Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x CISCO sur FNAC.COM

 

 

Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x

 

Click the links on the left to view the individual chapters in HTML format.





 

 

Voir également d'autres Guide CISCO :

Cisco-Security-Appliance-Command-Line-ASA-5500-version-7-2

Cisco-Introduction-to-the-Security-Appliance

Cisco-ASR-9000-Series-Aggregation-Configuration-Guide-Release-4-2-x

Cisco-IOS-XR-Carrier-Grade-NAT-Configuration-Guide-for-the-Cisco-CRS-Router-Release-4-2-x

Cisco-ASR-9000-Series-Aggregation-Services-Router-Interface-and-Hardware-Component-Configuration-Guide-Release-4-2-x

Cisco-ASR-9000-Series-Aggregation-Services-Router-IP-Addresses-and-Services-Configuration-Guide-Release-4-2-x

Cisco-ASR-9000-Series-Aggregation-Services-Router-L2VPN-et-services-Ethernet-Configuration-Guide-version-4-2-x

Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-26048-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http:// www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. © 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S P r e f a c e Preface xxi Changes to This Document xxi Obtaining Documentation and Submitting a Service Request xxi C H A P T E R 1 Implementing BGP on Cisco ASR 9000 Series Router 1 Prerequisites for Implementing BGP 2 Information About Implementing BGP 3 BGP Functional Overview 3 BGP Router Identifier 3 BGP Default Limits 4 BGP Next Hop Tracking 4 Scoped IPv4/VPNv4 Table Walk 6 Reordered Address Family Processing 6 New Thread for Next-Hop Processing 6 show, clear, and debug Commands 6 Autonomous System Number Formats in BGP 7 2-byte Autonomous System Number Format 7 4-byte Autonomous System Number Format 7 as-format Command 7 BGP Configuration 7 Configuration Modes 7 Router Configuration Mode 8 Router Address Family Configuration Mode 8 Neighbor Configuration Mode 8 Neighbor Address Family Configuration Mode 8 VRF Configuration Mode 8 VRF Address Family Configuration Mode 8 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 iiiVRF Neighbor Configuration Mode 9 VRF Neighbor Address Family Configuration Mode 9 VPNv4 Address Family Configuration Mode 9 L2VPN Address Family Configuration Mode 9 Neighbor Submode 9 Configuration Templates 10 Template Inheritance Rules 12 Viewing Inherited Configurations 15 show bgp neighbors 15 show bgp af-group 16 show bgp session-group 18 show bgp neighbor-group 18 No Default Address Family 20 Routing Policy Enforcement 20 Table Policy 22 Update Groups 22 BGP Update Generation and Update Groups 23 BGP Update Group 23 BGP Cost Community 23 How BGP Cost Community Influences the Best Path Selection Process 23 Cost Community Support for Aggregate Routes and Multipaths 24 Influencing Route Preference in a Multiexit IGP Network 26 BGP Cost Community Support for EIGRP MPLS VPN PE-CE with Back-door Links 26 Adding Routes to the Routing Information Base 27 BGP Best Path Algorithm 28 Comparing Pairs of Paths 28 Order of Comparisons 30 Best Path Change Suppression 31 Administrative Distance 31 Multiprotocol BGP 33 Route Dampening 35 Minimizing Flapping 36 BGP Routing Domain Confederation 36 BGP Route Reflectors 36 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x iv OL-26048-02 ContentsDefault Address Family for show Commands 40 Distributed BGP 40 MPLS VPN Carrier Supporting Carrier 41 BGP Keychains 42 BGP Nonstop Routing 42 BGP Prefix Independent Convergence Unipath Primary/Backup 43 BGP Local Label Retention 44 Command Line Interface (CLI) Consistency for BGP Commands 44 BGP Additional Paths 44 iBGP Multipath Load Sharing 45 Accumulated Interior Gateway Protocol Attribute 45 Per VRF and Per CE Label for IPv6 Provider Edge 46 IPv4 BGP-Policy Accounting on Cisco ASR 9000's A9K-SIP-700 46 IPv6 Unicast Routing on Cisco ASR 9000's A9K-SIP-700 46 IPv6 uRPF Support on Cisco ASR 9000's A9K-SIP-700 47 Remove and Replace Private AS Numbers from AS Path in BGP 47 Selective VRF Download 48 Line Card Roles and Filters 48 BGP DMZ Link Bandwidth for Unequal Cost Recursive Load Balancing 49 BFD Multihop Support for BGP 49 BGP Multi-Instance/Multi-AS Support 49 BGP Prefix Origin Validation Based on RPKI 49 BGP 3107 PIC Updates for Global Prefixes 50 BGP Prefix Independent Convergence for RIB and FIB 51 How to Implement BGP on Cisco IOS XR Software 51 Enabling BGP Routing 51 Configuring a Routing Domain Confederation for BGP 55 Resetting an eBGP Session Immediately Upon Link Failure 57 Logging Neighbor Changes 57 Adjusting BGP Timers 57 Changing the BGP Default Local Preference Value 59 Configuring the MED Metric for BGP 60 Configuring BGP Weights 62 Tuning the BGP Best-Path Calculation 64 Indicating BGP Back-door Routes 66 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 v ContentsConfiguring Aggregate Addresses 67 Redistributing iBGP Routes into IGP 69 Redistributing Prefixes into Multiprotocol BGP 71 Configuring BGP Route Dampening 73 Applying Policy When Updating the Routing Table 78 Setting BGP Administrative Distance 80 Configuring a BGP Neighbor Group and Neighbors 82 Configuring a Route Reflector for BGP 85 Configuring BGP Route Filtering by Route Policy 87 Configuring BGP Next-Hop Trigger Delay 89 Disabling Next-Hop Processing on BGP Updates 91 Configuring BGP Community and Extended-Community Advertisements 93 Configuring the BGP Cost Community 95 Configuring Software to Store Updates from a Neighbor 99 Configuring Distributed BGP 101 Configuring a VPN Routing and Forwarding Instance in BGP 104 Defining the Virtual Routing and Forwarding Tables in Provider Edge Routers 104 Configuring the Route Distinguisher 106 Configuring PE-PE or PE-RR Interior BGP Sessions 108 Configuring Route Reflector to Hold Routes That Have a Defined Set of RT Communities 111 Configuring BGP as a PE-CE Protocol 113 Redistribution of IGPs to BGP 118 Configuring Keychains for BGP 121 Disabling a BGP Neighbor 123 Resetting Neighbors Using BGP Inbound Soft Reset 124 Resetting Neighbors Using BGP Outbound Soft Reset 125 Resetting Neighbors Using BGP Hard Reset 126 Clearing Caches, Tables, and Databases 127 Displaying System and Network Statistics 128 Displaying BGP Process Information 129 Monitoring BGP Update Groups 131 Configuring BGP Nonstop Routing 132 Installing Primary Backup Path for Prefix Independent Convergence (PIC) 133 Retaining Allocated Local Label for Primary Path 135 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x vi OL-26048-02 ContentsConfiguring BGP Additional Paths 137 Configuring iBGP Multipath Load Sharing 139 Originating Prefixes with AiGP 141 Enabling BGP Unequal Cost Recursive Load Balancing 143 Configuring RPKI Cache 146 Configuring RPKI Prefix Validation 149 Configuring RPKI Bestpath Computation 150 Configuration Examples for Implementing BGP 152 Enabling BGP: Example 152 Displaying BGP Update Groups: Example 153 BGP Neighbor Configuration: Example 154 BGP Confederation: Example 155 BGP Route Reflector: Example 157 BGP Nonstop Routing Configuration: Example 157 Primary Backup Path Installation: Example 157 Allocated Local Label Retention: Example 157 iBGP Multipath Loadsharing Configuration: Example 158 Configuring BGP Additional Paths: Example 158 Originating Prefixes With AiGP: Example 158 BGP Unequal Cost Recursive Load Balancing: Example 159 Where to Go Next 161 Additional References 161 C H A P T E R 2 Implementing EIGRP on Cisco ASR 9000 Series Router 165 Prerequisites for Implementing EIGRP 166 Restrictions for Implementing EIGRP 166 Information About Implementing EIGRP 166 EIGRP Functional Overview 166 EIGRP Features 167 EIGRP Components 167 EIGRP Configuration Grouping 168 EIGRP Configuration Modes 168 EIGRP Interfaces 169 Redistribution for an EIGRP Process 169 Metric Weights for EIGRP Routing 170 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 vii ContentsMismatched K Values 170 Goodbye Message 171 Percentage of Link Bandwidth Used for EIGRP Packets 171 Floating Summary Routes for an EIGRP Process 171 Split Horizon for an EIGRP Process 173 Adjustment of Hello Interval and Hold Time for an EIGRP Process 174 Stub Routing for an EIGRP Process 174 Route Policy Options for an EIGRP Process 175 EIGRP Layer 3 VPN PE-CE Site-of-Origin 176 Router Interoperation with the Site-of-Origin Extended Community 176 EIGRP v4/v6 Authentication Using Keychain 177 How to Implement EIGRP 177 Enabling EIGRP Routing 177 Configuring Route Summarization for an EIGRP Process 180 Redistributing Routes for EIGRP 182 Creating a Route Policy and Attaching It to an EIGRP Process 184 Configuring Stub Routing for an EIGRP Process 187 Configuring EIGRP as a PE-CE Protocol 189 Redistributing BGP Routes into EIGRP 192 Monitoring EIGRP Routing 194 Configuring an EIGRP Authentication Keychain 197 Configuring an Authentication Keychain for an IPv4/IPv6 Interface on a Default VRF 198 Configuring an Authentication Keychain for an IPv4/IPv6 Interface on a Nondefault VRF 199 Configuration Examples for Implementing EIGRP 201 Configuring a Basic EIGRP Configuration: Example 201 Configuring an EIGRP Stub Operation: Example 202 Configuring an EIGRP PE-CE Configuration with Prefix-Limits: Example 202 Configuring an EIGRP Authentication Keychain: Example 203 Additional References 203 C H A P T E R 3 Implementing IS-IS on Cisco ASR 9000 Series Router 205 Prerequisites for Implementing IS-IS 206 Restrictions for Implementing IS-IS 206 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x viii OL-26048-02 ContentsInformation About Implementing IS-IS 206 IS-IS Functional Overview 206 Key Features Supported in the Cisco IOS XR IS-IS Implementation 207 IS-IS Configuration Grouping 207 IS-IS Configuration Modes 207 Router Configuration Mode 207 Router Address Family Configuration Mode 208 Interface Configuration Mode 208 Interface Address Family Configuration Mode 208 IS-IS Interfaces 208 Multitopology Configuration 209 IPv6 Routing and Configuring IPv6 Addressing 209 Limit LSP Flooding 209 Flood Blocking on Specific Interfaces 209 Mesh Group Configuration 210 Maximum LSP Lifetime and Refresh Interval 210 Single-Topology IPv6 Support 210 Multitopology IPv6 Support 210 IS-IS Authentication 210 Nonstop Forwarding 211 Multi-Instance IS-IS 212 Multiprotocol Label Switching Traffic Engineering 212 Overload Bit on Router 212 Overload Bit Configuration During Multitopology Operation 213 IS-IS Overload Bit Avoidance 213 Default Routes 213 Attached Bit on an IS-IS Instance 214 IS-IS Support for Route Tags 214 Multicast-Intact Feature 214 Multicast Topology Support Using IS-IS 215 MPLS Label Distribution Protocol IGP Synchronization 215 MPLS LDP-IGP Synchronization Compatibility with LDP Graceful Restart 215 MPLS LDP-IGP Synchronization Compatibility with IGP Nonstop Forwarding 216 Label Distribution Protocol IGP Auto-configuration 216 MPLS TE Forwarding Adjacency 216 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 ix ContentsMPLS TE Interarea Tunnels 216 IP Fast Reroute 217 How to Implement IS-IS 217 Enabling IS-IS and Configuring Level 1 or Level 2 Routing 217 Configuring Single Topology for IS-IS 219 Configuring Multitopology Routing 225 Restrictions for Configuring Multitopology Routing 225 Information About Multitopology Routing 225 Configuring a Global Topology and Associating It with an Interface 225 Enabling an IS-IS Topology 227 Placing an Interface in a Topology in IS-IS 229 Configuring a Routing Policy 230 Configuring Multitopology for IS-IS 232 Controlling LSP Flooding for IS-IS 232 Configuring Nonstop Forwarding for IS-IS 236 Configuring Authentication for IS-IS 239 Configuring Keychains for IS-IS 241 Configuring MPLS Traffic Engineering for IS-IS 243 Tuning Adjacencies for IS-IS 246 Setting SPF Interval for a Single-Topology IPv4 and IPv6 Configuration 249 Customizing Routes for IS-IS 252 Configuring MPLS LDP IS-IS Synchronization 255 Enabling Multicast-Intact 256 Tagging IS-IS Interface Routes 258 Setting the Priority for Adding Prefixes to the RIB 260 Configuring IP/LDP Fast Reroute 262 Configuring IS-IS Overload Bit Avoidance 266 Configuration Examples for Implementing IS-IS 266 Configuring Single-Topology IS-IS for IPv6: Example 267 Configuring Multitopology IS-IS for IPv6: Example 267 Redistributing IS-IS Routes Between Multiple Instances: Example 267 Tagging Routes: Example 268 Configuring IS-IS Overload Bit Avoidance: Example 268 Where to Go Next 269 Additional References 269 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x x OL-26048-02 ContentsC H A P T E R 4 Implementing OSPF on Cisco ASR 9000 Series Router 273 Prerequisites for Implementing OSPF 274 Information About Implementing OSPF 274 OSPF Functional Overview 275 Key Features Supported in the Cisco IOS XR Software OSPF Implementation 276 Comparison of Cisco IOS XR Software OSPFv3 and OSPFv2 276 OSPF Hierarchical CLI and CLI Inheritance 277 OSPF Routing Components 277 Autonomous Systems 278 Areas 278 Backbone Area 279 Stub Area 279 Not-so-Stubby Area 279 Routers 279 Area Border Routers 279 Autonomous System Boundary Routers (ASBR) 280 Interior Routers 280 OSPF Process and Router ID 280 Supported OSPF Network Types 281 Route Authentication Methods for OSPF 281 Plain Text Authentication 281 MD5 Authentication 281 Authentication Strategies 281 Key Rollover 282 Neighbors and Adjacency for OSPF 282 Designated Router (DR) for OSPF 282 Default Route for OSPF 282 Link-State Advertisement Types for OSPF Version 2 283 Link-State Advertisement Types for OSPFv3 283 Virtual Link and Transit Area for OSPF 285 OSPFv2 Sham Link Support for MPLS VPN 285 OSPF SPF Prefix Prioritization 287 Route Redistribution for OSPF 289 OSPF Shortest Path First Throttling 289 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 xi ContentsNonstop Forwarding for OSPF Version 2 290 Graceful Restart for OSPFv3 290 Modes of Graceful Restart Operation 291 Restart Mode 291 Helper Mode 291 Graceful Restart Requirements and Restrictions 292 Warm Standby and Nonstop Routing for OSPF Version 2 293 Warm Standby for OSPF Version 3 293 Multicast-Intact Support for OSPF 293 Load Balancing in OSPF Version 2 and OSPFv3 294 Multi-Area Adjacency for OSPF Version 2 294 Label Distribution Protocol IGP Auto-configuration for OSPF 295 OSPF Authentication Message Digest Management 295 GTSM TTL Security Mechanism for OSPF 296 Path Computation Element for OSPFv2 296 OSPF IP Fast Reroute Loop Free Alternate 296 Management Information Base (MIB) for OSPFv3 297 How to Implement OSPF 297 Enabling OSPF 297 Configuring Stub and Not-So-Stubby Area Types 300 Configuring