# interface tunnel-te 1 Step 2 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 165 Implementing MPLS Traffic Engineering Protecting MPLS Tunnels with Fast RerouteCommand or Action Purpose fast-reroute Enables fast reroute. Example: RP/0/RSP0/CPU0:router(config-if)# fast-reroute Step 3 exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-if)# exit Step 4 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 5 RP/0/RSP0/CPU0:router(config-mpls-te)# Enables traffic engineering on a particular interface on the originating node. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-mpls-te)# interface Step 6 pos0/6/0/0 RP/0/RSP0/CPU0:router(config-mpls-te-if)# backup-path tunnel-te tunnel-number Sets the backup path to the backup tunnel. Example: RP/0/RSP0/CPU0:router(config-mpls-te-if)# Step 7 backup-path tunnel-te 2 exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-mpls-te-if)# exit Step 8 RP/0/RSP0/CPU0:router(config-mpls-te)# exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# exit Step 9 RP/0/RSP0/CPU0:router(config)# Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 166 OL-26056-02 Implementing MPLS Traffic Engineering Protecting MPLS Tunnels with Fast RerouteCommand or Action Purpose interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface. Example: RP/0/RSP0/CPU0:router(config)# interface Step 10 tunnel-te 2 backup-bw {backup bandwidth | sub-pool {bandwidth Sets the CT0 bandwidth required on this interface. | unlimited} | global-pool {bandwidth | unlimited} } Step 11 Because the default tunnel priority is 7, tunnels use the default TE class map. Note Example: RP/0/RSP0/CPU0:router(config-if)#backup-bw global-pool 5000 Assigns a source address to set up forwarding on the new tunnel. ipv4 unnumbered type interface-path-id Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 Step 12 unnumbered Loopback0 Setsthe path option to explicit with a given name (previously configured) and assigns the path ID. path-option preference-priority {explicit name explicit-path-name} Example: RP/0/RSP0/CPU0:router(config-if)# path-option Step 13 l explicit name backup-path Step 14 destination ip-address Assigns a destination address on the new tunnel. Example: RP/0/RSP0/CPU0:router(config-if)# destination • Destination address is the remote node’s MPLS-TE router ID. • Destination addressisthe merge point between backup and protected tunnels. 192.168.92.125 When you configure TE tunnel with multiple protection on its path and merge point is the same node for more than one protection, you must configure record-route for that tunnel. Note Step 15 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-if)# end Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 167 Implementing MPLS Traffic Engineering Protecting MPLS Tunnels with Fast RerouteCommand or Action Purpose ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays the backup tunnel information. show mpls traffic-eng tunnels backup Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 16 tunnels backup (Optional) Displays the tunnel protection information for Fast-Reroute (FRR). show mpls traffic-eng tunnels protection frr Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 17 tunnels protection frr (Optional) Displays the protected tunnel state (for example, the tunnel’s current ready or active state). show mpls traffic-eng fast-reroute database Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 18 fast-reroute database Related Topics Fast Reroute, on page 130 Fast Reroute Node Protection, on page 135 Creating an MPLS-TE Tunnel, on page 158 Configuring Forwarding over the MPLS-TE Tunnel, on page 161 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 168 OL-26056-02 Implementing MPLS Traffic Engineering Protecting MPLS Tunnels with Fast RerouteEnabling an AutoTunnel Backup Perform this task to configure the AutoTunnel Backup feature. By default, this feature is disabled. You can configure the AutoTunnel Backup feature for each interface. It has to be explicitly enabled for each interface or link. SUMMARY STEPS 1. configure 2. ipv4 unnumbered mpls traffic-eng Loopback 0 3. mpls traffic-eng 4. auto-tunnel backup timers removal unused frequency 5. auto-tunnel backup tunnel-id min minmax max 6. Use one of these commands: • end • commit 7. show mpls traffic-eng auto-tunnel backup summary DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Configures the globally configured IPv4 address that can be used by the AutoTunnel Backup Tunnels. ipv4 unnumbered mpls traffic-eng Loopback 0 Step 2 Example: RP/0/RSP0/CPU0:router(config)#ipv4 unnumbered mpls traffic-eng Loopback 0 Loopback 0 isthe router ID. The AutoTunnel Backup tunnels will not come up until a global IPv4 address is configured. Note mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 3 Configures how frequently a timerscansthe backup automatic tunnels and removes tunnels that are not in use. auto-tunnel backup timers removal unused frequency Step 4 Example: RP/0/RSP0/CPU0:router(config-mpls-te)# auto-tunnel backup timers removal unused 20 • Use the frequency argument to scan the backup automatic tunnel. Range is 0 to 10080. You can also configure the auto-tunnel backup command at mpls traffic-eng interface mode. Note Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 169 Implementing MPLS Traffic Engineering Enabling an AutoTunnel BackupCommand or Action Purpose Configures the range of tunnel interface numbers to be used for automatic backup tunnels. Range is 0 to 65535. auto-tunnel backup tunnel-id min minmax max Example: RP/0/RSP0/CPU0:router(config-mpls-te)# auto-tunnel backup tunnel-id min 6000 max 6500 Step 5 Step 6 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show mpls traffic-eng auto-tunnel backup Displaysinformation about configured MPLS-TE backup autotunnels. summary Step 7 Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng auto-tunnel backup summary Related Topics Backup AutoTunnels, on page 123 Configure the MPLS-TE Auto-Tunnel Backup: Example, on page 269 Removing an AutoTunnel Backup To remove all the backup autotunnels, perform this task to remove the AutoTunnel Backup feature. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 170 OL-26056-02 Implementing MPLS Traffic Engineering Removing an AutoTunnel BackupSUMMARY STEPS 1. clear mpls traffic-eng auto-tunnel backup unused { all | tunnel-tenumber} 2. Use one of these commands: • end • commit 3. show mpls traffic-eng auto-tunnel summary DETAILED STEPS Command or Action Purpose Clears all MPLS-TE automatic backup tunnelsfrom the EXEC mode. You can also remove the automatic backup tunnel marked with specific tunnel-te, provided it is currently unused. clear mpls traffic-eng auto-tunnel backup unused { all | tunnel-tenumber} Example: RP/0/RSP0/CPU0:router# clear mpls traffic-eng auto-tunnel backup unused all Step 1 Step 2 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Displays information about MPLS-TE autotunnels including the ones removed. show mpls traffic-eng auto-tunnel summary Example: Step 3 RP/0/RSP0/CPU0:router# show mpls traffic-eng auto-tunnel summary Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 171 Implementing MPLS Traffic Engineering Removing an AutoTunnel BackupRelated Topics Backup AutoTunnels, on page 123 Configure the MPLS-TE Auto-Tunnel Backup: Example, on page 269 Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPs To establish an MPLS backup autotunnel to protect fast reroutable TE LSPs, perform these steps: SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. interface type interface-path-id 4. auto-tunnel backup 5. attribute-set attribute-set-name 6. Use one of these commands: • end • commit 7. show mpls traffic-eng auto-tunnel backup summary DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 2 Enables traffic engineering on a specific interface on the originating node. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-mpls-te)# interface POS 0/6/0/0 Step 3 Enables an auto-tunnel backup feature for the specified interface. auto-tunnel backup Example: RP/0/RSP0/CPU0:router(config-mpls-te-if)# auto-tunnel backup Step 4 You cannot configure the static backup on the similar link. Note Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 172 OL-26056-02 Implementing MPLS Traffic Engineering Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPsCommand or Action Purpose Configures attribute-set template for auto-tunnel backup tunnels. attribute-set attribute-set-name Example: RP/0/RSP0/CPU0:router(config-mpls-te-if-auto-backup)#attribute-set ab Step 5 Step 6 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, • commit Example: RP/0/RSP0/CPU0:router(config)# end commit them before exiting(yes/no/cancel)? or [cancel]: RP/0/RSP0/CPU0:router(config)# commit ? Entering yessaves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Displays information about configured MPLS-TE backup autotunnels. show mpls traffic-eng auto-tunnel backup summary Example: RP/0/RSP0/CPU0:router# show mpls traffic auto-tunnel backup summary Step 7 Related Topics Backup AutoTunnels, on page 123 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 173 Implementing MPLS Traffic Engineering Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPsConfigure the MPLS-TE Auto-Tunnel Backup: Example, on page 269 Establishing Next-Hop Tunnels with Link Protection To establish a next-hop tunnel and link protection on the primary tunnel, perform these steps: SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. interface type interface-path-id 4. auto-tunnel backup nhop-only 5. auto-tunnel backup exclude srlg [preferred] 6. attribute-set attribute-set-name 7. Use one of these commands: • end • commit 8. show mpls traffic-eng tunnels number detail DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 2 Enables traffic engineering on a specific interface on the originating node. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-mpls-te)# interface POS 0/6/0/0 Step 3 Enables the creation of dynamic NHOP backup tunnels. By default, both NHOP and NNHOP protection are enabled. auto-tunnel backup nhop-only Example: RP/0/RSP0/CPU0:router(config-mpls-te-if)# auto-tunnel backup nhop-only Step 4 Using this nhop-only option, only link protection is provided. Note Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 174 OL-26056-02 Implementing MPLS Traffic Engineering Establishing Next-Hop Tunnels with Link ProtectionCommand or Action Purpose Enables the exclusion of SRLG values on a given link for the AutoTunnel backup associated with a given interface. auto-tunnel backup exclude srlg [preferred] Example: RP/0/RSP0/CPU0:router(config-mpls-te-if)# auto-tunnel backup exclude srlg preferred Step 5 The preferred option allowsthe AutoTunnel Backup tunnels to come up even if no path excluding all SRLG is found. Configures attribute-set template for auto-tunnel backup tunnels. attribute-set attribute-set-name Example: RP/0/RSP0/CPU0:router(config-mpls-te-if-auto-backup)#attribute-set ab Step 6 Step 7 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, • commit Example: RP/0/RSP0/CPU0:router(config)# end commit them before exiting(yes/no/cancel)? or [cancel]: RP/0/RSP0/CPU0:router(config)# commit ? Entering yessaves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 175 Implementing MPLS Traffic Engineering Establishing Next-Hop Tunnels with Link ProtectionCommand or Action Purpose Displays information about configured NHOP tunnels and SRLG information. show mpls traffic-eng tunnels number detail Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels 1 detail Step 8 Related Topics Backup AutoTunnels, on page 123 Configure the MPLS-TE Auto-Tunnel Backup: Example, on page 269 Configuring a Prestandard DS-TE Tunnel Perform this task to configure a Prestandard DS-TE tunnel. Before You Begin The following prerequisites are required to configure a Prestandard DS-TE tunnel: • You must have a router ID for the neighboring router. • Stable router ID is required at either end of the link to ensure that the link is successful. If you do not assign a router ID to the routers, the system defaultsto the global router ID. Default router IDs are subject to change, which can result in an unstable link. SUMMARY STEPS 1. configure 2. rsvp interface type interface-path-id 3. bandwidth [total reservable bandwidth] [bc0 bandwidth] [global-pool bandwidth] [sub-pool reservable-bw] 4. exit 5. exit 6. interface tunnel-te tunnel-id 7. signalled-bandwidth {bandwidth [class-type ct] | sub-pool bandwidth} 8. Use one of these commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 176 OL-26056-02 Implementing MPLS Traffic Engineering Configuring a Prestandard DS-TE TunnelDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp interface type interface-path-id Enters RSVP configuration mode and selects an RSVP interface. Example: RP/0/RSP0/CPU0:router(config)# rsvp interface Step 2 pos0/6/0/0 Sets the reserved RSVP bandwidth available on this interface by using the prestandard DS-TE mode. The range for the totalreserve bandwidth argument is 0 to 4294967295. bandwidth [total reservable bandwidth] [bc0 bandwidth] [global-pool bandwidth] [sub-pool reservable-bw] Step 3 Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# Physical interface bandwidth is not used by MPLS-TE. bandwidth 100 150 sub-pool 50 exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# exit Step 4 RP/0/RSP0/CPU0:router(config-rsvp)# exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-rsvp)# exit Step 5 RP/0/RSP0/CPU0:router(config)# interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface. Example: RP/0/RSP0/CPU0:router(config)# interface Step 6 tunnel-te 2 Sets the bandwidth required on this interface. Because the default tunnel priority is 7, tunnels use the default TE class map (namely, class-type 1, priority 7). signalled-bandwidth {bandwidth [class-type ct] | sub-pool bandwidth} Example: RP/0/RSP0/CPU0:router(config-if)# Step 7 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 177 Implementing MPLS Traffic Engineering Configuring a Prestandard DS-TE TunnelCommand or Action Purpose signalled-bandwidth sub-pool 10 Step 8 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-if)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Prestandard DS-TE Mode, on page 127 Configure IETF DS-TE Tunnels: Example, on page 261 Configuring an IETF DS-TE Tunnel Using RDM Perform this task to create an IETF mode DS-TE tunnel using RDM. Before You Begin The following prerequisites are required to create an IETF mode DS-TE tunnel using RDM: • You must have a router ID for the neighboring router. • Stable router ID is required at either end of the link to ensure that the link is successful. If you do not assign a router ID to the routers, the system defaultsto the global router ID. Default router IDs are subject to change, which can result in an unstable link. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 178 OL-26056-02 Implementing MPLS Traffic Engineering Configuring an IETF DS-TE Tunnel Using RDMSUMMARY STEPS 1. configure 2. rsvp interface type interface-path-id 3. bandwidth rdm {total-reservable-bw | bc0 | global-pool} {sub-pool | bc1 reservable-bw} 4. exit 5. exit 6. mpls traffic-eng 7. ds-te mode ietf 8. exit 9. interface tunnel-te tunnel-id 10. signalled-bandwidth {bandwidth [class-type ct] | sub-pool bandwidth} 11. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp interface type interface-path-id Enters RSVP configuration mode and selects an RSVP interface. Example: RP/0/RSP0/CPU0:router(config)# rsvp interface Step 2 pos0/6/0/0 Sets the reserved RSVP bandwidth available on this interface by using the Russian Doll Model (RDM) bandwidth constraints bandwidth rdm {total-reservable-bw | bc0 | global-pool} {sub-pool | bc1 reservable-bw} Step 3 model. The range for the total reserve bandwidth argument is 0 to 4294967295. Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# Physical interface bandwidth is not used by MPLS-TE. Note bandwidth rdm 100 150 exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# exit Step 4 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 179 Implementing MPLS Traffic Engineering Configuring an IETF DS-TE Tunnel Using RDMCommand or Action Purpose RP/0/RSP0/CPU0:router(config-rsvp) exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-rsvp) exit Step 5 RP/0/RSP0/CPU0:router(config) mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls Step 6 traffic-eng RP/0/RSP0/CPU0:router(config-mpls-te)# Enables IETF DS-TE mode and default TE class map. IETF DS-TE mode is configured on all network nodes. ds-te mode ietf Example: RP/0/RSP0/CPU0:router(config-mpls-te)# ds-te Step 7 mode ietf exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# exit Step 8 interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface. Example: RP/0/RSP0/CPU0:router(config)# interface Step 9 tunnel-te 4 RP/0/RSP0/CPU0:router(config-if)# Configures the bandwidth required for an MPLS TE tunnel. Because the default tunnel priority is 7, tunnels use the default TE class map (namely, class-type 1, priority 7). signalled-bandwidth {bandwidth [class-type ct] | sub-pool bandwidth} Example: RP/0/RSP0/CPU0:router(config-if)# Step 10 signalled-bandwidth 10 class-type 1 Step 11 Use one of these commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 180 OL-26056-02 Implementing MPLS Traffic Engineering Configuring an IETF DS-TE Tunnel Using RDMCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Related Topics Russian Doll Bandwidth Constraint Model, on page 128 Configuring an IETF DS-TE Tunnel Using MAM Perform this task to configure an IETF mode differentiated services traffic engineering tunnel using the Maximum Allocation Model (MAM) bandwidth constraint model. Before You Begin The following prerequisites are required to configure an IETF mode differentiated servicestraffic engineering tunnel using the MAM bandwidth constraint model: • You must have a router ID for the neighboring router. • Stable router ID is required at either end of the link to ensure that the link is successful. If you do not assign a router ID to the routers, the system defaultsto the global router ID. Default router IDs are subject to change, which can result in an unstable link. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 181 Implementing MPLS Traffic Engineering Configuring an IETF DS-TE Tunnel Using MAMSUMMARY STEPS 1. configure 2. rsvp interface type interface-path-id 3. bandwidth mam {total reservable bandwidth | max-reservable-bw maximum-reservable-bw} [bc0 reservable bandwidth] [bc1 reservable bandwidth] 4. exit 5. exit 6. mpls traffic-eng 7. ds-te mode ietf 8. ds-te bc-model mam 9. exit 10. interface tunnel-te tunnel-id 11. signalled-bandwidth {bandwidth [class-type ct] | sub-pool bandwidth} 12. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters RSVP configuration mode and selects the RSVP interface. rsvp interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config)# rsvp interface Step 2 pos0/6/0/0 bandwidth mam {total reservable bandwidth | Setsthe reserved RSVP bandwidth available on thisinterface. max-reservable-bw maximum-reservable-bw} [bc0 reservable bandwidth] [bc1 reservable bandwidth] Step 3 Physical interface bandwidth is not used by MPLS-TE. Note Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# bandwidth mam max-reservable-bw 400 bc0 300 bc1 200 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 182 OL-26056-02 Implementing MPLS Traffic Engineering Configuring an IETF DS-TE Tunnel Using MAMCommand or Action Purpose exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# exit Step 4 RP/0/RSP0/CPU0:router(config-rsvp)# exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-rsvp)# exit Step 5 RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 6 RP/0/RSP0/CPU0:router(config-mpls-te)# Enables IETF DS-TE mode and default TE class map. Configure IETF DS-TE mode on all nodes in the network. ds-te mode ietf Example: RP/0/RSP0/CPU0:router(config-mpls-te)# ds-te Step 7 mode ietf ds-te bc-model mam Enables the MAM bandwidth constraint model globally. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# ds-te Step 8 bc-model mam exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# exit Step 9 interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface. Example: RP/0/RSP0/CPU0:router(config)# interface Step 10 tunnel-te 4 RP/0/RSP0/CPU0:router(config-if)# Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 183 Implementing MPLS Traffic Engineering Configuring an IETF DS-TE Tunnel Using MAMCommand or Action Purpose Configures the bandwidth required for an MPLS TE tunnel. Because the default tunnel priority is 7, tunnels use the default TE class map (namely, class-type 1, priority 7). signalled-bandwidth {bandwidth [class-type ct] | sub-pool bandwidth} Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# Step 11 signalled-bandwidth 10 class-type 1 Step 12 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration or session, and returns the router to EXEC mode. RP/0/RSP0/CPU0:router(config-rsvp-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Maximum Allocation Bandwidth Constraint Model, on page 128 Configuring MPLS -TE and Fast-Reroute on OSPF Perform this task to configure MPLS-TE and Fast Reroute (FRR) on OSPF. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 184 OL-26056-02 Implementing MPLS Traffic Engineering Configuring MPLS -TE and Fast-Reroute on OSPFBefore You Begin Only point-to-point (P2P) interfaces are supported for OSPF multiple adjacencies. These may be either native P2P interfaces or broadcast interfaces on which the OSPF P2P configuration command is applied to force them to behave as P2P interfaces as far as OSPF is concerned. This restriction does not apply to IS-IS. The tunnel-te interface is not supported under IS-IS. Note SUMMARY STEPS 1. configure 2. interface tunnel-te tunnel-id 3. path-option [protecting ] preference-priority {dynamic [pce [address ipv4 address] | explicit {name pathname | identifier path-number } } [isis instance name {level level} ] [ospf instance name {area area ID} ] ] [verbatim] [lockdown] 4. Repeat Step 3 as many times as needed. 5. Use one of these commands: • end • commit 6. show mpls traffic-eng tunnels [tunnel-number] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Configures an MPLS-TE tunnel interface. The range for the tunnel ID number is 0 to 65535. interface tunnel-te tunnel-id Example: RP/0/RSP0/CPU0:router(config)# interface Step 2 tunnel-te 1 RP/0/RSP0/CPU0:router(config-if)# Configures an explicit path option for an MPLS-TE tunnel. OSPF is limited to a single OSPF instance and area. path-option [protecting ] preference-priority {dynamic [pce [address ipv4 address] | explicit {name pathname | identifier path-number } } [isis instance name {level Step 3 level} ] [ospf instance name {area area ID} ] ] [verbatim] [lockdown] Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 185 Implementing MPLS Traffic Engineering Configuring MPLS -TE and Fast-Reroute on OSPFCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-if)# path-option 1 explicit identifier 6 ospf green area 0 Repeat Step 3 as many times as needed. Configures another explicit path option. Example: RP/0/RSP0/CPU0:router(config-if)# path-option Step 4 2 explicit name 234 ospf 3 area 7 verbatim Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show mpls traffic-eng tunnels [tunnel-number] Displays information about MPLS-TE tunnels. Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 6 tunnels 1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 186 OL-26056-02 Implementing MPLS Traffic Engineering Configuring MPLS -TE and Fast-Reroute on OSPFConfiguring the Ignore Integrated IS-IS Overload Bit Setting in MPLS-TE Perform this task to configure an overload node avoidance in MPLS-TE. When the overload bit is enabled, tunnels are brought down when the overload node is found in the tunnel path. SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. path-selection ignore overload {head | mid | tail} 4. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls Step 2 traffic-eng RP/0/RSP0/CPU0:router(config-mpls-te)# Ignoresthe Intermediate System-to-Intermediate System (IS-IS) overload bit setting for MPLS-TE. path-selection ignore overload {head | mid | tail} Step 3 Example: RP/0/RSP0/CPU0:router(config-mpls-te)# If set-overload-bit is set by IS-IS on the head router, the tunnels stay up. path-selection ignore overload head Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 187 Implementing MPLS Traffic Engineering Configuring the Ignore Integrated IS-IS Overload Bit Setting in MPLS-TECommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-mpls-te)# ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. end or RP/0/RSP0/CPU0:router(config-mpls-te)# ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. commit • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Ignore Intermediate System-to-Intermediate System Overload Bit Setting in MPLS-TE, on page 131 Configure the Ignore IS-IS Overload Bit Setting in MPLS-TE: Example, on page 262 Configuring Flexible Name-based Tunnel Constraints To fully configure MPLS-TE flexible name-based tunnel constraints, you must complete these high-level tasks in order: 1 Assigning Color Names to Numeric Values, on page 188 2 Associating Affinity-Names with TE Links, on page 190 3 Associating Affinity Constraints for TE Tunnels, on page 192 Assigning Color Names to Numeric Values The first task in enabling the new coloring scheme is to assign a numerical value (in hexadecimal) to each value (color). An affinity color name cannot exceed 64 characters. An affinity value cannot exceed a single digit. For example, magenta1. Note Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 188 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Flexible Name-based Tunnel ConstraintsSUMMARY STEPS 1. configure 2. mpls traffic-eng 3. affinity-map affinity name {affinity value | bit-position value} 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls Step 2 traffic-eng RP/0/RSP0/CPU0:router(config-mpls-te)# Enters an affinity name and a map value by using a color name (repeat this command to assign multiple colors up to a maximum of 64 colors). affinity-map affinity name {affinity value | bit-position value} Step 3 An affinity color name cannot exceed 64 characters. The value you assign to a color name must be a single digit. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# affinity-map red 1 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-mpls-te)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns or the router to EXEC mode. RP/0/RSP0/CPU0:router(config-mpls-te)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 189 Implementing MPLS Traffic Engineering Configuring Flexible Name-based Tunnel ConstraintsCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Flexible Name-based Tunnel Constraints, on page 132 Configure Flexible Name-based Tunnel Constraints: Example, on page 263 Associating Affinity-Names with TE Links The next step in the configuration of MPLS-TE Flexible Name-based Tunnel Constraints is to assign affinity names and values to TE links. You can assign up to a maximum of 32 colors. Before you assign a color to a link, you must define the name-to-value mapping for each color. SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. interface type interface-path-id 4. attribute-names attribute name 5. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 190 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Flexible Name-based Tunnel ConstraintsCommand or Action Purpose mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls Step 2 traffic-eng RP/0/RSP0/CPU0:router(config-mpls-te)# Enables MPLS-TE on an interface and enters MPLS-TE interface configuration mode. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-mpls-te)# Step 3 interface tunnel-te 2 RP/0/RSP0/CPU0:router(config-mpls-te-if)# attribute-names attribute name Assigns colors to TE links over the selected interface. Example: RP/0/RSP0/CPU0:router(config-mpls-te-if)# Step 4 attribute-names red Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-mpls-te-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and or returns the router to EXEC mode. RP/0/RSP0/CPU0:router(config-mpls-te-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 191 Implementing MPLS Traffic Engineering Configuring Flexible Name-based Tunnel ConstraintsRelated Topics Flexible Name-based Tunnel Constraints, on page 132 Configure Flexible Name-based Tunnel Constraints: Example, on page 263 Assigning Color Names to Numeric Values, on page 188 Associating Affinity Constraints for TE Tunnels The final step in the configuration of MPLS-TE Flexible Name-based Tunnel Constraints requires that you associate a tunnel with affinity constraints. Using this model, there are no masks. Instead, there is support for four types of affinity constraints: • include • include-strict • exclude • exclude-all Note For the affinity constraints above, all but the exclude-all constraint may be associated with up to 10 colors. SUMMARY STEPS 1. configure 2. interface tunnel-te tunnel-id 3. affinity {affinity-value mask mask-value | exclude name | exclude -all | include name | include-strict name} 4. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 192 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Flexible Name-based Tunnel ConstraintsCommand or Action Purpose interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface. Example: RP/0/RSP0/CPU0:router(config)# Step 2 interface tunnel-te 1 Configures link attributes for links comprising a tunnel. You can have up to ten colors. affinity {affinity-value mask mask-value | exclude name | exclude -all | include name | include-strict name} Step 3 Multiple include statements can be specified under tunnel configuration. With this configuration, a link is eligible for CSPF if it has at least a red Example: RP/0/RSP0/CPU0:router(config-if)# color or has at least a green color. Thus, a link with red and any other colors as well as a link with green and any additional colors meet the above affinity include red constraint. Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Flexible Name-based Tunnel Constraints, on page 132 Configure Flexible Name-based Tunnel Constraints: Example, on page 263 Configuring IS-IS to Flood MPLS-TE Link Information Perform this task to configure a router running the Intermediate System-to-Intermediate System (IS-IS) protocol to flood MPLS-TE link information into multiple IS-IS levels. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 193 Implementing MPLS Traffic Engineering Configuring IS-IS to Flood MPLS-TE Link InformationThis procedure shows how to enable MPLS-TE in both IS-IS Level 1 and Level 2. SUMMARY STEPS 1. configure 2. router isis instance-id 3. net network-entity-title 4. address-family {ipv4 | ipv6} {unicast} 5. metric-style wide 6. mpls traffic-eng level 7. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 router isis instance-id Enters an IS-IS instance. Example: RP/0/RSP0/CPU0:router(config)# router isis Step 2 1 net network-entity-title Enters an IS-IS network entity title (NET) for the routing process. Example: RP/0/RSP0/CPU0:router(config-isis)# net Step 3 47.0001.0000.0000.0002.00 Enters address family configuration mode for configuring IS-IS routing that uses IPv4 and IPv6 address prefixes. address-family {ipv4 | ipv6} {unicast} Example: RP/0/RSP0/CPU0:router(config-isis)# Step 4 address-family ipv4 unicast Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 194 OL-26056-02 Implementing MPLS Traffic Engineering Configuring IS-IS to Flood MPLS-TE Link InformationCommand or Action Purpose metric-style wide Enters the new-style type, length, and value (TLV) objects. Example: RP/0/RSP0/CPU0:router(config-isis-af)# Step 5 metric-style wide mpls traffic-eng level Enters the required MPLS-TE level or levels. Example: RP/0/RSP0/CPU0:router(config-isis-af)# mpls Step 6 traffic-eng level-1-2 Step 7 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-isis-af)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring an OSPF Area of MPLS-TE Perform this task to configure an OSPF area for MPLS-TE in both the OSPF backbone area 0 and area 1. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 195 Implementing MPLS Traffic Engineering Configuring an OSPF Area of MPLS-TESUMMARY STEPS 1. configure 2. router ospf process-name 3. mpls traffic-eng router-id type interface-path-id 4. area area-id 5. interface type interface-path-id 6. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 router ospf process-name Enters a name that uniquely identifies an OSPF routing process. Example: RP/0/RSP0/CPU0:router(config)# router Step 2 process-name Any alphanumeric string no longer than 40 characters without spaces. ospf 100 Entersthe MPLS interface type. For more information, use the question mark (?) online help function. mplstraffic-eng router-id type interface-path-id Example: RP/0/RSP0/CPU0:router(config-ospf)# mpls Step 3 traffic-eng router-id Loopback0 area area-id Enters an OSPF area identifier. Example: RP/0/RSP0/CPU0:router(config-ospf)# area Step 4 area-id Either a decimal value or an IP address. 0 Identifies an interface ID. For more information, use the question mark (?) online help function. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-ospf-ar)# Step 5 interface POS 0/2/0/0 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 196 OL-26056-02 Implementing MPLS Traffic Engineering Configuring an OSPF Area of MPLS-TECommand or Action Purpose Step 6 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ospf-ar)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and or returns the router to EXEC mode. RP/0/RSP0/CPU0:router(config-ospf-ar)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Explicit Paths with ABRs Configured as Loose Addresses Perform this task to specify an IPv4 explicit path with ABRs configured as loose addresses. SUMMARY STEPS 1. configure 2. explicit-path name name 3. index index-id next-address [loose] ipv4 unicast ip-address 4. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 197 Implementing MPLS Traffic Engineering Configuring Explicit Paths with ABRs Configured as Loose AddressesDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 explicit-path name name Enters a name for the explicit path. Example: RP/0/RSP0/CPU0:router(config)# Step 2 explicit-path name interarea1 index index-id next-address [loose] ipv4 unicast Includes an address in an IP explicit path of a tunnel. ip-address Step 3 Example: RP/0/RSP0/CPU0:router(config-expl-path)# index 1 next-address loose ipv4 unicast 10.10.10.10 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-expl-path)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and or returns the router to EXEC mode. RP/0/RSP0/CPU0:router(config-expl-path)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 198 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Explicit Paths with ABRs Configured as Loose AddressesConfiguring MPLS-TE Forwarding Adjacency Perform this task to configure forwarding adjacency on a specific tunnel-te interface. SUMMARY STEPS 1. configure 2. interface tunnel-te tunnel-id 3. forwarding-adjacency holdtime value 4. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 interface tunnel-te tunnel-id Enters MPLS-TE interface configuration mode. Example: RP/0/RSP0/CPU0:router(config)# Step 2 interface tunnel-te 1 Configures forwarding adjacency using an optional specific holdtime value. By default, this value is 0 (milliseconds). forwarding-adjacency holdtime value Example: RP/0/RSP0/CPU0:router(config-if)# Step 3 forwarding-adjacency holdtime 60 Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 199 Implementing MPLS Traffic Engineering Configuring MPLS-TE Forwarding AdjacencyCommand or Action Purpose or RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics MPLS-TE Forwarding Adjacency Benefits, on page 136 Configure Forwarding Adjacency: Example, on page 265 Configuring a Path Computation Client and Element Perform these tasks to configure Path Comptation Client (PCC) and Path Computation Element (PCE): • Configuring a Path Computation Client, on page 200 • Configuring a Path Computation Element Address, on page 202 • Configuring PCE Parameters, on page 203 Configuring a Path Computation Client Perform this task to configure a TE tunnel as a PCC. Note Only one TE-enabled IGP instance can be used at a time. SUMMARY STEPS 1. configure 2. interface tunnel-te tunnel-id 3. path-option preference-priority dynamic pce 4. Use one of these commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 200 OL-26056-02 Implementing MPLS Traffic Engineering Configuring a Path Computation Client and ElementDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters MPLS-TE interface configuration mode and enables traffic engineering on a particular interface on the originating node. interface tunnel-te tunnel-id Example: RP/0/RSP0/CPU0:router(config)# Step 2 interface tunnel-te 6 path-option preference-priority dynamic pce Configures a TE tunnel as a PCC. Example: RP/0/RSP0/CPU0:router(config-if)# Step 3 path-option 1 dynamic pce Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Path Computation Element, on page 136 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 201 Implementing MPLS Traffic Engineering Configuring a Path Computation Client and ElementConfigure PCE: Example, on page 265 Configuring a Path Computation Element Address Perform this task to configure a PCE address. Note Only one TE-enabled IGP instance can be used at a time. SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. pce address ipv4 address 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters the MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls Step 2 traffic-eng pce address ipv4 address Configures a PCE IPv4 address. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# Step 3 pce address ipv4 10.1.1.1 Step 4 Use one of the following commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 202 OL-26056-02 Implementing MPLS Traffic Engineering Configuring a Path Computation Client and ElementCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-mpls-te)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-mpls-te)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Path Computation Element, on page 136 Configure PCE: Example, on page 265 Configuring PCE Parameters Perform this task to configure PCE parameters, including a static PCE peer, periodic reoptimization timer values, and request timeout values. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 203 Implementing MPLS Traffic Engineering Configuring a Path Computation Client and ElementSUMMARY STEPS 1. configure 2. mpls traffic-eng 3. pce address ipv4 address 4. pce peer ipv4 address 5. pce keepalive interval 6. pce deadtimer value 7. pce reoptimize value 8. pce request-timeout value 9. pce tolerance keepalive value 10. Use one of the following commands: • end • commit 11. show mpls traffic-eng pce peer [address | all] 12. show mpls traffic-eng pce tunnels DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls Step 2 traffic-eng pce address ipv4 address Configures a PCE IPv4 address. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# pce Step 3 address ipv4 10.1.1.1 Configures a static PCE peer address. PCE peers are also discovered dynamically through OSPF or ISIS. pce peer ipv4 address Example: RP/0/RSP0/CPU0:router(config-mpls-te)# pce Step 4 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 204 OL-26056-02 Implementing MPLS Traffic Engineering Configuring a Path Computation Client and ElementCommand or Action Purpose peer address ipv4 10.1.1.1 Configures a PCEP keepalive interval. The range is from 0 to 255 seconds. When the keepalive interval is 0, the LSR does not send keepalive messages. pce keepalive interval Example: RP/0/RSP0/CPU0:router(config-mpls-te)# pce Step 5 keepalive 10 Configures a PCE deadtimer value. The range is from 0 to 255 seconds. When the dead interval is 0, the LSR does not timeout a PCEP session to a remote peer. pce deadtimer value Example: RP/0/RSP0/CPU0:router(config-mpls-te)# pce Step 6 deadtimer 50 Configures a periodic reoptimization timer value. The range is from 60 to 604800 seconds. When the dead interval is 0, the LSR does not timeout a PCEP session to a remote peer. pce reoptimize value Example: RP/0/RSP0/CPU0:router(config-mpls-te)# pce Step 7 reoptimize 200 Configures a PCE request-timeout. Range isfrom 5 to 100 seconds. PCC or PCE keeps a pending path request only for the request-timeout period. pce request-timeout value Example: RP/0/RSP0/CPU0:router(config-mpls-te)# pce Step 8 request-timeout 10 Configures a PCE tolerance keepalive value (which is the minimum acceptable peer proposed keepalive). pce tolerance keepalive value Example: RP/0/RSP0/CPU0:router(config-mpls-te)# pce Step 9 tolerance keepalive 10 Step 10 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-mpls-te)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-mpls-te)# commit ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 205 Implementing MPLS Traffic Engineering Configuring a Path Computation Client and ElementCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show mpls traffic-eng pce peer [address | all] Displays the PCE peer address and state. Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 11 pce peer show mpls traffic-eng pce tunnels Displays the status of the PCE tunnels. Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 12 pce tunnels Related Topics Path Computation Element, on page 136 Configure PCE: Example, on page 265 Configuring Path Protection on MPLS-TE These tasks show how to configure path protection on MPLS-TE: Enabling Path Protection for an Interface Perform this task to enable path protection for a given tunnel interface. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 206 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Path Protection on MPLS-TESUMMARY STEPS 1. configure 2. interface tunnel-te tunnel-id 3. path-protection 4. Use one of these commands: • end • commit 5. show mpls traffic-eng tunnels [tunnel-number] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Configures an MPLS-TE tunnel interface and enablestraffic engineering on a particular interface on the originating node. interface tunnel-te tunnel-id Example: RP/0/RSP0/CPU0:router(config)# interface Step 2 tunnel-te 6 path-protection Enables path protection on the tunnel-te interface. Example: RP/0/RSP0/CPU0:router(config-if)# Step 3 path-protection Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-if)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 207 Implementing MPLS Traffic Engineering Configuring Path Protection on MPLS-TECommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Displays information that path protection is enabled on the tunnel-te interface for tunnel number 6. show mplstraffic-eng tunnels[tunnel-number] Example: RP/0/RSP0/CPU0:router# show mpls Step 5 traffic-eng tunnels 6 Related Topics Path Protection, on page 138 Prerequisites for Path Protection, on page 138 Restrictions for Path Protection, on page 139 Configure Tunnels for Path Protection: Example, on page 266 Assigning a Dynamic Path Option to a Tunnel Perform this task to assign a secondary path option in case there is a link or node failure along a path and all interfaces in your network are not protected. SUMMARY STEPS 1. configure 2. interface tunnel-te tunnel-id 3. path-option preference-priority dynamic 4. Use one of these commands: • end • commit 5. show mpls traffic-eng tunnels [tunnel-number] Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 208 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Path Protection on MPLS-TEDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Configures an MPLS-TE tunnel interface and enablestraffic engineering on a particular interface on the originating node. interface tunnel-te tunnel-id Example: RP/0/RSP0/CPU0:router(config)# interface Step 2 tunnel-te 6 path-option preference-priority dynamic Configures a secondary path option for an MPLS-TE tunnel. Example: RP/0/RSP0/CPU0:router(config-if)# Step 3 path-option 10 dynamic Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-if)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Displays information about the secondary path option that on the tunnel-te interface for tunnel number 6. show mplstraffic-eng tunnels[tunnel-number] Example: RP/0/RSP0/CPU0:router# show mpls Step 5 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 209 Implementing MPLS Traffic Engineering Configuring Path Protection on MPLS-TECommand or Action Purpose traffic-eng tunnels 6 Related Topics Path Protection, on page 138 Prerequisites for Path Protection, on page 138 Restrictions for Path Protection, on page 139 Configure Tunnels for Path Protection: Example, on page 266 Forcing a Manual Switchover on a Path-Protected Tunnel Perform this task to force a manual switchover on a path-protected tunnel. SUMMARY STEPS 1. mpls traffic-eng path-protection switchover tunnel-te tunnel-ID DETAILED STEPS Command or Action Purpose Forces the path protection switchover of the Point-to-Point (P2P) tunnel on the tunnel-te interface. mplstraffic-eng path-protection switchover tunnel-te tunnel-ID Example: RP/0/RSP0/CPU0:router# mpls traffic-eng path-protection Step 1 switchover tunnel-te 6 Related Topics Path Protection, on page 138 Prerequisites for Path Protection, on page 138 Restrictions for Path Protection, on page 139 Configure Tunnels for Path Protection: Example, on page 266 Configuring the Delay the Tunnel Takes Before Reoptimization Perform this task to configure the time between when a path-protection switchover event is effected on a tunnel head to when a reoptimization is performed on that tunnel. This timer affects only the required reoptimization that is attempted due to a switchover and does not override the global reoptimization timer. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 210 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Path Protection on MPLS-TESUMMARY STEPS 1. configure 2. mpls traffic-eng 3. reoptimize timers delay path-protection seconds 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router# mpls traffic-eng Step 2 Adjusts the number of seconds that the tunnel takes before triggering reoptimization after switchover has happened. The restriction is that at least one dynamic path-option must be configured for a standby LSP to come up. The strict (explicit) path option is not supported for the standby LSP. Note reoptimize timers delay path-protection seconds Example: RP/0/RSP0/CPU0:router(config-mpls-te)# Step 3 reoptimize timers delay path-protection 180 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-mpls-te)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns or the router to EXEC mode. RP/0/RSP0/CPU0:router(config-mpls-te)# commit ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 211 Implementing MPLS Traffic Engineering Configuring Path Protection on MPLS-TECommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Path Protection, on page 138 Prerequisites for Path Protection, on page 138 Restrictions for Path Protection, on page 139 Configure Tunnels for Path Protection: Example, on page 266 Configuring the Automatic Bandwidth Perform these tasks to configure the automatic bandwidth: Configuring the Collection Frequency Perform thistask to configure the collection frequency. You can configure only one global collection frequency. SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. auto-bw collect frequency minutes 4. Use one of the following commands: • end • commit 5. show mpls traffic-eng tunnels [auto-bw] Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 212 OL-26056-02 Implementing MPLS Traffic Engineering Configuring the Automatic BandwidthDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls Step 2 traffic-eng RP/0/RSP0/CPU0:router(config-mpls-te)# Configures the automatic bandwidth collection frequency, and controls the manner in which the bandwidth for a tunnel collects output rate information; but does not adjust the tunnel bandwidth. auto-bw collect frequency minutes Example: RP/0/RSP0/CPU0:router(config-mpls-te)# Step 3 minutes auto-bw collect frequency 1 Configuresthe interval between automatic bandwidth adjustments in minutes. Range is from 1 to 10080. Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-mpls-te)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns or the router to EXEC mode. RP/0/RSP0/CPU0:router(config-mpls-te)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 213 Implementing MPLS Traffic Engineering Configuring the Automatic BandwidthCommand or Action Purpose Displays information about MPLS-TE tunnels for the automatic bandwidth. The globally configured collection frequency is displayed. show mpls traffic-eng tunnels [auto-bw] Example: RP/0/RSP0/CPU0:router# show mpls traffic Step 5 tunnels auto-bw Related Topics MPLS-TE Automatic Bandwidth Overview, on page 139 Configure Automatic Bandwidth: Example, on page 267 Forcing the Current Application Period to Expire Immediately Perform this task to force the current application period to expire immediately on the specified tunnel. The highest bandwidth is applied on the tunnel before waiting for the application period to end on its own. SUMMARY STEPS 1. mpls traffic-eng auto-bw apply {all | tunnel-te tunnel-number} 2. show mpls traffic-eng tunnels [auto-bw] DETAILED STEPS Command or Action Purpose Configures the highest bandwidth available on a tunnel without waiting for the current application period to end. mpls traffic-eng auto-bw apply {all | tunnel-te tunnel-number} Example: RP/0/RSP0/CPU0:router# mpls traffic-eng Step 1 all Configures the highest bandwidth available instantly on all the tunnels. auto-bw apply tunnel-te 1 tunnel-te Configures the highest bandwidth instantly to the specified tunnel. Range is from 0 to 65535. Displays information about MPLS-TE tunnels for the automatic bandwidth. show mpls traffic-eng tunnels [auto-bw] Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 2 tunnels auto-bw Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 214 OL-26056-02 Implementing MPLS Traffic Engineering Configuring the Automatic BandwidthConfiguring the Automatic Bandwidth Functions Perform this task to configure the following automatic bandwidth functions: Application frequency Configuresthe application frequency in which a tunnel bandwidth is updated by the automatic bandwidth. Bandwidth collection Configures only the bandwidth collection. Bandwidth parameters Configures the minimum and maximum automatic bandwidth to set on a tunnel. Adjustment threshold Configures the adjustment threshold for each tunnel. Overflow detection Configures the overflow detection for each tunnel. SUMMARY STEPS 1. configure 2. interface tunnel-te tunnel-id 3. auto-bw 4. application minutes 5. bw-limit {min bandwidth } {max bandwidth} 6. adjustment-threshold percentage [min minimum-bandwidth] 7. overflow threshold percentage [min bandwidth] limit limit 8. Use one of the following commands: • end • commit 9. show mpls traffic-eng tunnels [auto-bw] Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 215 Implementing MPLS Traffic Engineering Configuring the Automatic BandwidthDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Configures an MPLS-TE tunnel interface and enables traffic engineering on a particular interface on the originating node. interface tunnel-te tunnel-id Example: RP/0/RSP0/CPU0:router(config)# interface Step 2 tunnel-te 6 RP/0/RSP0/CPU0:router(config-if)# Configures automatic bandwidth on a tunnel interface and enters MPLS-TE automatic bandwidth interface configuration mode. auto-bw Example: RP/0/RSP0/CPU0:router(config-if)# auto-bw Step 3 RP/0/RSP0/CPU0:router(config-if-tunte-autobw)# Configures the application frequency in minutes for the applicable tunnel. application minutes Example: RP/0/RSP0/CPU0:router(config-if-tunte-autobw)# Step 4 minutes Frequency in minutes for the automatic bandwidth application. Range is from 5 to 10080 (7 days). The default value is 1440 (24 hours). application 1000 Configures the minimum and maximum automatic bandwidth set on a tunnel. bw-limit {min bandwidth } {max bandwidth} Example: RP/0/RSP0/CPU0:router(config-if-tunte-autobw)# Step 5 min Applies the minimum automatic bandwidth in kbps on a tunnel. Range is from 0 to 4294967295. bw-limit min 30 max 80 max Applies the maximum automatic bandwidth in kbps on a tunnel. Range is from 0 to 4294967295. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 216 OL-26056-02 Implementing MPLS Traffic Engineering Configuring the Automatic BandwidthCommand or Action Purpose Configures the tunnel bandwidth change threshold to trigger an adjustment. adjustment-threshold percentage [min minimum-bandwidth] Example: RP/0/RSP0/CPU0:router(config-if-tunte-autobw)# Step 6 percentage Bandwidth change percent threshold to trigger an adjustment if the largest sample percentage is higher or lower than the current tunnel bandwidth. Range is from 1 to 100 percent. The default value is 5 percent. adjustment-threshold 50 min 800 min Configures the bandwidth change value to trigger an adjustment. The tunnel bandwidth is changed only if the largest sample is higher or lower than the current tunnel bandwidth. Range is from 10 to 4294967295 kilobits per second (kbps). The default value is 10 kbps. overflow threshold percentage [min bandwidth] limit Configures the tunnel overflow detection. limit Step 7 percentage Example: RP/0/RSP0/CPU0:router(config-if-tunte-autobw)# Bandwidth change percent to trigger an overflow. Range is from 1 to 100 percent. overflow threshold 100 limit 1 limit Configures the number of consecutive collection intervals that exceeds the threshold. The bandwidth overflow triggers an early tunnel bandwidth update. Range is from 1 to 10 collection periods. The default value is none. min Configures the bandwidth change value in kbps to trigger an overflow. Range is from 10 to 4294967295. The default value is 10. Step 8 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-if-tunte-autobw)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and or returns the router to EXEC mode. RP/0/RSP0/CPU0:router(config-if-tunte-autobw)# commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 217 Implementing MPLS Traffic Engineering Configuring the Automatic BandwidthCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Displays the MPLS-TE tunnel information only for tunnels in which the automatic bandwidth is enabled. show mpls traffic-eng tunnels [auto-bw] Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 9 tunnels auto-bw Related Topics MPLS-TE Automatic Bandwidth Overview, on page 139 Configure Automatic Bandwidth: Example, on page 267 Configuring the Shared Risk Link Groups To activate the MPLS traffic engineering SRLG feature, you must configure the SRLG value of each link that has a shared risk with another link. Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link Perform this task to configure the SRLG value for each link that has a shared risk with another link. Note You can configure up to 30 SRLGs per interface. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 218 OL-26056-02 Implementing MPLS Traffic Engineering Configuring the Shared Risk Link GroupsSUMMARY STEPS 1. configure 2. srlg 3. interface type interface-path-id 4. value value 5. Use one of these commands: • end • commit 6. show srlg interface type interface-path-id 7. show srlg DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Configures SRLG configuration commands on a specific interface configuration mode and assigns this SRLG a value. srlg Example: RP/0/RSP0/CPU0:router(config)# srlg Step 2 Configures an interface type and path ID to be associated with an SRLG and enters SRLG interface configuration mode. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-srlg)# interface POS 0/6/0/0 Step 3 Configures SRLG network values for a specific interface. Range is 0 to 4294967295. value value Example: RP/0/RSP0/CPU0:router(config-srlg-if)# value 100 Step 4 You can also set SRLG values on multiple interfacesincluding bundle interface. Note RP/0/RSP0/CPU0:router (config-srlg-if)# value 200 RP/0/RSP0/CPU0:router(config-srlg-if)# value 300 Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 219 Implementing MPLS Traffic Engineering Configuring the Shared Risk Link GroupsCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. or RP/0/RSP0/CPU0:router(config)# commit ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show srlg interface type interface-path-id (Optional) Displaysthe SRLG values configured for a specific interface. Example: RP/0/RSP0/CPU0:router# show srlg interface POS 0/6/0/0 Step 6 Step 7 show srlg (Optional) Displays the SRLG values for all the configured interfaces. Example: RP/0/RSP0/CPU0:router# show srlg You can configure up to 250 interfaces. Note Related Topics MPLS Traffic Engineering Shared Risk Link Groups, on page 146 Explicit Path, on page 147 Fast ReRoute with SRLG Constraints, on page 148 Importance of Protection, on page 149 Delivery of Packets During a Failure, on page 150 Multiple Backup Tunnels Protecting the Same Interface , on page 150 SRLG Limitations, on page 150 Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267 Creating an Explicit Path With Exclude SRLG Perform this task to create an explicit path with the exclude SRLG option. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 220 OL-26056-02 Implementing MPLS Traffic Engineering Configuring the Shared Risk Link GroupsSUMMARY STEPS 1. configure 2. explicit-path {identifier number [disable | index]}{ name explicit-path-name} 3. index 1 exclude-address 192.168.92.1 4. index 2 exclude-srlg 192.168.92.2 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters the explicit path configuration mode. Identifer range is 1 to 65535. explicit-path {identifier number [disable | index]}{ name explicit-path-name} Example: RP/0/RSP0/CPU0:router(config)# explicit-path name backup-srlg Step 2 index 1 exclude-address 192.168.92.1 Specifies the IP address to be excluded from the explicit path. Example: RP/0/RSP0/CPU0:router router(config-expl-path)# index 1 exclude-address 192.168.92.1 Step 3 Specifies the IP address to extract SRLGs to be excluded from the explicit path. index 2 exclude-srlg 192.168.92.2 Example: RP/0/RSP0/CPU0:router(config-expl-path)# index 2 exclude-srlg 192.168.192.2 Step 4 Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 221 Implementing MPLS Traffic Engineering Configuring the Shared Risk Link GroupsCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics MPLS Traffic Engineering Shared Risk Link Groups, on page 146 Explicit Path, on page 147 Fast ReRoute with SRLG Constraints, on page 148 Importance of Protection, on page 149 Delivery of Packets During a Failure, on page 150 Multiple Backup Tunnels Protecting the Same Interface , on page 150 SRLG Limitations, on page 150 Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267 Using Explicit Path With Exclude SRLG Perform this task to use an explicit path with the exclude SRLG option on the static backup tunnel. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 222 OL-26056-02 Implementing MPLS Traffic Engineering Configuring the Shared Risk Link GroupsSUMMARY STEPS 1. configure 2. mpls traffic-eng 3. interface type interface-path-id 4. backup-path tunnel-te tunnel-number 5. exit 6. exit 7. interface tunnel-tetunnel-id 8. ipv4 unnumbered type interface-path-id 9. path-option preference-priority{ dynamic | explicit {identifier | name explicit-path-name}} 10. destination ip-address 11. exit 12. Use one of these commands: • end • commit 13. show run explicit-path name name 14. show mpls traffic-eng topology path destination name explicit-path name DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 2 Enables traffic engineering on a specific interface on the originating node. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-mpls-te)# interface POS 0/6/0/0 Step 3 backup-path tunnel-te tunnel-number Configures an MPLS TE backup path for a specific interface. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# backup-path tunnel-te 2 Step 4 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 223 Implementing MPLS Traffic Engineering Configuring the Shared Risk Link GroupsCommand or Action Purpose exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-mpls-te-if)# exit Step 5 exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# exit Step 6 interface tunnel-tetunnel-id Configures an MPLS-TE tunnel interface. Example: RP/0/RSP0/CPU0:router(config)# interface tunnel-te 2 Step 7 ipv4 unnumbered type interface-path-id Assigns a source addressto set up forwarding on the new tunnel. Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 unnumbered Loopback0 Step 8 Sets the path option to explicit with a given name (previously configured) and assigns the path ID. path-option preference-priority{ dynamic | explicit {identifier | name explicit-path-name}} Step 9 Example: RP/0/RSP0/CPU0:router(config-if)# path-option l explicit name backup-srlg You can use the dynamic option to dynamically assign a path. Note Step 10 destination ip-address Assigns a destination address on the new tunnel. Example: RP/0/RSP0/CPU0:router(config-if)# destination 192.168.92.125 • Destination addressisthe remote node’s MPLS-TE router ID. • Destination address is the merge point between backup and protected tunnels. When you configure TE tunnel with multiple protection on its path and merge point is the same node for more than one protection, you must configure record-route for that tunnel. Note exit Exits the current configuration mode. Example: Step 11 RP/0/RSP0/CPU0:router(config-if)# exit Step 12 Use one of these commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 224 OL-26056-02 Implementing MPLS Traffic Engineering Configuring the Shared Risk Link GroupsCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. show run explicit-path name name Displays the SRLG values that are configured for the link. Example: RP/0/RSP0/CPU0:router# show run explicit-path name backup-srlg Step 13 show mpls traffic-eng topology path destination Displays the SRLG values that are configured for the link. name explicit-path name Step 14 Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng topology path destination 192.168.92.125 explicit-path backup-srlg Related Topics MPLS Traffic Engineering Shared Risk Link Groups, on page 146 Explicit Path, on page 147 Fast ReRoute with SRLG Constraints, on page 148 Importance of Protection, on page 149 Delivery of Packets During a Failure, on page 150 Multiple Backup Tunnels Protecting the Same Interface , on page 150 SRLG Limitations, on page 150 Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 225 Implementing MPLS Traffic Engineering Configuring the Shared Risk Link GroupsCreating a Link Protection on Backup Tunnel with SRLG Constraint Perform this task to create an explicit path with the exclude SRLG option on the static backup tunnel. SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. interface type interface-path-id 4. backup-path tunnel-te tunnel-number 5. exit 6. exit 7. interface tunnel-tetunnel-id 8. ipv4 unnumbered type interface-path-id 9. path-option preference-priority{ dynamic | explicit {identifier | name explicit-path-name}} 10. destination ip-address 11. exit 12. explicit-path {identifier number [disable | index]}{ name explicit-path-name} 13. index 1 exclude-srlg 192.168.92.2 14. Use one of these commands: • end • commit 15. show mpls traffic-eng tunnelstunnel-number detail DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 2 Enables traffic engineering on a particular interface on the originating node. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-mpls-te)# interface POS 0/6/0/0 Step 3 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 226 OL-26056-02 Implementing MPLS Traffic Engineering Configuring the Shared Risk Link GroupsCommand or Action Purpose backup-path tunnel-te tunnel-number Sets the backup path to the primary tunnel outgoing interface. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# backup-path tunnel-te 2 Step 4 exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-mpls-te-if)# exit Step 5 exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# exit Step 6 interface tunnel-tetunnel-id Configures an MPLS-TE tunnel interface. Example: RP/0/RSP0/CPU0:router(config)# interface tunnel-te 2 Step 7 ipv4 unnumbered type interface-path-id Assigns a source addressto set up forwarding on the new tunnel. Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 unnumbered Loopback0 Step 8 Sets the path option to explicit with a given name (previously configured) and assigns the path ID. Identifier range is from 1 to 4294967295. path-option preference-priority{ dynamic | explicit {identifier | name explicit-path-name}} Example: RP/0/RSP0/CPU0:router(config-if)# path-option 1 explicit name backup-srlg Step 9 You can use the dynamic option to dynamically assign a path. Note Step 10 destination ip-address Assigns a destination address on the new tunnel. Example: RP/0/RSP0/CPU0:router(config-if)# destination 192.168.92.125 • Destination address is the remote node’s MPLS-TE router ID. • Destination address is the merge point between backup and protected tunnels. When you configure TE tunnel with multiple protection on its path and merge point is the same node for more than one protection, you must configure record-route for that tunnel. Note exit Exits the current configuration mode. Example: Step 11 RP/0/RSP0/CPU0:router(config-if)# exit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 227 Implementing MPLS Traffic Engineering Configuring the Shared Risk Link GroupsCommand or Action Purpose Enters the explicit path configuration mode. Identifer range is 1 to 65535. explicit-path {identifier number [disable | index]}{ name explicit-path-name} Example: RP/0/RSP0/CPU0:router(config)# explicit-path name backup-srlg-nodep Step 12 Specifies the protected link IP address to get SRLGs to be excluded from the explicit path. index 1 exclude-srlg 192.168.92.2 Example: RP/0/RSP0/CPU0:router:router(config-if)# index 1 exclude-srlg 192.168.192.2 Step 13 Step 14 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Display the tunnel details with SRLG valuesthat are configured for the link. show mplstraffic-eng tunnelstunnel-number detail Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels 2 detail Step 15 Related Topics MPLS Traffic Engineering Shared Risk Link Groups, on page 146 Explicit Path, on page 147 Fast ReRoute with SRLG Constraints, on page 148 Importance of Protection, on page 149 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 228 OL-26056-02 Implementing MPLS Traffic Engineering Configuring the Shared Risk Link GroupsDelivery of Packets During a Failure, on page 150 Multiple Backup Tunnels Protecting the Same Interface , on page 150 SRLG Limitations, on page 150 Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267 Creating a Node Protection on Backup Tunnel with SRLG Constraint Perform this task to configure node protection on backup tunnel with SRLG constraint. SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. interface type interface-path-id 4. backup-path tunnel-te tunnel-number 5. exit 6. exit 7. interface tunnel-tetunnel-id 8. ipv4 unnumbered type interface-path-id 9. path-option preference-priority{ dynamic | explicit {identifier | name explicit-path-name}} 10. destination ip-address 11. exit 12. explicit-path {identifier number [disable | index]}{ name explicit-path-name} 13. index 1 exclude-address 192.168.92.1 14. index 2 exclude-srlg 192.168.92.2 15. Use one of these commands: • end • commit 16. show mpls traffic-eng tunnels topology path destination ip-address explicit-path-name name DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 2 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 229 Implementing MPLS Traffic Engineering Configuring the Shared Risk Link GroupsCommand or Action Purpose Enables traffic engineering on a particular interface on the originating node. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-mpls-te)# interface POS 0/6/0/0 Step 3 backup-path tunnel-te tunnel-number Sets the backup path for the primary tunnel outgoing interface. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# backup-path tunnel-te 2 Step 4 exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-mpls-te-if)# exit Step 5 exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# exit Step 6 interface tunnel-tetunnel-id Configures an MPLS-TE tunnel interface. Example: RP/0/RSP0/CPU0:router(config)# interface tunnel-te 2 Step 7 Assigns a source address to set up forwarding on the new tunnel. ipv4 unnumbered type interface-path-id Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 unnumbered Loopback0 Step 8 Sets the path option to explicit with a given name (previously configured) and assigns the path ID. Identifier range is 1 to 4294967295. path-option preference-priority{ dynamic | explicit {identifier | name explicit-path-name}} Example: RP/0/RSP0/CPU0:router(config-if)# path-option 1 explicit name backup-srlg Step 9 You can use the dynamic option to dynamically assign path. Note Step 10 destination ip-address Assigns a destination address on the new tunnel. Example: RP/0/RSP0/CPU0:router(config-if)# destination 192.168.92.125 • Destination addressisthe remote node’s MPLS-TE router ID. • Destination address is the merge point between backup and protected tunnels. When you configure TE tunnel with multiple protection on its path and merge point is the same node for more than one protection, you must configure record-route for that tunnel. Note Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 230 OL-26056-02 Implementing MPLS Traffic Engineering Configuring the Shared Risk Link GroupsCommand or Action Purpose exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-if)# exit Step 11 Enters the explicit path configuration mode. Identifer range is 1 to 65535. explicit-path {identifier number [disable | index]}{ name explicit-path-name} Example: RP/0/RSP0/CPU0:router(config)# explicit-path name backup-srlg-nodep Step 12 Specifies the protected node IP address to be excluded from the explicit path. index 1 exclude-address 192.168.92.1 Example: RP/0/RSP0/CPU0:router:router(config-if)# index 1 exclude-address 192.168.92.1 Step 13 Specifies the protected link IP address to get SRLGs to be excluded from the explicit path. index 2 exclude-srlg 192.168.92.2 Example: RP/0/RSP0/CPU0:router(config-if)# index 2 exclude-srlg 192.168.192.2 Step 14 Step 15 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 231 Implementing MPLS Traffic Engineering Configuring the Shared Risk Link GroupsCommand or Action Purpose Displaysthe path to the destination with the constraintspecified in the explicit path. show mpls traffic-eng tunnels topology path destination ip-address explicit-path-name name Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels topology path destination Step 16 192.168.92.125 explicit-path-name backup-srlg-nodep Related Topics MPLS Traffic Engineering Shared Risk Link Groups, on page 146 Explicit Path, on page 147 Fast ReRoute with SRLG Constraints, on page 148 Importance of Protection, on page 149 Delivery of Packets During a Failure, on page 150 Multiple Backup Tunnels Protecting the Same Interface , on page 150 SRLG Limitations, on page 150 Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267 Configuring Point-to-Multipoint TE You must enable multicast routing on the edge router before performing Point-to-Multipoint (P2MP) TE configurations. To configure Point-to-Multipoint TE, perform these procedures: Enabling Multicast Routing on the Router Perform this task to enable multicast routing on the router to configure P2MP tunnels. Before You Begin • To configure Point-to-Multipoint (P2MP) tunnels, you must enable multicast routing on the router. • The customer-facing interface must enable multicast. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 232 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Point-to-Multipoint TESUMMARY STEPS 1. configure 2. multicast-routing 3. address-family {ipv4 | ipv6 } 4. interface tunnel-mte tunnel-id 5. enable 6. exit 7. interface type interface-path-id 8. enable 9. Use one of these commands: • end • commit 10. show pim ipv6 interface type interface-path-id DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 multicast-routing Enters multicast routing configuration mode. Example: RP/0/RSP0/CPU0:router(config)# multicast-routing Step 2 RP/0/RSP0/CPU0:router(config-mcast)# Configures the available IPv4 or IPv6 address prefixes to enable multicast routing and forwarding on all router interfaces. address-family {ipv4 | ipv6 } Example: RP/0/RSP0/CPU0:router(config-mcast)# address-family Step 3 ipv6 RP/0/RSP0/CPU0:router(config-mcast-default-ipv6)# interface tunnel-mte tunnel-id Configures an MPLS-TE P2MP tunnel interface. Example: RP/0/RSP0/CPU0:router(config-mcast-default-ipv6)# Step 4 interface tunnel-mte 1 RP/0/RSP0/CPU0:router(config-mcast-default-ipv6-if)# Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 233 Implementing MPLS Traffic Engineering Configuring Point-to-Multipoint TECommand or Action Purpose enable Enables multicast routing on the tunnel-mte interface. Example: RP/0/RSP0/CPU0:router(config-mcast-default-ipv6-if)# Step 5 enable exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-mcast-default-ipv6-if)# Step 6 exit RP/0/RSP0/CPU0:router(config-mcast-default-ipv6)# Configures multicast routing on the GigabitEthernet interface. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-mcast-default-ipv6)# Step 7 interface GigabitEthernet0/2/0/3 RP/0/RSP0/CPU0:router(config-mcast-default-ipv6-if)# Enables multicast routing on the GigabitEthernet interface. enable Example: RP/0/RSP0/CPU0:router(config-mcast-default-ipv6-if)# Step 8 enable Step 9 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-mcast-default-ipv6-if)# ? Entering yes saves configuration changes to end the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-mcast-default-ipv6-if)# ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. commit ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 234 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Point-to-Multipoint TECommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Displays the output for the P2MP-TE tunnel interface that has IPv6 multicast enabled. show pim ipv6 interface type interface-path-id Example: RP/0/RSP0/CPU0:router# show pim ipv6 interface Step 10 tunnel-mte 1 Related Topics Configuring the Static Group for the Point-to-Multipoint Interface, on page 235 Configuring the Static Group for the Point-to-Multipoint Interface Perform thistask to configure the static group on the Point-to-Multipoint (P2MP) interface to forward specified multicast traffic over P2MP LSP. SUMMARY STEPS 1. configure 2. router mld 3. vrf vrf-name 4. interface tunnel-mte tunnel-id 5. static-group group-address 6. Use one of these commands: • end • commit 7. show mrib ipv6 route source-address DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 235 Implementing MPLS Traffic Engineering Configuring Point-to-Multipoint TECommand or Action Purpose router mld Enters router MLD configuration mode. Example: RP/0/RSP0/CPU0:router(config)# router mld Step 2 RP/0/RSP0/CPU0:router(config-mld)# vrf vrf-name Configures a virtual private network (VRF) instance. Example: RP/0/RSP0/CPU0:router(config-mld)#vrf default Step 3 RP/0/RSP0/CPU0:router(config-mld-default)# interface tunnel-mte tunnel-id Configures an MPLS-TE P2MP tunnel interface. Example: RP/0/RSP0/CPU0:router(config-mld-default)#interface Step 4 tunnel-mte 1 RP/0/RSP0/CPU0:router(config-mld-default-if)# Configures the multicast group address in the Source-Specific Multicast (SSM) addressrange (ff35::/16) for the IPv6 address prefix. static-group group-address Example: RP/0/RSP0/CPU0:router(config-mld-default-if)# Step 5 static-group ff35::1 2000::1 Step 6 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-mld-default-if)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-mld-default-if)# commit ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 236 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Point-to-Multipoint TECommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show mrib ipv6 route source-address Verifies the multicast static mapping. Example: RP/0/RSP0/CPU0:router# show mrib ipv6 route ff35::1 Step 7 Related Topics Enabling Multicast Routing on the Router, on page 232 Configuring Destinations for the Tunnel Interface Perform this task to configure three destinations for the tunnel interface for Point-to-Multipoint (P2MP). These variations are listed to ensure that the destination and path option configurations are separate from the tunnel interface. • Different path option is used for different destinations. This task shows three destinations. • Explicit path option is based on an ID or a name. • Default path option is similar to the Point-to-Point (P2P) LSP. Before You Begin These prerequisites are required to configure destinations for the tunnel interface. • Multicast routing must be enabled on both the tunnel-mte interface and customer-facing interface from the source. • Static-group must be configured on the tunnel-mte interface to forward specified multicast traffic over P2MP LSP. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 237 Implementing MPLS Traffic Engineering Configuring Point-to-Multipoint TESUMMARY STEPS 1. configure 2. interface tunnel-mte tunnel-id 3. destination ip-address 4. path-option preference-priority explicit identifier path-number 5. path-option preference-priority dynamic 6. exit 7. destination ip-address 8. path-option preference-priority explicit name pathname 9. path-option preference-priority dynamic 10. exit 11. destination ip-address 12. path-option preference-priority explicit name pathname [verbatim] 13. Use one of these commands: • end • commit 14. show mpls traffic-eng tunnels [brief] [p2mp tunnel-number] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 interface tunnel-mte tunnel-id Configures an MPLS-TE P2MP tunnel interface. Example: RP/0/RSP0/CPU0:router(config)# interface Step 2 tunnel-mte 10 RP/0/RSP0/CPU0:router(config-if)# Sets the destination address for tunnel-mte 10 to 172.16.255.1. This destination usesthe explicit path identified destination ip-address Example: RP/0/RSP0/CPU0:router(config-if)# destination Step 3 by explicit path ID 10. If destination 172.16.255.1 cannot come with explicit path ID 10, the fall back path option is dynamic. 172.16.255.1 RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 238 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Point-to-Multipoint TECommand or Action Purpose path-option preference-priority explicit identifier Configures the path number of the IP explicit path. path-number Step 4 Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# path-option 1 explicit identifier 10 Specifies that label switched paths (LSP) are dynamically calculated. path-option preference-priority dynamic Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# Step 5 path-option 2 dynamic exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# exit Step 6 RP/0/RSP0/CPU0:router(config-if)# Sets the destination address for tunnel-mte 10 to 172.16.255.2. destination ip-address Example: RP/0/RSP0/CPU0:router(config-if)# destination Step 7 172.16.255.2 RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# Specifies the path name of the IP explicit path. Destination 172.16.255.2 uses the explicit path that is identified by the explicit path name "how-to-get-to-172.16.255.2." path-option preference-priority explicit name pathname Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# Step 8 path-option 1 explicit name how-to-get-to-172.16.255.2 Setsthe fall back path option as dynamic when the destination cannot come to the explicit path. path-option preference-priority dynamic Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# Step 9 path-option 2 dynamic exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# exit Step 10 RP/0/RSP0/CPU0:router(config-if)# Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 239 Implementing MPLS Traffic Engineering Configuring Point-to-Multipoint TECommand or Action Purpose Specifies that destination 172.16.255.3 uses only the dynamically computed path. destination ip-address Example: RP/0/RSP0/CPU0:router(config-if)# destination Step 11 172.16.255.3 RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# Specifiesthat destination 172.16.255.3 usesthe explicit path identified by the explicit path name "how-to-get-to-172.16.255.3" in verbatim mode. path-option preference-priority explicit name pathname [verbatim] Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# Step 12 path-option 1 explicit name how-to-get-to-172.16.255.3 verbatim Step 13 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# ? Entering no exits the configuration session and returns the router to EXEC mode without commit committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Displays the brief summary of the P2MP tunnel status and configuration. show mpls traffic-eng tunnels [brief] [p2mp tunnel-number] Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 14 tunnels brief p2mp 10 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 240 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Point-to-Multipoint TERelated Topics Enabling Multicast Routing on the Router, on page 232 Configuring the Static Group for the Point-to-Multipoint Interface, on page 235 Disabling Destinations Perform this task to disable the given destination for the Point-to-Multipoint (P2MP) tunnel interface. SUMMARY STEPS 1. configure 2. interface tunnel-mte tunnel-id 3. ipv4 unnumbered type interface-path-id 4. destination ip-address 5. disable 6. path-option preference-priority dynamic 7. path-option preference-priority explicit name pathname 8. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 interface tunnel-mte tunnel-id Configures an MPLS-TE P2MP tunnel interface. Example: RP/0/RSP0/CPU0:router(config)# interface tunnel-mte Step 2 101 RP/0/RSP0/CPU0:router(config-if)# Assigns a source address so that forwarding can be performed on the new tunnel. Loopback is commonly used as the interface type. ipv4 unnumbered type interface-path-id Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 unnumbered Step 3 Loopback0 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 241 Implementing MPLS Traffic Engineering Configuring Point-to-Multipoint TECommand or Action Purpose Sets the destination address for tunnel-mte 10 to 140.140.140.140. destination ip-address Example: RP/0/RSP0/CPU0:router(config-if)# destination Step 4 140.140.140.140 RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# Disables destination 140.140.140.140 for tunnel-mte 10. disable Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#disable Step 5 Specifies that label switched paths (LSP) are dynamically calculated. path-option preference-priority dynamic Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#path-option Step 6 1 dynamic Specifies that destination 140.140.140.140 uses the explicit path identified by the explicit path name "to4." path-option preference-priority explicit name pathname Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#path-option Step 7 2 explicit name to4 Step 8 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# end ? Entering yessaves configuration changesto the running configuration file, exits the or RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# commit configuration session, and returnsthe router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 242 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Point-to-Multipoint TECommand or Action Purpose • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Logging Per Destinations for Point-to-Multipoint Perform this task to log destinations for Point-to-Multipoint (P2MP). SUMMARY STEPS 1. configure 2. interface tunnel-mte tunnel-id 3. ipv4 unnumbered type interface-path-id 4. destination ip-address 5. logging events lsp-status state 6. logging events lsp-status reroute 7. path-option preference-priority explicit name pathname 8. exit 9. fast-reroute 10. Use one of these commands: • end • commit 11. show mpls traffic-eng tunnels [p2mp] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 interface tunnel-mte tunnel-id Configures an MPLS-TE P2MP tunnel interface. Example: RP/0/RSP0/CPU0:router(config)# interface Step 2 tunnel-mte 1000 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 243 Implementing MPLS Traffic Engineering Configuring Point-to-Multipoint TECommand or Action Purpose RP/0/RSP0/CPU0:router(config-if)# Configures the MPLS-TE tunnel to use the IPv4 address on loopback interface 0. ipv4 unnumbered type interface-path-id Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 Step 3 unnumbered loopback0 Sets the destination address for tunnel-mte from 1000 to 100.0.0.3. destination ip-address Example: RP/0/RSP0/CPU0:router(config-if)# destination Step 4 100.0.0.3 RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# Sends out the log message when the tunnel LSP goes up or down when the software is enabled. logging events lsp-status state Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# Step 5 logging events lsp-status state Sends out the log message when the tunnel LSP is rerouted due to an FRR event when the software is enabled. logging events lsp-status reroute Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# Step 6 logging events lsp-status reroute Specifies the path name of the IP explicit path. Destination 100.0.0.3 uses the explicit path that is identified by the explicit path name "path123." path-option preference-priority explicit name pathname Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# Step 7 path-option 1 explicit name path123 exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# Step 8 exit RP/0/RSP0/CPU0:router(config-if)# fast-reroute Enables fast-reroute (FRR) protection for a P2MP TE tunnel. Example: RP/0/RSP0/CPU0:router(config-if)# fast-reroute Step 9 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 244 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Point-to-Multipoint TECommand or Action Purpose Step 10 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration or session, and returns the router to EXEC mode. RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show mpls traffic-eng tunnels [p2mp] Displays the information for all P2MP tunnels. Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng Step 11 tunnels p2mp Enabling Soft-Preemption on a Node Perform this task to enable the soft-preemption feature in the MPLS TE configuration mode. By default, this feature is disabled. You can configure the soft-preemption feature for each node. It hasto be explicitly enabled for each node. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 245 Implementing MPLS Traffic Engineering Enabling Soft-Preemption on a NodeSUMMARY STEPS 1. configure 2. mpls traffic-eng 3. soft-preemption 4. timeout seconds 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 2 Step 3 soft-preemption Enables soft-preemption on a node. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# soft-preemption If soft-preemption is enabled, the head-end node tracks whether an LSP desires the soft-preemption treatment. However, when a soft-preemption feature is disabled on a node, this node continues to track all LSPs desiring soft-preemption. This is needed in a case when soft-preemption is re-enabled, TE will have the property of the existing LSPs without any re-signaling. Note Specifies the timeout for the soft-preempted LSP, in seconds. The range is from 1 to 300. timeout seconds Example: RP/0/RSP0/CPU0:router(config-soft-preemption)# timeout 20 Step 4 Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 246 OL-26056-02 Implementing MPLS Traffic Engineering Enabling Soft-Preemption on a NodeCommand or Action Purpose ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Soft-Preemption, on page 151 Enabling Soft-Preemption on a Tunnel Perform this task to enable the soft-preemption feature on a MPLS TE tunnel. By default, this feature is disabled. It has to be explicitly enabled. SUMMARY STEPS 1. configure 2. interface tunnel-te tunnel-id 3. soft-preemption 4. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 247 Implementing MPLS Traffic Engineering Enabling Soft-Preemption on a TunnelCommand or Action Purpose interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface. Example: RP/0/RSP0/CPU0:router# interface tunnel-te 10 Step 2 Step 3 soft-preemption Enables soft-preemption on a tunnel. Example: RP/0/RSP0/CPU0:router(config-if)# soft-preemption When soft preemption is enabled on a tunnel, these actions occur: • A path-modify message issent for the current LSP with the soft preemption desired property. • A path-modify message is sent for the reopt LSP with the soft preemption desired property. • A path-modify message is sent for the path protection LSP with the soft preemption desired property. • A path-modify message is sent for the current LSP in FRR active state with the soft preemption desired property. The soft-preemption is not available in the interface tunnel-mte and interface tunnel-gte configuration modes. Note Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC or mode. RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Related Topics Soft-Preemption, on page 151 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 248 OL-26056-02 Implementing MPLS Traffic Engineering Enabling Soft-Preemption on a TunnelConfiguring Attributes within a Path-Option Attribute Perform this task to configure attributes within a path option attribute-set template. SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. attribute-set path-option attribute-set-name 4. affinity affinity-value mask mask-value 5. signalled-bandwidth kbps class-type class-type number 6. Use one of these commands: • end • commit 7. show mpls traffic-eng attribute-set 8. show mpls traffic-eng tunnelsdetail DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 2 Step 3 attribute-set path-option attribute-set-name Enters attribute-set path option configuration mode. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# attribute-set path-option myset The configuration at the path-option level takes precedence over the values configured at the level of the tunnel, and therefore is applied. Note Configures affinity attribute under a path option attribute-set. The attribute values that are required for links to carry this tunnel. affinity affinity-value mask mask-value Example: RP/0/RSP0/CPU0:router(config-te-attribute-set)# affinity 0xBEEF mask 0xBEEF Step 4 Configures the bandwidth attribute required for an MPLS-TE tunnel under a path option attribute-set. signalled-bandwidth kbps class-type class-type number Example: RP/0/RSP0/CPU0:router(config-te-attribute-set)# signalled-bandwidth 1000 class-type 0 Step 5 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 249 Implementing MPLS Traffic Engineering Configuring Attributes within a Path-Option AttributeCommand or Action Purpose You can configure the class type of the tunnel bandwidth request. The class-type 0 is strictly equivalent to global-pool and class-type 1 is strictly equivalent to subpool. Note Step 6 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Displays the attributes that are defined in the attribute-set for the link. show mpls traffic-eng attribute-set Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng attribute-set Step 7 Displays the attribute-set path option information on a specific tunnel. show mpls traffic-eng tunnelsdetail Example: RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels detail Step 8 Related Topics Path Option Attributes, on page 151 Configuration Hierarchy of Path Option Attributes, on page 152 Traffic Engineering Bandwidth and Bandwidth Pools, on page 152 Path Option Switchover, on page 153 Path Option and Path Protection, on page 153 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 250 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Attributes within a Path-Option AttributeConfiguring Auto-Tunnel Mesh Tunnel ID Perform this activity to configure the tunnel ID range that can be allocated to Auto-tunnel mesh tunnels. SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. auto-tunnel mesh 4. tunnel-id min value max value 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 2 Enters auto-tunnel mesh configuration mode. You can configure auto-tunnel mesh related options from this mode. auto-tunnel mesh Example: RP/0/RSP0/CPU0:router(config-mpls-te)# auto-tunnel mesh Step 3 Specifies the minimum and maximum number of auto-tunnel mesh tunnels that can be created on this router. The range of tunnel ID is from 0 to 65535. tunnel-id min value max value Example: RP/0/RSP0/CPU0:router(config-te-auto-mesh)# tunnel-id min 10 max 50 Step 4 Step 5 Use one of these commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 251 Implementing MPLS Traffic Engineering Configuring Auto-Tunnel Mesh Tunnel IDCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Auto-Tunnel Mesh, on page 154 Destination List (Prefix-List), on page 154 Configuring Auto-tunnel Mesh Unused Timeout Perform this task to configure a global timer to remove unused auto-mesh tunnels. SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. auto-tunnel mesh 4. timer removal unused timeout 5. Use one of these commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 252 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Auto-tunnel Mesh Unused TimeoutDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 2 auto-tunnel mesh Enables auto-tunnel mesh groups globally. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# auto-tunnel mesh Step 3 Specifies a timer, in minutes, after which a down auto-tunnel mesh gets deleted whose destination was not in TE topology. The default value for this timer is 60. timer removal unused timeout Example: RP/0/RSP0/CPU0:router(config-mpls-te-auto-mesh)# timers removal unused 10 Step 4 The timer gets started when these conditions are met: • Tunnel destination node is removed from the topology • Tunnel is in down state The unused timer runs per tunnel because the same destination in different mesh-groups may have different tunnels created. Note Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 253 Implementing MPLS Traffic Engineering Configuring Auto-tunnel Mesh Unused TimeoutCommand or Action Purpose • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Related Topics Auto-Tunnel Mesh, on page 154 Destination List (Prefix-List), on page 154 Configuring Auto-Tunnel Mesh Group Perform this task to configure an auto-tunnel mesh group globally on the router. SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. auto-tunnel mesh 4. group value 5. disable 6. attribute-setname 7. destination-list 8. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 2 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 254 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Auto-Tunnel Mesh GroupCommand or Action Purpose auto-tunnel mesh Enables auto-tunnel mesh groups globally. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# auto-tunnel mesh Step 3 Specifiesthe membership of auto-tunnel mesh. The range is from 0 to 4294967295. group value Example: RP/0/RSP0/CPU0:router(config-mpls-te-auto-mesh)# group 65 Step 4 When the destination-list is not supplied, head-end will automatically build destination list belonging for the given mesh-group membership using TE topology. Note Disables the meshgroup and deletes all tunnels created for this meshgroup. disable Example: RP/0/RSP0/CPU0:router(config-mpls-te-auto-mesh-group)# disable Step 5 Specifies the attributes used for all tunnels created for the meshgroup. If it is not defined, this meshgroup does not create any tunnel. attribute-setname Example: RP/0/RSP0/CPU0:router(config-mpls-te-auto-mesh-group)# attribute-set am-65 Step 6 This is a mandatory configuration under a meshgroup. If a given destination-list is not defined as a prefix-list, destination-list Example: RP/0/RSP0/CPU0:router(config-mpls-te-auto-mesh-group)# destination-list dl-65 Step 7 this meshgroup create tunnels to all nodes available in TE topology. Step 8 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the or RP/0/RSP0/CPU0:router(config)# commit configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 255 Implementing MPLS Traffic Engineering Configuring Auto-Tunnel Mesh GroupCommand or Action Purpose • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Related Topics Auto-Tunnel Mesh, on page 154 Destination List (Prefix-List), on page 154 Configuring Tunnel Attribute-Set Templates Perform this task to define attribute-set templates for auto-mesh tunnels. SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. attribute-set auto-mesh attribute-set-name 4. affinity value mask mask-value 5. signalled-bandwidth kbps class-type class-type number 6. autoroute announce 7. fast-reroute protect bandwidth node 8. auto-bw collect-bw-only 9. logging events lsp-status {state | insufficient-bandwidth | reoptimize | reroute } 10. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 256 OL-26056-02 Implementing MPLS Traffic Engineering Configuring Tunnel Attribute-Set TemplatesCommand or Action Purpose mpls traffic-eng Enters MPLS-TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 2 attribute-set auto-mesh attribute-set-name Specifies name of the attribute-set of auto-mesh type. Example: RP/0/RSP0/CPU0:router(config-te)# attribute-set auto-mesh attribute-set-mesh Step 3 Configures the affinity properties the tunnel requires in its links for an MPLS-TE tunnel under an auto-mesh attribute-set. affinity value mask mask-value Example: RP/0/RSP0/CPU0:router(config-te)# affinity 0101 mask 320 Step 4 Configures the bandwidth attribute required for an MPLS-TE tunnel under an auto-mesh attribute-set. Because the default signalled-bandwidth kbps class-type class-type number Example: RP/0/RSP0/CPU0:router(config-te-attribute-set)# signalled-bandwidth 1000 class-type 0 Step 5 tunnel priority is 7, tunnels use the default TE class map (namely, class-type 0, priority 7). You can configure the class type of the tunnel bandwidth request. The class-type 0 is strictly equivalent to global-pool and class-type 1 is strictly equivalent to subpool. Note autoroute announce Enables parameters for IGP routing over tunnel. Example: RP/0/RSP0/CPU0:router(config-te-attribute-set)# autoroute announce Step 6 Enables fast-reroute bandwidth protection and node protection for auto-mesh tunnels. fast-reroute protect bandwidth node Example: RP/0/RSP0/CPU0:router(config-te-attribute-set)# fast-reroute Step 7 Enables automatic bandwidth collection frequency, and controls the manner in which the bandwidth for a tunnel collects output rate information, but does not adjust the tunnel bandwidth. auto-bw collect-bw-only Example: RP/0/RSP0/CPU0:router(config-te-attribute-set)# auto-bw collect-bw-only Step 8 Sends out the log message when the tunnel LSP goes up or down when the software is enabled. logging events lsp-status {state | insufficient-bandwidth | reoptimize | reroute } Step 9 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 257 Implementing MPLS Traffic Engineering Configuring Tunnel Attribute-Set TemplatesCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-te-attribute-set)# logging events lsp-status state Sends out the log message when the tunnel LSP undergoessetup or reoptimize failure due to bandwidth issues. Sends out the log message for the LSP reoptimize change alarms. Sends out the log message for the LSP reroute change alarms. Step 10 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Related Topics Auto-Tunnel Mesh, on page 154 Destination List (Prefix-List), on page 154 Enabling LDP on Auto-Tunnel Mesh Perform this task to enable LDP on auto-tunnel mesh group. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 258 OL-26056-02 Implementing MPLS Traffic Engineering Enabling LDP on Auto-Tunnel MeshSUMMARY STEPS 1. configure 2. mpls ldp 3. traffic-eng auto-tunnel mesh 4. groupidall 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config-ldp)# mpls ldp Step 2 Enters auto-tunnel mesh configuration mode. You can configure TE auto-tunnel mesh groups from this mode. traffic-eng auto-tunnel mesh Example: RP/0/RSP0/CPU0:router(config-ldp-te-auto-mesh)# traffic-eng auto-tunnel mesh Step 3 Configures an auto-tunnel mesh group of interfacesin LDP. You can enable LDP on all TE meshgroup interfaces or you can groupidall Example: RP/0/RSP0/CPU0:router(config-ldp-te-auto-mesh)# group all Step 4 specify the TE mesh group ID on which the LDP is enabled. The range of group ID is from 0 to 4294967295. Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 259 Implementing MPLS Traffic Engineering Enabling LDP on Auto-Tunnel MeshCommand or Action Purpose or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Related Topics Auto-Tunnel Mesh, on page 154 Destination List (Prefix-List), on page 154 Configuration Examples for Cisco MPLS-TE These configuration examples are used for MPLS-TE: Build MPLS-TE Topology and Tunnels: Example The following examples show how to build an OSPF and IS-IS topology: (OSPF) ... configure mpls traffic-eng interface pos 0/6/0/0 router id loopback 0 router ospf 1 router-id 192.168.25.66 area 0 interface pos 0/6/0/0 interface loopback 0 mpls traffic-eng router-id loopback 0 mpls traffic-eng area 0 rsvp interface pos 0/6/0/0 bandwidth 100 commit show mpls traffic-eng topology show mpls traffic-eng link-management advertisement ! (IS-IS) ... configure mpls traffic-eng interface pos 0/6/0/0 router id loopback 0 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 260 OL-26056-02 Implementing MPLS Traffic Engineering Configuration Examples for Cisco MPLS-TErouter isis lab address-family ipv4 unicast mpls traffic-eng level 2 mpls traffic-eng router-id Loopback 0 ! interface POS0/0/0/0 address-family ipv4 unicast ! The following example shows how to configure tunnel interfaces: interface tunnel-te1 destination 192.168.92.125 ipv4 unnumbered loopback 0 path-option l dynamic bandwidth 100 commit show mpls traffic-eng tunnels show ipv4 interface brief show mpls traffic-eng link-management admission-control ! interface tunnel-te1 autoroute announce route ipv4 192.168.12.52/32 tunnel-te1 commit ping 192.168.12.52 show mpls traffic autoroute ! interface tunnel-te1 fast-reroute mpls traffic-eng interface pos 0/6/0/0 backup-path tunnel-te 2 interface tunnel-te2 backup-bw global-pool 5000 ipv4 unnumbered loopback 0 path-option l explicit name backup-path destination 192.168.92.125 commit show mpls traffic-eng tunnels backup show mpls traffic-eng fast-reroute database ! rsvp interface pos 0/6/0/0 bandwidth 100 150 sub-pool 50 interface tunnel-te1 bandwidth sub-pool 10 commit Related Topics Building MPLS-TE Topology, on page 155 Creating an MPLS-TE Tunnel, on page 158 How MPLS-TE Works, on page 121 Configure IETF DS-TE Tunnels: Example The following example shows how to configure DS-TE: rsvp interface pos 0/6/0/0 bandwidth rdm 100 150 bc1 50 mpls traffic-eng ds-te mode ietf interface tunnel-te 1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 261 Implementing MPLS Traffic Engineering Configure IETF DS-TE Tunnels: Examplebandwidth 10 class-type 1 commit configure rsvp interface 0/6/0/0 bandwidth mam max-reservable-bw 400 bc0 300 bc1 200 mpls traffic-eng ds-te mode ietf ds-te model mam interface tunnel-te 1bandwidth 10 class-type 1 commit Related Topics Configuring a Prestandard DS-TE Tunnel, on page 176 Prestandard DS-TE Mode, on page 127 Configure MPLS-TE and Fast-Reroute on OSPF: Example CSPF areas are configured on a per-path-option basis. The following example shows how to use the traffic-engineering tunnels (tunnel-te) interface and the active path for the MPLS-TE tunnel: configure interface tunnel-te 0 path-option 1 explicit id 6 ospf 126 area 0 path-option 2 explicit name 234 ospf 3 area 7 verbatim path-option 3 dynamic isis mtbf level 1 lockdown commit Configure the Ignore IS-IS Overload Bit Setting in MPLS-TE: Example This example shows how to configure the IS-IS overload bit setting in MPLS-TE: This figure illustrates the IS-IS overload bit scenario: Figure 18: IS-IS overload bit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 262 OL-26056-02 Implementing MPLS Traffic Engineering Configure MPLS-TE and Fast-Reroute on OSPF: ExampleConsider a MPLS TE topology in which usage of nodes that indicated an overload situation was restricted. In this topology, the router R7 exhibits overload situation and hence this node can not be used during TE CSPF. To overcome this limitation, the IS-IS overload bit avoidance (OLA) feature was introduced. This feature allows network administrators to prevent RSVP-TE label switched paths (LSPs) from being disabled when a router in that path has its Intermediate System-to-Intermediate System (IS-IS) overload bit set. The IS-IS overload bit avoidance feature is activated at router R1 using this command: mpls traffic-eng path-selection ignore overload configure mpls traffic-eng path-selection ignore overload commit Related Topics Configuring the Ignore Integrated IS-IS Overload Bit Setting in MPLS-TE, on page 187 Ignore Intermediate System-to-Intermediate System Overload Bit Setting in MPLS-TE, on page 131 Configure Flexible Name-based Tunnel Constraints: Example The following configuration shows the three-step process used to configure flexible name-based tunnel constraints. R2 line console exec-timeout 0 0 width 250 ! logging console debugging explicit-path name mypath index 1 next-address loose ipv4 unicast 3.3.3.3 ! explicit-path name ex_path1 index 10 next-address loose ipv4 unicast 2.2.2.2 index 20 next-address loose ipv4 unicast 3.3.3.3 ! interface Loopback0 ipv4 address 22.22.22.22 255.255.255.255 ! interface tunnel-te1 ipv4 unnumbered Loopback0 signalled-bandwidth 1000000 destination 3.3.3.3 affinity include green affinity include yellow affinity exclude white affinity exclude orange path-option 1 dynamic ! router isis 1 is-type level-1 net 47.0001.0000.0000.0001.00 nsf cisco address-family ipv4 unicast metric-style wide mpls traffic-eng level-1 mpls traffic-eng router-id Loopback0 ! interface Loopback0 passive address-family ipv4 unicast ! ! interface GigabitEthernet0/1/0/0 address-family ipv4 unicast Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 263 Implementing MPLS Traffic Engineering Configure Flexible Name-based Tunnel Constraints: Example! ! interface GigabitEthernet0/1/0/1 address-family ipv4 unicast ! ! interface GigabitEthernet0/1/0/2 address-family ipv4 unicast ! ! interface GigabitEthernet0/1/0/3 address-family ipv4 unicast ! ! ! rsvp interface GigabitEthernet0/1/0/0 bandwidth 1000000 1000000 ! interface GigabitEthernet0/1/0/1 bandwidth 1000000 1000000 ! interface GigabitEthernet0/1/0/2 bandwidth 1000000 1000000 ! interface GigabitEthernet0/1/0/3 bandwidth 1000000 1000000 ! ! mpls traffic-eng interface GigabitEthernet0/1/0/0 attribute-names red purple ! interface GigabitEthernet0/1/0/1 attribute-names red orange ! interface GigabitEthernet0/1/0/2 attribute-names green purple ! interface GigabitEthernet0/1/0/3 attribute-names green orange ! affinity-map red 1 affinity-map blue 2 affinity-map black 80 affinity-map green 4 affinity-map white 40 affinity-map orange 20 affinity-map purple 10 affinity-map yellow 8 ! Related Topics Assigning Color Names to Numeric Values, on page 188 Associating Affinity-Names with TE Links, on page 190 Associating Affinity Constraints for TE Tunnels, on page 192 Flexible Name-based Tunnel Constraints, on page 132 Configure an Interarea Tunnel: Example The following configuration example shows how to configure a traffic engineering interarea tunnel. . Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 264 OL-26056-02 Implementing MPLS Traffic Engineering Configure an Interarea Tunnel: ExampleNote Specifying the tunnel tailend in the loosely routed path is optional. configure interface Tunnel-te1 ipv4 unnumbered Loopback0 destination 192.168.20.20 signalled-bandwidth 300 path-option 1 explicit name path-tunnel1 explicit-path name path-tunnel1 index 10 next-address loose ipv4 unicast 192.168.40.40 index 20 next-address loose ipv4 unicast 192.168.60.60 index 30 next-address loose ipv4 unicast 192.168.20.20 Generally for an interarea tunnel you should configure multiple loosely routed path options that specify different combinations of ABRs (for OSPF) or level-1-2 boundary routers (for IS-IS) to increase the likelihood that the tunnel issuccessfully signaled. In thissimple topology there are no other loosely routed paths. Note Configure Forwarding Adjacency: Example The following configuration example shows how to configure an MPLS-TE forwarding adjacency on tunnel-te 68 with a holdtime value of 60: configure interface tunnel-te 68 forwarding-adjacency holdtime 60 commit Related Topics Configuring MPLS-TE Forwarding Adjacency, on page 199 MPLS-TE Forwarding Adjacency Benefits, on page 136 Configure PCE: Example The following configuration example illustrates a PCE configuration: configure mpls traffic-eng interface pos 0/6/0/0 pce address ipv4 192.168.25.66 router id loopback 0 router ospf 1 router-id 192.168.25.66 area 0 interface pos 0/6/0/0 interface loopback 0 mpls traffic-eng router-id loopback 0 mpls traffic-eng area 0 rsvp interface pos 0/6/0/0 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 265 Implementing MPLS Traffic Engineering Configure Forwarding Adjacency: Examplebandwidth 100 commit The following configuration example illustrates PCC configuration: configure interface tunnel-te 10 ipv4 unnumbered loopback 0 destination 1.2.3.4 path-option 1 dynamic pce mpls traffic-eng interface pos 0/6/0/0 router id loopback 0 router ospf 1 router-id 192.168.25.66 area 0 interface pos 0/6/0/0 interface loopback 0 mpls traffic-eng router-id loopback 0 mpls traffic-eng area 0 rsvp interface pos 0/6/0/0 bandwidth 100 commit Related Topics Configuring a Path Computation Client, on page 200 Configuring a Path Computation Element Address, on page 202 Configuring PCE Parameters, on page 203 Path Computation Element, on page 136 Configure Tunnels for Path Protection: Example The path protection feature is configured only on the source router. The dynamic path option is a prerequisite to configure a path protection. interface tunnel-te150 ipv4 unnumbered Loopback150 autoroute announce destination 151.151.151.151 affinity 11 mask 11 path-protection path-option 2 explicit name p2mp3-p2mp4-p2mp5_1 protected-by 10 path-option 10 dynamic Related Topics Enabling Path Protection for an Interface, on page 206 Assigning a Dynamic Path Option to a Tunnel, on page 208 Forcing a Manual Switchover on a Path-Protected Tunnel, on page 210 Configuring the Delay the Tunnel Takes Before Reoptimization, on page 210 Path Protection, on page 138 Prerequisites for Path Protection, on page 138 Restrictions for Path Protection, on page 139 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 266 OL-26056-02 Implementing MPLS Traffic Engineering Configure Tunnels for Path Protection: ExampleConfigure Automatic Bandwidth: Example The following configuration example illustrates an automatic bandwidth configuration: configure interface tunnel-te6 auto-bw bw-limit min 10000 max 500000 overflow threshold 50 min 1000 limit 3 adjustment-threshold 20 min 1000 application 180 Related Topics Configuring the Collection Frequency, on page 212 Configuring the Automatic Bandwidth Functions, on page 215 MPLS-TE Automatic Bandwidth Overview, on page 139 Configure the MPLS-TE Shared Risk Link Groups: Example The following configuration example shows how to specify the SRLG value of each link that has a shared risk with another link: config t srlg interface POS0/4/0/0 value 10 value 11 | interface POS0/4/0/1 value 10 | The following example shows the SRLG values configured on a specific link. RP/0/RSP0/CPU0:router# show mpls traffic-eng topology brief My_System_id: 100.0.0.2 (OSPF 0 area 0) My_System_id: 0000.0000.0002.00 (IS-IS 1 level-1) My_System_id: 0000.0000.0002.00 (IS-IS 1 level-2) My_BC_Model_Type: RDM Signalling error holddown: 10 sec Global Link Generation 389225 IGP Id: 0000.0000.0002.00, MPLS TE Id: 100.0.0.2 Router Node (IS-IS 1 level-1) IGP Id: 0000.0000.0002.00, MPLS TE Id: 100.0.0.2 Router Node (IS-IS 1 level-2) Link[1]:Broadcast, DR:0000.0000.0002.07, Nbr Node Id:21, gen:389193 Frag Id:0, Intf Address:51.2.3.2, Intf Id:0 Nbr Intf Address:51.2.3.2, Nbr Intf Id:0 TE Metric:10, IGP Metric:10, Attribute Flags:0x0 Attribute Names: SRLGs: 1, 4, 5 Switching Capability:, Encoding: BC Model ID:RDM Physical BW:1000000 (kbps), Max Reservable BW Global:10000 (kbps) Max Reservable BW Sub:10000 (kbps) Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 267 Implementing MPLS Traffic Engineering Configure Automatic Bandwidth: ExampleThe following example shows the configured tunnels and associated SRLG values. RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels Signalling Summary: LSP Tunnels Process: running RSVP Process: running Forwarding: enabled Periodic reoptimization: every 3600 seconds, next in 1363 seconds Periodic FRR Promotion: every 300 seconds, next in 181 seconds Auto-bw enabled tunnels: 0 (disabled) Name: tunnel-te1 Destination: 100.0.0.3 Status: Admin: up Oper: up Path: valid Signalling: recovered path option 1, type explicit path123 (Basis for Setup, path weight 2) OSPF 0 area 0 G-PID: 0x0800 (derived from egress interface properties) SRLGs excluded: 2,3,4,5 6,7,8,9 Bandwidth Requested: 0 kbps CT0 The following example shows all the interfaces associated with SRLG. RP/0/RSP0/CPU0:router# show mpls traffic-eng topo srlg My_System_id: 100.0.0.5 (OSPF 0 area 0) My_System_id: 0000.0000.0005.00 (IS-IS 1 level-2) My_System_id: 0000.0000.0005.00 (IS-IS ISIS-instance-123 level-2) SRLG Interface Addr TE Router ID IGP Area ID __________ ______________ ____________ _______________ 10 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2 11 50.2.3.3 100.0.0.3 IS-IS 1 level-2 12 50.2.3.3 100.0.0.3 IS-IS 1 level-2 30 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2 77 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2 88 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2 1500 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2 10000000 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2 4294967290 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2 4294967295 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2 The following example shows the NHOP and NNHOP backup tunnels with excluded SRLG values. RP/0/RSP0/CPU0:router# show mpls traffic-eng topology path dest 100.0.0.5 exclude-srlg ipaddr Path Setup to 100.0.0.2: bw 0 (CT0), min_bw 0, metric: 30 setup_pri 7, hold_pri 7 affinity_bits 0x0, affinity_mask 0xffff Exclude SRLG Intf Addr : 50.4.5.5 SRLGs Excluded : 10, 30, 1500, 10000000, 4294967290, 4294967295 Hop0:50.5.1.5 Hop1:50.5.1.1 Hop2:50.1.3.1 Hop3:50.1.3.3 Hop4:50.2.3.3 Hop5:50.2.3.2 Hop6:100.0.0.2 The following example shows an extract of explicit-path set to protect a specific interface. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 268 OL-26056-02 Implementing MPLS Traffic Engineering Configure the MPLS-TE Shared Risk Link Groups: ExampleRP/0/RSP0/CPU0:router#sh mpls traffic-eng topology path dest 10.0.0.5 explicit-path name name Path Setup to 100.0.0.5: bw 0 (CT0), min_bw 9999, metric: 2 setup_pri 7, hold_pri 7 affinity_bits 0x0, affinity_mask 0xffff SRLGs Excluded: 10, 30, 77, 88, 1500, 10000000 4294967290, 4294967295 Hop0:50.3.4.3 Hop1:50.3.4.4 Hop2:50.4.5.4 Hop3:50.4.5.5 Hop4:100.0.0.5 Related Topics Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218 Creating an Explicit Path With Exclude SRLG, on page 220 Using Explicit Path With Exclude SRLG, on page 222 Creating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226 Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229 MPLS Traffic Engineering Shared Risk Link Groups, on page 146 Explicit Path, on page 147 Fast ReRoute with SRLG Constraints, on page 148 Importance of Protection, on page 149 Delivery of Packets During a Failure, on page 150 Multiple Backup Tunnels Protecting the Same Interface , on page 150 SRLG Limitations, on page 150 Configure the MPLS-TE Auto-Tunnel Backup: Example The following example shows the auto-tunnel backup configuration for core or edge routers. RP/0/RSP0/CPU0:router(config)# mpls traffic-eng auto-tunnel backup tunnel-id min 60000 max 61000 interface pos 0/1/0/0 auto-tunnel backup attribute-set ab The following example shows the protection (NNHOP and SRLG) that was set on the auto-tunnel backup. RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels 1 Signalling Summary: LSP Tunnels Process: running RSVP Process: running Forwarding: enabled Periodic reoptimization: every 3600 seconds, next in 2524 seconds Periodic FRR Promotion: every 300 seconds, next in 49 seconds Auto-bw enabled tunnels: 1 Name: tunnel-te1 Destination: 200.0.0.3 (auto backup) Status: Admin: up Oper: up Path: valid Signalling: connected Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 269 Implementing MPLS Traffic Engineering Configure the MPLS-TE Auto-Tunnel Backup: Examplepath option 10, type explicit (autob_nnhop_srlg_tunnel1) (Basis for Setup, path weight 11) path option 20, type explicit (autob_nnhop_tunnel1) G-PID: 0x0800 (derived from egress interface properties) Bandwidth Requested: 0 kbps CT0 Creation Time: Fri Jul 10 01:53:25.581 PST (1h 25m 17s ago) Config Parameters: Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff Metric Type: TE (default) AutoRoute: disabled LockDown: disabled Policy class: not set Forwarding-Adjacency: disabled Loadshare: 0 equal loadshares Auto-bw: disabled Fast Reroute: Disabled, Protection Desired: None Path Protection: Not Enabled Auto Backup: Protected LSPs: 4 Protected S2L Sharing Families: 0 Protected S2Ls: 0 Protected i/f: Gi0/1/0/0 Protected node: 20.0.0.2 Protection: NNHOP+SRLG Unused removal timeout: not running History: Tunnel has been up for: 00:00:08 Current LSP: Uptime: 00:00:08 Prior LSP: ID: path option 1 [545] Removal Trigger: configuration changed Path info (OSPF 0 area 0): Hop0: 10.0.0.2 Hop1: 100.0.0.2 Hop2: 100.0.0.3 Hop3: 200.0.0.3 The following example shows automatically created path options for this backup auto-tunnel. RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels 1 detail Signalling Summary: LSP Tunnels Process: running RSVP Process: running Forwarding: enabled Periodic reoptimization: every 3600 seconds, next in 2524 seconds Periodic FRR Promotion: every 300 seconds, next in 49 seconds Auto-bw enabled tunnels: 1 Name: tunnel-te1 Destination: 200.0.0.3 (auto backup) Status: Admin: up Oper: up Path: valid Signalling: connected path option 10, type explicit (autob_nnhop_srlg_tunnel1) (Basis for Setup, path weight 11) path option 20, type explicit (autob_nnhop_tunnel1) G-PID: 0x0800 (derived from egress interface properties) Bandwidth Requested: 0 kbps CT0 Creation Time: Fri Jul 10 01:53:25.581 PST (1h 25m 17s ago) Config Parameters: Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff Metric Type: TE (default) AutoRoute: disabled LockDown: disabled Policy class: not set Forwarding-Adjacency: disabled Loadshare: 0 equal loadshares Auto-bw: disabled Fast Reroute: Disabled, Protection Desired: None Path Protection: Not Enabled Auto Backup (NNHOP+SRLG): Protected LSPs: 4 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 270 OL-26056-02 Implementing MPLS Traffic Engineering Configure the MPLS-TE Auto-Tunnel Backup: ExampleProtected S2L Sharing Families: 0 Protected S2Ls: 0 Protected i/f: Gi0/1/0/0 Protected node: 20.0.0.2 Protection: NNHOP+SRLG Unused removal timeout: not running Path Options Details: 10: Explicit Path Name: (autob_nnhop_srlg_te1) 1: exclude-srlg 50.0.0.1 2: exclude-address 50.0.0.2 3: exclude-node 20.0.0.2 20: Explicit Path Name: (autob_nnhop_te1) 1: exclude-address 50.0.0.1 2: exclude-address 50.0.0.2 3: exclude-node 20.0.0.2 History: Tunnel has been up for: 00:00:08 Current LSP: Uptime: 00:00:08 Prior LSP: ID: path option 1 [545] Removal Trigger: configuration changed Path info (OSPF 0 area 0): Hop0: 10.0.0.2 Hop1: 100.0.0.2 Hop2: 100.0.0.3 Hop3: 200.0.0.3 This example shows the automatically created backup tunnels. RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels brief TUNNEL NAME DESTINATION STATUS STATE tunnel-te0 200.0.0.3 up up tunnel-te1 200.0.0.3 up up tunnel-te2 200.0.0.3 up up tunnel-te50 200.0.0.3 up up *tunnel-te60 200.0.0.3 up up *tunnel-te70 200.0.0.3 up up *tunnel-te80 200.0.0.3 up up RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels tabular Tunnel LSP Destination Source FRR LSP Path Name ID Address Address State State Role Prot ------------------ ------ --------------- --------------- ------- ------- ------ ----- tunnel-te0 549 200.0.0.3 200.0.0.1 up Inact Head InAct tunnel-te1 546 200.0.0.3 200.0.0.1 up Inact Head InAct tunnel-te2 6 200.0.0.3 200.0.0.1 up Inact Head InAct tunnel-te50 6 200.0.0.3 200.0.0.1 up Active Head InAct tunnel-te60 4 200.0.0.3 200.0.0.1 up Active Head InAct tunnel-te70 4 200.0.0.3 200.0.0.1 up Active Head InAct tunnel-te80 3 200.0.0.3 200.0.0.1 up Active Head InAct This example shows the auto-tunnel backup details. RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels auto-tunnel backup detail Name: tunnel-te400 Destination: 1.1.1.1 (auto-tunnel backup) Status: Admin: up Oper: up Path: valid Signalling: connected path option 20, type explicit (autob_nnhop_te400) (Basis for Setup, path weight 2) path option 10, type explicit (autob_nnhop_srlg_te400) [disabled] G-PID: 0x0800 (derived from egress interface properties) Bandwidth Requested: 0 kbps CT0 Creation Time: Thu Aug 16 18:30:41 2012 (00:01:28 ago) Config Parameters: Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff Metric Type: TE (default) Metric Type: TE (default) Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 271 Implementing MPLS Traffic Engineering Configure the MPLS-TE Auto-Tunnel Backup: ExampleHop-limit: disabled AutoRoute: disabled LockDown: disabled Policy class: not set Forwarding-Adjacency: disabled Loadshare: 0 equal loadshares Auto-bw: disabled Fast Reroute: Disabled, Protection Desired: None Path Protection: Not Enabled Soft Preemption: Disabled Auto Backup: Protected LSPs: 1 Protected S2L Sharing Families: 0 Protected S2L: 0 Protected i/f: Gi0/1/0/3 Protected node: 3.3.3.3 Attribute-set: ab1 Protection: NNHOP Unused removal timeout: not running Path Option Details: 10: Explicit Path Name: (autob_nnhop_srlg_te400) 1: exclude-srlg 34.9.0.4 2: exclude-address 34.9.0.3 3: exclude-node 3.3.3.3 20: Explicit Path Name: (autob_nnhop_te400) 1: exclude-address 34.9.0.4 2: exclude-address 34.9.0.3 3: exclude-node 3.3.3.3 SNMP Index: 221 History: Tunnel has been up for: 00:00:34 (since Thu Aug 16 18:31:35 EST 2012) Current LSP: Uptime: 00:00:34 (since Thu Aug 16 18:31:35 EST 2012) Current LSP Info: Instance: 2, Signaling Area: OSPF 100 area 1.2.3.4 Uptime: 00:00:34 (since Thu Aug 16 18:31:35 EST 2012) Outgoing Interface: GigabitEthernet0/1/0/2, Outgoing Label: 16000 Router-IDs: local 4.4.4.4 downstream 2.2.2.2 Soft Preemption: None Path Info: Outgoing: Explicit Route: Strict, 24.9.0.2 Strict, 12.9.1.1 Strict, 1.1.1.1 Record Route: Empty Tspec: avg rate=0 kbits, burst=1000 bytes, peak rate=0 kbits Session Attributes: Local Prot: Not Set, Node Prot: Not Set, BW Prot: Not Set Soft Preemption Desired: Not Set Resv Info: Record Route: IPv4 24.9.0.2, flags 0x0 IPv4 12.9.1.1, flags 0x0 Fspec: avg rate=0 kbits, burst=1000 bytes, peak rate=0 kbits Displayed 1 (of 104) heads, 0 (of 0) midpoints, 0 (of 201) tails Displayed 1 up, 0 down, 0 recovering, 0 recovered heads This example shows the automatically created backup tunnels. RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels auto-tunnel backup tabular Tunnel LSP Destination Source Tun FRR LSP Path Name ID Address Address State State Role Prot ----------------- ----- --------------- --------------- ------ ------ ---- ----- *tunnel-te400 2 1.1.1.1 4.4.4.4 up Inact Head Inact *tunnel-te401 2 3.3.3.3 4.4.4.4 up Inact Head Inact * = automatically created backup tunnel RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels auto-tunnel backup brief TUNNEL NAME DESTINATION STATUS STATE *tunnel-te400 1.1.1.1 up up *tunnel-te401 3.3.3.3 up up * = automatically created backup tunnel Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 272 OL-26056-02 Implementing MPLS Traffic Engineering Configure the MPLS-TE Auto-Tunnel Backup: ExampleDisplayed 2 (of 104) heads, 0 (of 0) midpoints, 0 (of 201) tails Displayed 2 up, 0 down, 0 recovering, 0 recovered heads This example shows the attribute-set for auto-backup tunnels. RP/0/RSP0/CPU0:router# show mpls traffic-eng attribute-set auto-backup Attribute Set Name: ab (Type: auto-backup) Number of affinity constraints: 2 Include bit map : 0x4 Include name : blue Exclude bit map : 0x2 Exclude name : red Priority: 7 7 (Default) Record-route: Enabled Policy-class: 1 Logging: reoptimize, state List of protected interfaces (count 1) POS0_3_0_1 List of tunnel IDs (count 1) 3000 This example shows the attribute-set for auto-mesh tunnels. RP/0/RSP0/CPU0:router# show mpls traffic-eng attribute-set auto-mesh Attribute Set Name: am (Type: auto-mesh) Bandwidth: 100 kbps (CT0) Number of affinity constraints: 2 Include bit map : 0x8 Include name : yellow Exclude bit map : 0x2 Exclude name : red Priority: 2 2 Interface Bandwidth: 0 kbps (Default) AutoRoute Announce: Disabled Auto-bw: Disabled Soft Preemption: Disabled Fast Reroute: Enabled, Protection Desired: Node, Bandwidth Record-route: Enabled Policy-class: 0 (Not configured) Logging: None List of Mesh Groups (count 1) 1 This example shows the details about the tunnel that is using auto-backup type of attribute-set. RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels attribute-set auto-backup ab Name: tunnel-te3000 Destination: 1.1.1.1 (auto-tunnel backup) Status: Admin: up Oper: up Path: valid Signalling: connected path option 20, type explicit (autob_nhop_te3000) (Basis for Setup, path weight 2) path option 10, type explicit (autob_nhop_srlg_te3000) [disabled] G-PID: 0x0800 (derived from egress interface properties) Bandwidth Requested: 0 kbps CT0 Creation Time: Tue Aug 14 23:24:27 2012 (00:05:28 ago) Config Parameters: Bandwidth: 0 kbps (CT0) Priority: 7 7 Number of affinity constraints: 2 Include bit map : 0x4 Include name : blue Exclude bit map : 0x2 Exclude name : red Metric Type: TE (default) Hop-limit: disabled AutoRoute: disabled LockDown: disabled Policy class: 1 Forwarding-Adjacency: disabled Loadshare: 0 equal loadshares Auto-bw: disabled Fast Reroute: Disabled, Protection Desired: None Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 273 Implementing MPLS Traffic Engineering Configure the MPLS-TE Auto-Tunnel Backup: ExamplePath Protection: Not Enabled Soft Preemption: Disabled Auto Backup: Protected LSPs: 2 Protected S2L Sharing Families: 0 Protected S2L: 0 Protected i/f: PO0/3/0/1 Attribute-set: ab Protection: NHOP Unused removal timeout: not running History: Tunnel has been up for: 00:04:57 (since Tue Aug 14 23:24:58 EST 2012) Current LSP: Uptime: 00:04:57 (since Tue Aug 14 23:24:58 EST 2012) Path info (OSPF 100 area 16909060): Node hop count: 2 Hop0: 23.9.0.2 Hop1: 12.9.0.2 Hop2: 12.9.0.1 Hop3: 1.1.1.1 Displayed 1 (of 7) heads, 0 (of 3) midpoints, 0 (of 0) tails Displayed 1 up, 0 down, 0 recovering, 0 recovered heads This example shows the protected interface for auto-backup auto-tunnels. RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels backup protected-interface Interface: Gi0/2/0/1 (auto-tunnel backup) SRLG: N/A, NHOP-only: No Attribute-set: Not configured Auto-tunnel backup recreate time remaining: timer not running No backup tunnel found Interface: Gi0/2/0/3 tunnel-te340 PROTECTED : out i/f: PO0/3/0/2 Admin: up Oper: up Interface: PO0/3/0/1 (auto-tunnel backup) SRLG: N/A, NHOP-only: No Attribute-set: ab Auto-tunnel backup recreate time remaining: timer not running *tunnel-te3000 NHOP : out i/f: Gi0/2/0/2 Admin: up Oper: up * = automatically created backup tunnel This example shows the details about all the tunnels that are using auto-mesh type of attribute-set. RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels attribute-set auto-mesh all Name: tunnel-te3501 Destination: 1.1.1.1 (auto-tunnel mesh) Status: Admin: up Oper: up Path: valid Signalling: connected path option 10, type dynamic (Basis for Setup, path weight 2) G-PID: 0x0800 (derived from egress interface properties) Bandwidth Requested: 100 kbps CT0 Creation Time: Tue Aug 14 23:25:41 2012 (00:06:13 ago) Config Parameters: Bandwidth: 100 kbps (CT0) Priority: 2 2 Number of affinity constraints: 2 Include bit map : 0x8 Include name : yellow Exclude bit map : 0x2 Exclude name : red Metric Type: TE (default) Hop-limit: disabled AutoRoute: disabled LockDown: disabled Policy class: not set Forwarding-Adjacency: disabled Loadshare: 0 equal loadshares Auto-bw: disabled Fast Reroute: Enabled, Protection Desired: Node, Bandwidth Path Protection: Not Enabled Attribute-set: am (type auto-mesh) Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 274 OL-26056-02 Implementing MPLS Traffic Engineering Configure the MPLS-TE Auto-Tunnel Backup: ExampleSoft Preemption: Disabled Auto-tunnel Mesh: Group ID: 1 Destination list: blah Unused removal timeout: not running History: Tunnel has been up for: 00:06:13 (since Tue Aug 14 23:25:41 EST 2012) Current LSP: Uptime: 00:06:13 (since Tue Aug 14 23:25:41 EST 2012) Path info (OSPF 100 area 16909060): Node hop count: 2 Hop0: 23.9.0.2 Hop1: 12.9.0.2 Hop2: 12.9.0.1 Hop3: 1.1.1.1 Name: tunnel-te3502 Destination: 2.2.2.2 (auto-tunnel mesh) Status: Admin: up Oper: up Path: valid Signalling: connected path option 10, type dynamic (Basis for Setup, path weight 1) G-PID: 0x0800 (derived from egress interface properties) Bandwidth Requested: 100 kbps CT0 Creation Time: Tue Aug 14 23:25:41 2012 (00:06:13 ago) Config Parameters: Bandwidth: 100 kbps (CT0) Priority: 2 2 Number of affinity constraints: 2 Include bit map : 0x8 Include name : yellow Exclude bit map : 0x2 Exclude name : red Metric Type: TE (default) Hop-limit: disabled AutoRoute: disabled LockDown: disabled Policy class: not set Forwarding-Adjacency: disabled Loadshare: 0 equal loadshares Auto-bw: disabled Fast Reroute: Enabled, Protection Desired: Node, Bandwidth Path Protection: Not Enabled Attribute-set: am (type auto-mesh) Soft Preemption: Disabled Auto-tunnel Mesh: Group ID: 1 Destination list: blah Unused removal timeout: not running History: Tunnel has been up for: 00:06:13 (since Tue Aug 14 23:25:41 EST 2012) Current LSP: Uptime: 00:06:13 (since Tue Aug 14 23:25:41 EST 2012) Path info (OSPF 100 area 16909060): Node hop count: 1 Hop0: 23.9.0.2 Hop1: 2.2.2.2 Name: tunnel-te3503 Destination: 4.4.4.4 (auto-tunnel mesh) Status: Admin: up Oper: down Path: not valid Signalling: Down path option 10, type dynamic Last PCALC Error: Tue Aug 14 23:31:26 2012 Info: No path to destination, 4.4.4.4 (affinity) G-PID: 0x0800 (derived from egress interface properties) Bandwidth Requested: 100 kbps CT0 Creation Time: Tue Aug 14 23:25:41 2012 (00:06:13 ago) Config Parameters: Bandwidth: 100 kbps (CT0) Priority: 2 2 Number of affinity constraints: 2 Include bit map : 0x8 Include name : yellow Exclude bit map : 0x2 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 275 Implementing MPLS Traffic Engineering Configure the MPLS-TE Auto-Tunnel Backup: ExampleExclude name : red Metric Type: TE (default) Hop-limit: disabled AutoRoute: disabled LockDown: disabled Policy class: not set Forwarding-Adjacency: disabled Loadshare: 0 equal loadshares Auto-bw: disabled Fast Reroute: Enabled, Protection Desired: Node, Bandwidth Path Protection: Not Enabled Attribute-set: am (type auto-mesh) Soft Preemption: Disabled Auto-tunnel Mesh: Group ID: 1 Destination list: blah Unused removal timeout: not running Displayed 3 (of 7) heads, 0 (of 3) midpoints, 0 (of 0) tails Displayed 2 up, 1 down, 0 recovering, 0 recovered heads Related Topics Enabling an AutoTunnel Backup, on page 169 Removing an AutoTunnel Backup, on page 170 Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPs, on page 172 Establishing Next-Hop Tunnels with Link Protection, on page 174 Backup AutoTunnels, on page 123 Configure Point-to-Multipoint TE: Examples These configuration examples show how to configure Point-to-Multipoint TE: P2MP Topology Scenario: Example Thissection describes a typicalscenario of point-to-multipoint traffic engineering toplogy. Thisfigure illustrates the P2MP toplogy. Figure 19: P2MP Topology This head router describes the configuration at head node. This router does the imposition of MPLS at head node. interface tunnel-mte1 ipv4 unnumbered Loopback0 destination 1.1.1.1 path-option 1 explicit name path-to-tail1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 276 OL-26056-02 Implementing MPLS Traffic Engineering Configure Point-to-Multipoint TE: Examples! destination 2.2.2.2 path-option 1 explicit name path-to-tail2 ! fast-reroute mpls traffic-eng interface GigabitEthernet0/1/3/0 ! interface GigabitEthernet0/1/3/7 ! multicast-routing address-family ipv4 nsf interface all enable ! address-family ipv6 nsf interface all enable ! ! ! router igmp vrf default interface tunnel-mte1 static-group 232.0.0.1 192.168.10.1 ! This mid router describesthe configuration at mid node. Thisrouter performsthe role of MPLS label replication at mid node. mpls traffic-eng interface POS0/2/0/0 ! interface POS0/2/0/1 backup-path tunnel-te 1000 ! interface TenGigE0/3/0/3 ! interface GigabitEthernet0/2/5/0 ! ! This tail router describes the configuration at tail node. This router performs the role of MPLS disposition at tail node. mpls traffic-eng interface POS0/0/3/0 ! ! multicast-routing address-family ipv4 interface all enable ! core-tree-protocol rsvp-te group-list lsm static-rpf 192.168.10.1 32 mpls 5.5.5.5 ! ! This configuration describes the Fast Reroute configuration in the MPLS network. explicit-path name backup-path-to-tail1 index 1 next-address strict 198.1.1.2 index 2 next-address strick 198.1.2.2 ! interface tunnel-te1000 <<< backup p2p tunnel ipv4 unnumbered Loopback0 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 277 Implementing MPLS Traffic Engineering Configure Point-to-Multipoint TE: Examplesdestination 140.140.140.140 path-option 1 explicit name backup-path-to-tail1 ! mpls traffic-eng interface POS0/2/0/0 ! interface POS0/2/0/1 backup-path tunnel-te 1000 ! interface TenGigE0/5/0/4 ! Configure Point-to-Multipoint for the Source: Example At the source, multicast routing must be enabled on both the tunnel-mte interface and customer-facing interface. Then, the static-group must be configured on the tunnel-mte interface to forward specified multicast traffic over P2MP LSP. The multicast group address, which is in Source-Specific Multicast (SSM) address range (ff35::/16), must be used on the static-group configuration because Cisco IOS XR software supports only SSM for Label Switch Multicast (LSM). Additionally, the customer-facing interface must have an IPv6 address. Note multicast-routing address-family ipv6 interface tunnel-mte 1 enable ! interface GigabitEthernet0/2/0/3 enable ! ! ! router mld vrf default interface tunnel-mte 1 static-group ff35::1 2000::1 3eFF::A ! ! ! interface tunnel-mte 1 ipv4 unnumbered Loopback0 destination 3.3.3.3 path-option 1 dynamic destination 4.4.4.4 path-option 1 dynamic ! ! Related Topics Point-to-Multipoint Traffic-Engineering Overview, on page 142 Point-to-Multipoint RSVP-TE , on page 144 Configure the Point-to-Multipoint Tunnel: Example There is no difference between logging events at the tunnel level for both P2P and P2MP. The P2MP tunnel reoptimizes only at the per tunnel level. interface tunnel-mte1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 278 OL-26056-02 Implementing MPLS Traffic Engineering Configure Point-to-Multipoint TE: Examplesipv4 unnumbered Loopback0 destination 60.60.60.60 logging events lsp-status state logging events lsp-status reroute path-option 10 explicit name toR6_via_R2andR3 ! logging events lsp-status reoptimize logging events lsp-status state logging events lsp-status reroute fast-reroute record-route ! explicit-path name PATH7 index 1 next-address strict ipv4 unicast 192.168.7.2 index 2 next-address strict ipv4 unicast 192.168.7.1 index 3 next-address strict ipv4 unicast 192.168.16.1 index 4 next-address strict ipv4 unicast 192.168.16.2 ! Related Topics Path Option for Point-to-Multipoint RSVP-TE, on page 145 Point-to-Multipoint Traffic-Engineering Overview, on page 142 Disable a Destination: Example From the tunnel-mte interface, you can disable the destination. interface tunnel-mte101 ipv4 unnumbered Loopback0 destination 150.150.150.150 disable path-option 10 dynamic ! destination 150.150.150.150 path-option 2 dynamic ! ! Related Topics Point-to-Multipoint Traffic-Engineering Overview, on page 142 Configure the Point-to-Multipoint Solution: Example Requirements for MPLS-TE Configuration Before the Point-to-Multipoint (P2MP) tunnel is defined, these MPLS-TE requirements must be configured: • Multiprotocol Label Switching traffic engineering (MPLS-TE) • Resource ReSerVation Protocol (RSVP) • Open Shortest Path First (OSPF) This example shows the entire P2MP solution: • Source is the location where the P2MP-TE tunnel interface is created. • Tunnel contains multiple destinations. For example, the P2MP-TE tunnel is configured with two leaf node destinations by using the dynamic and explicit path options. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 279 Implementing MPLS Traffic Engineering Configure Point-to-Multipoint TE: Examples• Fast-Reroute (FRR) is specified on the P2MP tunnel. • All regular TE tunnel options such as affinity or bandwidth are configured. • Static mapping of the group address to the P2MP tunnel is done in IGMP. Internet Group Management Protocol (IGMP). • The P2MP-TE midpoint configuration requires only TE and Interior Gateway Protocol (IGP) information. • The P2MP-TE receiver configuration requires a static group and RPF map. ! explicit-path name g2-r2-r1 index 1 next-address strict ipv4 unicast 10.2.15.1 ! explicit-path name g2-r2-r3 index 1 next-address strict ipv4 unicast 10.2.25.1 index 2 next-address strict ipv4 unicast 10.2.23.2 ! explicit-path name g2-r2-r4 index 1 next-address strict ipv4 unicast 10.2.25.1 index 2 next-address strict ipv4 unicast 10.2.24.2 ! ipv4 access-list ssm 10 permit ipv4 232.1.0.0/16 any 20 permit ipv4 232.3.0.0/16 any 30 permit ipv4 232.4.0.0/16 any ! ipv4 access-list ssm-test 10 permit ipv4 235.0.0.0/8 any ! interface Loopback0 ipv4 address 192.168.1.2 255.255.255.255 ! interface tunnel-mte221 ipv4 unnumbered Loopback0 destination 192.168.1.1 path-option 1 dynamic ! destination 192.168.1.3 path-option 1 dynamic ! destination 192.168.1.4 path-option 1 dynamic ! ! interface tunnel-mte222 ipv4 unnumbered Loopback0 destination 192.168.1.1 path-option 1 explicit name g2-r2-r1 ! destination 192.168.1.3 path-option 1 explicit name g2-r2-r3 ! destination 192.168.1.4 path-option 1 explicit name g2-r2-r4 ! signalled-bandwidth 1000 ! interface MgmtEth0/RP0/CPU0/0 ipv4 address 172.20.163.12 255.255.255.128 ! interface MgmtEth0/RP1/CPU0/0 shutdown ! interface GigabitEthernet0/0/0/0 ipv4 address 172.2.1.2 255.255.255.0 load-interval 30 ! Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 280 OL-26056-02 Implementing MPLS Traffic Engineering Configure Point-to-Multipoint TE: Examplesinterface GigabitEthernet0/0/0/1 ipv4 address 10.1.15.2 255.255.255.0 ! interface GigabitEthernet0/0/0/1.2 ipv4 address 10.2.15.2 255.255.255.0 dot1q vlan 2 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.1.25.2 255.255.255.0 ! interface GigabitEthernet0/0/0/2.2 ipv4 address 10.2.25.2 255.255.255.0 dot1q vlan 2 ! interface GigabitEthernet0/0/0/3 shutdown ! interface GigabitEthernet0/0/0/4 shutdown ! interface GigabitEthernet0/0/0/5 shutdown ! interface GigabitEthernet0/0/0/6 shutdown ! interface GigabitEthernet0/0/0/7 shutdown ! router static address-family ipv4 unicast 0.0.0.0/0 1.56.0.1 0.0.0.0/0 172.20.163.1 ! ! router ospf 100 nsr router-id Loopback0 area 0 mpls traffic-eng interface Loopback0 ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/1.2 ! interface GigabitEthernet0/0/0/2 ! interface GigabitEthernet0/0/0/2.2 ! ! mpls traffic-eng router-id Loopback0 ! mpls oam ! rsvp interface GigabitEthernet0/0/0/0 bandwidth 20000 ! interface GigabitEthernet0/0/0/1 bandwidth 20000 ! interface GigabitEthernet0/0/0/2 bandwidth 20000 ! interface GigabitEthernet0/0/0/1.2 bandwidth 20000 ! interface GigabitEthernet0/0/0/2.2 bandwidth 20000 ! Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 281 Implementing MPLS Traffic Engineering Configure Point-to-Multipoint TE: Examples! mpls traffic-eng interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/2 ! interface GigabitEthernet0/0/0/1.2 ! interface GigabitEthernet0/0/0/2.2 ! ! mpls ldp router-id 192.168.1.2 nsr graceful-restart interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/1.2 ! interface GigabitEthernet0/0/0/2 ! interface GigabitEthernet0/0/0/2.2 ! ! multicast-routing address-family ipv4 core-tree-protocol rsvp-te ssm range ssm static-rpf 172.1.1.1 32 mpls 192.168.1.1 static-rpf 172.3.1.1 32 mpls 192.168.1.3 static-rpf 172.4.1.1 32 mpls 192.168.1.4 interface all enable ! ! router igmp ! interface tunnel-mte221 static-group 232.2.2.1 172.2.1.1 ! interface tunnel-mte222 static-group 232.2.2.2 172.2.1.1 ! interface GigabitEthernet0/0/0/0 static-group 232.1.2.1 172.1.1.1 static-group 232.1.2.2 172.1.1.1 static-group 232.3.2.1 172.3.1.1 static-group 232.3.2.2 172.3.1.1 static-group 232.4.2.1 172.4.1.1 static-group 232.4.2.2 172.4.1.1 ! ! end Related Topics Point-to-Multipoint Traffic-Engineering Overview, on page 142 Point-to-Multipoint RSVP-TE , on page 144 Path Option for Point-to-Multipoint RSVP-TE, on page 145 Point-to-Multipoint Traffic-Engineering Overview, on page 142 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 282 OL-26056-02 Implementing MPLS Traffic Engineering Configure Point-to-Multipoint TE: ExamplesAdditional References For additional information related to implementing MPLS-TE, refer to the following references: Related Documents Related Topic Document Title MPLS Traffic Engineering Commands on Cisco ASR 9000 Series Router module in CiscoASR9000SeriesAggregationServicesRouterMPLS Command Reference MPLS-TE commands CiscoASR9000SeriesAggregationServicesRouterGetting Started Guide Getting started material Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — RFCs RFCs Title Protocol Extensions for Support of Diffserv-aware MPLS Traffic Engineering, F. Le Faucheur, Ed. June 2005. (Format: TXT=79265 bytes) (Status: PROPOSED STANDARD) RFC 4124 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 283 Implementing MPLS Traffic Engineering Additional ReferencesRFCs Title Maximum Allocation Bandwidth Constraints Model for Diffserv-aware MPLS Traffic Engineering, F. Le Faucheur, W. Lai. June 2005. (Format: TXT=22585 bytes) (Status: EXPERIMENTAL) RFC 4125 Russian Dolls Bandwidth Constraints Model for Diffserv-aware MPLS Traffic Engineering, F. Le Faucheur, Ed. June 2005. (Format: TXT=23694 bytes) (Status: EXPERIMENTAL) RFC 4127 Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 284 OL-26056-02 Implementing MPLS Traffic Engineering Additional ReferencesC H A P T E R 5 Implementing MPLS OAM This module describes Multiprotocol Label Switching (MPLS) P2MP Ping and Traceroute features. These feature provide a means to check connectivity, isolate failure point, thus providing the MPLS Operations, Administration, and Maintenance (OAM) solution. For detailed information about MPLS commands and examples, see Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference. Feature History for Implementing MPLS OAM Release Modification Release 4.1.0 This feature was introduced. • Prerequisites for MPLS LSP Ping and Traceroute for P2MP, page 285 • MPLS Network Management with MPLS LSP Ping and MPLS LSP Traceroute, page 286 • Roles of Various Routers, page 286 • P2MP Ping, page 287 • P2MP Traceroute, page 288 • Configure the Ping and Traceroute: Example, page 288 Prerequisites for MPLS LSP Ping and Traceroute for P2MP Before you use the MPLS LSP Ping and Traceroute for P2MP feature, you should have the support for following: • Cisco IOS XR software Release 4.1.0or a later release • Configure Resource Reservation Protocol (RSVP) features on the headend, midpoint, and tailend routers in the MPLS network • Configure traffic engineering features on the headend, midpoint, and tailend routersin the MPLS network • Enable MPLS OAM using the mpls oam command on all routers in the MPLS network Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 285MPLS Network Management with MPLS LSP Ping and MPLS LSP Traceroute To manage an MPLS network, you must have the ability to monitor LSPs and quickly isolate MPLS forwarding problems. You need ways to characterize the liveliness of an LSP and reliably detect when an LSP fails to deliver user traffic. You can use MPLS LSP ping to verify the LSP that is used to transport packets. You can use MPLS LSP traceroute to trace LSPs that are used to carry packets destined for P2MP LSP. An MPLS echo request is sent through an LSP to validate it. A TTL expiration or LSP breakage causes the transit router to processthe echo request before it gets to the intended destination. The router returns an MPLS echo reply that contains an explanatory reply code to the originator of the echo request. The successful echo request is processed at the egress of the LSP. The echo reply is sent through an IP path, an MPLS path, or a combination of both, back to the originator of the echo request. Roles of Various Routers A P2MP TE network contains the following elements: • Headend Router The headend router, also called the source or ingress router, is responsible for initiating the signaling messages that set up the P2MP TE LSP. The headend router can also be a branch point, which means the router performs packet replication and the sub-LSPs split into different directions. • Midpoint Router The midpoint router is where the sub-LSP signaling is processed. The midpoint router can be a branch point. • Tailend Router The tailend router, also called the destination, egress, or leaf-node router, is where sub-LSP signaling ends. The router which is one of potentially many destinations of the P2MP TE LSP. • Bud Router A bud router is a midpoint and tailend router at the same time. An LSR that is an egress LSR, but also has one or more directly connected downstream LSRs. • Branch Router A branch router is either a midpoint or tailend router at any given time. • Transit Router A transit router is an LSR that is not an egress router, but also has one or more directly connected downstream routers. • A P2MP tunnel consists of one or more sub-LSPs.All sub-LSPs belonging to the same P2MP tunnel employ the same constraints, protection policies, and so on, which are configured at the headend router. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 286 OL-26056-02 Implementing MPLS OAM MPLS Network Management with MPLS LSP Ping and MPLS LSP TracerouteFigure 20: Elements of P2MP TE Network illustrates the elements of P2MP TE network. Figure 20: Elements of P2MP TE Network P2MP TE tunnels build on the features that exist in basic point-to-point TE tunnels. The P2MP TE tunnels have the following characteristics: • There is one source (headend) but more than one destination (tailend). • They are unidirectional. • They are explicitly routed. • Multiple sub-LSPs connect the headend router to various tailend routers. P2MP Ping The P2MP ping feature is used to check the connectivity between Ingress LSR and egress LSR, along a P2MP LSP. The Ingress LSR sends the P2MP echo request message along the specified P2MP LSP. All egress LSRs which receive the P2MP echo request message from the ingress LSR must send a P2MP echo reply message to the ingress LSR, according to the reply mode specified in the P2MP echo request message. MPLS LSP ping uses MPLS echo request and reply packets to validate an LSP. You can use MPLS LSP ping to validate RSVP P2MP IPv4 FECs by using appropriate keywords and arguments with the ping mpls command. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 287 Implementing MPLS OAM P2MP PingThe MPLS echo request packet issent to a target router through the use of the appropriate labelstack associated with the LSP to be validated. Use of the label stack causes the packet to be forwarded over the LSP itself. The destination IP address of the MPLS echo request packet is different from the address used to select the label stack. The destination IP address is defined as a 127.x.y.z/8 address. The 127.x.y.z/8 address prevents the IP packet from being IP switched to its destination, if the LSP is broken. An MPLS echo reply is sent in response to an MPLS echo request. The reply is sent as an IP packet and it is forwarded using IP, MPLS, or a combination of both types of switching. The source address of the MPLS echo reply packet is an address obtained from the router generating the echo reply. The destination address is the source address of the router that originated the MPLS echo request packet. The MPLS echo reply destination port is set to the echo request source port. Only P2MP TE LSP IPv4 is supported. If the Responder Identifier TLV is missing, the echo request requests information from all responder-ids. Note Jitter Jitter is used to reduce the load on the LSR where the ping is performed. By adding a jitter, the replying routers will space their reply time based on a random number between 0 and the jitter value, Jitter TLV, specified in the packet. P2MP Traceroute The P2MP traceroute feature is used to isolate the failure point of a P2MP LSP. It is used for hop-by-hop fault localization and path tracing. The traceroute feature relies on the expiration of the TTL of the packet that carries the echo request. When the P2MP echo request message hits a transit node, it checks the TTL and if it is expired, the packet is punted to the control plane, else the message is forwarded or replicated. If punted to the control plane, a reply message is build based on the contents of the request message. Traceroute can be applied to all nodes in the P2MP tree. However, you can select a specific traceroute target through the P2MP Responder Identifier TLV. An entry in this TLV represents an responder-id or a transit node. This is only the case for P2MP TE LSPs. Only P2MP TE LSP IPv4 is supported. If the Responder Identifier TLV is missing, the echo request requests information from all responder-ids. Note Jitter Jitter is used to reduce the load on the LSR where the traceroute is performed. By adding a jitter, the replying routers will space their reply time based on a random number between 0 and the jitter value, , Jitter TLV, specified in the packet. For more information about ping and traceroute commands, see MPLS OAM commands chapter in the Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference. Configure the Ping and Traceroute: Example This section contains examples of the ping and traceroute commands, based on this topology. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 288 OL-26056-02 Implementing MPLS OAM P2MP TracerouteThis example shows multiple destinations set on the assigned LSP path. RP/0/RSP0/CPU0:router# show run int tunnel-mte 10 interface tunnel-mte10 ipv4 unnumbered Loopback0 destination 11.0.0.1 path-option 1 dynamic ! destination 12.0.0.1 path-option 1 dynamic ! destination 13.0.0.1 path-option 1 dynamic ! ! This example shows an extract of the ping command. # ping mpls traffic-eng tunnel-mte 10 Sending 1, 100-byte MPLS Echos to tunnel-mte10, timeout is 2.2 seconds, send interval is 0 msec, jitter value is 200 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP Type escape sequence to abort. Request #1 ! reply addr 192.168.222.2 ! reply addr 192.168.140.2 ! reply addr 192.168.170.1 Success rate is 100 percent (3 received replies/3 expected replies), round-trip min/avg/max = 154/232/302 ms This example shows an extract of the ping command with the jitter option. RP/0/RSP0/CPU0:router# ping mpls traffic-eng tunnel-mte 10 jitter 300 Sending 1, 100-byte MPLS Echos to tunnel-mte10, timeout is 2.3 seconds, send interval is 0 msec, jitter value is 300 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 289 Implementing MPLS OAM Configure the Ping and Traceroute: ExampleType escape sequence to abort. Request #1 ! reply addr 192.168.222.2 ! reply addr 192.168.140.2 ! reply addr 192.168.170.1 Success rate is 100 percent (3 received replies/3 expected replies), round-trip min/avg/max = 148/191/256 ms This example shows an extract of the ping command with the ddmap option. RP/0/RSP0/CPU0:router# ping mpls traffic-eng tunnel-mte 10 ddmap Sending 1, 100-byte MPLS Echos to tunnel-mte10, timeout is 2.2 seconds, send interval is 0 msec, jitter value is 200 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP Type escape sequence to abort. Request #1 ! reply addr 192.168.222.2 ! reply addr 192.168.140.2 ! reply addr 192.168.170.1 Success rate is 100 percent (3 received replies/3 expected replies), round-trip min/avg/max = 105/178/237 ms RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels p2mp 10 Mon Apr 12 12:13:55.075 EST Signalling Summary: LSP Tunnels Process: running RSVP Process: running Forwarding: enabled Periodic reoptimization: every 3600 seconds, next in 654 seconds Periodic FRR Promotion: every 300 seconds, next in 70 seconds Auto-bw enabled tunnels: 0 (disabled) Name: tunnel-mte10 Status: Admin: up Oper: up (Up for 12w4d) Config Parameters: Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff Metric Type: TE (default) Fast Reroute: Not Enabled, Protection Desired: None Record Route: Not Enabled Destination summary: (3 up, 0 down, 0 disabled) Affinity: 0x0/0xffff Auto-bw: disabled Destination: 11.0.0.1 State: Up for 12w4d Path options: path-option 1 dynamic [active] Destination: 12.0.0.1 State: Up for 12w4d Path options: path-option 1 dynamic [active] Destination: 13.0.0.1 State: Up for 12w4d Path options: path-option 1 dynamic [active] Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 290 OL-26056-02 Implementing MPLS OAM Configure the Ping and Traceroute: ExampleHistory: Reopt. LSP: Last Failure: LSP not signalled, identical to the [CURRENT] LSP Date/Time: Thu Jan 14 02:49:22 EST 2010 [12w4d ago] Current LSP: lsp-id: 10002 p2mp-id: 10 tun-id: 10 src: 10.0.0.1 extid: 10.0.0.1 LSP up for: 12w4d Reroute Pending: No Inuse Bandwidth: 0 kbps (CT0) Number of S2Ls: 3 connected, 0 signaling proceeding, 0 down S2L Sub LSP: Destination 11.0.0.1 Signaling Status: connected S2L up for: 12w4d Sub Group ID: 1 Sub Group Originator ID: 10.0.0.1 Path option path-option 1 dynamic (path weight 1) Path info (OSPF 1 area 0) 192.168.222.2 11.0.0.1 S2L Sub LSP: Destination 12.0.0.1 Signaling Status: connected S2L up for: 12w4d Sub Group ID: 2 Sub Group Originator ID: 10.0.0.1 Path option path-option 1 dynamic (path weight 2) Path info (OSPF 1 area 0) 192.168.222.2 192.168.140.3 192.168.140.2 12.0.0.1 S2L Sub LSP: Destination 13.0.0.1 Signaling Status: connected S2L up for: 12w4d Sub Group ID: 3 Sub Group Originator ID: 10.0.0.1 Path option path-option 1 dynamic (path weight 2) Path info (OSPF 1 area 0) 192.168.222.2 192.168.170.3 192.168.170.1 13.0.0.1 Reoptimized LSP (Install Timer Remaining 0 Seconds): None Cleaned LSP (Cleanup Timer Remaining 0 Seconds): None Displayed 1 (of 16) heads, 0 (of 0) midpoints, 0 (of 0) tails Displayed 1 up, 0 down, 0 recovering, 0 recovered heads RP/0/RSP0/CPU0:router# ping mpls traffic-eng tunnel-mte 10 lsp id 10002 Mon Apr 12 12:14:04.532 EST Sending 1, 100-byte MPLS Echos to tunnel-mte10, timeout is 2.2 seconds, send interval is 0 msec, jitter value is 200 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP Type escape sequence to abort. Request #1 ! reply addr 192.168.222.2 ! reply addr 192.168.170.1 ! reply addr 192.168.140.2 Success rate is 100 percent (3 received replies/3 expected replies), round-trip min/avg/max = 128/153/167 ms Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 291 Implementing MPLS OAM Configure the Ping and Traceroute: ExampleThis example shows an extract of the ping command with the responder-id of R3. RP/0/RSP0/CPU0:router# ping mpls traffic-eng tunnel-mte 10 responder-id 13.0.0.1 Mon Apr 12 12:15:34.205 EST Sending 1, 100-byte MPLS Echos to tunnel-mte10, timeout is 2.2 seconds, send interval is 0 msec, jitter value is 200 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP Type escape sequence to abort. Request #1 ! reply addr 192.168.170.1 Success rate is 100 percent (1 received reply/1 expected reply), round-trip min/avg/max = 179/179/179 ms This example shows an extract of the traceroute command with the ttl option. RP/0/RSP0/CPU0:router# traceroute mpls traffic-eng tunnel-mte 10 ttl 4 Mon Apr 12 12:16:50.095 EST Tracing MPLS MTE Label Switched Path on tunnel-mte10, timeout is 2.2 seconds Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP Type escape sequence to abort. ! 1 192.168.222.2 186 ms [Estimated Role: Bud] [L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0] [L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0] ! 2 192.168.222.2 115 ms [Estimated Role: Bud] [L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0] [L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0] ! 2 192.168.140.2 213 ms [Estimated Role: Egress] ! 2 192.168.170.1 254 ms [Estimated Role: Egress] ! 3 192.168.222.2 108 ms [Estimated Role: Bud] [L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0] [L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0] ! 3 192.168.170.1 164 ms [Estimated Role: Egress] ! 3 192.168.140.2 199 ms [Estimated Role: Egress] ! 4 192.168.170.1 198 ms [Estimated Role: Egress] ! 4 192.168.222.2 206 ms [Estimated Role: Bud] [L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0] [L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 This example shows an extract of the traceroute command with the responder-id option. RP/0/RSP0/CPU0:router# traceroute mpls traffic-eng tunnel-mte 10 responder-id 13.0.0.1 Mon Apr 12 12:18:01.994 EST Tracing MPLS MTE Label Switched Path on tunnel-mte10, timeout is 2.2 seconds Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 292 OL-26056-02 Implementing MPLS OAM Configure the Ping and Traceroute: ExampleCodes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP Type escape sequence to abort. d 1 192.168.222.2 113 ms [Estimated Role: Branch] [L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0] [L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0] d 2 192.168.222.2 118 ms [Estimated Role: Branch] [L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0] [L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0] ! 2 192.168.170.1 244 ms [Estimated Role: Egress] d 3 192.168.222.2 141 ms [Estimated Role: Branch] [L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0] [L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0] ! 3 192.168.170.1 204 ms [Estimated Role: Egress] d 4 192.168.222.2 110 ms [Estimated Role: Branch] [L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0] [L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0] ! 4 192.168.170.1 174 ms [Estimated Role: Egress] This example shows an extract of the traceroute command with the jitter option. RP/0/RSP0/CPU0:router# traceroute mpls traffic-eng tunnel-mte 10 responder-id 13.0.0.1 ttl 4 jitter 500 Mon Apr 12 12:19:00.292 EST Tracing MPLS MTE Label Switched Path on tunnel-mte10, timeout is 2.5 seconds Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP Type escape sequence to abort. d 1 192.168.222.2 238 ms [Estimated Role: Branch] [L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0] [L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0] d 2 192.168.222.2 188 ms [Estimated Role: Branch] [L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0] [L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0] ! 2 192.168.170.1 290 ms [Estimated Role: Egress] d 3 192.168.222.2 115 ms [Estimated Role: Branch] [L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0] [L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0] ! 3 192.168.170.1 428 ms [Estimated Role: Egress] d 4 192.168.222.2 127 ms [Estimated Role: Branch] [L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0] [L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0] ! 4 192.168.170.1 327 ms [Estimated Role: Egress] Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 293 Implementing MPLS OAM Configure the Ping and Traceroute: Example Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 294 OL-26056-02 Implementing MPLS OAM Configure the Ping and Traceroute: ExampleC H A P T E R 6 Implementing MPLS Transport Profile This module describes how to implement MPLS transport profile (MPLS-TP) on the router. MPLS-TP supported by IETF enables the migration of transport networks to a packet-based network that efficiently scale to support packetservicesin a simple and cost-effective way. MPLS-TP combinesthe necessary existing capabilities of MPLS with additional minimal mechanisms in order that it can be used in a transport role. MPLS transport profile enables you to create tunnels that provide the transport network service layer over which IP and MPLS traffic traverse. Feature History for Implementing MPLS Transport Profile Release Modification Release 4.2.0 This feature was introduced. • Restrictions for MPLS-TP, page 295 • Information About Implementing MPLS Transport Profile, page 296 • How to Implement MPLS Transport Profile, page 300 Restrictions for MPLS-TP • Penultimate hop popping is not supported. Only ultimate hop popping is supported, because label mappings are configured at the MPLS-TP endpoints. • MPLS-TP links must be configured with IP addresses. • IPv6 addressing is not supported. L2VPN Restrictions • Pseudowire ID Forward Equivalence Class(FEC) (type 128) issupported, but generalized ID FEC (type 129) is not supported. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 295• BFD over pseudowire is not supported. Static pseudowire OAM protocol is used to signal fault on static pseudowire placed over TP tunnels using pseudowire status. • Only Ethernet pseudowire type is supported. Information About Implementing MPLS Transport Profile To implement MPLS-TP, you should understand these concepts: MPLS Transport Profile MPLS Transport Profile (TP) enables you to create tunnels that provide the transport network service layer over which IP and MPLS traffic traverse. MPLS-TP tunnels enable a transition from Synchronous Optical Networking (SONET) and Synchronous Digital Hierarchy (SDH) time-division multiplexing (TDM) technologies to packet switching, to support services with high bandwidth utilization and low cost. Transport networks are connection oriented,statically provisioned, and have long-lived connections. Transport networks usually avoid control protocolsthat change identifierslike labels. MPLS-TP tunnels provide thisfunctionality through statically provisioned bidirectional label switched paths (LSPs). This figure shows the MPLS-TP tunnel: Figure 21: MPLS Transport Profile Tunnel MPLS-TP combines the necessary existing capabilities of MPLS with additional minimal mechanisms in order that it can be used in a transport role. You can set up MPLS-TP through a CLI or a network management system. MPLS-TP tunnels have these characteristics: • An MPLS-TP tunnel can be associated with working LSP, protect LSP, or both LSP • Statically provisioned bidirectional MPLS-TP label switched paths (LSPs) • Symmetric or asymmetric bandwidth reservation • 1:1 path protection with revertive mode for MPLS-TP LSP with revertive mode for MPLS-TP LSP Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 296 OL-26056-02 Implementing MPLS Transport Profile Information About Implementing MPLS Transport Profile• Use of Generic Alert Label (GAL) and Generic Associated Channel Header (G-ACH) to transport control packets; for example, BFD packets and pseudowire OAM packets • BFD is used as a continuity check (CC) mechanism over MPLS-TP LSP • Remote Defect Indication (RDI) based on BFD • Fault OAM functions These services are supported over MPLS-TP tunnels: • Dynamic spoke pseudowire (for H-VPLS) over static MPLS-TP tunnels. • Static spoke pseudowire (for H-VPLS) over static MPLS-TP tunnels. • MS-PW services where static and dynamic pseudowire segments can be concatenated. • MPLS ping and traceroute over MPLS TP LSP and PW. • Static routes over MPLS-TP tunnels. • Pseudowire redundancy for static pseudowire. • VPWS using static or dynamic pseudowire pinned down to MPLS-TP tunnels. • VPLS and H-VPLS using static or dynamic pseudowire pinned down to MPLS-TP tunnels. Bidirectional LSPs MPLS transport profile (MPLS-TP) LSPs are bidirectional and congruent where LSPs traverse the same path in both directions. An MPLS-TP tunnel can be associated with either working MPLS-TP LSP, protect MPLS-TP LSP, or both. The working LSP is the primary LSP backed up by the protect LSP. When a working LSP goes down, protect LSP is automatically activated. In order for an MPLS-TP tunnel to be operationally up, it must be configured with at least one LSP. MPLS-TP Path Protection Path protection provides an end-to-end failure recovery mechanism (that is, full path protection) for MPLS-TP tunnels. MPLS-TP LSPs support 1:1 path protection. You can configure the working and protect LSPs as part of configuring the MPLS-TP tunnel. The working LSP is the primary LSP used to route traffic, while the protect LSP is a backup for a working LSP. If the working LSP fails, traffic is switched to the protect LSP until the working LSP is restored, at which time traffic forwarding reverts back to the working LSP (revertive mode). Fault OAM Support The fault OAM protocols and messages support the provisioning and maintenance of MPLS-TP tunnels and bidirectional LSPs: Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 297 Implementing MPLS Transport Profile Bidirectional LSPs• Generic Associated Channel Generic Associated Channel (G-ACh) is the control channel mechanism associated with MPLS LSPs in addition to MPLS pseudowire. The G-ACh Label (GAL) (Label 13) is a generic alert label to identify the presence of the G-ACh in the label packet. It istaken from the reserved MPLS label space. G-ACh or GAL is used to support in-band OAMs of MPLS-TP LSPs and pseudowires. The OAM messages are used for fault management, connection verification, continuity check and other functions. These messages are forwarded along the specified MPLS LSP: • OAM Fault Management: Alarm Indication Signal (AIS), Link Down Indication (LDI), and Lock Report (LKR) messages (GAL with fault-OAM channel) • OAM Connection Verification: Ping and traceroute messages (GAL with IP channel) • BFD messages (GAL with BFD channel) These messages are forwarded along the specified pseudowire: • Static pseudowire OAM messages (static pseudowire status) • Pseudowire ping and traceroute messages • Fault Management: Alarm Indication Signal (AIS), Link Down Indication (LDI), and Lock Report (LKR) messages LDI messages are generated at midpoint nodes when a failure is detected. The midpoint sends the LDI message to the endpoint that is reachable with the existing failure. The midpoint node also sends LKR messages to the reachable endpoint, when an interface is administratively down. AIS messages are not generated by Cisco platforms, but are processed if received. By default, the reception of LDI and LKR on the active LSP at an endpoint will cause a path protection switchover, while AIS will not. • Fault Management: Emulated Protection Switching for LSP Lockout You can implement a form of Emulated Protection Switching in support of LSP Lockout using customized fault messages. When a Cisco Lockout message is sent, it does not cause the LSP to be administratively down. The Cisco Lockout message causes a path protection switchover and prevents data traffic from using the LSP. The LSP's data path remains up so that BFD and other OAM messages can continue to traverse it. Maintenance of the LSP can take place such as reconfiguring or replacing a midpoint LSR. BFD state over LSP must be up and MPLS ping and traceroute can be used to verify the LSP connectivity, before the LSP is put back into service by removing the lockout. You cannot lockout working and protect LSPs simultaneously. • LSP ping and traceroute For MPLS-TP connectivity verification, you can use ping mpls traffic-eng tunnel-tp and traceroute mpls traffic-eng tunnel-tp commands. You can specify that the echo requests be sent along the working LSP or the protect LSP. You can also specify that the echo request be sent on a locked out MPLS-TP tunnel LSP (either working or protect) if the working or protect LSP is explicitly specified. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 298 OL-26056-02 Implementing MPLS Transport Profile Fault OAM Support• Continuity Check through BFD BFD session is automatically created on MPLS-TP LSPs with default parameters. You can override the default BFD parameters either through global commands or per-tunnel commands. Furthermore, you can optionally specify different BFD parameters for standby LSPs. For example, when an LSP is in standby, BFD hello messages can be sent at smaller frequency to reduce line-card CPU usage. However, when a standby LSP becomes active (for example, due to protection switching), nominal BFD parameters are used for that LSPs(for example, to run BFD hello messages at higher frequency). For more information about BFD, see the Configuring Bidirectional Forwarding Detection on the Cisco ASR 9000 Series Router in the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide. MPLS-TP Links and Physical Interfaces MPLS-TP link IDs may be assigned to physical interfaces only. Bundled interfaces and virtual interfaces are not supported for MPLS-TP link IDs. The MPLS-TP link is used to create a level of indirection between the MPLS-TP tunnel and midpoint LSP configuration and the physical interface. The MPLS-TP link-id command is used to associate an MPLS-TP link ID with a physical interface and next-hop node address. Multiple tunnels and LSPs may then refer to the MPLS-TP link to indicate they are traversing that interface. You can move the MPLS-TP link from one interface to another without reconfiguring all the MPLS-TP tunnels and LSPs that refer to the link. Link IDs must be unique on the router or node. For more information, see the Configuring MPLS-TP Links and Physical Interfaces section. Tunnel LSPs Tunnel LSPs, whether endpoint or midpoint, use the same identifying information. However, it is entered differently. • A midpoint consists of a forward LSP and a reverse LSP. A MPLS-TP LSP mid point is identified by its name, and forward LSP, reverse LSP, or both are configured under a submode. • At the midpoint, determining which end is source and which is destination is arbitrary. That is, if you are configuring a tunnel between your router and a coworker's router, then your router is the source. However, your coworker considers his or her router to be the source. At the midpoint, either router could be considered the source. At the midpoint, the forward direction is from source to destination, and the reverse direction is from destination to source. For more information, see the Configuring MPLS-TP LSPs at Midpoints section. • At the midpoint, the LSP number does not assume default values, and hence must be explicitly configured. • At the endpoint, the local information (source) either comes from the global node ID and global ID, or from locally configured information using the source command after you enter the interface tunnel-tp number command, where number is the local or source tunnel-number. • At the endpoint, the remote information (destination) is configured using the destination command after you enter the interface tunnel-tp number command. The destination command includesthe destination Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 299 Implementing MPLS Transport Profile MPLS-TP Links and Physical Interfacesnode ID, optionally the global ID, and optionally the destination tunnel number. If you do not specify the destination tunnel number, the source tunnel number is used. MPLS-TP IP-less support Generally,MPLS-TP functionality can be deployed with or without an IP address. However, the main motivation for the IP-less model is this: an LSR can be inserted into an MPLS-TP network without changing the configurations on adjacent LSRs. In the past Cisco IOS-XR MPLS-TP release, if an interface does not have a valid IP address, BFD packets cannot be transmitted over that link, and hence MPLS-TP LSP cannot be brought up on that link. In this release, the IP-less TP link operates only in a point-to-point mode. This feature, therefore, makes the need for an IP address on a TP link optional. You may deploy LSRs running Cisco IOS-XR in MPLS-TP networks with or without an IP address. With such extra flexibility, LSRsrunning Cisco IOS-XR can be easily deployed not only with LSRs running IOS, but with LSRs from other vendors too. How to Implement MPLS Transport Profile MPLS Transport Profile (MPLS-TP) supported by IETF enables the migration of transport networks to a packet-based network that efficiently scale to support packet services in a simple and cost effective way. These procedures are used to implement MPLS-TP: Configuring the Node ID and Global ID Perform this task to configure node ID and global ID on the router. SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. tp 4. node-id node-id 5. global-id num DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 300 OL-26056-02 Implementing MPLS Transport Profile MPLS-TP IP-less supportCommand or Action Purpose mpls traffic-eng Enters MPLS TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 2 Enters MPLS transport profile (TP) configuration mode. You can configure MPLS TP specific parameters for the router from this mode. tp Example: RP/0/RSP0/CPU0:router(config-mpls-te)# mpls tp Step 3 Specifiesthe default MPLS TP node ID, which is used asthe default source node ID for all MPLS TP tunnels configured on the router. node-id node-id Example: RP/0/RSP0/CPU0:router(config-mpls-te-tp)# node-id 10.0.0.1 Step 4 The node ID is a 32-bit number represented in IPv4 address format, and can be optionally assigned to each node. Note Specifies the default global ID used for all endpoints and midpoints. This command makesthe node ID globally unique in a multi-provider tunnel. Otherwise, the node ID is only locally meaningful. global-id num Example: RP/0/RSP0/CPU0:router(config-mpls-te-tp)# global-id 10 Step 5 The global ID is a 32-bit number, and can be assigned to each node. Note Configuring Pseudowire OAM Attributes Perform this task to configure pseudowire OAM attributes. SUMMARY STEPS 1. configure 2. l2vpn 3. pw-oam refresh transmit value DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 301 Implementing MPLS Transport Profile Configuring Pseudowire OAM AttributesCommand or Action Purpose l2vpn Enters L2VPN configuration mode. Example: RP/0/RSP0/CPU0:router(config)# l2vpn Step 2 pw-oam refresh transmit value Specifies the OAM timeout refresh intervals. Example: RP/0/RSP0/CPU0:router(config-l2vpn)# pw-oam refresh transmit 20 Step 3 Configuring the Pseudowire Class When you create the pseudowire class, you specify the parameters of the pseudowire, such as the use of the control word and preferred path. SUMMARY STEPS 1. configure 2. l2vpn 3. pw-class name 4. encapsulation mpls 5. preferred-path interface tunnel-tp tunnel-number DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 l2vpn Enters L2VPN configuration mode. Example: RP/0/RSP0/CPU0:router(config)# l2vpn Step 2 Creates a pseudowire OAM class named foo and enters pseudowire OAM class configuration mode. pw-class name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# pw-class foo Step 3 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 302 OL-26056-02 Implementing MPLS Transport Profile Configuring the Pseudowire ClassCommand or Action Purpose encapsulation mpls Sets pseudowire encapsulation to MPLS. Example: RP/0/RSP0/CPU0:router(config-l2vpn-pwc)# encapsulation mpls Step 4 Specifies TP tunnel interface 10 for the preferred-path. preferred-path interface tunnel-tp tunnel-number Example: RP/0/RSP0/CPU0:router(config-l2vpn-pwc-mpls)# preferred-path interface tunnel-tp 10 Step 5 Configuring the Pseudowire Perform this task to configure the pseudowire. SUMMARY STEPS 1. configure 2. interface type interface-path-id 3. pseudowire-class class-name 4. encapsulation mpls 5. preferred-path interface tunnel-tp tunnel-number DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters MPLS transport protocol tunnel interface configuration mode. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config)# interface tunnel-tp 20 Step 2 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 303 Implementing MPLS Transport Profile Configuring the PseudowireCommand or Action Purpose Creates a pseudowire class and enters pseudowire class configuration mode. pseudowire-class class-name Example: RP/0/RSP0/CPU0:router(config-if)# pseudowire-class foo Step 3 encapsulation mpls Specifies the encapsulation type. Example: RP/0/RSP0/CPU0:router# encapsulation mpls Step 4 Step 5 preferred-path interface tunnel-tp tunnel-number Specifies TP tunnel interface 10 for the preferred-path. Example: RP/0/RSP0/CPU0:router# preferred-path interface tunnel-tp 10 When a PW class with tunnel-tp interface as a preferred path is defined, this specified class can be associated with any PW. Note Configuring the MPLS TP Tunnel On the endpoint routers, create an MPLS TP tunnel and configure its parameters. SUMMARY STEPS 1. configure 2. interface tunnel-tp number 3. description tunnel-desc 4. bandwidth num 5. source source node-ID 6. destination destination node-ID [global-id destination global ID] tunnel-id destination tunnel ID] 7. working-lsp 8. in-label num 9. out-label mpls label out-link link ID 10. lsp-number value 11. exit 12. protect-lsp 13. in-label num 14. out-label mpls label out-link link ID 15. lsp-number value 16. exit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 304 OL-26056-02 Implementing MPLS Transport Profile Configuring the MPLS TP TunnelDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters tunnel tp interface configuration mode. The range is from 0 to 65535. interface tunnel-tp number Example: RP/0/RSP0/CPU0:router(config)# interface tunnel-tp 10 Step 2 description tunnel-desc Specifies a tunnel tp description. Example: RP/0/RSP0/CPU0:router(config-if)# description head-end tunnel Step 3 Specifies the tunnel bandwidth in kbps. The range is from 0 to 4294967295. bandwidth num Example: RP/0/RSP0/CPU0:router(config-if)# tp bandwidth 1000 Step 4 source source node-ID Specifies the source node of the tunnel. Example: RP/0/RSP0/CPU0:router(config-if)# source 10.0.0.1 Step 5 destination destination node-ID [global-id destination global Specifies the destination node of the tunnel. ID] tunnel-id destination tunnel ID] Step 6 Example: RP/0/RSP0/CPU0:router(config-if)# destination 10.0.0.1 global-id 10 tunnel-id 2 Specifies a working LSP, also known asthe primary LSP. This LSP is used to route traffic. working-lsp Example: RP/0/RSP0/CPU0:router(config-if)# working-lsp Step 7 in-label num Specifies the in-label. Example: RP/0/RSP0/CPU0:router(config-if-work)# in-label 111 Step 8 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 305 Implementing MPLS Transport Profile Configuring the MPLS TP TunnelCommand or Action Purpose out-label mpls label out-link link ID Specifies the out-label. Example: RP/0/RSP0/CPU0:router(config-if-work)# out-label 111 out-link 10 Step 9 lsp-number value Specifies the LSP ID of the working LSP. Example: RP/0/RSP0/CPU0:router(config-if-work)# lsp-number 10 Step 10 Exits from working LSP interface configuration mode. exit Example: RP/0/RSP0/CPU0:router(config-if-work)# exit Step 11 Specifies a backup for a working LSP. If the working LSP fails, traffic is switched to the protect protect-lsp Example: RP/0/RSP0/CPU0:router(config-if)# protect-lsp Step 12 LSP until the working LSP isrestored, at which time traffic forwarding reverts back to the working LSP. in-label num Specifies the in-label. Example: RP/0/RSP0/CPU0:router(config-if-protect)# in-label 113 Step 13 out-label mpls label out-link link ID Specifies the out-label and out-link. Example: RP/0/RSP0/CPU0:router(config-if-protect)# out-label 112 out-link 2 Step 14 lsp-number value Specifies the LSP ID of the protect LSP. Example: RP/0/RSP0/CPU0:router(config-if-protect)# lsp-number 10 Step 15 exit Exitsfrom protect LSP interface configuration mode. Example: RP/0/RSP0/CPU0:router(config-if-protect)# exit Step 16 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 306 OL-26056-02 Implementing MPLS Transport Profile Configuring the MPLS TP TunnelConfiguring MPLS-TP LSPs at Midpoint Perform this task to configure the MPLS-TP LSPs at the midpoint router. When configuring the LSPs at the midpoint routers, make sure that the configuration does not reflect traffic back to the originating node. Note SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. tp mid name 4. tunnel-name name 5. lsp-number value 6. source node -ID tunnel-id number 7. destination node -ID tunnel-id number 8. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS TE configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng Step 2 tp mid name Specifies the MPLS-TP tunnel mid-point identifier. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# tp mid foo Step 3 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 307 Implementing MPLS Transport Profile Configuring MPLS-TP LSPs at MidpointCommand or Action Purpose Specifies the name of the tunnel whose mid point is being configured. tunnel-name name Example: RP/0/RSP0/CPU0:router(config-mpls-te-tp-mid)# tunnel-name midtunnel Step 4 lsp-number value Specifies the LSP ID. Example: RP/0/RSP0/CPU0:router(config-mpls-te-tp-mid)# lsp-number 10 Step 5 source node -ID tunnel-id number Specifies the source node ID and tunnel ID. Example: RP/0/RSP0/CPU0:router(config-mpls-te-tp-mid-fwd)# source 10.0.0.1 tunnel-id 12 Step 6 destination node -ID tunnel-id number Specifies the destination node ID and tunnel ID. Example: RP/0/RSP0/CPU0:router(config-mpls-te-tp-mid-rev)# source 10.0.0.2 tunnel-id 12 Step 7 Step 8 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 308 OL-26056-02 Implementing MPLS Transport Profile Configuring MPLS-TP LSPs at MidpointConfiguring MPLS-TP Links and Physical Interfaces MPLS-TP link IDs may be assigned to physical interfaces only. Note Bundled interfaces and virtual interfaces are not supported for MPLS-TP link IDs. SUMMARY STEPS 1. configure 2. mpls traffic-eng 3. interface type interface-path-id 4. link-id value next-hop address 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng Enters MPLS TE configuration mode. Example: RP/0/RSP0/CPU0:router(config-mpls-te)# mpls traffic-eng Step 2 Configures an interface type and path ID to be associated with a MPLS TE mode. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-mpls-te)# interface POS 0/6/0/0 Step 3 Configures an interface type and path ID to be associated with a MPLS TE mode. link-id value next-hop address Example: RP/0/RSP0/CPU0:router(config-mpls-te-if)# link-id 22 next-hop 10.1.1.2 Step 4 You must provide the next-hop IP address. Note Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 309 Implementing MPLS Transport Profile Configuring MPLS-TP Links and Physical InterfacesCommand or Action Purpose You can define a link ID once. If you attempt to use the same MPLS-TP link ID with different interface or next-hop address, the configuration getsrejected. You have to remove the existing link ID configuration before using the same link ID with a different interface or next-hop address. Note Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 310 OL-26056-02 Implementing MPLS Transport Profile Configuring MPLS-TP Links and Physical InterfacesI N D E X A access-lists, extended 70 ACK (hello acknowledgment) 69 objects 69 RSVP messages 69 ACL match, how to return implicit deny 81 ACL-based prefix filtering 70, 80 ACL-based prefix filtering, RSVP 70 active targeted hellos, how to configure 20 active targeted hellos, prerequisites 20 Additional References command 63, 116, 283 advertisement, label 10 auto-tunnel mesh 258 automatic bandwidth, configuring 212 automatic bandwidth, MPLS-TE 141 restrictions 141 B backbone 121 bandwidth 76, 128 constraint models 128 control channel, how to configure 76 data channel, how to configure 76 pools 128 Bandwidth Configuration (MAM) 104 Example command 104 Bandwidth Configuration (Prestandard) 104 Example command 104 Bandwidth Configuration (RDM) 105 Example command 105 bandwidth constraints 127 bandwidth pools 152 bandwidth, how to configure 76 benefits 121 bidirectional LSP 297 Build MPLS-TE Topology and Tunnels 260 Example command 260 C changing restart time 107 class and attributes 129 class mapping 129 compliance 66 concepts 121 configuration 66, 76, 78, 80, 81, 83 ACL-based prefix filtering 80 diffserv TE bandwidth 76 graceful restart 78 how to verify 83 interface-based graceful restart 78 O-UNI LSP 66 Packet dropping 81 Configuration Examples for Cisco MPLS-TE 260 Configuration Examples for RSVP Authentication command 108 Configuration Examples for RSVP command 104 Configure an Interarea Tunnel 264 Example command 264 Configure Automatic Bandwidth 267 Example command 267 Configure Flexible Name-based Tunnel Constraints 263 Example command 263 Configure Forwarding Adjacency 265 Example command 265 Configure IETF DS-TE Tunnels 261 Example command 261 Configure IP LDP Fast Reroute Loop Free Alternate 59 Example 59 Configure MPLS-TE and Fast-Reroute on OSPF 262 Example command 262 Configure PCE 265 Example command 265 Configure the Ignore IS-IS Overload Bit Setting inMPLS-TE 262 Example command 262 Configure Tunnels for Path Protection 266 Example command 266 configuring 4, 187, 218 Configuring ACL-based Prefix Filtering 107 Example command 107 configuring global ID 300 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 IN-1Configuring Graceful Restart 106 Example command 106 configuring LDP downstream on demand mode 50 configuring MPLS TP links 309 configuring MPLS TP LSPs 307 configuring MPLS TP tunnel 304 configuring node ID 300 configuring physical interfaces 309 configuring pseudowire 303 configuring PW class 302 configuring PW OAM attributes 301 configuring SRLG 218 constraint models 128 RDM and MAM 128 overview 128 control 10 control channel, how to configure 76 control communication failure 8 control message 3 with LDP 3 control messages 3 control plane 3, 7, 115 failure 7 Control Protocol (example) 3 control state recovery 8 control, LDP 10 creating 158 D data channel, how to configure 76 data plane services 115 data plane services, about 115 defining 2, 131 description 65, 119, 295 Diff-Serv 127 RDM (russian doll model) and MAM (maximum allocation model) 127 Russian Doll Model (RDM) and Maximum Allocation Model (MAM) 127 Differentiated Services Traffic-Engineering 76, 127 bandwidth, how to configure 76 bandwidth constraints 127 overview 127 diffserv TE bandwidth 76 diffserv-TE bandwidth, how to confirm 76 discovery 17, 20, 22 active targeted hellos, how to configure 20 parameters, configuring 17 passive targeted hellos, how to configure 22 discovery over a link 19 how to configure 19 discovery over a link (continued) prerequisites 19 downstream on demand 15 DS-TE modes, prestandard and IETF 76 dynamic path setup 2 E enable soft-preemption 247 engineering a backbone 121 exchanging 4 explicit-null 16 extended access-lists 70 extensions 66, 121 generalized label request 66 generalized UNI attribute 66 New Error Spec sub-codes 66 UNI session 66 extensions, MPLS TE 121 F failure 7 failure recovery 9 failure recovery, graceful restart 9 fast reroute 130 fault handling 67 flooding 129, 130 thresholds 130 MPLS-TE 129 thresholds 130 triggers 129 flooding thresholds 130 flooding triggers 129 for active targeted hellos 20 for passive targeted hellos 22 FRR (fast reroute) 130, 131 link protection 130 over link bundles 131 with MPLS TE 130 FRR (Fast Reroute) 131 over link bundles 131 G generalized label request 66 generalized UNI attribute 66 graceful restart 6, 8, 9, 13, 31, 67, 78 failure recovery 9 how to set up LDP NSF 31 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x IN-2 OL-26056-02 Indexgraceful restart (continued) LDP 6, 31 mechanism 8 NSR 13 phases 8 RSVP 67 session parameters 6 graceful restart, how to enable 78 H head node 67 hello discovery mechanism 3 hello interval, how to change 107 hello messages 69 high availability 67 high availability, RSVP 67 high-availability 67 hop-by-hop 2 how to buildi 155 how to configure 4, 19, 24, 29, 76, 187 tunnel bandwidth, engineering 76 how to define 2, 13, 131 how to exchange 4 how to set up 5 how to set up LDP NSF 31 how to verify 83 I IETF DS-TE mode 127 Ignore Intermediate System-to-Intermediate System (IS-IS) 131, 187 overload bit setting 131, 187 Ignore IS-IS 187 overload bit setting 187 IGP (interior gateway protocols) 2, 3, 12 prefixes 3 routing protocols 2 synchronizing with LDP 12 IGP (Interior Gateway Protocols) 1, 2, 3 prefixes 3 routing protocols 2 with LDP 1 IGP prefixes 3 IGP synchronization 12 implementation 16 implementing 75 implicit-null 16 implicit-null-override 16 interface-based graceful restart 78 IP LDP Fast Reroute Loop Free Alternate 14 IP Time to Live (TTL) 69 IS-IS (ignore intermediate system-to-intermediate system) 131 overload bit setting 131 K keepalive mechanism 3 L Label Acceptance (Inbound Filtering), example 57 label advertisement 10, 24 control 10 control, LDP 10 how to configure 24 prerequisites 24 Label Advertisement (Outbound Filtering), example 55 label bindings 4 configuring 4 exchanging 4 how to configure 4 how to exchange 4 ldp 258 LDP 2, 3, 4, 6, 13, 31, 115 control messages 3 control plane 3 Control Protocol (example) 3 dynamic path setup 2 hello discovery mechanism 3 hop-by-hop 2 IGP prefixes 3 keepalive mechanism 3 local and remote label binding 3 LSPs, setting up 4 neighbors 3 NSR 13 LDP (label distribution protocol) 3, 4, 6, 8, 9, 10, 11, 13, 16, 17, 19, 20, 22, 31, 54 configuration examples 54 control communication failure 8 control state recovery 8 discovery 17, 20, 22 discovery over a link 19 failure recovery 9 graceful restart 31 IGP prefixes 3 implementation 16 keepalive mechanism 3 label advertisement 10 local and remote label binding 3 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 IN-3 IndexLDP (label distribution protocol) (continued) local label advertisement control 10 local label allocation control 11 LSPs, setting up 4 neighbors 3 NSF services 6 NSR 13 peer control plane 8 persistent forwarding 8 session protection 11 LDP (label distribution protocol) forwarding 29 how to configure 29 prerequisites 29 LDP Auto-Configuration, example 59 LDP Discovery for Targeted Hellos, example 55 LDP discovery prerequisites 19, 20, 22 for active targeted hellos 20 for passive targeted hellos 22 over a link 19 LDP Discovery, example 54 LDP forwarding 5 how to set up 5 LDP Forwarding, example 56 LDP IGP Synchronization—ISIS, example 58 LDP IGP Synchronization—OSPF, example 58 LDP label advertisement 10 LDP Link, example 54 LDP Neighbors, example 56 LDP neighbors, how to set up 26 LDP Nonstop Forwarding with Graceful Restart, example 56 LDP NSF graceful restart prerequisites 31 LDP Session Protection, example 58 LDP with Graceful Restart, example 54 LDP(label distribution protocol) 2, 3, 7, 12 control messages 3 control plane 7 Control Protocol (example) 3 dynamic path setup 2 hello discovery mechanism 3 hop-by-hop 2 IGP synchronization 12 prerequisites 2 link management module 121 link protection 130 local and remote label binding 3 local label advertisement control 10 local label advertisement control, LDP 10 local label allocation control 11 Local Label Allocation Control, example 57 local label allocation control, LDP 11 local label binding 3 loose hop reoptimization 135 LSP 2, 121 defining 2 LSP (continued) how to define 2 MPLS-TE 121 with LDP 2 LSPs, setting up 4 M MAM (maximum allocation model), constraint characteristics 128 MAM, how to configure 76 Maximum Allocation Model (MAM), constraint characteristics 128 mechanism 8 message rate limiting 66 MFI (MPLS forwarding infrastructure) 115 control plane 115 data plane services 115 LDP 115 TE 115 MFI (MPLS Forwarding Infrastructure) 115 control plane 115 data plane services, about 115 LDP 115 TE 115 midpoint 307 MPLS forwarding forms 115 MPLS-TE 120, 121, 129, 130, 155, 158 backbone 121 benefits 121 concepts 121 engineering a backbone 121 extensions 121 fast reroute 130 flooding 129, 130 flooding thresholds 130 flooding triggers 129 link management module 121 overview 121 path calculation module 121 prerequisites 120 topology 155 tunnels 158 with label switching forwarding 121 with RSVP 121 MPLS-TP 295, 296, 297, 299 bidirectional LSP 297 fault OAM support 297 links 299 overview 296 path protection 297 physical interfaces 299 restrictions 295 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x IN-4 OL-26056-02 IndexMPLS-TP (continued) tunnel endpoint 299 tunnel midpoint 299 MPLS-TP ip-less 300 N neighbors 3 support for 3 New Error Spec sub-codes 66 node failure 69 NSF (nonstop forwarding) 67 high-availability 67 with RSVP 67 NSF (Nonstop Forwarding) 67, 78 graceful restart, how to enable 78 high-availability 67 with RSVP 67 NSF services 6 NSR 13 NSR (non-stop routing) 13 graceful restart 13 how to define 13 LDP 13 O O-UNI LSP 66 objects 69 over a link 19 over link bundles 131 overload bit setting 131, 187 configuring 187 defining 131 how to configure 187 how to define 131 overview 66, 121, 127, 128 P P2MP FRR 144 P2MP LSP 144 P2MP RSVP TE 144 Packet dropping 81 parameters, configuring 17 passive targeted hellos, how to configure 22 path calculation module 121 path calculation module, MPLS-TE 121 path option 145 path option attributes 152 configuration hierarchy 152 path option switchover 153 path protection 153 peer control plane 8 persistent forwarding 8 phases 8 Point-to-Multipoint Traffic-Engineering 142 pools 128 prefixes 3 prerequisites 2, 19, 24, 29, 66, 120, 158 Prestandard DS-TE mode 127 protocol-based CLI 126 R RDM (russian doll model) and MAM (maximum allocation model) 127 RDM and MAM 128 RDM bandwidth constraint model 128 RDM, how to configure 76 recovery time 69 refresh interval, how to change 105 refresh reduction 66 Refresh Reduction and Reliable Messaging Configuration 105 Example command 105 remote label binding 3 Resource Reservation Protocol (RSVP) 70 Management Information Base (MIB) 70 restart time 69 restart time, how to change 107 restrictions 141 routing protocols 2 RSVP 65, 66, 67, 69, 70, 75, 76, 78, 80, 81, 83 ACL-based prefix filtering 70 compliance 66 configuration 66, 76, 78, 80, 81, 83 description 65 diffserv-TE bandwidth, how to confirm 76 extensions 66 fault handling 67 graceful restart 67 head node 67 hello messages 69 high availability 67 how to configure 76 implementing 75 message rate limiting 66 node failure 69 overview 66 prerequisites 66 recovery time 69 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 IN-5 IndexRSVP (continued) refresh reduction 66 restart time 69 support for graceful restart 66 tail node 67 topology 83 with O-UNI LSP, configuring 66 RSVP Authentication by Using All the Modes 110 Example command 110 RSVP Authentication for an Interface 109 Example command 109 RSVP Authentication Global Configuration Mode 108 Example command 108 RSVP messages 69 RSVP Neighbor Authentication 109 Example command 109 RSVP nodes 67 head node 67 tail node 67 Russian Doll Model (RDM) and Maximum Allocation Model (MAM) 127 RVSP node failure 69 S session parameters 6 session protection 11 session protection, LDP 11 Setting DSCP for RSVP Packets 107 Example command 107 setting implicit-null-override 52 soft-preemption 151 SRLG (shared-risk link group) 218 configuring 218 summary refresh message size, how to change 106 support for 3 support for graceful restart 66 synchronizing with LDP 12 T tail node 67 TE 115, 119, 129 class and attributes 129 class mapping 129 description 119 thresholds 130 thresholds, flooding 130 topology 83, 155 how to build 155 TP 295 description 295 triggers 129 triggers, flooding 129 TTL 69 RSVP 69 with graceful restart 69 tunnel bandwidth 76 MAM, how to configure 76 RDM, how to configure 76 tunnel bandwidth, engineering 76 tunnels 158 creating 158 prerequisites 158 U UNI session 66 V Verify IP LDP Fast Reroute Loop Free Alternate 61 Example 61 W with graceful restart 69 with label switching forwarding 121 with LDP 1, 2, 3 with MPLS TE 130 with O-UNI LSP, configuring 66 with RSVP 67, 121 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x IN-6 OL-26056-02 Index Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-26077-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http:// www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. © 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S P r e f a c e Preface xiii Changes to this document xiii Obtaining Documentation and Submitting a Service Request xiii C H A P T E R 1 Modular QoS Overview 1 Information About Modular Quality of Service Overview 1 Benefits of Cisco IOS XR QoS Features 2 QoS Techniques 2 Packet Classification and Marking 2 Default Marking Behavior 3 Congestion Management 4 Congestion Avoidance 4 Differentiated Service Model for Cisco IOS XR Software 4 Access Node Control Protocol 5 Additional Cisco IOS XR QoS Supported Features 5 Modular QoS Command-Line Interface 5 Fabric QoS 5 Where to Go Next 5 Additional References 6 Related Documents 6 Standards 6 MIBs 6 RFCs 7 Technical Assistance 7 C H A P T E R 2 Configuring Access Node Control Protocol 9 Prerequisites for Configuring ANCP 10 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 iiiRestrictions for Configuring ANCP 10 Information About Configuring ANCP 10 ANCP Adjacencies 10 Neighbor Adjacency Timing 10 ANCP Messages 11 Port Mapping 11 Rate Adjustment 11 Prioritization of ANCP Traffic 12 Process Restart 12 ANCP and QoS Interaction 12 Multi Chassis Link Aggregation 12 ANCP over MC-LAG 13 How to Configure ANCP on Cisco 14 Enabling ANCP 14 Configuring ANCP Server Sender Name 15 Configuring ANCP Neighbors 16 Mapping AN Ports to VLAN Subinterfaces 18 Configuring ANCP Rate Adjustment 21 Configuration Examples for Configuring ANCP contains the following examples: 22 Configuring ANCP Server Sender Name: Example 22 Configuring ANCP Neighbors: Example 22 Mapping AN ports to VLAN Subinterfaces: Example 25 Configuring ANCP Rate Adjustment: Example 26 ANCP and QoS Interaction: Example 26 QoS Policy Inconsistency on an Interface: Example 29 ANCP Rate Change 31 Port Speed Change 32 The show qos inconsistency Command: Example 33 Additional References 34 Related Documents 34 Standards 34 MIBs 34 RFCs 35 Technical Assistance 35 Configuring Access Node Control Protocol 35 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x iv OL-26077-02 ContentsC H A P T E R 3 Configuring Modular QoS Congestion Avoidance 37 Prerequisites for Configuring Modular QoS Congestion Avoidance 38 Information About Configuring Modular QoS Congestion Avoidance 38 Random Early Detection and TCP 38 Queue-limit for WRED 38 Tail Drop and the FIFO Queue 39 Configuring Random Early Detection 39 Configuring Random Early Detection 42 Configuring Weighted Random Early Detection 44 Configuring Tail Drop 47 Additional References 51 Related Documents 51 Standards 51 MIBs 52 RFCs 52 Technical Assistance 52 C H A P T E R 4 Configuring Modular QoS Congestion Management 53 Prerequisites for Configuring QoS Congestion Management 54 Information about Configuring Congestion Management 55 Congestion Management Overview 55 Modified Deficit Round Robin 55 Low-Latency Queueing with Strict Priority Queueing 56 Configured Accounting 56 QoS for IPv6 ACLs 57 Traffic Shaping 57 Regulation of Traffic with the Shaping Mechanism 57 Traffic Policing 58 Regulation of Traffic with the Policing Mechanism 59 Single-Rate Policer 59 Two-Rate Policer 60 Committed Bursts and Excess Bursts 62 Committed Bursts 62 Committed Burst Calculation 63 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 v ContentsExcess Bursts 63 Excess Burst Calculation 63 Deciding if Packets Conform or Exceed the Committed Rate 64 Two-Rate Three-Color (2R3C) Policer 64 Hierarchical Policing 65 Multiple Action Set 65 Packet Marking Through the IP Precedence Value, IP DSCP Value, and the MPLS Experimental Value Setting 65 Policer Granularity and Shaper Granularity 66 Congestion Management Using DEI 66 How to Configure QoS Congestion Management 66 Configuring Guaranteed and Remaining Bandwidths 66 Configuring Guaranteed Bandwidth 70 Configuring Bandwidth Remaining 73 Configuring Low-Latency Queueing with Strict Priority Queueing 76 Configuring Traffic Shaping 78 Configuring Traffic Policing (Two-Rate Color-Blind) 81 Configuring Traffic Policing (2R3C) 84 Configuring Hierarchical Policing 87 Configuration Examples for configuring congestion management 89 Traffic Shaping for an Input Interface: Example 89 Traffic Policing for a Bundled Interface: Example 90 2R3C Traffic Policing: Example 90 ATM QoS: Example 92 Hierarchical Policing: Example 92 Additional References 92 Related Documents 92 Standards 92 MIBs 93 RFCs 93 Technical Assistance 93 C H A P T E R 5 Configuring Modular QoS Service Packet Classification 95 Prerequisites for Configuring Modular QoS Packet Classification 96 Information About Configuring Modular QoS Packet Classification 97 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x vi OL-26077-02 ContentsPacket Classification Overview 97 Traffic Class Elements 97 Traffic Policy Elements 98 Default Traffic Class 98 Bundle Traffic Policies 98 Shared Policy Instance 99 Policy Inheritance 99 Port Shape Policies 99 Class-based Unconditional Packet Marking Feature and Benefits 100 Specification of the CoS for a Packet with IP Precedence 101 IP Precedence Bits Used to Classify Packets 101 IP Precedence Value Settings 102 Classification Based on DEI 102 Default DEI Marking 103 IP Precedence Compared to IP DSCP Marking 103 QoS Policy Propagation Using Border Gateway Protocol 103 QoS on the Satellite System 104 Auto QoS 104 In-Place Policy Modification 106 Modifications That Can Trigger In-Place Policy Modifications 106 Modifications to QoS Policies 106 Modifications to Class Maps 106 Modifications to Access Lists Used in Class Maps 107 Recommendations for Using In-Place Policy Modification 107 Dynamic Modification of Interface Bandwidth 107 Policy States 107 How to Configure Modular QoS Packet Classification 107 Creating a Traffic Class 107 Creating a Traffic Policy 111 Attaching a Traffic Policy to an Interface 113 Attaching a Shared Policy Instance to Multiple Subinterfaces 115 Attaching a Shared Policy Instance to Bundle Interfaces or EFP Bundles 116 Configuring Class-based Unconditional Packet Marking 118 Configuring QoS Policy Propagation Using Border Gateway Protocol 123 Policy Propagation Using BGP Configuration Task List 123 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 vii ContentsOverview of Tasks 123 Defining the Route Policy 123 Applying the Route Policy to BGP 125 Configuring QPPB on the Desired Interfaces 126 QPPB scenario 127 Configuring Hierarchical Ingress Policing 127 Configuration Examples for Configuring Modular QoS Packet Classification 129 Traffic Classes Defined: Example 129 Traffic Policy Created: Example 130 Traffic Policy Attached to an Interface: Example 130 Traffic Policy Attached to Multiple Subinterfaces: Example 130 Traffic Policy Attached to a Bundle Interface: Example 131 EFP Load Balancing with Shared Policy Instance: Example 131 |Configuring a Bundle Interface: Example 131 Configuring Two Bundle EFPs with the Load Balance Options: Example 131 Default Traffic Class Configuration: Example 132 class-map match-any Command Configuration: Example 132 Class-based, Unconditional Packet Marking Examples 132 IP Precedence Marking Configuration: Example 132 IP DSCP Marking Configuration: Example 133 QoS Group Marking Configuration: Example 133 CoS Marking Configuration: Example 133 MPLS Experimental Bit Imposition Marking Configuration: Example 134 MPLS Experimental Topmost Marking Configuration: Example 134 In-Place Policy Modification: Example 134 Additional References 135 Related Documents 135 Standards 136 MIBs 136 RFCs 136 Technical Assistance 137 C H A P T E R 6 Modular QoS Deployment Scenarios 139 802.1ad DEI 140 Mark DEI Based on a Policing Action: Example 141 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x viii OL-26077-02 ContentsMark DEI Based on Incoming Fields: Example 141 Congestion Management Using DEI: Example 141 Frame Relay QoS 141 Frame Relay DLCI Classification 142 Frame Relay DE Classification 142 Frame Relay DE Marking 142 Frame Relay QoS: Example 143 IP Header Compression QoS 145 IP Header Compression QoS: Example 146 L2VPN QoS 146 Frame Relay <-> Frame Relay Over Pseudowire: Example 146 Frame Relay <-> Ethernet Over Pseudowire: Example 148 MLPPP QoS/MLFR QoS 149 Multiclass MLPPP with QoS 150 MLPPP QoS/MLFR QoS: Example 151 MPLS QoS 151 MPLS Uniform Mode 152 MPLS Pipe Mode 152 MPLS Short Pipe Mode 153 Uniform, Pipe, Short Pipe Modes: Ingress PE Example 153 Uniform Mode: Egress PE Example 154 Pipe Mode: Egress PE Example 154 Short Pipe Mode: Egress PE Example 155 QoS on Multicast VPN 156 ASR 9000 Ethernet Line Cards 156 QoS on Multicast VPN: Example 156 Unconditional Marking 157 Conditional Marking 157 SIP 700 for the ASR 9000 157 QoS on Multicast VPN: Example 157 QoS on NxDS0 Interfaces 158 One-Level Policy Applied to Main Interface: Example 158 Two-Level Policy Applied to a Subinterface: Example 158 VPLS and VPWS QoS 159 VPLS and VPWS QoS: Example 160 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 ix ContentsRelated Information 161 C H A P T E R 7 Configuring Hierarchical Modular QoS 163 How to Configure Hierarchical QoS 164 Configuring the Three-Parameter Scheduler 164 ASR 9000 Ethernet Line Cards 165 SIP 700 for the ASR 9000 167 Attaching Hierarchical Policies to Physical and Virtual Links 169 Configuring Enhanced Hierarchical Ingress Policing 171 Two-Level Hierarchical Queueing Policy: Example 173 Three-Level Hierarchical Queueing Policy: Examples 174 Three-Level Hierarchical Queueing Policy: Examples 174 SIP 700 for the ASR 9000 175 Three-Parameter Scheduler: Examples 177 Three-Parameter Scheduler: Examples 177 SIP 700 for the ASR 9000 177 Hierarchical Policing: Examples 178 Hierarchical Policing: Examples 178 SIP 700 for the ASR 9000 178 Attaching Service Policies to Physical and Virtual Links: Examples 179 Physical Link: Example 179 Virtual Link: Example 179 Enhanced Hierarchical Ingress Policing: Example 179 Verifying the Configuration of Hierarchical Policies 180 Additional References 181 Related Documents 181 Standards 181 MIBs 181 RFCs 182 Technical Assistance 182 C H A P T E R 8 Configuring Modular QoS on Link Bundles 183 Link Bundling Overview 183 Load Balancing 184 Layer 3 Load Balancing on Link Bundles 184 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x x OL-26077-02 ContentsQoS and Link Bundling 185 QoS for POS link bundling 185 Input QoS Policy setup 185 Output QoS Policy setup 185 Additional References 186 Related Documents 186 Standards 186 MIBs 187 RFCs 187 Technical Assistance 187 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 xi Contents Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x xii OL-26077-02 ContentsPreface This guide describesthe IOS XR QoS configurations. The preface for the Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guidecontains the following sections: • Changes to this document, page xiii • Obtaining Documentation and Submitting a Service Request, page xiii Changes to this document Table 1 lists the technical changes made to this document since it was first printed. Table 1: Changes to This Document Revision Date Change Summary Republished with documentation updates for Cisco IOS XR Release 4.2.1. OL-26077-02 June 2012 OL-26077-01 December 2011 Initial release of this document. Obtaining Documentation and Submitting a Service Request For information on obtaining documentation,submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 xiii Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x xiv OL-26077-02 Preface Obtaining Documentation and Submitting a Service RequestC H A P T E R 1 Modular QoS Overview Quality of Service (QoS) is the technique of prioritizing traffic flows and providing preferential forwarding for higher-priority packets. The fundamental reason for implementing QoS in your network is to provide betterservice for certain traffic flows. A traffic flow can be defined as a combination ofsource and destination addresses, source and destination socket numbers, and the session identifier. A traffic flow can more broadly be described as a packet moving from an incoming interface that is destined for transmission to an outgoing interface. The traffic flow must be identified, classified, and prioritized on all routers and passed along the data forwarding path throughout the network to achieve end-to-end QoS delivery. The terms traffic flow and packet are used interchangeably throughout this module. To implement QoS on a network requires the configuration of QoS features that provide better and more predictable network service by supporting bandwidth allocation, improving loss characteristics, avoiding and managing network congestion, metering network traffic, or setting traffic flow priorities across the network. This module contains overview information about modular QoS features within a service provider network. • Information About Modular Quality of Service Overview, page 1 • Where to Go Next, page 5 • Additional References, page 6 Information About Modular Quality of Service Overview Before configuring modular QoS on your network, you should understand the following concepts: • Benefits of Cisco IOS XR QoS Features • QoS Techniques • Differentiated Service Model for Cisco IOS XR Software, page QC-4 • Access Node Control Protocol, page QC-5 • Additional Cisco IOS XR QoS Supported Features, page QC-5 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 1Benefits of Cisco IOS XR QoS Features The Cisco IOS XR QoS features enable networks to control and predictably service a variety of networked applications and traffic types. Implementing Cisco IOS XR QoS in your network promotes the following benefits: • Control over resources. You have control over which resources (bandwidth, equipment, wide-area facilities, and so on) are being used. For example, you can limit bandwidth consumed over a backbone link by FTP transfers or give priority to an important database access. • Tailored services. If you are an Internet Service Provider (ISP), the control and visibility provided by QoS enables you to offer carefully tailored grades of service differentiation to your customers. • Coexistence of mission-critical applications. Cisco IOS XR QoS features make certain of the following conditions: ? That your WAN is used efficiently by mission-critical applications that are most important to your business. ? That bandwidth and minimum delaysrequired by time-sensitive multimedia and voice applications are available. ? That other applications using the link get their fair service without interfering with mission-critical traffic. QoS Techniques QoS on Cisco IOS XR software relies on the following techniques to provide for end-to-end QoS delivery across a heterogeneous network: • Packet classification and marking • Congestion management • Congestion avoidance Before implementing the QoS features for these techniques, you should identify and evaluate the traffic characteristics of your network because not all techniques are appropriate for your network environment. Packet Classification and Marking Packet classification and marking techniques identify the traffic flow, and provide the capability to partition network traffic into multiple priority levels or classes of service. After classification is complete, any other QoS actions can be performed. Identification of a traffic flow can be performed by using several methods within a single router, such as access control lists(ACLs), protocol match, IP precedence, IP differentiated service code point (DSCP), MPLS EXP bit, or Class of Service (CoS). Marking of a traffic flow is performed by: • Setting IP Precedence or DSCP bits in the IP Type of Service (ToS) byte. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 2 OL-26077-02 Modular QoS Overview Benefits of Cisco IOS XR QoS Features• Setting CoS bits in the Layer 2 headers. • Setting EXP bits within the imposed or the topmost Multiprotocol Label Switching (MPLS) label. • Setting qos-group and discard-class bits. Marking can be carried out: • Unconditionally—As part of the class-action. • Conditionally—As part of a policer-action. • Combination of conditionally and unconditionally. For detailed conceptual and configuration information about packet marking, see the “Configuring Modular Quality of Service Packet Classification on Cisco ASR 9000 Series Routers” module in this guide for unconditional marking, and the “Configuring Modular Quality of Service Congestion Management on Cisco ASR 9000 Series Routers” module in this guide for conditional marking. Default Marking Behavior When an ingress or egress interface adds VLAN tags or MPLS labels, it requires a default value for the CoS and EXP values that go into those tags and labels. The default value can be then overridden based on the policy map. The default value for CoS and EXP is based on a trusted field in the packet upon ingress to the system. The router implements an implicit trust of certain fields based on the packet type and ingress interface forwarding type (Layer 2 or Layer 3). By default, the router does not modify the IP precedence or DSCP without a policy-map being configured. The default behavior is described below. On an ingress or egress Layer 2 interface, such as xconnect or bridge-domain, the outermost CoS value is used for any field that gets added in the ingress interface. If there is a VLAN tag that gets added due to a Layer 2 rewrite, the incoming outermost CoS value is used for the new VLAN tag. If an MPLS label is added, the CoS value would be used for the EXP bits in the MPLS tag. On an ingress or egress Layer 3 interface (routed or label weighted for IPv4 or IPv6 packets), the three DSCP and precedence bits are identified in the incoming packet. For MPLS packets, the outermost label’s EXP bit is identified, and this value is used for any new field that gets added at the ingress interface. If an MPLS label is added, then the identified precedence, DSCP, or MPLS EXP value is used for the EXP bits in the newly added MPLS tag. Provider Backbone Bridge (PBB) Configuration In a PBB configuration, when a packet goes from a customer network to a service provider network using PBB encapsulation, the class of service (CoS) and discard eligibility indicator (DEI) used in the backbone VLAN tag (B-tag) and service instance tag (I-tag) of the PBB header is by default the CoS and DEI in the topmost tag of the incoming packet. When a packet goes from a service provider to a customer network, the PBB header is removed and the I-tag CoS and DEI is used by default on any tags that are imposed on the customer interface. The default marking occurs only on imposed tags, and not on existing or translated tags. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 3 Modular QoS Overview QoS TechniquesCongestion Management Congestion management techniques control congestion after it has occurred. One way that network elements handle an overflow of arriving traffic is to use a queueing algorithm to sort the traffic, then determine some servicing method of prioritizing it onto an output link. Cisco IOS XR software implements the low-latency Queueing (LLQ) feature, which brings strict priority queueing (PQ) to the Modified Deficit Round Robin (MDRR) scheduling mechanism. LLQ with strict PQ allows delay-sensitive data,such as voice, to be dequeued and sent before packetsin other queues are dequeued. Cisco IOS XR software includestraffic policing capabilities available on a per-class basis as well as class-based shaping. The traffic policing feature limitsthe input or output transmission rate of a class of traffic based on user-defined criteria, and can mark packets by setting values such as IP Precedence, QoS group, or DSCP value. Traffic shaping allows control over the traffic that leaves an interface to match its flow to the speed of the remote target interface and ensure that the traffic conforms to the policies contracted for it. Thus, traffic adhering to a particular profile can be shaped to meet downstream requirements, thereby eliminating bottlenecks in topologies with data-rate mismatches. Cisco IOS XRsoftware supports a class-based traffic shaping method through a CLI mechanism in which parameters are applied per class. For detailed conceptual and configuration information about congestion management, see the “Configuring Modular Quality of Service Congestion Management on Cisco ASR 9000 Series Routers” module. Congestion Avoidance Congestion avoidance techniques monitor network traffic flowsin an effort to anticipate and avoid congestion at common network and internetwork bottlenecks before problems occur. These techniques are designed to provide preferential treatment for traffic (such as a video stream) that has been classified as real-time critical under congestion situations while concurrently maximizing network throughput and capacity utilization and minimizing packet loss and delay. Cisco IOS XR software supports the Random Early Detection (RED), Weighted RED (WRED), and tail drop QoS congestion avoidance features. For detailed conceptual and configuration information about congestion avoidance techniques, see the “Configuring Modular Quality of Service Congestion Management on Cisco ASR 9000 Series Routers” module in this guide. Differentiated Service Model for Cisco IOS XR Software Cisco IOS XR software supports a differentiated service that is a multiple-service model that can satisfy different QoS requirements. However, unlike in the integrated service model, an application using differentiated service does not explicitly signal the router before sending data. For differentiated service, the network tries to deliver a particular kind of service based on the QoS specified by each packet. Thisspecification can occur in different ways, for example, using the IP Precedence bitsettings in IP packets or source and destination addresses. The network uses the QoS specification to classify, mark, shape, and police traffic, and to perform intelligent queueing. The differentiated service model is used for several mission-critical applications and for providing end-to-end QoS. Typically, this service model is appropriate for aggregate flows because it performs a relatively coarse level of traffic classification. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 4 OL-26077-02 Modular QoS Overview Differentiated Service Model for Cisco IOS XR SoftwareAccess Node Control Protocol Access Node Control Protocol (ANCP) creates a control plane between a service-oriented aggregation device and an access node (AN) (for example, a DSLAM) in order to perform QoS-related, service-related, and subscriber-related operations. An ANCP Network Access Server (NAS) accepts and maintains ANCP adjacencies (sessions with an ANCP neighbor), and sending and receiving ANCP messages. ANCP allows static mapping between AN ports and VLAN subinterfaces so that DSL rate updates for a specific subscriber received by the ANCP server are applied to the QoS configuration corresponding to that subscriber. DSL train rates received via ANCP are used to alter shaping rates on subscriber-facing interfaces and subinterfaces on the router. Additional Cisco IOS XR QoS Supported Features The following sections describe the additional features that play an important role in the implementation of QoS on Cisco IOS XR software. Modular QoS Command-Line Interface In Cisco IOS XR software, QoS features are enabled through the Modular QoS command-line interface (MQC) feature. The MQC is a command-line interface (CLI) structure that allows you to create policies and attach these policies to interfaces. A traffic policy contains a traffic class and one or more QoS features. A traffic class is used to classify traffic, whereas the QoS features in the traffic policy determine how to treat the classified traffic. One of the main goals of MQC is to provide a platform-independent interface for configuring QoS across Cisco platforms. For detailed conceptual and configuration information about the MQC feature, see the “Configuring Modular Quality of Service Packet Classification on Cisco ASR 9000 Series Routers” module in this guide. Fabric QoS There is no separate configuration for fabric QoS. The fabric priority is derived from the priority action in the ingress service policy. Where to Go Next To configure the packet classification features that involve identification and marking of traffic flows, see the “Configuring Modular Quality of Service Packet Classification on Cisco ASR 9000 Series Routers” module in this guide. To configure the queueing, scheduling, policing, and shaping features, see the “Configuring Modular Quality of Service Congestion Management on Cisco ASR 9000 Series Routers” module in this guide. To configure the WRED and RED features, see the “Configuring Modular QoS Congestion Avoidance on Cisco ASR 9000 Series Routers module in this guide. To configure Access Node Control Protocol (ANCP) features, see the “Configuring Access Node Control Protocol on Cisco ASR 9000 Series Routers” module in this guide. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 5 Modular QoS Overview Access Node Control ProtocolAdditional References The following sections provide references related to implementing QoS. Related Documents Related Topic Document Title Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Initial system bootup and configuration Cisco ASR 9000 Series Aggregation Services Router Master Command Listing Master command reference Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Command Reference QoS commands “Configuring AAA Services on Cisco ASR 9000 Series Router” module of Cisco Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide User groups and task IDs Standards Standards Title No new or modified standards are supported by — this feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/ cmtk/mibs.shtml CISCO-CLASS-BASED-QOS-MIB Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 6 OL-26077-02 Modular QoS Overview Additional ReferencesRFCs RFCs Title No new or modified RFCs are supported by this — feature, and support for existing RFCs has not been modified by this feature. Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies,solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 7 Modular QoS Overview RFCs Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 8 OL-26077-02 Modular QoS Overview Technical AssistanceC H A P T E R 2 Configuring Access Node Control Protocol Access Node Control Protocol (ANCP) creates a control plane between a service-oriented aggregation device and an access node (AN) (for example, a DSLAM) in order to perform QoS-related, service-related, and subscriber-related operations. An ANCP server accepts and maintains ANCP adjacencies (sessions with an ANCP neighbor), and sending and receiving ANCP messages. ANCP allows static mapping between ANCP ports and VLAN subinterfaces so that DSL rate updates for a specific subscriber received by the ANCP server are applied to the QoS configuration corresponding to that subscriber. DSL train rates received via ANCP are used to alter shaping rates on subscriber-facing interfaces and subinterfaces on the router. ANCP runs as a single process on the route processor (RP). This module provides the conceptual and configuration information for implementing ANCP. Line Card, SIP, and SPA Support Feature ASR 9000 Ethernet Line Cards SIP 700 for the ASR 9000 Access Node Control Protocol yes no Feature History for Configuring Access Node Protocol on Cisco ASR 9000 Series Routers Release Modification Release 3.7.2 The Access Node Control Protocol feature was introduced. Release 3.9.0 Mapping of ANCP portsto VLAN interfaces over Ethernet bundles was added. Release 4.0.0 ANCP over Multi Chassis Link Aggregation was introduced. • Prerequisites for Configuring ANCP, page 10 • Restrictions for Configuring ANCP, page 10 • Information About Configuring ANCP, page 10 • How to Configure ANCP on Cisco, page 14 • Configuration Examples for Configuring ANCP contains the following examples:, page 22 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 9• Additional References, page 34 • Configuring Access Node Control Protocol, page 35 Prerequisites for Configuring ANCP Restrictions for Configuring ANCP The following restrictions apply when configuring ANCP on your network: • Only Rate Adaptive Mode is supported in Cisco IOS XR Release 3.7.2. • VPN routing and forwarding (VRF) awareness is not supported in Cisco IOS XR Release 3.7.2. All IP interfaces receiving ANCP traffic should be in default VRF. • ANCP over IPv6 is not supported for Cisco IOS XR Release 3.7.2. • Only VLAN subinterfaces over Ethernet and Ethernet bundle ports can be mapped to AN ports using ANCP. Information About Configuring ANCP To implement ANCP, you must understand the following concepts: ANCP Adjacencies The ANCP server accepts TCP connections from access nodes. An ANCP neighbor is any access node that establishes an adjacency with an ANCP server. ANCP is configured globally, and as long as it is IP-enabled, there is no restriction on whether ANCP messages are received on the physical or logical interface. TCP creates a separate connection socket for each access node. Because access nodes are not identified explicitly in ANCP messages, the TCP socket serves as the ANCP neighbor identifier for the ANCP server. Once the TCP connection between ANCP neighbors has been made, the ANCP adjacency protocol establishes an ANCP session over that connection and negotiates ANCP capabilities. There is a single ANCP session per ANCP neighbor. ANCP session information becomes a subset of the information of a corresponding neighbor. ANCP protocol supports dynamic neighbor detection so no configuration of access nodes is required. ANCP neighbors can also be statically preconfigured on the ANCP server. In such a case, access nodes are explicitly identified by their IDs, which then must match the sender-name field in the ANCP adjacency protocol messages. Neighbor Adjacency Timing The adjacency timer defines the maximum delay between different stages of ANCP session establishment and the period of ANCP keepalive. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 10 OL-26077-02 Configuring Access Node Control Protocol Prerequisites for Configuring ANCPANCP adjacency lifetime is governed by the adjacency protocol. If synchronization with the peer access node is lost (for example, if the adjacency dead timer expires), the ANCP server removes the adjacency, and the underlying TCP connection is closed. ANCP Messages Two ANCP message types are processed by the ANCP server: Port Up and Port Down. Port Up messages contain DSL rate information; Port Down messages indicate that the corresponding access line is no longer available. DSL rate updates from Port Up messages are made available to the QoS subsystem. Port Down messages are used to internally track the ANCP port state. These messages can only be received by the server after the ANCP adjacency is established. However, once a Port Up message is received, the DSL rate information it contains is considered valid indefinitely, provided AN-port-to-interface mapping is configured for that port. It is stored in the AN port database until it is overwritten by another Port Up message for this port or is cleared manually. The removal of an adjacency or the reception of a Port Down message is reflected in the database for display and troubleshooting purposes, but DSL rate information is not invalidated. Port Mapping AN ports are statically mapped to VLAN subinterfaces, referred to as AN-port-to-interface mapping. This implies that there is at least one VLAN subinterface configured per subscriber line. There is no limit to the number of interfaces that can be mapped to an AN port. VLAN subinterfaces mapped to an AN port can be created or removed. When mapping is configured, VLAN subinterfaces are referenced in the ANCP module by name. This name is used for notifications of interface creation and deletion and provides the information that is used in updating the DSL rate. An AN port database is maintained for all ports learned from Port Up messages. This database also contains the AN-port-to-interface mapping database. If a Port Up message for an AN port arrives but no interface is mapped to that port, the rate information is stored in the AN port database but not published. When a mapping for that port is configured, the AN port database is scanned to identify any ANCP messagesthat were received on this port prior to the mapping configuration. If there were, the known rate is published. Rate Adjustment ANCP can apply a correction factor to the DSL line rate reported in Port Up messages before publishing the rate update to the system. This correction factor or rate adjustment is configurable in the global configuration mode per DSL type and access encapsulation type (ATM or Ethernet). DSL type and encapsulation type are provided in mandatory type, length, and value (TLV) data in the Port Up message. To use the rate adjustment feature for non-default loop types (Ethernet), DSLAMs must support the optional Access Loop Encapsulation sub-TLV. Note ANCP rate-adaptive mode information is processed by the ANCP module to determine the maximum bandwidth (shape rate) available for a given subscriber line. A fixed correction factor is then applied to the ANCP bandwidth based on the DSL type to account for the overhead of different DSL technologies. For example, a given subscriber’s ANCP bandwidth may be 15 Mbps, but due to the DSL technology overhead, the effective Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 11 Configuring Access Node Control Protocol ANCP Messagesbandwidth for that subscriber should be limited to 80 percent of 15 Mbps, which is 12 Mbps. This corrected effective bandwidth is conveyed to QoS modules to limit the maximum rate for the subscriber’s traffic. The ANCP rate is used as a QoS shaping rate only if the ANCP rate is greater than the currently configured QoS shaping rate. (The ANCP rate used by QoS is rounded down to the nearest 128 kbps.) Note Prioritization of ANCP Traffic In case of congestion, the Cisco ASR 9000 Series Router marks ANCP messages as high priority so that the aggregation network between the Network Access Server (NAS) and the access node (AN) can prioritize the ANCP messages ahead of other traffic. Process Restart During a process restart, TCP connections with ANCP neighbors normally drop. When the ANCP server comes back, TCP connections and ANCP sessions are reestablished by the neighbors. Upon reconnecting to the server, DSLAMs send Port Up messages for every active port. Any published rate information received prior to restart is restored in the ANCP configuration. If the restart occurred due to a crash, conflicts between published data and configuration data are detected and published data is corrected. ANCP and QoS Interaction When the ANCP value is applied correctly, it overrides the configured QoS shaper value. For an example of an ANCP value applied incorrectly and an example of the interaction with QoS when the ANCP value is applied correctly, see ANCP and QoS Interaction: Example. Multi Chassis Link Aggregation Multi Chassis Link Aggregation (MC-LAG) provides a simple redundancy mechanism for a Digital Subscriber Line Access Multiplier (DSLAM) to Cisco ASR 9000 Series Router connection. The redundancy is achieved by allowing a dual-homed connection to two routers. There is no added software complexity on the DSLAM, because the DSLAMviewsthe dual-homed connection as a single LAG. The DSLAMis known as a dual-homed device (DHD), and each router is known as a point of attachment (PoA) in MC-LAG terminology. For more Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 12 OL-26077-02 Configuring Access Node Control Protocol Prioritization of ANCP Trafficdetailed information about MC-LAG, see the Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide. Figure 1: MC-LAG connects DSLAM to ASR 9000 Series Routers ANCP over MC-LAG Access Node Control Protocol (ANCP) is required to support a network topology that includes MC-LAG connections to DSLAMs. CPE circuits connect to DSLAMs and adjust line speeds based on signal quality with Rate Adaptive DS. Uplinks connect DSLAMs to routers. If the line speed of a circuit adjusts to a lower data rate than the uplink, subscriber data can be lost on the DSLAM. To prevent data loss, a DSLAM notifies the router of the new DSL rate with ANCP, and downstream shaping is dynamically applied on the router such that the data rate of the uplink does not exceed the CPE circuit data rate. ANCP applies DSLAM subscriber circuit DSL rate data it learns, to MC-LAG VLAN subinterfaces that are mapped to the subscriber circuit. The rates are applied to QoS shapers. The DSL rates that ANCP has applied to the MC-LAG VLAN subinterfaces are distributed by the ANCP application running on the active PoA for the MC-LAG to the ANCP application that is running on the standby PoA for the MC-LAG, using ICCP (Inter-Chassis Communication Protocol). ANCP on the standby PoA for the MC-LAG applies the DSL rate data to the corresponding MC-LAG VLAN subinterfaces. When an event occursthat causes one of the standby PoAs to assume the active role for the MC-LAG, the ANCP application on the newly active PoA has already applied the DSL rates to shapers on the MC-LAG VLAN subinterfaces, so the correct DSL rates are applied when this LAG goes active and congestion and subsequent data loss does not occur at the DSLAM. A DSLAM establishes an ANCP adjacency with a router over a TCP connection. The DSL rates for the DSLAM subscriber circuits are communicated over this TCP connection. The DSL rates are applied to Layer Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 13 Configuring Access Node Control Protocol ANCP and QoS Interaction2 VLAN subinterfaces that are mapped to the subscriber circuits. The ANCP TCP connection that is used to send DSL rates for Layer 2 VLAN subinterfaces on an MC-LAG must be on a Layer 3 VLAN subinterface that is in the same MC-LAG as the L2VLAN subinterfaces. Note that this constraint implies that there is one ANCP TCP connection between the DSLAM and router per MC-LAG. Figure 2: ANCP over MC-LAG VLAN Subinterfaces When an active PoA for a MC-LAG becomes the standby, the DSLAM ANCP TCP connection is terminated. The DSLAM re-establishes the ANCP TCP connection with the PoA that assumes the active role for the MC-LAG. How to Configure ANCP on Cisco This section contains instructions for the following tasks: • Enabling ANCP • Configuring ANCP Server Sender Name • Configuring ANCP Neighbors • Mapping AN Ports to VLAN Subinterfaces • Configuring ANCP Rate Adjustment Enabling ANCP To enable ANCP, use the ancp command in global configuration mode. Prerequisites To use this command, you must be in a user group associated with a task group that includes the proper task IDs for ANCP. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 14 OL-26077-02 Configuring Access Node Control Protocol How to Configure ANCP on CiscoSUMMARY STEPS 1. configure RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)# 2. ancp RP/0/RSP0/CPU0:router(config)# ancp 3. end 4. or commit 5. show ancp summary [statistics][detail] RP/0/RSP0/CPU0:router# show ancp summary DETAILED STEPS Command or Action Purpose configure RP/0/RSP0/CPU0:router# Enters global configuration mode. configure RP/0/RSP0/CPU0:router(config)# Step 1 Step 2 ancp RP/0/RSP0/CPU0:router(config)# ancp Enables ANCP. Step 3 end Step 4 or commit Saves configuration changes. Example: RP/0/RSP0/CPU0:router(config-ancp)# end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting (yes/no/cancel)? [cancel]: or RP/0/RSP0/CPU0:router(config-ancp)# commit Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays ANCP summary and general configuration information. show ancp summary [statistics][detail] RP/0/RSP0/CPU0:router# show ancp summary Step 5 Configuring ANCP Server Sender Name The ANCP server sender name is used by the ANCP server in adjacency protocol messages to DSLAMs. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 15 Configuring Access Node Control Protocol Configuring ANCP Server Sender NameSUMMARY STEPS 1. configure RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)# 2. ancp server sender-name {H.H.H | A.B.C.D} RP/0/RSP0/CPU0:router(config)# ancp server sender-name 0013.1aff.c2bd 3. end 4. or commit DETAILED STEPS Command or Action Purpose configureRP/0/RSP0/CPU0:router# configure Enters global configuration mode. RP/0/RSP0/CPU0:router(config)# Step 1 ancp server sender-name {H.H.H | A.B.C.D} Configures a local sender name. RP/0/RSP0/CPU0:router(config)# ancp server sender-name 0013.1aff.c2bd Step 2 Step 3 end Step 4 or commit Saves configuration changes. Example: RP/0/RSP0/CPU0:router(config-ancp)# end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting (yes/no/cancel)? [cancel]: or RP/0/RSP0/CPU0:router(config-ancp)# commit Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring ANCP Neighbors The TCP connection from any neighbor is accepted on any interface. To match a neighbor configuration to a respective TCP connection, ANCP neighbors are identified by a sender name that must match the corresponding field in adjacency protocol messages. Optionally, a description string can be supplied to identify the ANCP neighbor on the system and an adjacency timer interval configured. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 16 OL-26077-02 Configuring Access Node Control Protocol Configuring ANCP NeighborsSUMMARY STEPS 1. configure 2. ancp neighbor sender-name {H.H.H | A.B.C.D}[description string] 3. ancp neighbor sender-name {H.H.H | A.B.C.D} [adjacency-timer interval] 4. end or commit 5. show ancp neighbor {description description-string| sender-name {H.H.H | A.B.C.D}} [statistics][detail] RP/0/RSP0/CPU0:router# show ancp neighbor sender-name 0006.2aaa.281b 6. show ancp neighbor summary [statistics][detail] RP/0/RSP0/CPU0:router# show ancp neighbor summary 7. clear ancp neighbor {all | description description-string |sender-name {H.H.H | A.B.C.D}}[state |statistics] RP/0/RSP0/CPU0:router# clear ancp neighbor all 8. clear ancp summary [statistics | detail] RP/0/RSP0/CPU0:router# clear ancp summary statistics 9. show ancp neighbor [all] [statistics] RP/0/RSP0/CPU0:router# show ancp neighbor statistics 10. show ancp neighbor state [none | synsent | synrcvd | estab} [statistics] RP/0/RSP0/CPU0:router# show ancp neighbor none DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)# Step 1 ancp neighbor sender-name {H.H.H | Sets neighbor description parameter to easily identify DSLAMs. A.B.C.D}[description string] Step 2 Example: RP/0/RSP0/CPU0:router(config)# ancp neighbor sender-name oo13.1aff.c2bd description vendorA1 Sets neighbor adjacency timer parameter. If a neighbor session is already established, it will be reset so this timer can take affect. ancp neighbor sender-name {H.H.H | A.B.C.D} [adjacency-timer interval] Example: RP/0/RSP0/CPU0:router(config)# ancp neighbor sender-name 0013.1aff.c2bd adjacency-timer 20 Step 3 Note • Configured ports are placed in a down state while unconfigured ports are released. Step 4 end or commit Saves configuration changes. Example: RP/0/RSP0/CPU0:router(config-ancp)# end • When you issue the end command, the system prompts you to commit changes: Uncommitted changesfound, commit them before exiting (yes/no/cancel)? [cancel]: or RP/0/RSP0/CPU0:router(config-ancp)# commit Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 17 Configuring Access Node Control Protocol Configuring ANCP NeighborsCommand or Action Purpose Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. (Optional) Displays data or message statistics associated with individual ANCP adjacencies or sets of adjacencies. show ancp neighbor {description description-string| sender-name {H.H.H | A.B.C.D}} [statistics][detail] RP/0/RSP0/CPU0:router# show ancp neighbor sender-name 0006.2aaa.281b Step 5 show ancp neighbor summary [statistics][detail] (Optional) Displays adjacency counts by state. RP/0/RSP0/CPU0:router# show ancp neighborsummary Step 6 (Optional) Clears ANCP neighbors, either all or individually. Configured ports are placed in a down state while releasing clear ancp neighbor {all | description description-string | sender-name {H.H.H | A.B.C.D}}[state | statistics] RP/0/RSP0/CPU0:router# clear ancp neighbor all Step 7 unconfigured ports. If state is selected, the adjacency is reset without clearing the TCP socket. (Optional) Clears aggregate message statistics only, without modifying individual neighbor or port statistics. clear ancp summary [statistics | detail] RP/0/RSP0/CPU0:router# clear ancp summary statistics Step 8 show ancp neighbor [all] [statistics] (Optional) Displays ANCP neighbor information. RP/0/RSP0/CPU0:router# show ancp neighborstatistics Step 9 show ancp neighbor state [none | synsent | synrcvd | (Optional) Displays adjacency protocol state information. estab} [statistics] RP/0/RSP0/CPU0:router# show ancp neighbor none Step 10 Mapping AN Ports to VLAN Subinterfaces Port mapping associates DSLAM access ports or customer premises equipment (CPE) clients of a DSLAM with VLAN subinterfaces. The VLANs can be IEEE 802.1Q or QinQ hierarchical VLANs. To map AN ports to VLAN subinterfaces, use the ancp an-port command in global configuration mode. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 18 OL-26077-02 Configuring Access Node Control Protocol Mapping AN Ports to VLAN SubinterfacesSUMMARY STEPS 1. configure 2. ancp an-port circuit-id Access-Loop-Circuit-ID [interface type interface-path-id | interface Bundle-Ether bundle-id] RP/0/RSP0/CPU0:router(config)# ancp an-port circuit-id circuit1 interface gigabitethernet 2/0/1/1.1 3. end or commit 4. show ancp an-port {circuit-id Access-Loop-Circuit-ID | interface type interface-path-id | interface Bundle-Ether bundle-id | mapping} [statistics | detail] 5. show ancp an-port [configured | dynamic-only][statistics] 6. show ancp an-port summary [statistics][detail] 7. clear ancp an-port {all | circuit-id Access-Loop-Circuit-Id | interface type interface-path-id | interface Bundle-Ether bundle-id | neighbor {description string | sender-name {H.H.H | A.B.C.D}}[statistics] 8. show ancp an-port {description description-string | sender-name {H.H.H | A.B.C.D}} 9. show ancp an-port state [up | down | none] [statistics] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)# Step 1 Defines a unique access node ID. This ID information is included in the ANCP Port Up and Port Down messages. ancp an-port circuit-id Access-Loop-Circuit-ID [interface type interface-path-id | interface Step 2 Bundle-Ether bundle-id] The Circuit ID must be supplied before the access node port configuration can be committed. RP/0/RSP0/CPU0:router(config)# ancp an-port circuit-id circuit1 interface gigabitethernet 2/0/1/1.1 When using a shared policy instance in subinterfaces with ANCP, the same AN port circuit ID must be mapped to all subinterfaces that have the same shared policy instance. Step 3 end or commit Saves configuration changes. Example: RP/0/RSP0/CPU0:router(config-ancp)# end • When you issue the end command, the system prompts you to commit changes: Uncommitted changesfound, commit them before exiting (yes/no/cancel)? [cancel]: or RP/0/RSP0/CPU0:router(config-ancp)# commit Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 19 Configuring Access Node Control Protocol Mapping AN Ports to VLAN SubinterfacesCommand or Action Purpose Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. (Optional) Displays information about the association of DSLAM access ports(or CPE clients of a DSLAM) with VLAN subinterfaces. show ancp an-port {circuit-id Access-Loop-Circuit-ID | interface type interface-path-id | interface Bundle-Ether bundle-id | mapping} [statistics | detail] Example: RP/0/RSP0/CPU0:router# show ancp an-port gigabitethernet 2/0/1/1.1 Step 4 (Optional) Displayssummary data orstatisticsfor AN portsthat are or are not mapped to interfaces. show ancp an-port [configured | dynamic-only][statistics] Example: RP/0/RSP0/CPU0:router# show ancp an-port configured Step 5 show ancp an-port summary [statistics][detail] (Optional) Displays port counts by state. Example: RP/0/RSP0/CPU0:router# show ancp an-port summary Step 6 (Optional) Clears AN ports of dynamic data or statistics either individually or in groups. Published information is cleared and information learned from the DSLAM is cleared. clear ancp an-port {all | circuit-id Access-Loop-Circuit-Id | interface type interface-path-id | interface Bundle-Ether bundle-id | neighbor {description string | sender-name {H.H.H | A.B.C.D}}[statistics] Step 7 Example: RP/0/RSP0/CPU0:router# clear ancp an-port all show ancp an-port {description description-string | (Optional) Displays AN port information. sender-name {H.H.H | A.B.C.D}} Step 8 Example: RP/0/RSP0/CPU0:router# show ancp an-port description vendor3b show ancp an-portstate [up | down | none] [statistics] (Optional) Displays AN port state information. Example: RP/0/RSP0/CPU0:router# show ancp an-port state up Step 9 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 20 OL-26077-02 Configuring Access Node Control Protocol Mapping AN Ports to VLAN SubinterfacesConfiguring ANCP Rate Adjustment Use the ancp rate-adjustment command to apply a mathematical correction to the ANCP rate update prior to applying it as a shaper rate. SUMMARY STEPS 1. configure RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)# 2. ancp rate-adjustment dsl-type access-loop-type percent-factor factor 3. end or commit 4. show ancp summary detail RP/0/RSP0/CPU0:router# show ancp summary detail DETAILED STEPS Command or Action Purpose configure RP/0/RSP0/CPU0:router# Enters global configuration mode. configure RP/0/RSP0/CPU0:router(config)# Step 1 Sets the parameters for the ANCP shaper percent factor. dsl-type and access-loop-type are compared to appropriate values in optional type-length ancp rate-adjustment dsl-type access-loop-type percent-factor factor Example: RP/0/RSP0/CPU0:router(config)# ancp Step 2 values (TLVs) in the ANCP Port Up message and the ANCP rate is adjusted by a configured factor in case of a match. • dsl-type—(Required) Sets DSL type code: rate-adjustment adsl2 ethernet percent-factor 90 adsl1 adsl2 adsl2+ vdsl1 vdsl2 sdsl • access-loop-type—(Required) Sets access-loop-type to ATMor Ethernet. • percent-factor factor—(Required) A percent value to be applied to the ANCP reported rate update prior to configuring it as a shaping rate. Step 3 end or commit Saves configuration changes. Example: RP/0/RSP0/CPU0:router(config)# end • When you issue the end command, the system prompts you to commit changes: Uncommitted changesfound, commit them before exiting (yes/no/cancel)? [cancel]: or RP/0/RSP0/CPU0:router(config)# commit Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returnsthe router to EXEC mode. Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 21 Configuring Access Node Control Protocol Configuring ANCP Rate AdjustmentCommand or Action Purpose (Optional) Shows generic ANCP configuration information along with rate adjustment configuration information. show ancp summary detail RP/0/RSP0/CPU0:router# show ancp summary detail Step 4 Configuration Examples for Configuring ANCP contains the following examples: • Configuring ANCP Server Sender Name: Example • Configuring ANCP Neighbors: Example • Mapping AN ports to VLAN Subinterfaces: Example • Configuring ANCP Rate Adjustment: Example • ANCP and QoS Interaction: Example • QoS Policy Inconsistency on an Interface: Example Configuring ANCP Server Sender Name: Example Configuring ANCP Neighbors: Example The following example shows how to set ANCP neighbor parameters: configure ancp neighbor sender-name 0001.2222.3333 description VendorA-1 ancp neighbor sender-name 0001.2222.3333 adjacency-timer 20 commit The following example shows the output from a specific neighbor using the sender-name MAC address: show ancp neighbor sender-name 0006.2aaa.281b ANCP Neighbor Data ------------------------------------------- Sender Name 0006.2aaa.281b Description first State ESTAB Capability Topology Discovery Ports: State Up 25 State Down 5 Total 30 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 22 OL-26077-02 Configuring Access Node Control Protocol Configuration Examples for Configuring ANCP contains the following examples:The following example showsthe same command with the addition of the detail keyword,showing a summary of AN ports that were reported by that neighbor: show ancp neighbor sender-name 0006.2aaa.281b detail ANCP Neighbor Data ------------------------------------------- Sender Name 0006.2aaa.281b Description first State ESTAB Capability Topology Discovery Ports: State Up 4 State Down 0 Total 4 Remote IP Addr/TCP Port 209.165.200.225/11126 Local IP Addr/TCP Port 209.165.200.250/6068 Server Sender Name 0013.1aff.c2bd Remote Timeout 25500 msec Local Timeout 10000 msec Adjacency Uptime 01:25:20 Time Since Last Port Msg 00:00:04 Remote Port 0 Remote Instance 1 Local Instance 1 Remote Partition ID 0 List of AN port data for neighbor sender name 0006.2aaa.281b ------------------------------ ----- ---------- -------- ---- ------------ Line Num Adjusted DS Circuit-id State Uptime State Intf Rate (kbps) ------------------------------ ----- ---------- -------- ---- ------------ circuit1 UP 00:27:49 SHOWTIME 3 2250 circuit2 UP 00:00:49 SHOWTIME 2 2250 circuit3 UP 00:00:49 SHOWTIME 2 2250 circuit4 UP 00:00:49 SHOWTIME 0 2250 The following example shows the same command, this time with the addition of the statistics keyword, showing a summary of message statistics for the selected neighbor: show ancp neighbor sender-name 0006.2aaa.281b statistics ANCP Neighbor Message Statistics for Sender-name -, Description 0006.2aaa.281b ----------------------------------------------- Sent Received SYN 1 2 SNYACK 1 0 ACK 589 238 RSTACK 0 0 Port Up - 10 Port Down - 0 Drops 0 0 Total 600 250 The following example shows how to display generic information about ANCP configuration, along with neighbor and port counts by state: show ancp summary ANCP Summary Information ---------------------------------------------- Capability: Topology Discovery Server sender-name: 0013:1aff.c2bd Neighbor count by state: - 0 SYNSENT 0 SUNRCVD 0 ESTAB 1 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 23 Configuring Access Node Control Protocol Configuring ANCP Neighbors: Example---------------------------------- Total 1 Port count by state: State Up 1 State Down 0 State Unknown 0 ---------------------------------- Total 1 No. configured ports 1 No. mapped sub-interfaces 4 The following example shows how to display rate adjustment configuration information in addition to the generic information shown in the previous example: show ancp summary detail ANCP Summary Information ---------------------------------------------- Capability: Topology Discovery Server sender-name: 0013:1aff.c2bd Neighbor count by state: - 0 SYNSENT 0 SUNRCVD 0 ESTAB 1 ---------------------------------- Total 1 Port count by state: State Up 1 State Down 0 State Unknown 0 ---------------------------------- Total 1 No. configured ports 1 No. mapped sub-interfaces 4 Rate adjustment configuration: ------------------------------------------- DSL Type Loop Type Percent-Factor ------------------------------------------- ADSL1 ETHERNET 90 ADSL2 ETHERNET 100 ADSL2PLUS ETHERNET 100 VDSL1 ETHERNET 100 VDSL2 ETHERNET 100 SDSL ETHERNET 100 ADSL1 ATM 100 ADSL2 ATM 100 ADSL2PLUS ATM 100 VDSL1 ATM 100 VDSL2 ATM 100 SDSL ATM 100 The following example shows how to display a summary of ANCP message statistics: show ancp summary statistics ANCP Summary Message Statistics -------------------------------------- Sent Received SYN 3 6 SYNACK 4 0 ACK 7105 2819 RSTACK 2 0 Port Up - 6 Port Down - 0 Drops 0 0 Total 7114 2831 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 24 OL-26077-02 Configuring Access Node Control Protocol Configuring ANCP Neighbors: ExampleThe following example shows how to clear all neighbor data and statistics: clear ancp neighbor all The following example shows how to clear a specific neighbor: clear ancp neighbor description vendor1a The following example shows how to clear aggregate message statistics: clear ancp summary statistics Mapping AN ports to VLAN Subinterfaces: Example The following example shows a unique access node ID being defined: configure ancp an-port circuit-id circuit1 interface gigabitethernet 2/0/1/1.1 The following example shows how to display information for a port identified by its subinterface: show ancp an-port interface gigabitethernet 0/0/0/37.1 AN port circuit-id ccc1: State UP UPtime 02:23:45 Time Since Last Message 00:00:00 Encap Type ETHERNET DSL type ADSL1 DSL Line State SHOWTIME Number of Mapped Interfaces 3 Neighbor sender-name 0006.2aaa.281b Neighbor description 7200-client Configured Rate Adjustment 90% Actual Downstream Data Rate (kbps) 2500 Effective Downstream Data Rate (kbps) 2250 The following example shows how use the detail keyword to display port information as well as a list of the interfaces mapped to that port. show ancp an-port circuit-id ccc1 detail AN port circuit-id ccc1: State UP UPtime 02:31:36 Time Since Last Message 00:00:00 Encap Type ETHERNET DSL type ADSL1 DSL Line State SHOWTIME Number of Mapped Interfaces 3 Neighbor sender-name 0006.2aaa.281b Neighbor description 7200-client Configured Rate Adjustment 90% Actual Downstream Data Rate (kbps) 2500 Effective Downstream Data Rate (kbps) 2250 Actual Data Rate Upstream/Downstream (kbps) 2500/2500 Minimum Data Rate Upstream/Downstream (kbps) 0/0 Attainable Data Rate Upstream/Downstream (kbps) 0/0 Maximum Data Rate Upstream/Downstream (kbps) 0/0 Minimum Low Power Data Rate Upstream/Downstream (kbps) 0/0 Maximum Interleaving delay Upstream/Downstream (ms) 0/0 Actual Interleaving Delay Upstream/Downstream (ms) 0/0 Sub-interface Summary: total 3 ----------------------------------------------- Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 25 Configuring Access Node Control Protocol Mapping AN ports to VLAN Subinterfaces: ExampleSub-interface Name ifhandle --------------------------------- ---------- GigabitEthernet0/0/0/37.1 0x0 GigabitEthernet0/0/0/37.11 0x0 GigabitEthernet0/0/0/38.10 0xb80 The following example uses the statistics keyword to display port message statistics for a specific AN port: show ancp an-port circuit-id ccc1 statistics Port message statistics for circuit-id ccc1: Port Up 5 Port Down 0 The following example shows how to display port counts by state: show ancp an-port summary AN Port Count Summary ------------------------------ State UP 4 State DOWN 0 Config only ports 0 Total 4 # Configured ports 1 # Mapped sub-interfaces 4 The following example shows how to clear message statistics for all AN ports: clear ancp an-port all statistics The following example shows how to clear dynamic data for all AN ports: clear ancp an-port all The following example show how to clear dynamic data for a specific interface: clear ancp an-port interface gigabitethernet 0/1/0/10.5 Configuring ANCP Rate Adjustment: Example ANCP and QoS Interaction: Example The following example shows a hierarchical QoS policy configuration with and without an ANCP value applied: policy-map child-3play class 3play-voip priority level 1 police rate 65 kbps ! ! class 3play-video priority level 2 police rate 128 kbps ! random-detect cos 3 10 ms 100 ms random-detect cos 4 20 ms 200 ms ! class 3play-premium bandwidth percent 100 ! class class-default ! Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 26 OL-26077-02 Configuring Access Node Control Protocol Configuring ANCP Rate Adjustment: Exampleend-policy-map ! policy-map parent-3play-subscriber-line class class-default service-policy child-3play shape average 1 mbps ! end policy-map ! A policy is applied on an interface without ANCP: interface GigabitEthernet 0/1/0/0.1 l2transport encapsulation dot1q 2 service-policy output parent-3play-subscriber-line ! The show qos command verifies that ANCP has not been applied (ANCP is shown as 0 kbps). RP/0/RSP0/CPU0:router# show qos interface GigabitEthernet 0/1/0/0.1 out Interface: GigabitEthernet0_1_0_0.1 output Bandwidth: 1000000 kbps ANCP: 0 kbps Policy: parent-3-play-subscriber-line Total number of classes: 5 --------------------------------------------------------------------------- Level: 0 Policy: parent-3-play-subscriber-line Class: class-default QueueID: N/A Shape Profile: 1 CIR: 960 kbps CBS: 1024 bytes PIR: 960 kbps PBS: 13312 bytes WFQ Profile: 1 Committed Weight: 1 Excess Weight: 1 Bandwidth: 0 kbps, BW sum for Level 0: 1000000 kbps, Excess Ratio: 1 --------------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3play-voip Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 8 (Priority 1) Queue Limit: 16 kbytes Profile: 3 Scale Profile: 0 Policer Profile: 0 (Single) Conform: 65 kbps (65 kbps) Burst: 1598 bytes (0 Default) Child Policer Conform: TX Child Policer Exceed: DROP Child Policer Violate: DROP --------------------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3play-video Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 9 (Priority 2) Queue Limit: 8 kbytes (11 Unknown) Profile: 4 Scale Profile: 0 Policer Profile: 24 (Single) Conform: 128 kbps (128 kbps) Burst: 1598 bytes (0 Default) Child Policer Conform: TX Child Policer Exceed: DROP Child Policer Violate: DROP WRED Type: COS based Table: 0 Profile: 4 Scale Profile: 0 Curves: 3 Default RED Curve Thresholds Min : 8 kbytes Max: 8 kbytes WRED Curve: 1 Thresholds Min : 8 kbytes Max: 8kbytes Match: 3 WRED Curve: 2 Thresholds Min : 8 kbytes Max: 8 kbytes Match: 4 --------------------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3-play-premium Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 10 (Priority Normal) Queue Limit: 16 kbytes Profile: 1 Scale Profile: 1 WFQ Profile: 4 Committed Weight: 100 Excess Weight: 100 Bandwidth: 1000 kbps, BW sum for Level 1: 1000 kbps, Excess Ratio: 1 --------------------------------------------------------------------------------- Level: 1 Policy: child-3play Class: class-default Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 11 (Priority Normal) Queue Limit: 8 kbytes Profile: 1 Scale Profile: 0 WFQ Profile: 5 Committed Weight: 1 Excess Weight: 1 Bandwidth: 0 kbps, BW sum for Level 1: 1000 kbps, Excess Ratio: 1 -------------------------------------------------------------------------------- RP/0/RSP0/CPU0:router# Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 27 Configuring Access Node Control Protocol ANCP and QoS Interaction: ExampleANCP AN-Port to Interface Mapping is applied: RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)# ancp an-port circuit-id dslam1_port1 interface GigabitEthernet 0/1/0/0.1 The show ancp an-port interface command shows the ANCP rate for the interface: RP/0/RSP0/CPU0:router# show ancp an-port interface GigabitEthernet 0/1/0/0.1 detail AN port circuit-id dlsam1_port1: State UP Uptime 00:00:32 Time Since Last Message 00:00:32 Encap Type ATM DSL Type ADSL1 DSL Line State SHOWTIME Number of Mapped Sub-interfaces 1 Neighbor sender-name 0000.0000.1bec Neighbor description - Configured Rate Adjustment 100% Actual Downstream Data Rate (kbps) 2000 Effective Downstream Data Rate (kbps) 2000 Actual Data Rate Upstream/Downstream (kbps) 2000/2000 Minimum Data Rate Upstream/Downstream (kbps) 0/0 Attainable Data Rate Upstream/Downstream (kbps) 0/0 Maximum Data Rate Upstream/Downstream (kbps) 0/0 Minimum Low Power Data Rate Upstream/Downstream (kbps) 0/0 Maximum Interleaving Delay Upstream/Downstream (ms) 0/0 Actual Interleaving Delay Upstream/Downstream (ms) 0/0 Sub-interface Summary: total 1 ------------------------------------------------------ Sub-interface name ifhandle ---------------------------------- ---------- GigabitEthernet0/1/0.1 0x215e042 The show qos command verifies that ANCP has been applied (ANCP is now shown as 1920 kbps). RP/0/RSP0/CPU0/router# show qos interface GigabitEthernet 0/1/0.1 out Interface GigabitEthernet0_1_0_0.1 output Bandwidth: 1000000 kbps ANCP: 1920 kbps Policy: parent-3play-subscriber-line Total number of classes: 5 -------------------------------------------------------------------- Level: 0 Policy: parent-3-play-subscriber-line Class: class-default QueueID: N/A Shape Profile: 1 CIR: 1920 kbps CBS: 1024 bytes PIR: 1920 kbps PBS: 13312 bytes WFQ Profile: 1 Committed Weight: 1 Excess Weight: 1 Bandwidth: 0 kbps, BW sum for Level 0: 1000000 kbps, Excess Ratio: 1 --------------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3play-voip Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 8 (Priority 1) Queue Limit: 16 kbytes Profile: 3 Scale Profile: 0 Policer Profile: 0 (Single) Conform: 65 kbps (65 kbps) Burst: 1598 bytes (0 Default) Child Policer Conform: TX Child Policer Exceed: DROP Child Policer Violate: DROP --------------------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3play-video Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 9 (Priority 2) Queue Limit: 8 kbytes (11 Unknown) Profile: 4 Scale Profile: 0 Policer Profile: 24 (Single) Conform: 128 kbps (128 kbps) Burst: 1598 bytes (0 Default) Child Policer Conform: TX Child Policer Exceed: DROP Child Policer Violate: DROP WRED Type: COS based Table: 0 Profile: 4 Scale Profile: 0 Curves: 3 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 28 OL-26077-02 Configuring Access Node Control Protocol ANCP and QoS Interaction: ExampleDefault RED Curve Thresholds Min : 8 kbytes Max: 8 kbytes WRED Curve: 1 Thresholds Min : 8 kbytes Max: 8kbytes Match: 3 WRED Curve: 2 Thresholds Min : 8 kbytes Max: 8 kbytes Match: 4 --------------------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3-play-premium Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 10 (Priority Normal) Queue Limit: 24 kbytes Profile: 1 Scale Profile: 8 WFQ Profile: 4 Committed Weight: 100 Excess Weight: 100 Bandwidth: 1920 kbps, BW sum for Level 1: 1920 kbps, Excess Ratio: 1 --------------------------------------------------------------------------------- Level: 1 Policy: child-3play Class: class-default Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 11 (Priority Normal) Queue Limit: 8 kbytes Profile: 1 Scale Profile: 0 WFQ Profile: 5 Committed Weight: 1 Excess Weight: 1 Bandwidth: 0 kbps, BW sum for Level 1: 1920 kbps, Excess Ratio: 1 --------------------------------------------------------------------------------- QoS Policy Inconsistency on an Interface: Example A valid QoS policy with absolute or percentage values must satisfy the following requirement: interface speed > ANCP rate > QoS parent shaper rate A Qos policy successfully applied to an interface can become invalid due to two possible external factors. These two factors are an ANCP rate change or a port speed change: • ANCP Rate Change—If the ANCP rate falls, or the ANCP rate adjustment factor makes the ANCP rate fall below the shaper rate of the top-most QoS policy map, the QoS policy on the interface becomes invalid. • Port Speed Change—The port of a GigabitEthernet interface can be configured to 10 Mbps or 100 Mbps mode from the default of 1000 Mbps. When this happens, the interface speed drops to less than the ANCP rate and QoS parent shaper rate. The QoS policy on the interface becomes invalid. When either of these changes occur, the QoS policy on the interface is placed in the inconsistency state. To recover from the inconsistency state, perform one of the following tasks: • Remove the QoS policy from the interface, adjust the QoS policy values, then reapply the QoS policy to the interface. • If the ANCP adjustment rate or the ANCP rate has been modified, update the ANCP rate to satisfy the QoS policy rate requirement. • If port speed has been modified, update the speed to satisfy the QoS policy rate requirement. Following are examples of the effects of an ANCP rate change and a port speed change have on the following QoS policy configuration on a Gigabit Ethernet interface: policy-map child-3play class 3play-voip priority level 1 police rate 65 kbps ! ! class 3play-video priority level 2 police rate 128 kbps ! random-detect cos 3 10 ms 100 ms Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 29 Configuring Access Node Control Protocol QoS Policy Inconsistency on an Interface: Examplerandom-detect cos 4 20 ms 200 ms ! class 3play-premium bandwidth percent 100 ! Class class-default ! end-policy-map ! policy-map parent-3play-subscriber-line class class-default service-policy child-3play bandwidth 200 mbps bandwidth remaining percent 100 shape average 800 mbps ! end-policy-map ! If the ANCP rate value 999936 kbps, and the ANCP rate factor is 100 percent, the ANCP rate value of 999936 is applied to the interface. This satisfies the requirement: Interface speed (1000000 kbps) > ANCP rate (999936 kbps) > QoS parent shaper rate (800000 kbps) This is a successful application of the policy as shown by the following show qos interface command output: show qos interface gig0/0/0/11.1 output Wed Mar 18 18:25:20.140 UTC Interface: GigabitEthernet0_0_0_11.1 output Bandwidth: 1000000 kbps ANCP: 999936 kbps Policy: parent-3play-subscriber-line Total number of classes: 5 ---------------------------------------------------------------------- Level: 0 Policy: parent-3play-subscriber-line Class: class-default QueueID: N/A Shape Profile: 1 CIR: 200000 kbps (200 mbps) CBS: 100352 bytes PIR: 999936 kbps PBS: 12517376 bytes WFQ Profile: 1 Committed Weight: 51 Excess Weight: 100 Bandwidth: 200000 kbps, BW sum for Level 0: 1000000 kbps, Excess Ratio: 100 ---------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3play-voip Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 136 (Priority 1) Queue Limit: 16 kbytes Profile: 3 Scale Profile: 0 Policer Profile: 0 (Single) Conform: 65 kbps (65 kbps) Burst: 1598 bytes (0 Default) Child Policer Conform: TX Child Policer Exceed: DROP Child Policer Violate: DROP ---------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3play-video Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 137 (Priority 2) Queue Limit: 8 kbytes (11 Unknown) Profile: 4 Scale Profile: 0 Policer Profile: 24 (Single) Conform: 128 kbps (128 kbps) Burst: 1598 bytes (0 Default) Child Policer Conform: TX Child Policer Exceed: DROP Child Policer Violate: DROP WRED Type: COS based Table: 0 Profile: 4 Scale Profile: 0 Curves: 3 Default RED Curve Thresholds Min : 8 kbytes Max: 8 kbytes WRED Curve: 1 Thresholds Min : 8 kbytes Max: 8 kbytes Match: 3 WRED Curve: 2 Thresholds Min : 8 kbytes Max: 8 kbytes Match: 4 ---------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3play-premium Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 138 (Priority Normal) Queue Limit: 2097 kbytes Profile: 2 Scale Profile: 0 WFQ Profile: 6 Committed Weight: 1020 Excess Weight: 1020 Bandwidth: 200000 kbps, BW sum for Level 1: 200000 kbps, Excess Ratio: 1 ---------------------------------------------------------------------- Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 30 OL-26077-02 Configuring Access Node Control Protocol QoS Policy Inconsistency on an Interface: ExampleLevel: 1 Policy: child-3play Class: class-default Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 139 (Priority Normal) Queue Limit: 65 kbytes Profile: 1 Scale Profile: 3 WFQ Profile: 0 Committed Weight: 1 Excess Weight: 1020 Bandwidth: 0 kbps, BW sum for Level 1: 200000 kbps, Excess Ratio: 1 ---------------------------------------------------------------------- ANCP Rate