Neighbors for Nonbroadcast Networks 303 Configuring Authentication at Different Hierarchical Levels for OSPF Version 2 308 Controlling the Frequency That the Same LSA Is Originated or Accepted for OSPF 312 Creating a Virtual Link with MD5 Authentication to Area 0 for OSPF 314 Examples 318 Summarizing Subnetwork LSAs on an OSPF ABR 319 Redistributing Routes from One IGP into OSPF 321 Configuring OSPF Shortest Path First Throttling 324 Examples 327 Configuring Nonstop Forwarding Specific to Cisco for OSPF Version 2 327 Configuring OSPF Version 2 for MPLS Traffic Engineering 330 Examples 333 Configuring OSPFv3 Graceful Restart 334 Displaying Information About Graceful Restart 336 Configuring an OSPFv2 Sham Link 337 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x xii OL-26048-02 ContentsEnabling Nonstop Routing for OSPFv2 341 Enabling Nonstop Routing for OSPFv3 342 Configuring OSPF SPF Prefix Prioritization 343 Enabling Multicast-intact for OSPFv2 346 Associating Interfaces to a VRF 347 Configuring OSPF as a Provider Edge to Customer Edge (PE-CE) Protocol 349 Creating Multiple OSPF Instances (OSPF Process and a VRF) 352 Configuring Multi-area Adjacency 354 Configuring Label Distribution Protocol IGP Auto-configuration for OSPF 356 Configuring LDP IGP Synchronization: OSPF 358 Configuring Authentication Message Digest Management for OSPF 359 Examples 361 Configuring Generalized TTL Security Mechanism (GTSM) for OSPF 363 Examples 365 Verifying OSPF Configuration and Operation 366 Configuring IP Fast Reroute Loop-free Alternate 368 Enabling IPFRR LFA 368 Excluding an Interface From IP Fast Reroute Per-link Computation 370 Configuration Examples for Implementing OSPF 371 Cisco IOS XR Software for OSPF Version 2 Configuration: Example 371 CLI Inheritance and Precedence for OSPF Version 2: Example 372 MPLS TE for OSPF Version 2: Example 373 ABR with Summarization for OSPFv3: Example 374 ABR Stub Area for OSPFv3: Example 374 ABR Totally Stub Area for OSPFv3: Example 374 Configuring OSPF SPF Prefix Prioritization: Example 374 Route Redistribution for OSPFv3: Example 375 Virtual Link Configured Through Area 1 for OSPFv3: Example 376 Virtual Link Configured with MD5 Authentication for OSPF Version 2: Example 376 VPN Backbone and Sham Link Configured for OSPF Version 2: Example 377 Where to Go Next 378 Additional References 378 C H A P T E R 5 Implementing and Monitoring RIB on Cisco ASR 9000 Series Router 381 Prerequisites for Implementing RIB 382 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 xiii ContentsInformation About RIB Configuration 382 Overview of RIB 382 RIB Data Structures in BGP and Other Protocols 382 RIB Administrative Distance 383 RIB Support for IPv4 and IPv6 383 RIB Statistics 384 IPv6 Provider Edge IPv6 and IPv6 VPN Provider Edge Transport over MPLS 384 RIB Quarantining 384 Route and Label Consistency Checker (RCC and LCC) 385 System-wide Route Prioritization for IOS XR Software 386 How to Deploy and Monitor RIB 386 Verifying RIB Configuration Using the Routing Table 386 Verifying Networking and Routing Problems 387 Disabling RIB Next-hop Dampening 389 Configuring RCC and LCC 390 Enabling RCC and LCC On-demand Scan 390 Enabling RCC and LCC Background Scan 391 Configuration Examples for RIB Monitoring 393 Output of show route Command: Example 394 Output of show route backup Command: Example 394 Output of show route best-local Command: Example 394 Output of show route connected Command: Example 395 Output of show route local Command: Example 395 Output of show route longer-prefixes Command: Example 395 Output of show route next-hop Command: Example 395 Enabling RCC and LCC: Example 396 Where to Go Next 396 Additional References 397 C H A P T E R 6 Implementing RIP on Cisco ASR 9000 Series Router 399 Prerequisites for Implementing RIP 400 Information About Implementing RIP 400 RIP Functional Overview 400 Split Horizon for RIP 401 Route Timers for RIP 401 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x xiv OL-26048-02 ContentsRoute Redistribution for RIP 401 Default Administrative Distances for RIP 402 Routing Policy Options for RIP 403 Authentication Using Keychain in RIP 403 In-bound RIP Traffic on an Interface 404 Out-bound RIP Traffic on an Interface 405 How to Implement RIP 405 Enabling RIP 405 Customizing RIP 407 Control Routing Information 410 Creating a Route Policy for RIP 413 Configuring RIP Authentication Keychain 415 Configuring RIP Authentication Keychain for IPv4 Interface on a Non-default VRF 415 Configuring RIP Authentication Keychain for IPv4 Interface on Default VRF 417 Configuration Examples for Implementing RIP 419 Configuring a Basic RIP Configuration: Example 419 Configuring RIP on the Provider Edge: Example 420 Adjusting RIP Timers for each VRF Instance: Example 420 Configuring Redistribution for RIP: Example 421 Configuring Route Policies for RIP: Example 421 Configuring Passive Interfaces and Explicit Neighbors for RIP: Example 422 Controlling RIP Routes: Example 422 Configuring RIP Authentication Keychain: Example 422 Additional References 423 C H A P T E R 7 Implementing Routing Policy on Cisco ASR 9000 Series Router 425 Prerequisites for Implementing Routing Policy 426 Restrictions for Implementing Routing Policy 426 Information About Implementing Routing Policy 427 Routing Policy Language 427 Routing Policy Language Overview 427 Routing Policy Language Structure 427 Names 428 Sets 428 as-path-set 429 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 xv Contentscommunity-set 430 extcommunity-set 431 prefix-set 434 Enhanced Prefix-length Manipulation 435 rd-set 435 Routing Policy Language Components 436 Routing Policy Language Usage 436 Routing Policy Configuration Basics 438 Policy Definitions 438 Parameterization 439 Parameterization at Attach Points 440 Global Parameterization 441 Semantics of Policy Application 441 Boolean Operator Precedence 441 Multiple Modifications of the Same Attribute 442 When Attributes Are Modified 443 Default Drop Disposition 443 Control Flow 443 Policy Verification 444 Range Checking 444 Incomplete Policy and Set References 444 Attached Policy Modification 445 Verification of Attribute Comparisons and Actions 445 Policy Statements 445 Remark 446 Disposition 446 Action 448 If 448 Boolean Conditions 449 apply 450 Attach Points 450 BGP Policy Attach Points 451 Aggregation 451 Dampening 452 Default Originate 453 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x xvi OL-26048-02 ContentsNeighbor Export 453 Neighbor Import 454 Network 454 Redistribute 454 Show BGP 455 Table Policy 456 Import 457 Export 457 Retain Route-Target 458 Allocate-Label 459 Neighbor-ORF 459 Next-hop 460 Clear-Policy 460 Debug 460 BGP Attributes and Operators 461 OSPF Policy Attach Points 475 Default-Information Originate 475 Redistribute 475 Area-in 476 Area-out 476 OSPF Attributes and Operators 477 OSPFv3 Policy Attach Points 478 Default-Information Originate 478 Redistribute 478 OSPFv3 Attributes and Operators 479 IS-IS Policy Attach Points 479 Redistribute 479 Default-Information Originate 480 Inter-area-propagate 480 IS-IS Attributes and Operators 480 EIGRP Policy Attach Points 481 Default-Accept-In 481 Default-Accept-Out 482 Policy-In 482 Policy-Out 482 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 xvii ContentsIf-Policy-In 483 If-Policy-Out 483 Redistribute 483 EIGRP Attributes and Operators 483 RIP Policy Attach Points 485 Default-Information Originate 485 Redistribute 485 Global-Inbound 486 Global-Outbound 486 Interface-Inbound 486 Interface-Outbound 486 RIP Attributes and Operators 486 PIM Policy Attach Points 488 Attached Policy Modification 488 Nonattached Policy Modification 488 Editing Routing Policy Configuration Elements 488 Editing Routing Policy Configuration Elements Using the Nano Editor 489 Editing Routing Policy Configuration Elements Using the Emacs Editor 489 Editing Routing Policy Configuration Elements Using the Vim Editor 490 Editing Routing Policy Configuration Elements Using the CLI 490 Editing Routing Policy Language set elements Using XML 490 Hierarchical Conditions 491 Apply Condition Policies 491 Nested Wildcard Apply Policy 492 How to Implement Routing Policy 492 Defining a Route Policy 492 Attaching a Routing Policy to a BGP Neighbor 494 Modifying a Routing Policy Using a Text Editor 496 Configuration Examples for Implementing Routing Policy 497 Routing Policy Definition: Example 497 Simple Inbound Policy: Example 497 Modular Inbound Policy: Example 498 Additional References 499 C H A P T E R 8 Implementing Static Routes on Cisco ASR 9000 Series Router 501 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x xviii OL-26048-02 ContentsPrerequisites for Implementing Static Routes 502 Information About Implementing Static Routes 502 Static Route Functional Overview 502 Default Administrative Distance 502 Directly Connected Routes 503 Recursive Static Routes 503 Fully Specified Static Routes 504 Floating Static Routes 504 Default VRF 504 IPv4 and IPv6 Static VRF Routes 504 Dynamic ECMP Support for IGP Prefixes 505 How to Implement Static Routes 505 Configuring a Static Route 505 Configuring a Floating Static Route 507 Configuring Static Routes Between PE-CE Routers 508 Changing the Maximum Number of Allowable Static Routes 510 Associating a VRF with a Static Route 512 Enabling Object Tracking for Static Routes 514 Configuration Examples 516 Configuring Traffic Discard: Example 516 Configuring a Fixed Default Route: Example 516 Configuring a Floating Static Route: Example 516 Configuring a Static Route Between PE-CE Routers: Example 516 Additional References 517 C H A P T E R 9 Implementing RCMD on Cisco ASR 9000 Series Router 519 Route Convergence Monitoring and Diagnostics 519 Configuring Route Convergence Monitoring and Diagnostics 520 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 xix Contents Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x xx OL-26048-02 ContentsPreface The Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide preface contains these sections: • Changes to This Document, page xxi • Obtaining Documentation and Submitting a Service Request, page xxi Changes to This Document This table lists the technical changes made to this document since it was first printed. Table 1: Changes to This Document Revision Date Change Summary Republished with documentation updates for Cisco IOS XR Release 4.2.1 features. OL-26048-02 June, 2012 OL-26048-01 December, 2011 Initial release of this document. Obtaining Documentation and Submitting a Service Request For information on obtaining documentation,submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 xxi Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x xxii OL-26048-02 Preface Obtaining Documentation and Submitting a Service RequestC H A P T E R 1 Implementing BGP on Cisco ASR 9000 Series Router Border Gateway Protocol (BGP) is an Exterior Gateway Protocol (EGP) that allows you to create loop-free interdomain routing between autonomous systems. An autonomous system is a set of routers under a single technical administration. Routers in an autonomous system can use multiple Interior Gateway Protocols (IGPs) to exchange routing information inside the autonomous system and an EGP to route packets outside the autonomous system. This module provides the conceptual and configuration information for BGP on Cisco IOS XR software. For more information about BGP and complete descriptions of the BGP commands listed in this module, see Related Documents, on page 161 section of this module. To locate documentation for other commands that might appear while performing a configuration task, search online in the Cisco ASR 9000 Series Router software master command index. Note Feature History for Implementing BGP Release Modification Release 3.7.2 This feature was introduced. The following features were supported: • BGP Prefix Independent Convergence Unipath Primary Backup • BGP Local Label Retention • Asplain notation for 4-byte Autonomous System Number • BGP Nonstop Routing • Command Line Interface (CLI) consistency for BGP commands • L2VPN Address Family Configuration Mode Release 3.9.0 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 1Release Modification The following features were supported: • BGP Add Path Advertisement • Accumulated iGP (AiGP) • Pre-route • IPv4 BGP-Policy Accounting • IPv6 uRPF Release 4.0.0 Release 4.1.0 Support for 5000 BGP NSR sessions was added BGP DMZ Link Bandwidth for Unequal Cost Recursive Load Balancing feature was added Release 4.1.1 The following features were supported: • Selective VRF Download • BGP Multi-Instance/Multi-AS • BFD Multihop Support for BGP Release 4.2.0 The following features were supported: • BGP 3107 PIC Updates for Global Prefixes • BGP Prefix Independent Convergence for RIB and FIB • BGP Prefix Origin Validation Based on RPKI Release 4.2.1 • Prerequisites for Implementing BGP, page 2 • Information About Implementing BGP, page 3 • How to Implement BGP on Cisco IOS XR Software, page 51 • Configuration Examples for Implementing BGP, page 152 • Where to Go Next, page 161 • Additional References, page 161 Prerequisites for Implementing BGP You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 2 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Prerequisites for Implementing BGPInformation About Implementing BGP To implement BGP, you need to understand the following concepts: BGP Functional Overview BGP uses TCP as its transport protocol. Two BGP routers form a TCP connection between one another (peer routers) and exchange messages to open and confirm the connection parameters. BGP routers exchange network reachability information. This information is mainly an indication of the full paths (BGP autonomous system numbers) that a route should take to reach the destination network. This information helps construct a graph that shows which autonomous systems are loop free and where routing policies can be applied to enforce restrictions on routing behavior. Any two routersforming a TCP connection to exchange BGP routing information are called peers or neighbors. BGP peers initially exchange their full BGP routing tables. After this exchange, incremental updates are sent as the routing table changes. BGP keeps a version number of the BGP table, which is the same for all of its BGP peers. The version number changes whenever BGP updatesthe table due to routing information changes. Keepalive packets are sent to ensure that the connection is alive between the BGP peers and notification packets are sent in response to error or special conditions. For information on configuring BGP to distribute Multiprotocol Label Switching (MPLS) Layer 3 virtual private network (VPN) information, see the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide For information on BGP support for Bidirectional Forwarding Detection (BFD), see the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Configuration Guide and the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Command Reference. Note BGP Router Identifier For BGP sessions between neighbors to be established, BGP must be assigned a router ID. The router ID is sent to BGP peers in the OPEN message when a BGP session is established. BGP attempts to obtain a router ID in the following ways (in order of preference): • By means of the address configured using the bgp router-id command in router configuration mode. • By using the highest IPv4 address on a loopback interface in the system if the router is booted with saved loopback address configuration. • By using the primary IPv4 address of the first loopback address that gets configured if there are not any in the saved configuration. If none of these methodsfor obtaining a router ID succeeds, BGP does not have a router ID and cannot establish any peering sessions with BGP neighbors. In such an instance, an error message is entered in the system log, and the show bgp summary command displays a router ID of 0.0.0.0. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 3 Implementing BGP on Cisco ASR 9000 Series Router Information About Implementing BGPAfter BGP has obtained a router ID, it continues to use it even if a better router ID becomes available. This usage avoids unnecessary flapping for all BGP sessions. However, if the router ID currently in use becomes invalid (because the interface goes down or its configuration is changed), BGP selects a new router ID (using the rules described) and all established peering sessions are reset. We strongly recommend that the bgp router-id command is configured to prevent unnecessary changes to the router ID (and consequent flapping of BGP sessions). Note BGP Default Limits Cisco IOS XR BGP imposes maximum limits on the number of neighbors that can be configured on the router and on the maximum number of prefixes that are accepted from a peer for a given address family. This limitation safeguards the router from resource depletion caused by misconfiguration, either locally or on the remote neighbor. The following limits apply to BGP configurations: • The default maximum number of peers that can be configured is 4000. The default can be changed using the bgp maximum neighbor command. The limit range is 1 to 15000. Any attempt to configure additional peers beyond the maximum limit or set the maximum limit to a number that is less than the number of peers currently configured will fail. • To prevent a peer from flooding BGP with advertisements, a limit is placed on the number of prefixes that are accepted from a peer for each supported address family. The default limits can be overridden through configuration of the maximum-prefix limit command for the peer for the appropriate address family. The following default limits are used if the user does not configure the maximum number of prefixes for the address family: ? 512K (524,288) prefixes for IPv4 unicast ? 128K (131,072) prefixes for IPv4 multicast ? 128K (131,072) prefixes for IPv6 unicast ? 512K (524,288) prefixes for VPNv4 unicast A cease notification message is sent to the neighbor and the peering with the neighbor is terminated when the number of prefixes received from the peer for a given address family exceeds the maximum limit (either set by default or configured by the user) for that address family. It is possible that the maximum number of prefixes for a neighbor for a given address family has been configured after the peering with the neighbor has been established and a certain number of prefixes have already been received from the neighbor for that address family. A cease notification message is sent to the neighbor and peering with the neighbor is terminated immediately after the configuration if the configured maximum number of prefixesisfewer than the number of prefixesthat have already been received from the neighbor for the address family. BGP Next Hop Tracking BGP receives notifications from the Routing Information Base (RIB) when next-hop information changes (event-driven notifications). BGP obtains next-hop information from the RIB to: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 4 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Default Limits• Determine whether a next hop is reachable. • Find the fully recursed IGP metric to the next hop (used in the best-path calculation). • Validate the received next hops. • Calculate the outgoing next hops. • Verify the reachability and connectedness of neighbors. BGP is notified when any of the following events occurs: • Next hop becomes unreachable • Next hop becomes reachable • Fully recursed IGP metric to the next hop changes • First hop IP address or first hop interface change • Next hop becomes connected • Next hop becomes unconnected • Next hop becomes a local address • Next hop becomes a nonlocal address Note Reachability and recursed metric events trigger a best-path recalculation. Event notificationsfrom the RIB are classified as critical and noncritical. Notificationsfor critical and noncritical events are sent in separate batches. However, a noncritical event is sent along with the critical events if the noncritical event is pending and there is a request to read the critical events. • Critical events are related to the reachability (reachable and unreachable), connectivity (connected and unconnected), and locality (local and nonlocal) of the next hops. Notifications for these events are not delayed. • Noncritical eventsinclude only the IGP metric changes. These events are sent at an interval of 3 seconds. A metric change event is batched and sent 3 seconds after the last one was sent. The next-hop trigger delay for critical and noncritical events can be configured to specify a minimum batching interval for critical and noncritical events using the nexthop trigger-delay command. The trigger delay is address family dependent. The BGP next-hop tracking feature allows you to specify that BGP routes are resolved using only next hops whose routes have the following characteristics: • To avoid the aggregate routes, the prefix length must be greater than a specified value. • The source protocol must be from a selected list, ensuring that BGP routes are not used to resolve next hops that could lead to oscillation. This route policy filtering is possible because RIB identifies the source protocol of route that resolved a next hop as well as the mask length associated with the route. The nexthop route-policy command is used to specify the route-policy. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 5 Implementing BGP on Cisco ASR 9000 Series Router BGP Next Hop TrackingFor information on route policy filtering for next hops using the next-hop attach point, see the Implementing Routing Policy Language on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide (this publication). Scoped IPv4/VPNv4 Table Walk To determine which address family to process, a next-hop notification is received by first dereferencing the gateway context associated with the next hop, then looking into the gateway context to determine which address families are using the gateway context. The IPv4 unicast and VPNv4 unicast address families share the same gateway context, because they are registered with the IPv4 unicast table in the RIB. As a result, both the global IPv4 unicast table and the VPNv4 table are processed when an IPv4 unicast next-hop notification is received from the RIB. A mask is maintained in the next hop, indicating whether the next hop belongs to IPv4 unicast or VPNv4 unicast, or both. This scoped table walk localizes the processing in the appropriate address family table. Reordered Address Family Processing The Cisco IOS XR software walks address family tables based on the numeric value of the address family. When a next-hop notification batch is received, the order of address family processing is reordered to the following order: • IPv4 tunnel • VPNv4 unicast • IPv4 labeled unicast • IPv4 unicast • IPv4 multicast • IPv6 unicast New Thread for Next-Hop Processing The critical-event thread in the spkr process handles only next-hop, Bidirectional Forwarding Detection (BFD), and fast-external-failover (FEF) notifications. This critical-event thread ensures that BGP convergence is not adversely impacted by other events that may take a significant amount of time. show, clear, and debug Commands The show bgp nexthops command provides statistical information about next-hop notifications, the amount of time spent in processing those notifications, and details about each next hop registered with the RIB. The clear bgp nexthop performance-statistics command ensures that the cumulative statistics associated with the processing part of the next-hop show command can be cleared to help in monitoring. The clear bgp nexthop registration command performs an asynchronous registration of the next hop with the RIB. See the BGP Commands on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router Routing Command Referencefor information on the next-hop show and clear commands. The debug bgp nexthop command displays information on next-hop processing. The out keyword provides debug information only about BGP registration of next hops with RIB. The in keyword displays debug information about next-hop notifications received from RIB. The out keyword displays debug information Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 6 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Next Hop Trackingabout next-hop notifications sent to the RIB. See the BGP Debug Commands on Cisco ASR 9000 Series Aggregation Services Router module of Cisco ASR 9000 Series Aggregation Services Router Routing Debug Command Reference . Autonomous System Number Formats in BGP Autonomous system numbers (ASNs) are globally unique identifiers used to identify autonomous systems (ASs) and enable ASs to exchange exterior routing information between neighboring ASs. A unique ASN is allocated to each AS for use in BGP routing. ASNs are encoded as 2-byte numbers and 4-byte numbers in BGP. 2-byte Autonomous System Number Format The 2-byte ASNs are represented in asplain notation. The 2-byte range is 1 to 65535. 4-byte Autonomous System Number Format To prepare for the eventual exhaustion of 2-byte Autonomous System Numbers(ASNs), BGP hasthe capability to support 4-byte ASNs. The 4-byte ASNs are represented both in asplain and asdot notations. The byte range for 4-byte ASNs in asplain notation is 1-4294967295. The AS is represented as a 4-byte decimal number. The 4-byte ASN asplain representation is defined in draft-ietf-idr-as-representation-01.txt. For 4-byte ASNs in asdot format, the 4-byte range is 1.0 to 65535.65535 and the format is: high-order-16-bit-value-in-decimal . low-order-16-bit-value-in-decimal The BGP 4-byte ASN capability is used to propagate 4-byte-based AS path information across BGP speakers that do not support 4-byte AS numbers. See draft-ietf-idr-as4bytes-12.txt for information on increasing the size of an ASN from 2 bytes to 4 bytes. AS is represented as a 4-byte decimal number as-format Command The as-format command configures the ASN notation to asdot. The default value, if the as-format command is not configured, is asplain. BGP Configuration BGP in Cisco IOS XR software follows a neighbor-based configuration model that requires that all configurations for a particular neighbor be grouped in one place under the neighbor configuration. Peer groups are not supported for either sharing configuration between neighbors or for sharing update messages. The concept of peer group has been replaced by a set of configuration groups to be used as templates in BGP configuration and automatically generated update groups to share update messages between neighbors. Configuration Modes BGP configurations are grouped into modes. The following sections show how to enter some of the BGP configuration modes. From a mode, you can enter the ? command to display the commands available in that mode. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 7 Implementing BGP on Cisco ASR 9000 Series Router Autonomous System Number Formats in BGPRouter Configuration Mode The following example shows how to enter router configuration mode: RP/0/RSP0/CPU0:router# configuration RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# Router Address Family Configuration Mode The following example shows how to enter router address family configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 112 RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 multicast RP/0/RSP0/CPU0:router(config-bgp-af)# Neighbor Configuration Mode The following example shows how to enter neighbor configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.0.1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Neighbor Address Family Configuration Mode The following example shows how to enter neighbor address family configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 112 RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.0.1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# VRF Configuration Mode The following example shows how to enter VPN routing and forwarding (VRF) configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A RP/0/RSP0/CPU0:router(config-bgp-vrf)# VRF Address Family Configuration Mode The following example shows how to enter VRF address family configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 112 RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A RP/0/RSP0/CPU0:router(config-bgp-vrf)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 8 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP ConfigurationVRF Neighbor Configuration Mode The following example shows how to enter VRF neighbor configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 11.0.1.2 RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# VRF Neighbor Address Family Configuration Mode The following example shows how to enter VRF neighbor address family configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 112 RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 11.0.1.2 RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# VPNv4 Address Family Configuration Mode The following example shows how to enter VPNv4 address family configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 152 RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)# L2VPN Address Family Configuration Mode The following example shows how to enter L2VPN address family configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 100 RP/0/RSP0/CPU0:router(config-bgp)# address-family l2vpn vpls-vpws RP/0/RSP0/CPU0:router(config-bgp-af)# Neighbor Submode Cisco IOS XR BGP uses a neighbor submode to make it possible to enter configurations without having to prefix every configuration with the neighbor keyword and the neighbor address: • Cisco IOS XR software has a submode available for neighbors in which it is not necessary for every command to have a “neighbor x.x.x.x” prefix: In Cisco IOS XR software, the configuration is as follows: RP/0/RSP0 /CPU0:router(config-bgp)# neighbor 192.23.1.2 RP/0/RSP0 /CPU0:router(config-bgp-nbr)# remote-as 2002 RP/0/RSP0 /CPU0:router(config-bgp-nbr)# address-family ipv4 multicast Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 9 Implementing BGP on Cisco ASR 9000 Series Router BGP Configuration• An address family configuration submode inside the neighbor configuration submode is available for entering address family-specific neighbor configurations. In Cisco IOS XR software, the configuration is as follows: RP/0/RSP0 /CPU0:router(config-bgp)# neighbor 2002::2 RP/0/RSP0 /CPU0:router(config-bgp-nbr)# remote-as 2023 RP/0/RSP0 /CPU0:router(config-bgp-nbr)# address-family ipv6 unicast RP/0/RSP0 /CPU0:router(config-bgp-nbr-af)# next-hop-self RP/0/RSP0 /CPU0:router(config-bgp-nbr-af)# route-policy one in • You must enter neighbor-specific IPv4, IPv6, VPNv4, or VPNv6 commands in neighbor address-family configuration submode. In Cisco IOS XR software, the configuration is as follows: RP/0/RSP0 /CPU0:router(config)# router bgp 109 RP/0/RSP0 /CPU0:router(config-bgp)# neighbor 192.168.40.24 RP/0/RSP0 /CPU0:router(config-bgp-nbr)# remote-as 1 RP/0/RSP0 /CPU0:router(config-bgp-nbr)# address-family ipv4 unicast RP/0/RSP0 /CPU0:router(config-bgp-nbr-af)# maximum-prefix 1000 • You must enter neighbor-specific IPv4 and IPv6 commandsin VRF neighbor address-family configuration submode. In Cisco IOS XR software, the configuration is as follows: RP/0/RSP0 /CPU0:router(config)# router bgp 110 RP/0/RSP0 /CPU0:router(config-bgp)# vrf vrf_A RP/0/RSP0 /CPU0:router(config-bgp-vrf)# neighbor 11.0.1.2 RP/0/RSP0 /CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 unicast RP/0/RSP0 /CPU0:router(config-bgp-vrf-nbr-af)# route-policy pass all in Configuration Templates The af-group, session-group, and neighbor-group configuration commands provide template support for the neighbor configuration in Cisco IOS XR software. The af-group command is used to group address family-specific neighbor commands within an IPv4, IPv6, or VPNv4, address family. Neighbors that have the same address family configuration are able to use the address family group (af-group) name for their address family-specific configuration. A neighbor inherits the configuration from an address family group by way of the use command. If a neighbor is configured to use an address family group, the neighbor (by default) inherits the entire configuration from the address family group. However, a neighbor does not inherit all of the configuration from the address family group if items Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 10 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Configurationare explicitly configured for the neighbor. The address family group configuration is entered under the BGP router configuration mode. The following example shows how to enter address family group configuration mode. RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# af-group afmcast1 address-family ipv4 multicast RP/0/RSP0/CPU0:router(config-bgp-afgrp)# The session-group command allows you to create a session group from which neighbors can inherit address family-independent configuration. A neighbor inherits the configuration from a session group by way of the use command. If a neighbor is configured to use a session group, the neighbor (by default) inherits the entire configuration of the session group. A neighbor does not inherit all of the configuration from a session group if a configuration is done directly on that neighbor. The following example shows how to enter session group configuration mode: RP/0/RSP0/CPU0:router# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# session-group session1 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# The neighbor-group command helps you apply the same configuration to one or more neighbors. Neighbor groups can include session groups and address family groups and can comprise the complete configuration for a neighbor. After a neighbor group is configured, a neighbor can inherit the configuration of the group using the use command. If a neighbor is configured to use a neighbor group, the neighbor inherits the entire BGP configuration of the neighbor group. The following example shows how to enter neighbor group configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 123 RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group nbrgroup1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# The following example shows how to enter neighbor group address family configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group nbrgroup1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# • However, a neighbor does not inherit all of the configuration from the neighbor group if items are explicitly configured for the neighbor. In addition, some part of the configuration of the neighbor group could be hidden if a session group or address family group was also being used. Configuration grouping has the following effects in Cisco IOS XR software: • Commands entered at the session group level define address family-independent commands (the same commands as in the neighbor submode). • Commands entered at the address family group level define address family-dependent commands for a specified addressfamily (the same commands asin the neighbor-addressfamily configuration submode). • Commands entered at the neighbor group level define addressfamily-independent commands and address family-dependent commands for each address family (the same as all available neighbor commands), and define the use command for the address family group and session group commands. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 11 Implementing BGP on Cisco ASR 9000 Series Router BGP ConfigurationTemplate Inheritance Rules In Cisco IOS XR software, BGP neighbors or groups inherit configuration from other configuration groups. For address family-independent configurations: • Neighbors can inherit from session groups and neighbor groups. • Neighbor groups can inherit from session groups and other neighbor groups. • Session groups can inherit from other session groups. • If a neighbor uses a session group and a neighbor group, the configurations in the session group are preferred over the global address family configurations in the neighbor group. For address family-dependent configurations: • Address family groups can inherit from other address family groups. • Neighbor groups can inherit from address family groups and other neighbor groups. • Neighbors can inherit from address family groups and neighbor groups. Configuration group inheritance rules are numbered in order of precedence as follows: 1 If the item is configured directly on the neighbor, that value is used. In the example that follows, the advertisement interval is configured both on the neighbor group and neighbor configuration and the advertisement interval being used is from the neighbor configuration: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 15 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.1.1.1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# advertisement-interval 20 The following output from the show bgp neighbors command shows that the advertisement interval used is 20 seconds: RP/0/RSP0/CPU0:router# show bgp neighbors 10.1.1.1 BGP neighbor is 10.1.1.1, remote AS 1, local AS 140, external link Remote router ID 0.0.0.0 BGP state = Idle Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds Received 0 messages, 0 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Minimum time between advertisement runs is 20 seconds For Address Family: IPv4 Unicast BGP neighbor version 0 Update group: 0.1 eBGP neighbor with no inbound or outbound policy; defaults to 'drop' Route refresh request: received 0, sent 0 0 accepted prefixes Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288 Threshold for warning message 75% Connections established 0; dropped 0 Last reset 00:00:14, due to BGP neighbor initialized External BGP neighbor not directly connected. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 12 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Configuration2 Otherwise, if an item is configured to be inherited from a session-group or neighbor-group and on the neighbor directly, then the configuration on the neighbor is used. If a neighbor is configured to be inherited from session-group or af-group, but no directly configured value, then the value in the session-group or af-group is used. In the example that follows, the advertisement interval is configured on a neighbor group and a session group and the advertisement interval value being used is from the session group: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# session-group AS_2 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 15 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 20 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.0.1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use session-group AS_2 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1 The following output from the show bgp neighbors command shows that the advertisement interval used is 15 seconds: RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.0.1 BGP neighbor is 192.168.0.1, remote AS 1, local AS 140, external link Remote router ID 0.0.0.0 BGP state = Idle Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds Received 0 messages, 0 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Minimum time between advertisement runs is 15 seconds For Address Family: IPv4 Unicast BGP neighbor version 0 Update group: 0.1 eBGP neighbor with no inbound or outbound policy; defaults to 'drop' Route refresh request: received 0, sent 0 0 accepted prefixes Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288 Threshold for warning message 75% Connections established 0; dropped 0 Last reset 00:03:23, due to BGP neighbor initialized External BGP neighbor not directly connected. 3 Otherwise, if the neighbor uses a neighbor group and does not use a session group or addressfamily group, the configuration value can be obtained from the neighbor group either directly or through inheritance. In the example that follows, the advertisement interval from the neighbor group is used because it is not configured directly on the neighbor and no session group is used: RP/0/RSP0/CPU0:router(config)# router bgp 150 RP/0/RSP0/CPU0:router(config-bgp)# session-group AS_2 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 20 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 15 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.1.1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1 The following output from the show bgp neighbors command shows that the advertisement interval used is 15 seconds: RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.1.1 BGP neighbor is 192.168.2.2, remote AS 1, local AS 140, external link Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 13 Implementing BGP on Cisco ASR 9000 Series Router BGP ConfigurationRemote router ID 0.0.0.0 BGP state = Idle Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds Received 0 messages, 0 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Minimum time between advertisement runs is 15 seconds For Address Family: IPv4 Unicast BGP neighbor version 0 Update group: 0.1 eBGP neighbor with no outbound policy; defaults to 'drop' Route refresh request: received 0, sent 0 Inbound path policy configured Policy for incoming advertisements is POLICY_1 0 accepted prefixes Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288 Threshold for warning message 75% Connections established 0; dropped 0 Last reset 00:01:14, due to BGP neighbor initialized External BGP neighbor not directly connected. To illustrate the same rule, the following example shows how to set the advertisement interval to 15 (from the session group) and 25 (from the neighbor group). The advertisement interval set in the session group overrides the one set in the neighbor group. The inbound policy is set to POLICY_1 from the neighbor group. RP/0/RSP0/CPU0:routerconfig)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# session-group ADV RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 15 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group ADV_2 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 25 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# route-policy POLICY_1 in RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.2.2 RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use session-group ADV RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group ADV_2 The following output from the show bgp neighbors command shows that the advertisement interval used is 15 seconds: RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.2.2 BGP neighbor is 192.168.2.2, remote AS 1, local AS 140, external link Remote router ID 0.0.0.0 BGP state = Idle Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds Received 0 messages, 0 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Minimum time between advertisement runs is 15 seconds For Address Family: IPv4 Unicast BGP neighbor version 0 Update group: 0.1 eBGP neighbor with no inbound or outbound policy; defaults to 'drop' Route refresh request: received 0, sent 0 0 accepted prefixes Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288 Threshold for warning message 75% Connections established 0; dropped 0 Last reset 00:02:03, due to BGP neighbor initialized External BGP neighbor not directly connected. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 14 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Configuration4 Otherwise, the default value is used. In the example that follows, neighbor 10.0.101.5 has the minimum time between advertisement runs set to 30 seconds (default) because the neighbor is not configured to use the neighbor configuration or the neighbor group configuration: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# remote-as 1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group adv_15 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# remote-as 10 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 15 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.101.5 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.101.10 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group adv_15 The following output from the show bgp neighbors command shows that the advertisement interval used is 30 seconds: RP/0/RSP0/CPU0:router# show bgp neighbors 10.0.101.5 BGP neighbor is 10.0.101.5, remote AS 1, local AS 140, external link Remote router ID 0.0.0.0 BGP state = Idle Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds Received 0 messages, 0 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Minimum time between advertisement runs is 30 seconds For Address Family: IPv4 Unicast BGP neighbor version 0 Update group: 0.2 eBGP neighbor with no inbound or outbound policy; defaults to 'drop' Route refresh request: received 0, sent 0 0 accepted prefixes Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288 Threshold for warning message 75% Connections established 0; dropped 0 Last reset 00:00:25, due to BGP neighbor initialized External BGP neighbor not directly connected. The inheritance rules used when groups are inheriting configuration from other groups are the same as the rules given for neighbors inheriting from groups. Viewing Inherited Configurations You can use the following show commands to view BGP inherited configurations: show bgp neighbors Use the show bgp neighbors command to display information about the BGP configuration for neighbors. • Use the configuration keyword to display the effective configuration for the neighbor, including any settings that have been inherited from session groups, neighbor groups, or address family groups used by this neighbor. • Use the inheritance keyword to display the session groups, neighbor groups, and address family groups from which this neighbor is capable of inheriting configuration. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 15 Implementing BGP on Cisco ASR 9000 Series Router BGP ConfigurationThe show bgp neighbors command examples that follow are based on this sample configuration: RP/0/RSP0/CPU0:router(config)# router bgp 142 RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_3 address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-afgrp)# next-hop-self RP/0/RSP0/CPU0:router(config-bgp-afgrp)# route-policy POLICY_1 in RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 15 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group GROUP_1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# use session-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# ebgp-multihop 3 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# weight 100 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# send-community-ebgp RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 multicast RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# default-originate RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.0.1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group GROUP_1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# use af-group GROUP_3 RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# weight 200 The following example displayssample output from the show bgp neighbors command using the inheritance keyword. The example shows that the neighbor inherits session parameters from neighbor group GROUP_1, which in turn inherits from session group GROUP_2. The neighbor inherits IPv4 unicast parameters from address family group GROUP_3 and IPv4 multicast parameters from neighbor group GROUP_1: RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.0.1 inheritance Session: n:GROUP_1 s:GROUP_2 IPv4 Unicast: a:GROUP_3 IPv4 Multicast: n:GROUP_1 The following example displays sample output from the show bgp neighbors command using the configuration keyword. The example shows from where each item of configuration was inherited, or if it was configured directly on the neighbor (indicated by [ ]). For example, the ebgp-multihop 3 command was inherited from neighbor group GROUP_1 and the next-hop-self command was inherited from the address family group GROUP_3: RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.0.1 configuration neighbor 192.168.0.1 remote-as 2 [] advertisement-interval 15 [n:GROUP_1 s:GROUP_2] ebgp-multihop 3 [n:GROUP_1] address-family ipv4 unicast [] next-hop-self [a:GROUP_3] route-policy POLICY_1 in [a:GROUP_3] weight 200 [] address-family ipv4 multicast [n:GROUP_1] default-originate [n:GROUP_1] show bgp af-group Use the show bgp af-group command to display address family groups: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 16 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Configuration• Use the configuration keyword to display the effective configuration for the address family group, including any settings that have been inherited from address family groups used by this address family group. • Use the inheritance keyword to display the addressfamily groupsfrom which this addressfamily group is capable of inheriting configuration. • Use the users keyword to display the neighbors, neighbor groups, and address family groups that inherit configuration from this address family group. The show bgp af-group sample commands that follow are based on this sample configuration: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_3 address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-afgrp)# remove-private-as RP/0/RSP0/CPU0:router(config-bgp-afgrp)# route-policy POLICY_1 in RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_1 address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-afgrp)# use af-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-afgrp)# maximum-prefix 2500 75 warning-only RP/0/RSP0/CPU0:router(config-bgp-afgrp)# default-originate RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_2 address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-afgrp)# use af-group GROUP_3 RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-community-ebgp RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-extended-community-ebgp RP/0/RSP0/CPU0:router(config-bgp-afgrp)# capability orf prefix both The following example displays sample output from the show bgp af-group command using the configuration keyword. This example shows from where each configuration item was inherited. The default-originate command was configured directly on this address family group (indicated by [ ]). The remove-private-as command was inherited from address family group GROUP_2, which in turn inherited from address family group GROUP_3: RP/0/RSP0/CPU0:router# show bgp af-group GROUP_1 configuration af-group GROUP_1 address-family ipv4 unicast capability orf prefix-list both [a:GROUP_2] default-originate [] maximum-prefix 2500 75 warning-only [] route-policy POLICY_1 in [a:GROUP_2 a:GROUP_3] remove-private-AS [a:GROUP_2 a:GROUP_3] send-community-ebgp [a:GROUP_2] send-extended-community-ebgp [a:GROUP_2] The following example displays sample output from the show bgp af-group command using the users keyword: RP/0/RSP0/CPU0:router# show bgp af-group GROUP_2 users IPv4 Unicast: a:GROUP_1 The following example displays sample output from the show bgp af-group command using the inheritance keyword. This shows that the specified address family group GROUP_1 directly uses the GROUP_2 address family group, which in turn uses the GROUP_3 address family group: RP/0/RSP0/CPU0:router# show bgp af-group GROUP_1 inheritance IPv4 Unicast: a:GROUP_2 a:GROUP_3 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 17 Implementing BGP on Cisco ASR 9000 Series Router BGP Configurationshow bgp session-group Use the show bgp session-group command to display session groups: • Use the configuration keyword to display the effective configuration for the session group, including any settings that have been inherited from session groups used by this session group. • Use the inheritance keyword to display the session groups from which this session group is capable of inheriting configuration. • Use the users keyword to display the session groups, neighbor groups, and neighbors that inherit configuration from this session group. The output from the show bgp session-group command is based on the following session group configuration: RP/0/RSP0/CPU0:router(config)# router bgp 113 RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_1 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# use session-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# update-source Loopback 0 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# use session-group GROUP_3 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# ebgp-multihop 2 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_3 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# dmz-link-bandwidth The following issample output from the show bgp session-group command with the configuration keyword in EXEC mode: RP/0/RSP0/CPU0:router# show bgp session-group GROUP_1 configuration session-group GROUP_1 ebgp-multihop 2 [s:GROUP_2] update-source Loopback0 [] dmz-link-bandwidth [s:GROUP_2 s:GROUP_3] The following is sample output from the show bgp session-group command with the inheritance keyword showing that the GROUP_1 session group inherits session parameters from the GROUP_3 and GROUP_2 session groups: RP/0/RSP0/CPU0:router# show bgp session-group GROUP_1 inheritance Session: s:GROUP_2 s:GROUP_3 The following issample output from the show bgp session-group command with the users keyword showing that both the GROUP_1 and GROUP_2 session groupsinheritsession parametersfrom the GROUP_3 session group: RP/0/RSP0/CPU0:router# show bgp session-group GROUP_3 users Session: s:GROUP_1 s:GROUP_2 show bgp neighbor-group Use the show bgp neighbor-group command to display neighbor groups: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 18 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Configuration• Use the configuration keyword to display the effective configuration for the neighbor group, including any settings that have been inherited from neighbor groups used by this neighbor group. • Use the inheritance keyword to display the address family groups, session groups, and neighbor groups from which this neighbor group is capable of inheriting configuration. • Use the users keyword to display the neighbors and neighbor groups that inherit configuration from this neighbor group. The examples are based on the following group configuration: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_3 address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-afgrp)# remove-private-as RP/0/RSP0/CPU0:router(config-bgp-afgrp)# soft-reconfiguration inbound RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_2 address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-afgrp)# use af-group GROUP_3 RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-community-ebgp RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-extended-community-ebgp RP/0/RSP0/CPU0:router(config-bgp-afgrp)# capability orf prefix both RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_3 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# timers 30 90 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group GROUP_1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# remote-as 1982 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# use neighbor-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit RP/0/RSP0/CPU0:router(config-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# use session-group GROUP_3 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast RP/0/RSP0/CPU0:routerconfig-bgp-nbrgrp-af)# use af-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# weight 100 The following is sample output from the show bgp neighbor-group command with the configuration keyword. The configuration setting source is shown to the right of each command. In the output shown previously, the remote autonomous system is configured directly on neighbor group GROUP_1, and the send community setting isinherited from neighbor group GROUP_2, which in turn inheritsthe setting from address family group GROUP_3: RP/0/RSP0/CPU0:router# show bgp neighbor-group GROUP_1 configuration neighbor-group GROUP_1 remote-as 1982 [] timers 30 90 [n:GROUP_2 s:GROUP_3] address-family ipv4 unicast [] capability orf prefix-list both [n:GROUP_2 a:GROUP_2] remove-private-AS [n:GROUP_2 a:GROUP_2 a:GROUP_3] send-community-ebgp [n:GROUP_2 a:GROUP_2] send-extended-community-ebgp [n:GROUP_2 a:GROUP_2] soft-reconfiguration inbound [n:GROUP_2 a:GROUP_2 a:GROUP_3] weight 100 [n:GROUP_2] The following issample output from the show bgp neighbor-group command with the inheritance keyword. This output shows that the specified neighbor group GROUP_1 inherits session (address family-independent) configuration parameters from neighbor group GROUP_2. Neighbor group GROUP_2 inherits its session parameters from session group GROUP_3. It also shows that the GROUP_1 neighbor group inherits IPv4 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 19 Implementing BGP on Cisco ASR 9000 Series Router BGP Configurationunicast configuration parameters from the GROUP_2 neighbor group, which in turn inherits them from the GROUP_2 address family group, which itself inherits them from the GROUP_3 address family group: RP/0/RSP0/CPU0:router# show bgp neighbor-group GROUP_1 inheritance Session: n:GROUP-2 s:GROUP_3 IPv4 Unicast: n:GROUP_2 a:GROUP_2 a:GROUP_3 The following is sample output from the show bgp neighbor-group command with the users keyword. This output shows that the GROUP_1 neighbor group inherits session (address family-independent) configuration parameters from the GROUP_2 neighbor group. The GROUP_1 neighbor group also inherits IPv4 unicast configuration parameters from the GROUP_2 neighbor group: RP/0/RSP0/CPU0:router# show bgp neighbor-group GROUP_2 