Change If the ANCP rate falls below the QoS parent shaper rate for example, to 300000 kbps, and the ANCP rate adjustment factor remains at 100 percent, the ANCP rate is no longer greater than the QoS parent shaper rate of 800000 kbps. This causes the QoS policy on the interface to be placed in the inconsistency state as shown by the following show qos interface command output: show qos interface gig0/0/0/11.1 output Wed Mar 18 18:21:11.180 UTC Interface: GigabitEthernet0_0_0_11.1 output Bandwidth: 1000000 kbps ANCP: 299904 kbps *Inconsistency* : ANCP - Downstream Rate less than Shaper Rate Policy: parent-3play-subscriber-line Total number of classes: 5 ---------------------------------------------------------------------- Level: 0 Policy: parent-3play-subscriber-line Class: class-default QueueID: N/A Shape Profile: 2 CIR: 200000 kbps (200 mbps) CBS: 100352 bytes PIR: 800000 kbps PBS: 10027008 bytes WFQ Profile: 1 Committed Weight: 51 Excess Weight: 100 Bandwidth: 200000 kbps, BW sum for Level 0: 1000000 kbps, Excess Ratio: 100 ---------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3play-voip Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 136 (Priority 1) Queue Limit: 16 kbytes Profile: 3 Scale Profile: 0 Policer Profile: 0 (Single) Conform: 65 kbps (65 kbps) Burst: 1598 bytes (0 Default) Child Policer Conform: TX Child Policer Exceed: DROP Child Policer Violate: DROP ---------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3play-video Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 137 (Priority 2) Queue Limit: 8 kbytes (11 Unknown) Profile: 4 Scale Profile: 0 Policer Profile: 24 (Single) Conform: 128 kbps (128 kbps) Burst: 1598 bytes (0 Default) Child Policer Conform: TX Child Policer Exceed: DROP Child Policer Violate: DROP WRED Type: COS based Table: 0 Profile: 4 Scale Profile: 0 Curves: 3 Default RED Curve Thresholds Min : 8 kbytes Max: 8 kbytes WRED Curve: 1 Thresholds Min : 8 kbytes Max: 8 kbytes Match: 3 WRED Curve: 2 Thresholds Min : 8 kbytes Max: 8 kbytes Match: 4 ---------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3play-premium Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 138 (Priority Normal) Queue Limit: 2097 kbytes Profile: 2 Scale Profile: 0 WFQ Profile: 6 Committed Weight: 1020 Excess Weight: 1020 Bandwidth: 200000 kbps, BW sum for Level 1: 200000 kbps, Excess Ratio: 1 ---------------------------------------------------------------------- Level: 1 Policy: child-3play Class: class-default Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 139 (Priority Normal) Queue Limit: 65 kbytes Profile: 1 Scale Profile: 3 WFQ Profile: 0 Committed Weight: 1 Excess Weight: 1020 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 31 Configuring Access Node Control Protocol QoS Policy Inconsistency on an Interface: ExampleBandwidth: 0 kbps, BW sum for Level 1: 200000 kbps, Excess Ratio: 1 ---------------------------------------------------------------------- Once the ANCP rate returns to the configured value, the inconsistency is automatically cleared, which can be confirmed by issuing the show qos interface command. If the ANCP rate has been configured to a value less than the shape rate, the inconsistency is not automatically cleared, and the policy must be modified and reapplied. To prevent this from occurring, be sure to configure the policy-map shape rate to the minimum value of all ANCP rates for a given service level. Note Port Speed Change If the port speed is configured to less than the QoS parent shaper rate for example to 100 Mbps (100000 kbps), the requirement is no longer met since the port speed is no longer greater than the QoS parent shaper rate of 800000 kbps. RP/0/RSP0/CPU0:ro-node1#conf RP/0/RSP0/CPU0:ro-node1(config)#int gigabitEthernet 0/0/0/1 RP/0/RSP0/CPU0:ro-node1(config-if)#speed 100 RP/0/RSP0/CPU0:ro-node1(config-if)#commit LC/0/0/CPU0:Nov 4 05:36:55.041 : qos_ma_ea[197]: %QOS-QOS_EA_MODIFY_FAIL-3-ERROR : inconsistency detected due to ANCP or Bandwidth modification. Execute show qos inconsistency, to obtain information. Policy resolution failure RP/0/RSP0/CPU0:ro-node1(config-if)#end This causes the QoS policy on the interface to be placed in the inconsistency state as shown by the following show qos interface command output: RP/0/RSP0/CPU0:ro-node1#sh qos int gigabitEthernet 0/0/0/1.1 output Interface: GigabitEthernet0_0_0_1.1 output Bandwidth: 1000000 kbps ANCP: 0 kbps *Inconsistency* : Port speed modify fails on Policy Policy: parent-3play-subscriber-line Total number of classes: 5 ---------------------------------------------------------------------- Level: 0 Policy: parent-3play-subscriber-line Class: class-default QueueID: N/A Shape Profile: 1 CIR: 200000 kbps (200 mbps) CBS: 100352 bytes PIR: 800000 kbps PBS: 10027008 bytes WFQ Profile: 1 Committed Weight: 51 Excess Weight: 100 Bandwidth: 200000 kbps, BW sum for Level 0: 1000000 kbps, Excess Ratio: 100 ---------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3play-voip Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 640 (Priority 1) Queue Limit: 16 kbytes Profile: 3 Scale Profile: 0 Policer Profile: 0 (Single) Conform: 65 kbps (65 kbps) Burst: 1598 bytes (0 Default) Child Policer Conform: TX Child Policer Exceed: DROP Child Policer Violate: DROP ---------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3play-video Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 641 (Priority 2) Queue Limit: 8 kbytes Profile: 4 Scale Profile: 0 Policer Profile: 24 (Single) Conform: 128 kbps (128 kbps) Burst: 1598 bytes (0 Default) Child Policer Conform: TX Child Policer Exceed: DROP Child Policer Violate: DROP WRED Type: COS based Table: 2 Profile: 4 Scale Profile: 0 Curves: 3 Default RED Curve Thresholds Min : 8 kbytes Max: 8 kbytes WRED Curve: 1 Thresholds Min : 8 kbytes Max: 8 kbytes Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 32 OL-26077-02 Configuring Access Node Control Protocol QoS Policy Inconsistency on an Interface: ExampleMatch: 3 WRED Curve: 2 Thresholds Min : 8 kbytes Max: 8 kbytes Match: 4 ---------------------------------------------------------------------- Level: 1 Policy: child-3play Class: 3play-premium Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 642 (Priority Normal) Queue Limit: 4194 kbytes Profile: 2 Scale Profile: 1 WFQ Profile: 3 Committed Weight: 1020 Excess Weight: 1020 Bandwidth: 200000 kbps, BW sum for Level 1: 200000 kbps, Excess Ratio: 1 ---------------------------------------------------------------------- Level: 1 Policy: child-3play Class: class-default Parent Policy: parent-3play-subscriber-line Class: class-default QueueID: 643 (Priority Normal) Queue Limit: 4194 kbytes Profile: 2 Scale Profile: 1 WFQ Profile: 4 Committed Weight: 1 Excess Weight: 1 Bandwidth: 0 kbps, BW sum for Level 1: 200000 kbps, Excess Ratio: 1 ---------------------------------------------------------------------- To resolve this issue, the port speed must be set back to 1000 Mbps (1000000 kbps) using the no speed command. RP/0/RSP0/CPU0:ro-node1#conf RP/0/RSP0/CPU0:ro-node1(config)#int gigabitEthernet 0/0/0/1 RP/0/RSP0/CPU0:ro-node1(config-if)#no speed RP/0/RSP0/CPU0:ro-node1(config-if)#commit LC/0/0/CPU0:Nov 4 05:37:39.171 : ifmgr[144]: %PKT_INFRA-LINEPROTO-5-UPDOWN : Line protocol on Interface GigabitEthernet0/0/0/1, changed state to Up The clearing of the inconsistency can be verified by again issuing the show qos interface command. The show qos inconsistency Command: Example A command related to show qosinterface command provides additional detail about QoS policy inconsistency: RP/0/RSP0/CPU0:RO2#show qos inconsistency detail 0 location 0/7/CPU0 Interface Lists with QoS Inconsistency Warning: ========================================================= Node 0/7/CPU0 --------------------------------------------------------- Interfaces with QoS Inconsistency: ANCP - No Shaper at top policymap ========================================================================== Interface Direction Policy Name SPI Name -------------------------------------------------------------------------- GigabitEthernet0/7/0/1.5 output parent-none Interfaces with QoS Inconsistency: ANCP - Downstream Rate less than Shaper Rate ========================================================================== Interface Direction Policy Name SPI Name -------------------------------------------------------------------------- GigabitEthernet0/7/0/1 output parent SPI1 GigabitEthernet0/7/0/1.2 output parent GigabitEthernet0/7/0/1 output normal-policy-name normal-spi-name RP/0/RSP0/CPU0:RO2# RP/0/RSP0/CPU0:RO2#show qos inconsistency summary location 0/7/CPU0 Summary Counts of QoS Inconsistency Warnings: ========================================================= Node 0/7/CPU0 Inconsistency Warning Type Count -------------------------------------------------------- ANCP - No Shaper at top policymap: 1 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 33 Configuring Access Node Control Protocol QoS Policy Inconsistency on an Interface: ExampleANCP - Downstream Rate less than Shaper Rate: 4 RP/0/RSP0/CPU0:RO2# Additional References The following sections provide references related to implementing ANCP. Related Documents Related Topic Document Title Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Initial system bootup and configuration Cisco ASR 9000 Series Aggregation Services Router Master Command Listing Master command reference Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Command Reference QoS commands “Configuring AAA Services on Cisco ASR 9000 Series Router” module of Cisco Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide User groups and task IDs Standards Standards Title No new or modified standards are supported by — this feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/ cmtk/mibs.shtml — Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 34 OL-26077-02 Configuring Access Node Control Protocol Additional ReferencesRFCs RFCs Title No new or modified RFCs are supported by this — feature, and support for existing RFCs has not been modified by this feature. Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies,solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Configuring Access Node Control Protocol Access Node Control Protocol (ANCP) creates a control plane between a service-oriented aggregation device and an access node (AN) (for example, a DSLAM) in order to perform QoS-related, service-related, and subscriber-related operations. An ANCP server accepts and maintains ANCP adjacencies (sessions with an ANCP neighbor), and sending and receiving ANCP messages. ANCP allows static mapping between ANCP ports and VLAN subinterfaces so that DSL rate updates for a specific subscriber received by the ANCP server are applied to the QoS configuration corresponding to that subscriber. DSL train rates received via ANCP are used to alter shaping rates on subscriber-facing interfaces and subinterfaces on the router. ANCP runs as a single process on the route processor (RP). This module provides the conceptual and configuration information for implementing ANCP. Line Card, SIP, and SPA Support Feature ASR 9000 Ethernet Line Cards SIP 700 for the ASR 9000 Access Node Control Protocol yes no Feature History for Configuring Access Node Protocol on Cisco ASR 9000 Series Routers Release Modification Release 3.7.2 The Access Node Control Protocol feature was introduced. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 35 Configuring Access Node Control Protocol RFCsRelease 3.9.0 Mapping of ANCP portsto VLAN interfaces over Ethernet bundles was added. Release 4.0.0 ANCP over Multi Chassis Link Aggregation was introduced. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 36 OL-26077-02 Configuring Access Node Control Protocol Configuring Access Node Control ProtocolC H A P T E R 3 Configuring Modular QoS Congestion Avoidance Congestion avoidance techniques monitor traffic flow in an effort to anticipate and avoid congestion at common network bottlenecks. Avoidance techniques are implemented before congestion occurs as compared with congestion management techniques that control congestion after it has occurred. Congestion avoidance is achieved through packet dropping. Cisco IOS XR software supports the following quality of service (QoS) congestion avoidance techniques that drop packets: • Random early detection (RED • Weighted random early detection (WRED) • Tail drop The module describes the concepts and tasks related to these congestion avoidance techniques. Line Card, SIP, and SPA Support Feature ASR 9000 Ethernet Line Cards SIP 700 for the ASR 9000 Random Early Detection yes yes Weighted Random Early Detection yes yes Tail Drop yes yes Feature History for Configuring Modular QoS Congestion Avoidance on Cisco ASR 9000 Series Routers Release Modification The Congestion Avoidance feature was introduced on ASR 9000 Ethernet Line Cards. The Random Early Detection, Weighted Random Early Detection, and Tail Drop features were introduced on ASR 9000 Ethernet Line Cards. Release 3.7.2 The Random Early Detection, Weighted Random Early Detection, and Tail Drop features were supported on the SIP 700 for the ASR 9000. Release 3.9.0 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 37• Prerequisites for Configuring Modular QoS Congestion Avoidance, page 38 • Information About Configuring Modular QoS Congestion Avoidance, page 38 • Additional References, page 51 Prerequisites for Configuring Modular QoS Congestion Avoidance The following prerequisite is required for configuring QoS congestion avoidance on your network: You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Information About Configuring Modular QoS Congestion Avoidance To configure QoS congestion avoidance techniques in this document you must understand the following concepts: Random Early Detection and TCP The RED congestion avoidance technique takes advantage of the congestion control mechanism of TCP. By randomly dropping packets prior to periods of high congestion, RED tells the packet source to decrease its transmission rate. Assuming the packet source is using TCP, it decreases its transmission rate until all packets reach their destination, indicating that the congestion is cleared. You can use RED as a way to cause TCP to slow transmission of packets. TCP not only pauses, but it also restarts quickly and adapts its transmission rate to the rate that the network can support. RED distributes losses in time and maintains normally low queue depth while absorbing traffic bursts. When enabled on an interface, RED begins dropping packets when congestion occurs at a rate you select during configuration. Queue-limit for WRED Queue-limit is used to fine-tune the number of buffers available for each queue. It can only be used on a queuing class. Default queue limit is 100 ms of the service rate for the given queue. The service rate is the sum of minimum guaranteed bandwidth and bandwidth remaining assigned to a given class either implicitly or explicitly. The queue-limit is rounded up to one of the following values: 8 KB, 16 KB, 24 KB, 32 KB, 48 KB, 64 KB, 96 KB, 128 KB, 192 KB, 256 KB, 384 KB, 512 KB, 768 KB, 1024 KB, 1536 KB, 2048 KB, 3072 KB, 4196 KB, 8192 KB, 16394 KB, 32768 KB, 65536 KB, 131072 KB, or 262144 KB. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 38 OL-26077-02 Configuring Modular QoS Congestion Avoidance Prerequisites for Configuring Modular QoS Congestion AvoidanceTail Drop and the FIFO Queue Tail drop is a congestion avoidance technique that drops packets when an output queue is full until congestion is eliminated. Tail drop treats all traffic flow equally and does not differentiate between classes of service. It manages the packets that are unclassified, placed into a first-in, first-out (FIFO) queue, and forwarded at a rate determined by the available underlying link bandwidth. See the “Default Traffic Class” section of the “Configuring Modular Quality of Service Packet Classification and Marking on Cisco ASR 9000 Series Routers” Configuring Random Early Detection This configuration task issimilar to that used for WRED except that the random-detect precedence command is not configured and the random-detect command with the default keyword must be used to enable RED. Restrictions If you configure the random-detect default command on any classincluding class-default, you must configure one of the following commands: • shape average • bandwidth • bandwidth remaining SUMMARY STEPS 1. configure 2. policy-map policy-map-name 3. class class-name 4. random-detect {cos value | default | discard-class value | dscp value | exp value | precedence value | min-threshold [units] max-threshold [units] } 5. bandwidth {bandwidth [units] | percent value} or bandwidth remaining [percent value | ratio ratio-value 6. shape average {percent percentage | value [units]} 7. exit 8. exit 9. interface type interface-path-id 10. service-policy {input | output} policy-map 11. Use one of these commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 39 Configuring Modular QoS Congestion Avoidance Tail Drop and the FIFO QueueDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 policy-map policy-map-name Enters policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config)# policy-map policy1 • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. Step 3 class class-name Enters policy map class configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap)# class class1 • Specifies the name of the class whose policy you want to create or change. random-detect {cos value | default | discard-class Enables RED with default minimum and maximum thresholds. value | dscp value | exp value | precedence value | min-threshold [units] max-threshold [units] } Step 4 Example: RP/0/RSP0/CPU0:router(config-pmap-c)# random-detect default (Optional) Specifiesthe bandwidth allocated for a class belonging to a policy map. bandwidth {bandwidth [units] | percent value} or bandwidth remaining [percent value | ratio ratio-value Step 5 or Example: RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth percent 30 (Optional) Specifies how to allocate leftover bandwidth to various classes. Note • One of these configurations is required for a or non-default class. RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth remaining percent 20 (Optional) Shapes traffic to the specified bit rate or a percentage of the available bandwidth. shape average {percent percentage | value [units]} Example: RP/0/RSP0/CPU0:router(config-pmap-c)# shape average percent 50 Step 6 exit Returns the router to policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# exit Step 7 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 40 OL-26077-02 Configuring Modular QoS Congestion Avoidance Configuring Random Early DetectionCommand or Action Purpose exit Returns the router to global configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap)# exit Step 8 interface type interface-path-id Enters configuration mode and configures an interface. Example: RP/0/RSP0/CPU0:router(config)# interface TenGigE 0/2/0/0 Step 9 Attaches a policy map to an input or output interface to be used as the service policy for that interface. service-policy {input | output} policy-map Example: RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1 Step 10 • In this example, the traffic policy evaluates all traffic leaving that interface. Step 11 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 41 Configuring Modular QoS Congestion Avoidance Configuring Random Early DetectionConfiguring Random Early Detection SUMMARY STEPS 1. 2. policy-map policy-name 3. class class-name 4. random-detect {cos value | default | discard-class value | dscp value | exp value | precedence value | min-threshold [units] max-threshold [units] } 5. random-detect {discard-class value | dscp value | exp value | precedence value | min-threshold [units] max-threshold [units] } 6. bandwidth {bandwidth [units] | percent value} 7. bandwidth remaining percent value 8. shape average {percent percentage | value [units]} 9. exit 10. exit 11. interface type interface-path-id 12. end or commit DETAILED STEPS Command or Action Purpose Enters global configuration mode. Example: RP/0//CPU0:router# configure Step 1 Step 2 policy-map policy-name Enters policy map configuration mode. Example: RP/0//CPU0:router(config)# policy-map policy1 • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. Step 3 class class-name Enters policy map class configuration mode. Example: RP/0//CPU0:router(config-pmap)# class class1 • Specifies the name of the class whose policy you want to create or change. random-detect {cos value | default | discard-class Enables RED with minimum and maximum thresholds. value | dscp value | exp value | precedence value | min-threshold [units] max-threshold [units] } Step 4 Example: RP/0/RP0/CPU0:router(config-pmap-c)# random-detect default Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 42 OL-26077-02 Configuring Modular QoS Congestion Avoidance Configuring Random Early DetectionCommand or Action Purpose random-detect {discard-class value | dscp value | Enables RED with default minimum and maximum thresholds. exp value | precedence value | min-threshold [units] max-threshold [units] } Step 5 Example: RP/0/0/CPU0:router(config-pmap-c)# random-detect 1000000 2000000 (Optional) Specifiesthe bandwidth allocated for a class belonging to a policy map. bandwidth {bandwidth [units] | percent value} Example: RP/0//CPU0:router(config-pmap-c)# bandwidth percent 30 Step 6 (Optional) Specifies how to allocate leftover bandwidth to various classes. bandwidth remaining percent value Example: RP/0//CPU0:router(config-pmap-c)# bandwidth remaining percent 20 Step 7 (Optional) Shapes traffic to the specified bit rate or a percentage of the available bandwidth. shape average {percent percentage | value [units]} Example: RP/0//CPU0:router(config-pmap-c)# shape average percent 50 Step 8 exit Returns the router to policy map configuration mode. Example: RP/0//CPU0:router(config-pmap-c)# exit Step 9 exit Returns the router to global configuration mode. Example: RP/0//CPU0:router(config-pmap)# exit Step 10 Step 11 interface type interface-path-id Enters configuration mode and configures an interface. Example: RP/0//CPU0:router(config)# interface pos 0/2/0/0 Attaches a policy map to an input or output interface to be used as the service policy for that interface. • In this example, the traffic policy evaluates all traffic leaving that interface. Example: RP/0//CPU0:router(config-if)# service-policy output policy1 Step 12 end or commit Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 43 Configuring Modular QoS Congestion Avoidance Configuring Random Early DetectionCommand or Action Purpose Example: RP/0//CPU0:router(config-cmap)# end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: or RP/0//CPU0:router(config-cmap)# commit Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Configuring Weighted Random Early Detection WRED drops packets selectively based on any specified criteria, such as CoS, DSCP, EXP, discard-class, or precedence . WRED uses these matching criteria to determine how to treat different types of traffic. Configure WRED using the random-detect command and different CoS, DSCP, EXP, and discard-class values. The value can be range or a list of values that are valid for that field. You can also use minimum and maximum queue thresholds to determine the dropping point. When a packet arrives, the following actions occur: • If the queue size is less than the minimum queue threshold, the arriving packet is queued. • If the queue size is between the minimum queue threshold for that type of traffic and the maximum threshold for the interface, the packet is either dropped or queued, depending on the packet drop probability for that type of traffic. • If the queue size is greater than the maximum threshold, the packet is dropped. Restrictions When configuring the random-detect dscp command, you must configure one of the following commands: shape average, bandwidth, and bandwidth remaining. Only two minimum and maximum thresholds (each with different match criteria) can be configured per class. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 44 OL-26077-02 Configuring Modular QoS Congestion Avoidance Configuring Weighted Random Early DetectionSUMMARY STEPS 1. configure 2. policy-map policy-name 3. class class-name 4. random-detect dscp dscp-value min-threshold [units] max-threshold [units] 5. bandwidth {bandwidth [units] | percent value} or bandwidth remaining [percent value | ratio ratio-value] 6. bandwidth {bandwidth [units] | percent value} 7. bandwidth remaining percent value 8. shape average {percent percentage | value [units]} 9. queue-limit value [units] RP/0/RSP0/CPU0:router(config-pmap-c)# queue-limit 50 ms 10. exit 11. interface type inteface-path-id 12. service-policy {input | output} policy-map 13. end or commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 policy-map policy-name Enters policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config)# policy-map policy1 • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. Step 3 class class-name Enters policy map class configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap)# class class1 • Specifies the name of the class whose policy you want to create or change. Changes the minimum and maximum packet thresholds for the DSCP value. random-detect dscp dscp-value min-threshold [units] max-threshold [units] Step 4 Example: RP/0/RSP0/CPU0:router(config-pmap-c)# • Enables WRED. • dscp-value—Number from 0 to 63 that sets the DSCP value. Reserved keywords can be specified instead of numeric values. random-detect dscp af11 1000000 bytes 2000000 bytes • min-threshold—Minimum threshold in the specified units. When the average queue length reaches the minimum threshold, WRED randomly drops some packets with the specified DSCP value. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 45 Configuring Modular QoS Congestion Avoidance Configuring Weighted Random Early DetectionCommand or Action Purpose • max-threshold—Maximum threshold in the specified units. When the average queue length exceeds the maximum threshold, WRED drops all packets with the specified DSCP value. • units—Units of the threshold value. This can be bytes, gbytes, kbytes, mbytes, ms(milliseconds), packets, or us(microseconds). The default is packets. • This example shows that for packets with DSCP AF11, the WRED minimum threshold is 1,000,000 bytes and maximum threshold is 2,000,000 bytes. (Optional) Specifies the bandwidth allocated for a class belonging to a policy map. bandwidth {bandwidth [units] | percent value} or bandwidth remaining [percent value | ratio ratio-value] Step 5 or Example: RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth percent 30 (Optional) Specifies how to allocate leftover bandwidth to various classes. Note • One of these configurations is required for a non-default class. or RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth remaining percent 20 (Optional) Specifies the bandwidth allocated for a class belonging to a policy map. bandwidth {bandwidth [units] | percent value} Example: RP/0//CPU0:router(config-pmap-c)# bandwidth percent 30 Step 6 • This example guarantees 30 percent of the interface bandwidth to class class1. Step 7 bandwidth remaining percent value (Optional) Specifies how to allocate leftover bandwidth to various classes. Example: RP/0//CPU0:router(config-pmap-c)# bandwidth remaining percent 20 • The remaining bandwidth of 70 percent is shared by all configured classes. • In this example, class class1 receives 20 percent of the 70 percent. (Optional) Shapes traffic to the specified bit rate or a percentage of the available bandwidth. shape average {percent percentage | value [units]} Example: RP/0/RSP0/CPU0:router(config-pmap-c)# shape average percent 50 Step 8 (Optional) Changes queue-limit to fine-tune the amount of buffers available for each queue. The default queue-limit is 100 ms of the service rate for a given queue class. queue-limit value [units] RP/0/RSP0/CPU0:router(config-pmap-c)# queue-limit 50 ms Step 9 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 46 OL-26077-02 Configuring Modular QoS Congestion Avoidance Configuring Weighted Random Early DetectionCommand or Action Purpose exit Returns the router to global configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap)# exit Step 10 interface type inteface-path-id Enters configuration mode and configures an interface. Example: RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 0/2/0/0 Step 11 Attaches a policy map to an input or output interface to be used as the service policy for that interface. service-policy {input | output} policy-map Example: RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1 Step 12 • In this example, the traffic policy evaluates all traffic leaving that interface. • Ingress policies are not valid; the bandwidth and bandwidth remaining commands cannot be applied to ingress policies. Step 13 end or commit Saves configuration changes. Example: RP/0/RSP0/CPU0:router(config-cmap)# end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: or RP/0/RSP0/CPU0:router(config-cmap)# commit Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Tail Drop Packets satisfying the match criteria for a class accumulate in the queue reserved for the class until they are serviced. The queue-limit command is used to define the maximum threshold for a class. When the maximum threshold is reached, enqueued packets to the class queue result in tail drop (packet drop). Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 47 Configuring Modular QoS Congestion Avoidance Configuring Tail DropThe queue-limit value uses the guaranteed service rate (GSR) of the queue as the reference value for the queue_bandwidth. If the class has bandwidth percent associated with it, the queue-limit isset to a proportion of the bandwidth reserved for that class. If the GSR for a queue is zero, use the following to compute the default queue-limit: • 1 percent of the interface bandwidth for queues in a nonhierarchical policy. • 1 percent of minimum parent shape and interface rate for queues within a hierarchical policy. default queue limit (in packets) = (200 ms * (queue bandwidth or shaper rate) / 8) / average packet size, which is 250 bytes The default queue-limit is set to bytes of 100 ms of queue bandwidth. The following formula is used to calculate the default queue limit (in bytes):??bytes = (100 ms / 1000 ms) * queue_bandwidth kbps)) / 8 Note Restrictions • When configuring the queue-limit command in a class, you must configure one of the following commands: priority, shape average, bandwidth, or bandwidth remaining, except for the default class. SUMMARY STEPS 1. configure 2. policy-map policy-name 3. class class-name 4. queue-limit value [units] 5. class class-name 6. bandwidth {bandwidth [units] | percent value} 7. bandwidth remaining percent value 8. exit 9. exit 10. interface type interface-path-id 11. service-policy {input | output} policy-map 12. Use one of these commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 48 OL-26077-02 Configuring Modular QoS Congestion Avoidance Configuring Tail DropDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 policy-map policy-name Enters policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config)# policy-map policy1 • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. Step 3 class class-name Enters policy map class configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap)# class class1 • Specifies the name of the class whose policy you want to create or change. Specifies or modifies the maximum the queue can hold for a class policy configured in a policy map. The default value of the units argument is packets. queue-limit value [units] Example: RP/0/RSP0/CPU0:router(config-pmap-c)# queue-limit 1000000 bytes Step 4 • In this example, when the queue limit reaches 1,000,000 bytes, enqueued packets to the class queue are dropped. Example: RP/0//CPU0:router(config-pmap-c)# priority level 1 Specifies priority to a class of traffic belonging to a policy map. Configures traffic policing. Example: RP/0//CPU0:router(config-pmap-c)# police rate percent 30 Specifies the name of the class whose policy you want to create or change. class class-name Example: RP/0/RSP0/CPU0:router(config-pmap)# class class2 Step 5 • In this example, class2 is configured. (Optional) Specifies the bandwidth allocated for a class belonging to a policy map. bandwidth {bandwidth [units] | percent value} Example: RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth percent 30 Step 6 • This example guarantees 30 percent of the interface bandwidth to class class2. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 49 Configuring Modular QoS Congestion Avoidance Configuring Tail DropCommand or Action Purpose (Optional) Specifies how to allocate leftover bandwidth to various classes. bandwidth remaining percent value Example: RP/0//CPU0:router(config-pmap-c)# bandwidth remaining percent 20 Step 7 • This example allocates 20 percent of the leftover interface bandwidth to class class2. exit Returns the router to policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# exit Step 8 exit Returns the router to global configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap)# exit Step 9 interface type interface-path-id Enters configuration mode, and configures an interface. Example: RP/0/RSP0/CPU0:router(config)# interface pos 0/2/0/0 Step 10 Attaches a policy map to an input or output interface to be used as the service policy for that interface. service-policy {input | output} policy-map Example: RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1 Step 11 • In this example, the traffic policy evaluates all traffic leaving that interface. Step 12 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 50 OL-26077-02 Configuring Modular QoS Congestion Avoidance Configuring Tail DropCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Additional References The following sections provide references related to implementing QoS congestion avoidance. Related Documents Related Topic Document Title Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Initial system bootup and configuration Cisco ASR 9000 Series Aggregation Services Router Master Command Listing Master command reference Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Command Reference QoS commands “Configuring AAA Services on Cisco ASR 9000 Series Router” module of Cisco Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide User groups and task IDs Standards Standards Title No new or modified standards are supported by — this feature, and support for existing standards has not been modified by this feature. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 51 Configuring Modular QoS Congestion Avoidance Additional ReferencesMIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/ cmtk/mibs.shtml — RFCs RFCs Title No new or modified RFCs are supported by this — feature, and support for existing RFCs has not been modified by this feature. Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies,solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 52 OL-26077-02 Configuring Modular QoS Congestion Avoidance MIBsC H A P T E R 4 Configuring Modular QoS Congestion Management Congestion management controls congestion after it has occurred on a network. Congestion is managed on Cisco IOS XR software by using packet queueing methods and by shaping the packet flow through use of traffic regulation mechanisms. The types of traffic regulation mechanisms supported are: • Traffic shaping: ? Modified Deficit Round Robin (MDRR) ? Low-latency queueing (LLQ) with strict priority queueing (PQ) • Traffic policing: ? Color blind ? Color-aware (ingress direction) Line Card, SIP, and SPA Support The following table lists the features that are supported on the ASR 9000 Ethernet Line Cards and SIP 700 for the ASR 9000. Feature ASR 9000 Ethernet Line Cards SIP 700 for the ASR 9000 Congestion Management Using DEI no yes Guaranteed and Remaining yes yes Bandwidth Low-Latency Queueing with Strict yes yes Priority Queueing Traffic Policing yes yes Traffic Shaping yes yes Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 53Feature History for Configuring Modular QoS Congestion Management on Cisco ASR 9000 Series Router Release Modification The Congestion Avoidance feature was introduced on ASR 9000 Ethernet Line Cards.. The Guaranteed and Remaining Bandwidth, Low-Latency Queueing with Strict Priority Queueing, Traffic Policing, and Traffic Shaping features were introduced on ASR 9000 Ethernet Line Cards. Release 3.7.2 The Guaranteed and Remaining Bandwidth, Low-Latency Queueing with Strict Priority Queueing, Traffic Policing, and Traffic Shaping features were supported on the SIP 700 for the ASR 9000. Release 3.9.0 The Congestion Management Using DEI feature wasintroduced on ASR 9000 Ethernet Line Cards. Release 4.0.0 The police rate command was updated to include packet-based specifications of policing rates and burst sizes. Release 4.0.1 The 2-rate 3-color policer feature was added, including the conform-color and exceed-color commands. This feature is applicable to the SIP 700 line cards, ingress side. Release 4.1.0 Release 4.2.1 The Configured Accounting and QoS for IPv6ACLs features were added. • Prerequisites for Configuring QoS Congestion Management, page 54 • Information about Configuring Congestion Management, page 55 • How to Configure QoS Congestion Management, page 66 • Configuration Examples for configuring congestion management, page 89 • Additional References, page 92 Prerequisites for Configuring QoS Congestion Management The following prerequisites are required for configuring QoS congestion management on your network: • You must be in a user group associated with a task group that includesthe proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. • You must be familiar with Cisco IOS XR QoS configuration tasks and concepts. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 54 OL-26077-02 Configuring Modular QoS Congestion Management Prerequisites for Configuring QoS Congestion ManagementInformation about Configuring Congestion Management To configure congestion management, you need to understand the following concepts: Congestion Management Overview Congestion management features allow you to control congestion by determining the order in which a traffic flow (or packets) is sent out an interface based on priorities assigned to packets. Congestion management entails the creation of queues, assignment of packets to those queues based on the classification of the packet, and scheduling of the packets in a queue for transmission. The congestion management features in Cisco IOS XR software allow you to specify creation of a different number of queues, affording greater or lesser degree of differentiation of traffic, and to specify the order in which that traffic is sent. During periods with light traffic flow, that is, when no congestion exists, packets are sent out the interface as soon as they arrive. During periods of transmit congestion at the outgoing interface, packets arrive faster than the interface can send them. If you use congestion management features, packets accumulating at an interface are queued until the interface is free to send them; they are then scheduled for transmission according to their assigned priority and the queueing method configured for the interface. The router determines the order of packet transmission by controlling which packets are placed in which queue and how queues are serviced with respect to each other. In addition to queueing methods, QoS congestion management mechanisms, such as policers and shapers, are needed to ensure that a packet adheres to a contract and service. Both policing and shaping mechanisms use the traffic descriptor for a packet. Policers and shapers usually identify traffic descriptor violations in an identical manner through the token bucket mechanism, but they differ in the way they respond to violations. A policer typically dropstraffic flow; whereas, a shaper delays excess traffic flow using a buffer, or queueing mechanism, to hold the traffic for transmission at a later time. Traffic shaping and policing can work in tandem. For example, a good traffic shaping scheme should make it easy for nodes inside the network to detect abnormal flows. Modified Deficit Round Robin MDRR is a class-based composite scheduling mechanism that allowsfor queueing of up to eight traffic classes. It operates in the same manner as class-based weighted fair queueing (CBWFQ) and allows definition of traffic classes based on customer match criteria (such as access lists); however, MDRR does not use the weighted fair queueing algorithm. When MDRR is configured in the queueing strategy, nonempty queues are served one after the other. Each time a queue is served, a fixed amount of data is dequeued. The algorithm then services the next queue. When a queue is served, MDDR keeps track of the number of bytes of data that were dequeued in excess of the configured value. In the next pass, when the queue is served again, less data is dequeued to compensate for the excess data that was served previously. As a result, the average amount of data dequeued per queue is close to the configured value. In addition, MDRR allows for a strict priority queue for delay-sensitive traffic. Each queue within MDRR is defined by two variables: • Quantum value—Average number of bytes served in each round. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 55 Configuring Modular QoS Congestion Management Information about Configuring Congestion Management• Deficit counter—Number of bytes a queue has sent in each round. The counter is initialized to the quantum value. Packets in a queue are served as long as the deficit counter is greater than zero. Each packet served decreases the deficit counter by a value equal to its length in bytes. A queue can no longer be served after the deficit counter becomes zero or negative. In each new round, the deficit counter for each nonempty queue is incremented by its quantum value. Low-Latency Queueing with Strict Priority Queueing The LLQ feature bringsstrict priority queueing (PQ) to the MDRR scheduling mechanism. PQ in strict priority mode ensures that one type of traffic is sent, possibly at the expense of all others. For PQ, a low-priority queue can be detrimentally affected, and, in the worst case, never allowed to send its packets if a limited amount of bandwidth is available or the transmission rate of critical traffic is high. Strict PQ allows delay-sensitive data, such as voice, to be dequeued and sent before packets in other queues are dequeued. LLQ enables the use of a single, strict priority queue within MDRR at the class level, allowing you to direct traffic belonging to a class. To rank class traffic to the strict priority queue, you specify the named class within a policy map and then configure the priority command for the class. (Classes to which the priority command is applied are considered priority classes.) Within a policy map, you can give one or more classes priority status. When multiple classes within a single policy map are configured as priority classes, all traffic from these classes is enqueued to the same, single, strict priority queue. Through use of the priority command, you can assign a strict PQ to any of the valid match criteria used to specify traffic. These methods of specifying traffic for a class include matching on access lists, protocols, IP precedence, and IP differentiated service code point (DSCP) values. Moreover, within an access list you can specify that traffic matches are allowed based on the DSCP value that is set using the first six bits of the IP type of service (ToS) byte in the IP header. Configured Accounting Configured Accounting controls the overhead (packet length) for policing and shaping. The account option can be specified with a service-policy when applying a policy to an interface. For bundle interfaces, the configured accounting option is applied to all member interfaces. The configured accounting option is available on ingress and egress policing, queuing and statistics for CRS-MSC-140G. In CRS-MSC-40G, the configured accounting option is not available for queuing. Prerequisites and Restrictions • Allows packet size accounting tuning to match the QoS treatment provided at the connected interface. • Supported on ASR 9000 Ethernet Linecards and Enhanced Ethernet Linecards. • Supported accounting values are, from -48 to +48. • Ingress shaping accounting is not supported (Ingress and egress policing accounting and egress shaping accounting are supported). • Dynamic changing of accounting overhead after application on policy is not supported Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 56 OL-26077-02 Configuring Modular QoS Congestion Management Low-Latency Queueing with Strict Priority QueueingQoS for IPv6 ACLs The Modular Weapon-X line cards support classification of IPv6 properties based on Source IP, Destination IP, Source Port, Destination Port, Protocol, TOS, Hop Limit, and ACL-based classification. The supported interfaces are indicated below. Supported Interface Ethernet Linecard Enhanced Ethernet Linecard L3 main interface yes yes L3 sub-interface yes yes L3 bundle-interface/ sub-interface yes yes L2 main interface no yes L2 sub-interface no yes L2 bundle-interface/ sub-interface no yes Traffic Shaping Traffic shaping allows you to control the traffic flow exiting an interface to match itstransmission to the speed of the remote target interface and ensure that the traffic conforms to policies contracted for it. Traffic adhering to a particular profile can be shaped to meet downstream requirements, thereby eliminating bottlenecks in topologies with data-rate mismatches. To match the rate of transmission of data from the source to the target interface, you can limit the transfer of data to one of the following: • A specific configured rate • A derived rate based on the level of congestion The rate of transfer depends on these three components that constitute the token bucket: burst size, mean rate, and time (measurement) interval. The mean rate is equal to the burst size divided by the interval. When traffic shaping is enabled, the bit rate of the interface does not exceed the mean rate over any integral multiple of the interval. In other words, during every interval, a maximum of burst size can be sent. Within the interval, however, the bit rate may be faster than the mean rate at any given time. When the peak burst size equals 0, the interface sends no more than the burst size every interval, achieving an average rate no higher than the mean rate. However, when the peak burst size is greater than 0, the interface can send as many as the burst size plus peak burst bits in a burst, if in a previous time period the maximum amount was not sent. Whenever less than the burst size is sent during an interval, the remaining number of bits, up to the peak burst size, can be used to send more than the burst size in a later interval. Regulation of Traffic with the Shaping Mechanism When incoming packets arrive at an interface, the packets are classified using a classification technique, such as an access control list (ACL) or the setting of the IP Precedence bits through the Modular QoS CLI (MQC). Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 57 Configuring Modular QoS Congestion Management QoS for IPv6 ACLsIf the packet matches the specified classification, the traffic-shaping mechanism continues. Otherwise, no further action is taken. Figure 1 illustrates how a traffic shaping mechanism regulates traffic flow. Figure 3: How a Traffic Shaping Mechanism Regulates Traffic Packets matching the specified criteria are placed in the token bucket. The maximum size of the token bucket is the confirm burst (Bc) size plus the Be size. The token bucket is filled at a constant rate of Bc worth of tokens at every Tc. This is the configured traffic shaping rate. If the traffic shaping mechanism is active (that is, packets exceeding the configured traffic shaping rate already exist in a transmission queue) at every Tc, the traffic shaper checks to see if the transmission queue contains enough packets to send (that is, up to either Bc [or Bc plus Be] worth of traffic). If the traffic shaper is not active (that is, there are no packets exceeding the configured traffic shaping rate in the transmission queue), the traffic shaper checks the number of tokens in the token bucket. One of the following occurs: • If there are enough tokens in the token bucket, the packet is sent (transmitted). • If there are not enough tokensin the token bucket, the packet is placed in a shaping queue for transmission at a later time. Traffic Policing In general, traffic policing allows you to control the maximum rate of traffic sent or received on an interface and to partition a network into multiple priority levels or class of service (CoS). Traffic policing manages the maximum rate of traffic through a token bucket algorithm. The token bucket algorithm uses user-configured values to determine the maximum rate of traffic allowed on an interface at a given moment in time. The token bucket algorithm is affected by all traffic entering or leaving the interface (depending on where the traffic policy with traffic policing is configured) and is useful in managing network bandwidth in cases where several large packets are sent in the same traffic stream. Traffic policing is often configured on interfaces at the edge of a network to limit the rate of traffic entering or leaving the network. In the most common traffic policing configurations, traffic that conforms to the CIR is sent and traffic that exceeds is sent with a decreased priority or is dropped. Users can change these Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 58 OL-26077-02 Configuring Modular QoS Congestion Management Traffic Policingconfiguration optionsto suit their network needs. Traffic policing also provides a certain amount of bandwidth management by allowing you to set the burst size (Bc) for the committed information rate (CIR). When the peak information rate (PIR) is supported, a second token bucket is enforced and then the traffic policer is called a two-rate policer. Regulation of Traffic with the Policing Mechanism This section describes the single-rate and two-rate policing mechanisms. Single-Rate Policer A single-rate, two-action policer provides one token bucket with two actionsfor each packet: a conform action and an exceed action. Figure 2 illustrates how a single-rate token bucket policer marks packets as either conforming or exceeding a CIR, and assigns an action. Figure 4: Marking Packets and Assigning Actions—Single-Rate Policer Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 59 Configuring Modular QoS Congestion Management Regulation of Traffic with the Policing MechanismThe time interval between token updates (Tc) to the token bucket is updated at the CIR value each time a packet arrives at the traffic policer. The Tc token bucket can contain up to the Bc value, which can be a certain number of bytes or a period of time. If a packet of size B is greater than the Tc token bucket, then the packet exceeds the CIR value and a configured action is performed. If a packet of size B is less than the Tc token bucket, then the packet conforms and a different configured action is performed. Two-Rate Policer The two-rate policer manages the maximum rate of traffic by using two token buckets: the committed token bucket and the peak token bucket. The dual-token bucket algorithm uses user-configured values to determine the maximum rate of traffic allowed on a queue at a given moment. In this way, the two-rate policer can meter traffic at two independent rates: the committed information rate (CIR) and the peak information rate (PIR). The committed token bucket can hold bytes up to the size of the committed burst (bc) before overflowing. This token bucket holds the tokens that determine whether a packet conforms to or exceeds the CIR as the following describes: • A traffic stream is conforming when the average number of bytes over time does not cause the committed token bucket to overflow. When this occurs, the token bucket algorithm marks the traffic stream green. • A traffic stream is exceeding when it causes the committed token bucket to overflow into the peak token bucket. When this occurs, the token bucket algorithm marks the traffic stream yellow. The peak token bucket is filled as long as the traffic exceeds the police rate. The peak token bucket can hold bytes up to the size of the peak burst (be) before overflowing. This token bucket holds the tokens that determine whether a packet violates the PIR. A traffic stream is violating when it causes the peak token bucket to overflow. When this occurs, the token bucket algorithm marks the traffic stream red. The dual-token bucket algorithm provides users with three actions for each packet—a conform action, an exceed action, and an optional violate action. Traffic entering a queue with the two-rate policer configured is Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 60 OL-26077-02 Configuring Modular QoS Congestion Management Regulation of Traffic with the Policing Mechanismplaced into one of these categories. Within these three categories, users can decide packet treatments. For instance, packets that conform can be configured to be sent; packets that exceed can be configured to be sent with a decreased priority; and packets that violate can be configured to be dropped. Figure 3 shows how the two-rate policer marks a packet and assigns a corresponding action to the packet. Figure 5: Marking Packets and Assigning Actions—2-Rate Policer For example, if a data stream with a rate of 250 kbps arrives at the two-rate policer, and the CIR is 100 kbps and the PIR is 200 kbps, the policer marks the packet in the following way: • 100 kbps conforms to the rate • 100 kbps exceeds the rate • 50 kbps violates the rate The router updates the tokens for both the committed and peak token buckets in the following way: • The router updatesthe committed token bucket at the CIR value each time a packet arrives at the interface. The committed token bucket can contain up to the committed burst (bc) value. • The router updates the peak token bucket at the PIR value each time a packet arrives at the interface. The peak token bucket can contain up to the peak burst (be) value. • When an arriving packet conforms to the CIR, the router takes the conform action on the packet and decrements both the committed and peak token buckets by the number of bytes of the packet. • When an arriving packet exceeds the CIR, the router takes the exceed action on the packet, decrements the committed token bucket by the number of bytes of the packet, and decrements the peak token bucket by the number of overflow bytes of the packet. • When an arriving packet exceeds the PIR, the router takes the violate action on the packet, but does not decrement the peak token bucket. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 61 Configuring Modular QoS Congestion Management Regulation of Traffic with the Policing MechanismCommitted Bursts and Excess Bursts Unlike a traffic shaper, a traffic policer does not buffer excess packets and transmit them later. Instead, the policer executes a “send or do not send” policy without buffering. During periods of congestion, proper configuration of the excess burst parameter enables the policer to drop packets less aggressively. Therefore, it is important to understand how policing uses the committed (normal) and excess burst values to ensure the router reaches the configured committed information rate (CIR). Burst parameters are based on a generic buffering rule for routers, which recommends that you configure buffering to be equal to the round-trip time bit-rate to accommodate the outstanding TCP windows of all connections in times of congestion. The following sections describe committed bursts and excess bursts, and the recommended formula for calculating each of them: • Committed Bursts • Excess Bursts • Deciding if Packets Conform or Exceed the Committed Rate Committed Bursts The committed burst (bc) parameter of the police command implements the first, conforming (green) token bucket that the router uses to meter traffic. The bc parameter sets the size of this token bucket. Initially, the token bucket is full and the token count is equal to the committed burst size (CBS). Thereafter, the meter updates the token counts the number of times per second indicated by the committed information rate (CIR). The following describes how the meter uses the conforming token bucket to send packets: • Ifsufficient tokens are in the conforming token bucket when a packet arrives, the meter marksthe packet green and decrements the conforming token count by the number of bytes of the packet. • If there are insufficient tokens available in the conforming token bucket, the meter allows the traffic flow to borrow the tokens needed to send the packet. The meter checks the exceeding token bucket for the number of bytes of the packet. If the exceeding token bucket has a sufficient number of tokens available, the meter marks the packet: Green and decrements the conforming token count down to the minimum value of 0. Yellow, borrows the remaining tokens needed from the exceeding token bucket, and decrements the exceeding token count by the number of tokens borrowed down to the minimum value of 0. • If an insufficient number of tokens is available, the meter marks the packet red and does not decrement either of the conforming or exceeding token counts. When the meter marks a packet with a specific color, there must be a sufficient number of tokens of that color to accommodate the entire packet. Therefore, the volume of green packetsis neversmaller than the committed information rate (CIR) and committed burst size (CBS). Tokens of a given color are always used on packets of that color. Note The default committed burst size is the greater of 2 milliseconds of bytes at the police rate or the network maximum transmission unit (MTU). Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 62 OL-26077-02 Configuring Modular QoS Congestion Management Regulation of Traffic with the Policing MechanismCommitted Burst Calculation To calculate committed burst, use the following formula: bc = CIR bps * (1 byte) / (8 bits) * 1.5 seconds Note 1.5 seconds is the typical round-trip time. For example, if the committed information rate is 512000 bps, then using the committed burst formula, the committed burst is 96000 bytes. bc = 512000 * 1/8 * 1.5 bc = 64000 * 1.5 = 96000 When the be value equals 0, we recommend that you set the egress bc value to be greater than or equal to the ingress bc value plus 1. Otherwise, packet loss can occur. For example: be = 0 egress bc >= ingress bc + 1 Note Excess Bursts The excess burst (be) parameter of the police command implements the second, exceeding (yellow) token bucket that the router uses to meter traffic. The exceeding token bucket is initially full and the token count is equal to the excess burst size (EBS). Thereafter, the meter updates the token counts the number of times per second indicated by the committed information rate (CIR). The following describes how the meter uses the exceeding token bucket to send packets: • When the first token bucket (the conforming bucket) meets the committed burst size (CBS), the meter allows the traffic flow to borrow the tokens needed from the exceeding token bucket. The meter marks the packet yellow and then decrements the exceeding token bucket by the number of bytes of the packet. • If the exceeding token bucket does not have the required tokens to borrow, the meter marks the packet red and does not decrement the conforming or the exceeding token bucket. Instead, the meter performs the exceed-action configured in the police command (for example, the policer drops the packets). Excess Burst Calculation To calculate excess burst, use the following formula: be = 2 * committed burst For example, if you configure a committed burst of 4000 bytes, then using the excess burst formula, the excess burst is 8000 bytes. be = 2 * 4000 = 8000 The default excess burst size is 0. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 63 Configuring Modular QoS Congestion Management Regulation of Traffic with the Policing MechanismDeciding if Packets Conform or Exceed the Committed Rate Policing uses normal or committed burst (bc) and excess burst (be) values to ensure that the configured committed information rate (CIR) is reached. Policing decides if a packet conforms or exceeds the CIR based on the burst values you configure. Several factors can influence the policer’s decision, such as the following: • Low burst values—If you configure burst values too low, the achieved rate might be much lower than the configured rate. • Temporary bursts—These bursts can have a strong adverse impact on throughput of Transmission Control Protocol (TCP) traffic. It isimportant that you set the burst values high enough to ensure good throughput. If your router drops packets and reports an exceeded rate even though the conformed rate is less than the configured CIR, use the show interface command to monitor the current burst, determine whether the displayed value is consistently close to the committed burst (bc) and excess burst (be) values, and if the actual rates (the committed rate and exceeded rate) are close to the configured committed rate. If not, the burst values might be too low. Try reconfiguring the burst rates using the suggested calculations in the Committed Burst Calculation and the Excess Burst Calculation. Two-Rate Three-Color (2R3C) Policer For the SIP 700 card, a two-rate, three-color (2R3C) policer is supported on policy maps for ingress Layer 2 interfaces. The policer reads a preexisting marking—the frame-relay discard-eligibility (FRDE) bit in the packet header—that was set by a policer on a previous network node. By default the FRDE bit is set to 0. At the receiving node, the system uses this bit to determine the appropriate color-aware policing action for the packet: • To classify the FRDE bit value 0 as conform color, create a conform-color class-map for frde=0 packets. This causes packets to be classified as color green, and the system applies the conform action. • To classify the FRDE bit value 1 as exceed color, create an exceed-color class-map for frde=1 packets. This causes packets to be classified as color yellow, and the system applies the exceed action. Note Color-aware policing is not supported for heirarchical QoS. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 64 OL-26077-02 Configuring Modular QoS Congestion Management Regulation of Traffic with the Policing MechanismThe 2R3C policing process is shown in Figure 4. Figure 6: 2R3C Policing Process Flowchart Hierarchical Policing The Hierarchical Policing feature is an MQC-based solution that supports hierarchical policing on both the ingress and egress interfaces on Cisco ASR 9000 Series Router. Thisfeature allows enforcement ofservice level agreements(SLA) while applying the classification submodel for different QoS classes on the inbound interface. Hiearchical policing provides support at two levels: • Parent level • Child level Multiple Action Set set-mpls-exp-imp, set-clp Packet Marking Through the IP Precedence Value, IP DSCP Value, and the MPLS Experimental Value Setting In addition to rate-limiting, traffic policing allows you to independently mark (or classify) the packet according to whether the packet conforms or violates a specified rate. Packet marking also allows you to partition your network into multiple priority levels or CoS. Packet marking as a policer action is conditional marking. Use the traffic policer to set the IP precedence value, IP DSCP value, or Multiprotocol Label Switching (MPLS) experimental value for packets that enter the network. Then networking devices within your network can use this setting to determine how the traffic should be treated. For example, the Weighted Random Early Detection (WRED) feature uses the IP precedence value to determine the probability that a packet is dropped. If you want to mark traffic but do not want to use traffic policing, see the “Class-based, Unconditional Packet Marking Examples” section to learn how to perform packet classification. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 65 Configuring Modular QoS Congestion Management Regulation of Traffic with the Policing MechanismNote Marking IP fields on an MPLS-enabled interface results in non-operation on that particular interface. Policer Granularity and Shaper Granularity Policer granularity can be configured in the ingress and egress directions. The policer granularity is specified as a perimissible percentage variation between the user-configured policer rate, and the hardware programmed policer rate. Congestion Management Using DEI You can manage congestion based on the Drop Eligible Indicator (DEI) bit that is present in 802.1ad frames and 802.1ah frames. Random early detection based on the DEI value is supported on 802.1ad packets for: • Layer 2 subinterfaces • Layer 2 main interfaces • Layer 3 main interfaces • Ingress and egress If there are any marking actions in the policy, the marked values are used for doing WRED. Note How to Configure QoS Congestion Management This contains the following tasks: Configuring Guaranteed and Remaining Bandwidths The bandwidth command allows you to specify the minimum guaranteed bandwidth to be allocated for a specific class of traffic. MDRR is implemented as the scheduling algorithm. The bandwidth remaining command specifies a weight for the class to the MDRR. The MDRR algorithm derives the weight for each class from the bandwidth remaining value allocated to the class. If you do not configure the bandwidth remaining command for any class, the leftover bandwidth is allocated equally to all classes for which bandwidth remaining is not explicitly specified. Guaranteed Service rate of a queue is defined as the bandwidth the queue receives when all the queues are congested. It is defined as: Guaranteed Service Rate = minimum bandwidth + excess share of the queue Restrictions The amount of bandwidth configured should be large enough to also accommodate Layer 2 overhead. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 66 OL-26077-02 Configuring Modular QoS Congestion Management Policer Granularity and Shaper GranularityThe bandwidth command is supported only on policies configured on outgoing interfaces. SUMMARY STEPS 1. 2. policy-map policy-name 3. class class-name 4. bandwidth {rate [units]| percent value} 5. bandwidth remaining percent value 6. exit 7. class class-name 8. bandwidth {rate [units] | percent value} 9. bandwidth remaining percent value 10. exit 11. exit 12. interface type interface-path-id 13. service-policy {input | output} policy-map 14. end or commit 15. show policy-map interface type interface-path-id [input | output] DETAILED STEPS Command or Action Purpose Enters global configuration mode. Example: RP/0//CPU0:router# configure Step 1 Step 2 policy-map policy-name Enters policy map configuration mode. Example: RP/0//CPU0:router(config)# policy-map policy1 • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. Specifies the name of the class whose policy you want to create or change. class class-name Example: RP/0/RP0/CPU0:router(config-pmap)# class class1 Step 3 Step 4 bandwidth {rate [units]| percent value} Enters policy map class configuration mode. Example: RP/0//CPU0:router(config-pmap-c)# bandwidth percent 50 • Specifies the bandwidth allocated for a class belonging to a policy map. • In this example, class class1 is guaranteed 50 percent of the interface bandwidth. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 67 Configuring Modular QoS Congestion Management Configuring Guaranteed and Remaining BandwidthsCommand or Action Purpose Step 5 bandwidth remaining percent value Specifies how to allocate leftover bandwidth to various classes. Example: RP/0//CPU0:router(config-pmap-c)# bandwidth remaining percent 20 • The remaining bandwidth of 40 percent isshared by class class1 and class2 (see Steps 8 and 9) in a 20:80 ratio: class class1 receives 20 percent of the 40 percent, and class class2 receives 80 percent of the 40 percent. exit Returns the router to policy map configuration mode. Example: RP/0//CPU0:router(config-pmap-c)# exit Step 6 Specifiesthe name of a different class whose policy you want to create or change. class class-name Example: RP/0//CPU0:router(config-pmap)# class class2 Step 7 Specifies the bandwidth allocated for a class belonging to a policy map. bandwidth {rate [units] | percent value} Example: RP/0//CPU0:router(config-pmap-c)# bandwidth percent 10 Step 8 • In this example, class class2 is guaranteed 10 percent of the interface bandwidth. Step 9 bandwidth remaining percent value Specifies how to allocate leftover bandwidth to various classes. Example: RP/0//CPU0:router(config-pmap-c)# bandwidth remaining percent 80 • The remaining bandwidth of 40 percent isshared by class class1 (see Steps 4 and 5) and class2 in a 20:80 ratio: class class1 receives 20 percent of the 40 percent, and class class2 receives 80 percent of the 40 percent. exit Returns the router to policy map configuration mode. Example: RP/0//CPU0:router(config-pmap-c)# exit Step 10 exit Returns the router to global configuration mode. Example: RP/0//CPU0:router(config-pmap)# exit Step 11 interface type interface-path-id Enters interface configuration mode and configures an interface. Example: RP/0//CPU0:router(config)# interface POS 0/2/0/0 Step 12 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 68 OL-26077-02 Configuring Modular QoS Congestion Management Configuring Guaranteed and Remaining BandwidthsCommand or Action Purpose Attaches a policy map to an input or output interface to be used as the service policy for that interface. service-policy {input | output} policy-map Example: RP/0//CPU0:router(config-if)# service-policy output policy1 Step 13 • In this example, the traffic policy evaluates all traffic leaving that interface. Step 14 end or commit Saves configuration changes. Example: RP/0//CPU0:router(config-if)# end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: or RP/0//CPU0:router(config-if)# commit Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface. show policy-map interface type interface-path-id [input | output] Example: RP/0//CPU0:router# show policy-map interface POS 0/2/0/0 Step 15 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 69 Configuring Modular QoS Congestion Management Configuring Guaranteed and Remaining BandwidthsConfiguring Guaranteed Bandwidth SUMMARY STEPS 1. configure 2. policy-map policy-name 3. class class-name 4. bandwidth {rate [units]| percent percentage-value} 5. exit 6. class class-name 7. bandwidth {rate [units]| percent percentage-value} 8. exit 9. class class-name 10. bandwidth {rate [units]| percent percentage-value} 11. exit 12. exit 13. interface type interface-path-id 14. service-policy {input | output} policy-map 15. end or commit 16. show policy-map interface type interface-path-id [input | output] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 policy-map policy-name Enters policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config)# policy-map policy1 • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. Specifies the name of the class whose policy you want to create or change. class class-name Example: RP/0/RSP0/CPU0:router(config-pmap)# class class1 Step 3 bandwidth {rate [units]| percent Enters policy map class configuration mode. percentage-value} Step 4 • Specifies the bandwidth allocated for a class belonging to a policy map. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 70 OL-26077-02 Configuring Modular QoS Congestion Management Configuring Guaranteed and Remaining BandwidthsCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth percent 40 • In this example, class class1 is guaranteed 40 percent of the interface bandwidth. exit Returns the router to policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# exit Step 5 Specifies the name of the class whose policy you want to create or change. class class-name Example: RP/0/RSP0/CPU0:router(config-pmap)# class class2 Step 6 bandwidth {rate [units]| percent Enters policy map class configuration mode. percentage-value} Step 7 • Specifies the bandwidth allocated for a class belonging to a policy map. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth percent 40 • In this example, class class2 is guaranteed 40 percent of the interface bandwidth. exit Returns the router to policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# exit Step 8 Specifies the name of the class whose policy you want to create or change. class class-name Example: RP/0/RSP0/CPU0:router(config-pmap)# class class-default Step 9 bandwidth {rate [units]| percent Enters policy map class configuration mode. percentage-value} Step 10 • Specifies the bandwidth allocated for a class belonging to a policy map. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth percent 20 • In this example, class class-default is guaranteed 20 percent of the interface bandwidth. exit Returns the router to policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# exit Step 11 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 71 Configuring Modular QoS Congestion Management Configuring Guaranteed and Remaining BandwidthsCommand or Action Purpose exit Returns the router to global configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap)# exit Step 12 interface type interface-path-id Enters interface configuration mode and configures an interface. Example: RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 0/2/0/0 Step 13 Attaches a policy map to an input or output interface to be used as the service policy for that interface. service-policy {input | output} policy-map Example: RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1 Step 14 • In this example, the traffic policy evaluates all traffic leaving that interface. Step 15 end or commit Saves configuration changes. Example: RP/0/RSP0/CPU0:router(config-if)# end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: or RP/0/RSP0/CPU0:router(config-if)# commit Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface. show policy-map interface type interface-path-id [input | output] Example: RP/0/RSP0/CPU0:router# show policy-map interface gigabitethernet 0/2/0/0 Step 16 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 72 OL-26077-02 Configuring Modular QoS Congestion Management Configuring Guaranteed and Remaining BandwidthsConfiguring Bandwidth Remaining SUMMARY STEPS 1. configure 2. policy-map policy-name 3. class class-name 4. bandwidth remaining percent percentage-value 5. exit 6. class class-name 7. bandwidth remaining percent percentage-value 8. exit 9. class class-name 10. bandwidth remaining percent percentage-value 11. exit 12. exit 13. interface type interface-path-id 14. service-policy {input | output} policy-map 15. end or commit 16. show policy-map interface type interface-path-id [input | output] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 policy-map policy-name Enters policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config)# policy-map policy1 • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. Specifies the name of the class whose policy you want to create or change. class class-name Example: RP/0/RSP0/CPU0:router(config-pmap)# class class1 Step 3 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 73 Configuring Modular QoS Congestion Management Configuring Guaranteed and Remaining BandwidthsCommand or Action Purpose bandwidth remaining percent percentage-value Specifies how to allocate leftover bandwidth for class class1. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth remaining percent 40 Step 4 exit Returns the router to policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# exit Step 5 Specifies the name of the class whose policy you want to create or change. class class-name Example: RP/0/RSP0/CPU0:router(config-pmap)# class class2 Step 6 bandwidth remaining percent percentage-value Specifies how to allocate leftover bandwidth for class class2. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth remaining percent 40 Step 7 exit Returns the router to policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# exit Step 8 Specifies the name of the class whose policy you want to create or change. class class-name Example: RP/0/RSP0/CPU0:router(config-pmap)# class class-default Step 9 Specifies how to allocate leftover bandwidth for class class-default. bandwidth remaining percent percentage-value Example: RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth remaining percent 20 Step 10 exit Returns the router to policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# exit Step 11 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 74 OL-26077-02 Configuring Modular QoS Congestion Management Configuring Guaranteed and Remaining BandwidthsCommand or Action Purpose exit Returns the router to global configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap)# exit Step 12 interface type interface-path-id Entersinterface configuration mode and configures an interface. Example: RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 0/2/0/0 Step 13 Attaches a policy map to an input or output interface to be used as the service policy for that interface. service-policy {input | output} policy-map Example: RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1 Step 14 • In this example, the traffic policy evaluates all traffic leaving that interface. Step 15 end or commit Saves configuration changes. Example: RP/0/RSP0/CPU0:router(config-if)# end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: or RP/0/RSP0/CPU0:router(config-if)# commit Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. (Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface. show policy-map interface type interface-path-id [input | output] Example: RP/0/RSP0/CPU0:router# show policy-map interface gigabitethernet 0/2/0/0 Step 16 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 75 Configuring Modular QoS Congestion Management Configuring Guaranteed and Remaining BandwidthsConfiguring Low-Latency Queueing with Strict Priority Queueing The priority command configures low-latency queueing (LLQ), providing strict priority queueing (PQ). Strict PQ allows delay-sensitive data, such as voice, to be dequeued and sent before packets in other queues are dequeued.When a class is marked as high priority using the priority command, we recommend that you configure a policer to limit the priority traffic. This configuration ensures that the priority traffic does not starve all of the other traffic on the line card, which protectslow priority traffic from starvation. Use the police command to explicitly configure the policer. Two levels of priority are supported: priority level 1 and priority level 2. If no priority level is configured, the default is priority level 1. Note Restrictions • Within a policy map, you can give one or more classes priority status. When multiple classes within a single policy map are configured as priority classes, all traffic from these classes is queued to the same single priority queue. SUMMARY STEPS 1. configure 2. policy-map policy-name 3. class class-name 4. police rate {value [units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units]] 5. exceed-action action 6. priority [level priority-level] RP/0/RSP0/CPU0:router(config-pmap-c)# priority 7. exit 8. exit 9. interface type interface-path-id 10. service-policy {input | output} policy-map 11. end or commit 12. show policy-map interface type interface-path-id [input | output] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 policy-map policy-name Enters policy map configuration mode. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 76 OL-26077-02 Configuring Modular QoS Congestion Management Configuring Low-Latency Queueing with Strict Priority QueueingCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config)# policy-map voice • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. Step 3 class class-name Enters policy map class configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap)# class voice • Specifies the name of the class whose policy you want to create or change. Configures traffic policing and enters policy map police configuration mode. police rate {value [units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units]] Step 4 • In this example, the low-latency queue is restricted to 250 kbps to protect low-priority traffic from starvation and to release bandwidth. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# police rate 250 Step 5 exceed-action action Configuresthe action to take on packetsthat exceed the rate limit. Example: RP/0/RSP0/CPU0:router(config-pmap-c-police)# exceed-action drop Specifies priority to a class of traffic belonging to a policy map. exit Returns the router to policy map class configuration mode. Example: RP/0//CPU0:router(config-pmap-c)# priority Example: RP/0/RSP0/CPU0:router(config-pmap-c-police)# exit priority [level priority-level] Specifies priority to a class of traffic belonging to a policy map. RP/0/RSP0/CPU0:router(config-pmap-c)# priority Step 6 Note • If no priority level is configured, the default is priority 1. exit Returns the router to policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# exit Step 7 exit Returns the router to global configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap)# exit Step 8 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 77 Configuring Modular QoS Congestion Management Configuring Low-Latency Queueing with Strict Priority QueueingCommand or Action Purpose interface type interface-path-id Enters interface configuration mode, and configures an interface. Example: RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 0/2/0/0 Step 9 Attaches a policy map to an input or output interface to be used as the service policy for that interface. service-policy {input | output} policy-map Example: RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1 Step 10 • In this example, the traffic policy evaluates all traffic leaving that interface. Step 11 end or commit Saves configuration changes. Example: RP/0/RSP0/CPU0:router(config-if)# end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: or RP/0/RSP0/CPU0:router(config-if)# commit Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface. show policy-map interface type interface-path-id [input | output] Example: RP/0/RSP0/CPU0:router# show policy-map interface gigabitethernet 0/2/0/0 Step 12 Configuring Traffic Shaping Traffic shaping allows you to control the traffic exiting an interface to match its transmission to the speed of the remote target interface and ensure that the traffic conforms to policies contracted for it. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 78 OL-26077-02 Configuring Modular QoS Congestion Management Configuring Traffic ShapingShaping performed on incoming and outgoing interfaces is done at the Layer 2 level and includes the Layer 2 header in the rate calculation. Restrictions The bandwidth, priority, and shape average commands should not be configured together in the same class. SUMMARY STEPS 1. configure 2. policy-map policy-name 3. class class-name 4. shape average {percent value | rate [units]} 5. exit 6. exit 7. interface type interface-path-id 8. service-policy {input | output} policy-map 9. end or commit 10. show policy-map interface type interface-path-id [input | output] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 policy-map policy-name Enters policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config)# policy-map policy1 • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. Step 3 class class-name Enters policy map class configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap)# class class1 • Specifiesthe name of the class whose policy you want to create or change. Shapes traffic to the indicated bit rate according to average rate shaping in the specified units or as a percentage of the bandwidth. shape average {percent value | rate [units]} Example: RP/0/RSP0/CPU0:router(config-pmap-c)# shape average percent 50 Step 4 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 79 Configuring Modular QoS Congestion Management Configuring Traffic ShapingCommand or Action Purpose exit Returns the router to policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# exit Step 5 exit Returns the router to global configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap)# exit Step 6 interface type interface-path-id Enters interface configuration mode and configures an interface. Example: RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 0/2/0/0 Step 7 Attaches a policy map to an input or output interface to be used as the service policy for that interface. service-policy {input | output} policy-map Example: RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1 Step 8 • In this example, the traffic policy evaluates all traffic leaving that interface. Step 9 end or commit Saves configuration changes. Example: RP/0/RSP0/CPU0:router(config-if)# end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: or RP/0/RSP0/CPU0:router(config-if)# commit Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface. show policy-map interface type interface-path-id [input | output] Example: RP/0/RSP0/CPU0:router# show policy-map interface gigabitethernet 0/2/0/0 Step 10 Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 80 OL-26077-02 Configuring Modular QoS Congestion Management Configuring Traffic ShapingConfiguring Traffic Policing (Two-Rate Color-Blind) Traffic policing allows you to control the maximum rate of traffic sent or received on an interface. Thissection provides the procedure for configuring two-rate color-blind traffic policing. SUMMARY STEPS 1. configure 2. policy-map policy-name 3. class class-name 4. police rate {value [units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units]] 5. conform-action action 6. exceed-action action 7. exit 8. exit 9. exit 10. interface type interface-path-id 11. service-policy {input | output} policy-map 12. end or commit 13. show policy-map interface type interface-path-id [input | output] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 policy-map policy-name Enters policy map configuration mode. Example: RP/0/RSP0/CPU0:router(config)# policy-map policy1 • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. Step 3 class class-name Enters policy map class configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap)# class class1 • Specifies the name of the class whose policy you want to create or change. Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x OL-26077-02 81 Configuring Modular QoS Congestion Management Configuring Traffic Policing (Two-Rate Color-Blind)Command or Action Purpose Configures traffic policing and enters policy map police configuration mode. The traffic policing feature works with a token bucket algorithm. police rate {value [units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units]] Example: RP/0/RSP0/CPU0:router(config-pmap-c)# police rate 250000 Step 4 Configures the action to take on packets that conform to the rate limit. The action argument is specified by one of these keywords: conform-action action Example: RP/0/RSP0/CPU0:router(config-pmap-c-police)# Step 5 • drop—Drops the packet. • set—Has these keywords and arguments: conform-action set mpls experimental topmost 3 discard-class value—Sets the discard class value. Range is 0 to 7. dscp —Sets the differentiated services code point (DSCP) value and sends the packet. mpls experimental {topmost | imposition} value—Setsthe experimental (EXP) value of the Multiprotocol Label Switching (MPLS) packet topmost label or imposed label. Range is 0 to 7. precedence —Sets the IP precedence and sends the packet. qos-group—Sets the QoS group value. Range is 0 to 63. • transmit—Transmits the packets. Configures the action to take on packets that exceed the rate limit. The action argument is specified by one of the keywords specified in Step 5 . exceed-action action Example: RP/0/RSP0/CPU0:router(config-pmap-c-police)# Step 6 exceed-action set mpls experimental topmost 4 exit Returns the router to policy map class configuration mode. Example: Step 7 RP/0/RSP0/CPU0:router(config-pmap-c-police)# exit exit Returns the router to policy map configuration mode. Example: Step 8 RP/0/RSP0/CPU0:router(config-pmap-c)# exit Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x 82 OL-26077-02 Configuring Modular QoS Congestion Management Configuring Traffic Policing (Two-Rate Color-Blind)Command or Action Purpose exit Returns the router to global configuration mode. Example: RP/0/RSP0/CPU0:router(config-pmap)# exit Step 9 interface type interface-path-id Enters configuration mode and configures an interface. Example: RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 0/5/0/0 Step 10 Attaches a policy map to an input or output interface to be used as the service policy for that interface. service-policy {input | output} policy-map Example: RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1 Step 11 • In this example, the traffic policy evaluates all tra