users Session: n:GROUP_1 IPv4 Unicast: n:GROUP_1 No Default Address Family BGP does notsupport the concept of a default addressfamily. An addressfamily must be explicitly configured under the BGP router configuration for the address family to be activated in BGP. Similarly, an address family must be explicitly configured under a neighbor for the BGP session to be activated under that address family. It is not required to have any addressfamily configured under the BGP router configuration level for a neighbor to be configured. However, it is a requirement to have an address family configured at the BGP router configuration level for the address family to be configured under a neighbor. Routing Policy Enforcement External BGP (eBGP) neighbors must have an inbound and outbound policy configured. If no policy is configured, no routes are accepted from the neighbor, nor are any routes advertised to it. This added security measure ensures that routes cannot accidentally be accepted or advertised in the case of a configuration omission error. This enforcement affects only eBGP neighbors (neighbors in a different autonomous system than this router). For internal BGP (iBGP) neighbors (neighbors in the same autonomous system), all routes are accepted or advertised if there is no policy. Note In the following example, for an eBGP neighbor, if all routes should be accepted and advertised with no modifications, a simple pass-all policy is configured: RP/0/RSP0/CPU0:router(config)# route-policy pass-all RP/0/RSP0/CPU0:router(config-rpl)# pass RP/0/RSP0/CPU0:router(config-rpl)# end-policy RP/0/RSP0/CPU0:router(config)# commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 20 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router No Default Address FamilyUse the route-policy (BGP) command in the neighbor address-family configuration mode to apply the pass-all policy to a neighbor. The following example shows how to allow all IPv4 unicast routes to be received from neighbor 192.168.40.42 and advertise all IPv4 unicast routes back to it: RP/0/RSP0/CPU0:router(config)# router bgp 1 RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 21 RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Use the show bgp summary command to display eBGP neighbors that do not have both an inbound and outbound policy for every active addressfamily. In the following example,such eBGP neighbors are indicated in the output with an exclamation (!) mark: RP/0/RSP0/CPU0:router# show bgp all all summary Address Family: IPv4 Unicast ============================ BGP router identifier 10.0.0.1, local AS number 1 BGP generic scan interval 60 secs BGP main routing table version 41 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RecvTblVer bRIB/RIB SendTblVer Speaker 41 41 41 Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 10.0.101.1 0 1 919 925 41 0 0 15:15:08 10 10.0.101.2 0 2 0 0 0 0 0 00:00:00 Idle Address Family: IPv4 Multicast ============================== BGP router identifier 10.0.0.1, local AS number 1 BGP generic scan interval 60 secs BGP main routing table version 1 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RecvTblVer bRIB/RIB SendTblVer Speaker 1 1 1 Some configured eBGP neighbors do not have both inbound and outbound policies configured for IPv4 Multicast address family. These neighbors will default to sending and/or receiving no routes and are marked with ’!’ in the output below. Use the ’show bgp neighbor ’ command for details. Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 10.0.101.2 0 2 0 0 0 0 0 00:00:00 Idle! Address Family: IPv6 Unicast ============================ BGP router identifier 10.0.0.1, local AS number 1 BGP generic scan interval 60 secs BGP main routing table version 2 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RecvTblVer bRIB/RIB SendTblVer Speaker 2 2 2 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 21 Implementing BGP on Cisco ASR 9000 Series Router Routing Policy EnforcementNeighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 2222::2 0 2 920 918 2 0 0 15:15:11 1 2222::4 0 3 0 0 0 0 0 00:00:00 Idle Address Family: IPv6 Multicast ============================== BGP router identifier 10.0.0.1, local AS number 1 BGP generic scan interval 60 secs BGP main routing table version 1 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RecvTblVer bRIB/RIB SendTblVer Speaker 1 1 1 Some configured eBGP neighbors do not have both inbound and outbound policies configured for IPv6 Multicast address family. These neighbors will default to sending and/or receiving no routes and are marked with ’!’ in the output below. Use the ’show bgp neighbor ’ command for details. Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 2222::2 0 2 920 918 0 0 0 15:15:11 0 2222::4 0 3 0 0 0 0 0 00:00:00 Idle! Table Policy The table policy feature in BGP allows you to configure traffic index values on routes as they are installed in the global routing table. This feature is enabled using the table-policy command and supports the BGP policy accounting feature. BGP policy accounting uses traffic indices that are set on BGP routes to track various counters. See the Implementing Routing Policy on Cisco ASR 9000 Series Router module in the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide for details on table policy use. See the Cisco Express Forwarding Commands on Cisco ASR 9000 Series Router module in the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference for details on BGP policy accounting. Table policy also provides the ability to drop routes from the RIB based on match criteria. This feature can be useful in certain applications and should be used with caution as it can easily create a routing ‘black hole’ where BGP advertises routes to neighbors that BGP does not install in its global routing table and forwarding table. Update Groups The BGP Update Groups feature contains an algorithm that dynamically calculates and optimizes update groups of neighborsthatshare outbound policies and can share the update messages. The BGP Update Groups feature separates update group replication from peer group configuration, improving convergence time and flexibility of neighbor configuration. To use this feature, you must understand the following concepts: Related Topics BGP Update Generation and Update Groups , on page 23 BGP Update Group , on page 23 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 22 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Table PolicyBGP Update Generation and Update Groups The BGP Update Groups feature separates BGP update generation from neighbor configuration. The BGP Update Groups feature introduces an algorithm that dynamically calculates BGP update group membership based on outbound routing policies. This feature does not require any configuration by the network operator. Update group-based message generation occurs automatically and independently. BGP Update Group When a change to the configuration occurs, the router automatically recalculates update group memberships and applies the changes. For the best optimization of BGP update group generation, we recommend that the network operator keeps outbound routing policy the same for neighbors that have similar outbound policies. This feature contains commands for monitoring BGP update groups. For more information about the commands, see Monitoring BGP Update Groups, on page 131. BGP Cost Community The BGP cost community is a nontransitive extended community attribute that is passed to internal BGP (iBGP) and confederation peers but not to external BGP (eBGP) peers. The cost community feature allows you to customize the local route preference and influence the best-path selection process by assigning cost values to specific routes. The extended community format defines generic points of insertion (POI) that influence the best-path decision at different points in the best-path algorithm. The cost community attribute is applied to internal routes by configuring the set extcommunity cost command in a route policy. See the Routing Policy Language Commands on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference for information on the set extcommunity cost command. The cost community set clause is configured with a cost community ID number (0–255) and cost community number (0–4294967295). The cost community number determines the preference for the path. The path with the lowest cost community number is preferred. Paths that are not specifically configured with the cost community number are assigned a default cost community number of 2147483647 (the midpoint between 0 and 4294967295) and evaluated by the best-path selection process accordingly. When two paths have been configured with the same cost community number, the path selection process prefers the path with the lowest cost community ID. The cost-extended community attribute is propagated to iBGP peers when extended community exchange is enabled. The following commands include the route-policy keyword, which you can use to apply a route policy that is configured with the cost community set clause: • aggregate-address • redistribute • network How BGP Cost Community Influences the Best Path Selection Process The cost community attribute influences the BGP best-path selection process at the point of insertion (POI). By default, the POI follows the Interior Gateway Protocol (IGP) metric comparison. When BGP receives multiple paths to the same destination, it uses the best-path selection process to determine which path is the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 23 Implementing BGP on Cisco ASR 9000 Series Router BGP Cost Communitybest path. BGP automatically makesthe decision and installsthe best path in the routing table. The POI allows you to assign a preference to a specific path when multiple equal cost paths are available. If the POI is not valid for local best-path selection, the cost community attribute is silently ignored. Cost communities are sorted first by POI then by community ID. Multiple paths can be configured with the cost community attribute for the same POI. The path with the lowest cost community ID is considered first. In other words, all cost community paths for a specific POI are considered, starting with the one with the lowest cost community. Paths that do not contain the cost community cost (for the POI and community ID being evaluated) are assigned the default community cost value (2147483647). If the cost community values are equal, then cost community comparison proceeds to the next lowest community ID for this POI. To select the path with the lower cost community, simultaneously walk through the cost communities of both paths. Thisis done by maintaining two pointersto the cost community chain, one for each path, and advancing both pointers to the next applicable cost community at each step of the walk for the given POI, in order of community ID, and stop when a best path is chosen or the comparison is a tie. At each step of the walk, the following checks are done: If neither pointer refers to a cost community, Declare a tie; Elseif a cost community is found for one path but not for the other, Choose the path with cost community as best path; Elseif the Community ID from one path is less than the other, Choose the path with the lesser Community ID as best path; Elseif the Cost from one path is less than the other, Choose the path with the lesser Cost as best path; Else Continue. Paths that are not configured with the cost community attribute are considered by the best-path selection process to have the default cost value (half of the maximum value [4294967295] or 2147483647). Note Applying the cost community attribute at the POI allows you to assign a value to a path originated or learned by a peer in any part of the local autonomous system or confederation. The cost community can be used as a “tie breaker” during the best-path selection process. Multiple instances of the cost community can be configured for separate equal cost paths within the same autonomous system or confederation. For example, a lower cost community value can be applied to a specific exit path in a network with multiple equal cost exit points, and the specific exit path is preferred by the BGP best-path selection process. See the scenario described inInfluencing Route Preference in a Multiexit IGP Network, on page 26. The cost community comparison in BGP is enabled by default. Use the bgp bestpath cost-community ignore command to disable the comparison. Note SeeBGP Best Path Algorithm, on page 28 for information on the BGP best-path selection process. Cost Community Support for Aggregate Routes and Multipaths The BGP cost community feature supports aggregate routes and multipaths. The cost community attribute can be applied to either type of route. The cost community attribute is passed to the aggregate or multipath route from component routes that carry the cost community attribute. Only unique IDs are passed, and only the highest cost of any individual component route is applied to the aggregate for each ID. If multiple component routes contain the same ID, the highest configured cost is applied to the route. For example, the following two component routes are configured with the cost community attribute using an inbound route policy: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 24 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Cost Community• 10.0.0.1 ? POI=IGP ? cost community ID=1 ? cost number=100 • 192.168.0.1 ? POI=IGP ? cost community ID=1 ? cost number=200 If these component routes are aggregated or configured as a multipath, the cost value 200 is advertised, because it has the highest cost. If one or more component routes do not carry the cost community attribute or the component routes are configured with different IDs, then the default value (2147483647) is advertised for the aggregate or multipath route. For example, the following three component routes are configured with the cost community attribute using an inbound route policy. However, the component routes are configured with two different IDs. • 10.0.0.1 ? POI=IGP ? cost community ID=1 ? cost number=100 • 172.16.0.1 ? POI=IGP ? cost community ID=2 ? cost number=100 • 192.168.0.1 ? POI=IGP ? cost community ID=1 ? cost number=200 The single advertised path includes the aggregate cost communities as follows: {POI=IGP, ID=1, Cost=2147483647} {POI-IGP, ID=2, Cost=2147483647} Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 25 Implementing BGP on Cisco ASR 9000 Series Router BGP Cost CommunityInfluencing Route Preference in a Multiexit IGP Network This figure shows an IGP network with two autonomous system boundary routers (ASBRs) on the edge. Each ASBR has an equal cost path to network 10.8/16. Figure 1: Multiexit Point IGP Network Both paths are considered to be equal by BGP. If multipath loadsharing is configured, both pathsto the routing table are installed and are used to balance the load of traffic. If multipath load balancing is not configured, the BGP selects the path that was learned first as the best path and installs this path to the routing table. This behavior may not be desirable under some conditions. For example, the path is learned from ISP1 PE2 first, but the link between ISP1 PE2 and ASBR1 is a low-speed link. The configuration of the cost community attribute can be used to influence the BGP best-path selection process by applying a lower-cost community value to the path learned by ASBR2. For example, the following configuration is applied to ASBR2: RP/0/RSP0/CPU0:router(config)# route-policy ISP2_PE1 RP/0/RSP0/CPU0:router(config-rpl)# set extcommunity cost (1:1) The preceding route policy applies a cost community number of 1 to the 10.8.0.0 route. By default, the path learned from ASBR1 is assigned a cost community number of 2147483647. Because the path learned from ASBR2 has a lower-cost community number, the path is preferred. BGP Cost Community Support for EIGRP MPLS VPN PE-CE with Back-door Links Back-door links in an EIGRP MPLS VPN topology is preferred by BGP if the back-door link is learned first. (A back-door link, or route, is a connection that is configured outside of the VPN between a remote and main site; for example, a WAN leased line that connects a remote site to the corporate network.) The “prebest path” point of insertion (POI) in the BGP cost community feature supports mixed EIGRP VPN network topologies that contain VPN and back-door links. This POI is applied automatically to EIGRP routes that are redistributed into BGP. The “prebest path” POI carries the EIGRP route type and metric. This POI influencesthe best-path calculation process by influencing BGP to consider the POI before any other comparison step. No configuration is required. This feature is enabled automatically for EIGRP VPN sites when Cisco IOS XR software is installed on a PE, CE, or back-door router. For information about configuring EIGRP MPLS VPNs,see the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 26 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Cost CommunityThis figure shows how cost community can be used to support backdoor links in a network. Figure 2: Network Showing How Cost Community Can be Used to Support Backdoor Links The following sequence of events happens in PE1: 1 PE1 learns IPv4 prefix 10.1.1.0/24 from CE1 through EIGRP running a virtual routing and forwarding (VRF) instance. EIGRP selects and installs the best path in the RIB. It also encodes the cost-extended community and adds the information to the RIB. 2 The route is redistributed into BGP (assuming that IGP-to-BGP redistribution is configured). BGP also receives the cost-extended community from the route through the redistribution process. 3 After BGP has determined the best path for the newly redistributed prefix, the path is advertised to PE peers (PE2). 4 PE2 receives the BGP VPNv4 prefix route_distinguisher:10.1.1.0/24 along with the cost community. It is likely that CE2 advertises the same prefix (because of the back-door link between CE1 and CE2) to PE2 through EIGRP. PE2 BGP would have already learned the CE route through the redistribution process along with the cost community value 5 PE2 has two paths within BGP: one with cost community cost1 through multipath BGP (PE1) and another with cost community cost2 through the EIGRP neighbor (CE2). 6 PE2 runs the enhanced BGP best-path calculation. 7 PE2 installs the best path in the RIB passing the appropriate cost community value. 8 PE2 RIB has two paths for 10.1.1.0/24: one with cost community cost2 added by EIGRP and another with the cost community cost1 added by BGP. Because both the route paths have cost community, RIB compares the costs first. The BGP path has the lower cost community, so it is selected and downloaded to the RIB. 9 PE2 RIB redistributes the BGP path into EIGRP with VRF. EIGRP runs a diffusing update algorithm (DUAL) because there are two paths, and selects the BGP-redistributed path. 10 PE2 EIGRP advertises the path to CE2 making the path the next hop for the prefix to send the traffic over the MPLS network. Adding Routes to the Routing Information Base If a nonsourced path becomes the best path after the best-path calculation, BGP adds the route to the Routing Information Base (RIB) and passes the cost communities along with the other IGP extended communities. When a route with paths is added to the RIB by a protocol, RIB checks the current best paths for the route and the added pathsfor cost extended communities. If cost-extended communities are found, the RIB compares Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 27 Implementing BGP on Cisco ASR 9000 Series Router BGP Cost Communitythe set of cost communities. If the comparison does not result in a tie, the appropriate best path is chosen. If the comparison results in a tie, the RIB proceeds with the remaining steps of the best-path algorithm. If a cost community is not present in either the current best paths or added paths, then the RIB continues with the remaining steps of the best-path algorithm. See BGP Best Path Algorithm, on page 28 for information on the BGP best-path algorithm. BGP Best Path Algorithm BGP routerstypically receive multiple pathsto the same destination. The BGP best-path algorithm determines the best path to install in the IP routing table and to use for forwarding traffic. This section describes the Cisco IOS XR software implementation of BGP best-path algorithm, as specified in Section 9.1 of the Internet Engineering Task Force (IETF) Network Working Group draft-ietf-idr-bgp4-24.txt document. The BGP best-path algorithm implementation is in three parts: • Part 1—Compares two paths to determine which is better. • Part 2—Iterates over all paths and determines which order to compare the paths to select the overall best path. • Part 3—Determines whether the old and new best paths differ enough so that the new best path should be used. The order of comparison determined by Part 2 is important because the comparison operation is not transitive; that is, if three paths, A, B, and C exist, such that when A and B are compared, A is better, and when B and C are compared, B is better, it is not necessarily the case that when A and C are compared, A is better. This nontransitivity arises because the multi exit discriminator (MED) is compared only among paths from the same neighboring autonomous system (AS) and not among all paths. Note Comparing Pairs of Paths Perform the following steps to compare two paths and determine the better path: 1 If either path isinvalid (for example, a path hasthe maximum possible MED value or it has an unreachable next hop), then the other path is chosen (provided that the path is valid). 2 If the paths have unequal pre-bestpath cost communities, the path with the lower pre-bestpath cost community is selected as the best path. Note See BGP Cost Community, on page 23 for details on how cost communities are compared. 3 If the paths have unequal weights, the path with the highest weight is chosen. The weight is entirely local to the router, and can be set with the weight command or using a routing policy. Note Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 28 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Best Path Algorithm4 If the paths have unequal local preferences, the path with the higher local preference is chosen. If a local preference attribute was received with the path or was set by a routing policy, then that value is used in this comparison. Otherwise, the default local preference value of 100 is used. The default value can be changed using the bgp default local-preference command. Note 5 If one of the paths is a redistributed path, which results from a redistribute or network command, then it is chosen. Otherwise, if one of the paths is a locally generated aggregate, which results from an aggregate-address command, it is chosen. Note Step 1 through Step 4 implement the “Path Selection with BGP”of RFC 1268. 6 If the paths have unequal AS path lengths, the path with the shorter AS path is chosen. This step is skipped if bgp bestpath as-path ignore command is configured. Note When calculating the length of the AS path, confederation segments are ignored, and AS sets count as 1. eiBGP specifies internal and external BGP multipath peers. eiBGP allows simultaneous use of internal and external paths. Note 7 If the paths have different origins, the path with the lower origin is selected. Interior Gateway Protocol (IGP) is considered lower than EGP, which is considered lower than INCOMPLETE. 8 If appropriate, the MED of the paths is compared. If they are unequal, the path with the lower MED is chosen. A number of configuration options exist that affect whether or not this step is performed. In general, the MED is compared if both paths were received from neighbors in the same AS; otherwise the MED comparison is skipped. However, this behavior is modified by certain configuration options, and there are also some corner cases to consider. If the bgp bestpath med always command is configured, then the MED comparison is always performed, regardless of neighbor AS in the paths. Otherwise, MED comparison depends on the AS paths of the two paths being compared, as follows: • If a path has no AS path or the AS path starts with an AS_SET, then the path is considered to be internal, and the MED is compared with other internal paths. • If the AS path starts with an AS_SEQUENCE, then the neighbor AS is the first AS number in the sequence, and the MED is compared with other paths that have the same neighbor AS. • If the AS path contains only confederation segments or starts with confederation segments followed by an AS_SET, then the MED is not compared with any other path unless the bgp bestpath med confed command is configured. In that case, the path is considered internal and the MED is compared with other internal paths. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 29 Implementing BGP on Cisco ASR 9000 Series Router BGP Best Path Algorithm• If the AS path starts with confederation segmentsfollowed by an AS_SEQUENCE, then the neighbor AS is the first AS number in the AS_SEQUENCE, and the MED is compared with other paths that have the same neighbor AS. If no MED attribute wasreceived with the path, then the MED is considered to be 0 unlessthe bgp bestpath med missing-as-worst command is configured. In that case, if no MED attribute was received, the MED is considered to be the highest possible value. Note 9 If one path is received from an external peer and the other is received from an internal (or confederation) peer, the path from the external peer is chosen. 10 If the paths have different IGP metrics to their next hops, the path with the lower IGP metric is chosen. 11 If the paths have unequal IP cost communities, the path with the lower IP cost community is selected as the best path. Note See the BGP Cost Community, on page 23 for details on how cost communities are compared. 12 If all path parameters in Step 1 through Step 10 are the same, then the router IDs are compared. If the path was received with an originator attribute, then that is used as the router ID to compare; otherwise, the router ID of the neighbor from which the path was received is used. If the paths have different router IDs, the path with the lower router ID is chosen. Where the originator is used as the router ID, it is possible to have two paths with the same router ID. It is also possible to have two BGP sessions with the same peer router, and therefore receive two paths with the same router ID. Note 13 If the paths have different cluster lengths, the path with the shorter cluster length is selected. If a path was not received with a cluster list attribute, it is considered to have a cluster length of 0. 14 Finally, the path received from the neighbor with the lower IP address is chosen. Locally generated paths (for example, redistributed paths) are considered to have a neighbor IP address of 0. Order of Comparisons The second part of the BGP best-path algorithm implementation determines the order in which the paths should be compared. The order of comparison is determined as follows: 1 The paths are partitioned into groups such that within each group the MED can be compared among all paths. The same rules as in Comparing Pairs of Paths, on page 28 are used to determine whether MED can be compared between any two paths. Normally, this comparison resultsin one group for each neighbor AS. If the bgp bestpath med always command is configured, then there is just one group containing all the paths. 2 The best path in each group is determined. Determining the best path is achieved by iterating through all pathsin the group and keeping track of the best one seen so far. Each path is compared with the best-so-far, and if it is better, it becomes the new best-so-far and is compared with the next path in the group. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 30 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Best Path Algorithm3 A set of paths is formed containing the best path selected from each group in Step 2. The overall best path is selected from this set of paths, by iterating through them as in Step 2. Best Path Change Suppression The third part of the implementation is to determine whether the best-path change can be suppressed or not—whether the new best path should be used, or continue using the existing best path. The existing best path can continue to be used if the new one is identical to the point at which the best-path selection algorithm becomes arbitrary (if the router-id is the same). Continuing to use the existing best path can avoid churn in the network. This suppression behavior does not comply with the IETF Networking Working Group draft-ietf-idr-bgp4-24.txt document, but is specified in the IETF Networking Working Group draft-ietf-idr-avoid-transition-00.txt document. Note The suppression behavior can be turned off by configuring the bgp bestpath compare-routerid command. If this command is configured, the new best path is always preferred to the existing one. Otherwise, the following steps are used to determine whether the best-path change can be suppressed: 1 If the existing best path is no longer valid, the change cannot be suppressed. 2 If either the existing or new best paths were received from internal (or confederation) peers or were locally generated (for example, by redistribution), then the change cannot be suppressed. That is, suppression is possible only if both paths were received from external peers. 3 If the paths were received from the same peer (the paths would have the same router-id), the change cannot be suppressed. The router ID is calculated using rules in Comparing Pairs of Paths, on page 28. 4 If the paths have different weights, local preferences, origins, or IGP metrics to their next hops, then the change cannot be suppressed. Note that all these values are calculated using the rules in Comparing Pairs of Paths, on page 28. 5 If the paths have different-length AS paths and the bgp bestpath as-path ignore command is not configured, then the change cannot be suppressed. Again, the AS path length is calculated using the rulesin Comparing Pairs of Paths, on page 28. 6 If the MED of the paths can be compared and the MEDs are different, then the change cannot be suppressed. The decision as to whether the MEDs can be compared is exactly the same as the rules in Comparing Pairs of Paths, on page 28, as is the calculation of the MED value. 7 If all path parameters in Step 1 through Step 6 do not apply, the change can be suppressed. Administrative Distance An administrative distance is a rating of the trustworthiness of a routing information source. In general, the higher the value, the lower the trust rating. For information on specifying the administrative distance for BGP, see the BGP Commands module of the Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference Normally, a route can be learned through more than one protocol. Administrative distance is used to discriminate between routes learned from more than one protocol. The route with the lowest administrative distance is Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 31 Implementing BGP on Cisco ASR 9000 Series Router Administrative Distanceinstalled in the IP routing table. By default, BGP uses the administrative distances shown in Table 2: BGP Default Administrative Distances, on page 32. Table 2: BGP Default Administrative Distances Distance Default Value Function Applied to routes learned from eBGP. External 20 Applied to routes learned from iBGP. Internal 200 Applied to routes originated by the router. Local 200 Distance does not influence the BGP path selection algorithm, but it does influence whether BGP-learned routes are installed in the IP routing table. Note In most cases, when a route is learned through eBGP, it is installed in the IP routing table because of its distance (20). Sometimes, however, two ASs have an IGP-learned back-door route and an eBGP-learned route. Their policy might be to use the IGP-learned path as the preferred path and to use the eBGP-learned path when the IGP path is down. See Figure 3: Back Door Example , on page 32. Figure 3: Back Door Example In Figure 3: Back Door Example , on page 32, Routers A and C and Routers B and C are running eBGP. Routers A and B are running an IGP (such as Routing Information Protocol [RIP], Interior Gateway Routing Protocol [IGRP], Enhanced IGRP, or Open Shortest Path First [OSPF]). The default distances for RIP, IGRP, Enhanced IGRP, and OSPF are 120, 100, 90, and 110, respectively. All these distances are higher than the default distance of eBGP, which is 20. Usually, the route with the lowest distance is preferred. Router A receives updates about 160.10.0.0 from two routing protocols: eBGP and IGP. Because the default distance for eBGP is lower than the default distance of the IGP, Router A chooses the eBGP-learned route Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 32 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Administrative Distancefrom Router C. If you want Router A to learn about 160.10.0.0 from Router B (IGP), establish a BGP back door. See . In the following example, a network back-door is configured: RP/0/RSP0/CPU0:router(config)# router bgp 100 RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)# network 160.10.0.0/16 backdoor Router A treats the eBGP-learned route as local and installs it in the IP routing table with a distance of 200. The network is also learned through Enhanced IGRP (with a distance of 90), so the Enhanced IGRP route is successfully installed in the IP routing table and is used to forward traffic. If the Enhanced IGRP-learned route goes down, the eBGP-learned route is installed in the IP routing table and is used to forward traffic. Although BGP treats network 160.10.0.0 as a local entry, it does not advertise network 160.10.0.0 asit normally would advertise a local entry. Multiprotocol BGP Multiprotocol BGP is an enhanced BGP that carries routing information for multiple network layer protocols and IP multicast routes. BGP carries two sets of routes, one set for unicast routing and one set for multicast routing. The routes associated with multicast routing are used by the Protocol Independent Multicast (PIM) feature to build data distribution trees. Multiprotocol BGP is useful when you want a link dedicated to multicast traffic, perhaps to limit which resources are used for which traffic. Multiprotocol BGP allows you to have a unicast routing topology different from a multicast routing topology providing more control over your network and resources. In BGP, the only way to perform interdomain multicast routing was to use the BGP infrastructure that was in place for unicast routing. Perhaps you want all multicast traffic exchanged at one network access point (NAP). If those routers were not multicast capable, or there were differing policies for which you wanted multicast traffic to flow, multicast routing could not be supported without multiprotocol BGP. It is possible to configure BGP peers that exchange both unicast and multicast network layer reachability information (NLRI), but you cannot connect multiprotocol BGP clouds with a BGP cloud. That is, you cannot redistribute multiprotocol BGP routes into BGP. Note Figure 4: Noncongruent Unicast and Multicast Routes, on page 34 illustrates simple unicast and multicast topologies that are incongruent, and therefore are not possible without multiprotocol BGP. Autonomous systems 100, 200, and 300 are each connected to two NAPs that are FDDI rings. One is used for unicast peering (and therefore the exchange of unicast traffic). The Multicast Friendly Interconnect (MFI) Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 33 Implementing BGP on Cisco ASR 9000 Series Router Multiprotocol BGPring is used for multicast peering (and therefore the exchange of multicast traffic). Each router is unicast and multicast capable. Figure 4: Noncongruent Unicast and Multicast Routes Figure 5: Multicast BGP Environment, on page 35 is a topology of unicast-only routers and multicast-only routers. The two routers on the left are unicast-only routers (that is, they do not support or are not configured to perform multicast routing). The two routers on the right are multicast-only routers. Routers A and B support both unicast and multicast routing. The unicast-only and multicast-only routers are connected to a single NAP. In Figure 5: Multicast BGP Environment, on page 35, only unicast traffic can travel from Router A to the unicast routers to Router B and back. Multicast traffic could not flow on that path, so another routing table is required. Multicast traffic uses the path from Router A to the multicast routers to Router B and back. Figure 5: Multicast BGP Environment, on page 35 illustrates a multiprotocol BGP environment with a separate unicast route and multicast route from Router A to Router B. Multiprotocol BGP allows these routes to be incongruent. Both of the autonomous systems must be configured for internal multiprotocol BGP (IMBGP) in the figure. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 34 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Multiprotocol BGPA multicast routing protocol,such as PIM, usesthe multicast BGP database to perform Reverse Path Forwarding (RPF) lookupsfor multicast-capable sources. Thus, packets can be sent and accepted on the multicast topology but not on the unicast topology. Figure 5: Multicast BGP Environment Route Dampening Route dampening is a BGP feature that minimizes the propagation of flapping routes across an internetwork. A route is considered to be flapping when it is repeatedly available, then unavailable, then available, then unavailable, and so on. For example, consider a network with three BGP autonomous systems: autonomous system 1, autonomous system 2, and autonomoussystem 3. Suppose the route to network A in autonomoussystem 1 flaps(it becomes unavailable). Under circumstances without route dampening, the eBGP neighbor of autonomous system 1 to autonomous system 2 sends a withdraw message to autonomous system 2. The border router in autonomous system 2, in turn, propagates the withdrawal message to autonomous system 3. When the route to network A reappears, autonomous system 1 sends an advertisement message to autonomous system 2, which sends it to autonomous system 3. If the route to network A repeatedly becomes unavailable, then available, many withdrawal and advertisement messages are sent. Route flapping is a problem in an internetwork connected to the Internet, because a route flap in the Internet backbone usually involves many routes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 35 Implementing BGP on Cisco ASR 9000 Series Router Route DampeningMinimizing Flapping The route dampening feature minimizes the flapping problem as follows. Suppose again that the route to network A flaps. The router in autonomous system 2 (in which route dampening is enabled) assigns network A a penalty of 1000 and moves it to history state. The router in autonomous system 2 continues to advertise the status of the route to neighbors. The penalties are cumulative. When the route flaps so often that the penalty exceeds a configurable suppression limit, the router stops advertising the route to network A, regardless of how many times it flaps. Thus, the route is dampened. The penalty placed on network A is decayed until the reuse limit is reached, upon which the route is once again advertised. At half of the reuse limit, the dampening information for the route to network A is removed. No penalty is applied to a BGP peer reset when route dampening is enabled, even though the reset withdraws the route. Note BGP Routing Domain Confederation One way to reduce the iBGP mesh is to divide an autonomous system into multiple subautonomous systems and group them into a single confederation. To the outside world, the confederation looks like a single autonomous system. Each autonomous system is fully meshed within itself and has a few connections to other autonomous systems in the same confederation. Although the peers in different autonomous systems have eBGP sessions, they exchange routing information as if they were iBGP peers. Specifically, the next hop, MED, and local preference information is preserved. This feature allows you to retain a single IGP for all of the autonomous systems. BGP Route Reflectors BGP requires that all iBGP speakers be fully meshed. However, this requirement does not scale well when there are many iBGP speakers. Instead of configuring a confederation, you can reduce the iBGP mesh by using a route reflector configuration. Figure 6: Three Fully Meshed iBGP Speakers, on page 37 illustrates a simple iBGP configuration with three iBGP speakers(routers A, B, and C). Without route reflectors, when Router A receives a route from an external neighbor, it must advertise it to both routers B and C. Routers B and C do not readvertise the iBGP learned Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 36 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Routing Domain Confederationroute to other iBGP speakers because the routers do not pass on routes learned from internal neighbors to other internal neighbors, thus preventing a routing information loop. Figure 6: Three Fully Meshed iBGP Speakers With route reflectors, all iBGP speakers need not be fully meshed because there is a method to pass learned routes to neighbors. In this model, an iBGP peer is configured to be a route reflector responsible for passing iBGP learned routes to a set of iBGP neighbors. In Figure 7: Simple BGP Model with a Route Reflector, on page 38 , Router B is configured as a route reflector. When the route reflector receives routes advertised from Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 37 Implementing BGP on Cisco ASR 9000 Series Router BGP Route ReflectorsRouter A, it advertisesthem to Router C, and vice versa. Thisscheme eliminatesthe need for the iBGP session between routers A and C. Figure 7: Simple BGP Model with a Route Reflector The internal peers of the route reflector are divided into two groups: client peers and all other routers in the autonomous system (nonclient peers). A route reflector reflects routes between these two groups. The route reflector and its client peers form a cluster. The nonclient peers must be fully meshed with each other, but the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 38 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Route Reflectorsclient peers need not be fully meshed. The clients in the cluster do not communicate with iBGP speakers outside their cluster. Figure 8: More Complex BGP Route Reflector Model Figure 8: More Complex BGP Route Reflector Model, on page 39 illustrates a more complex route reflector scheme. Router A is the route reflector in a cluster with routers B, C, and D. Routers E, F, and G are fully meshed, nonclient routers. When the route reflector receives an advertised route, depending on the neighbor, it takesthe following actions: • A route from an external BGP speaker is advertised to all clients and nonclient peers. • A route from a nonclient peer is advertised to all clients. • A route from a client is advertised to all clients and nonclient peers. Hence, the clients need not be fully meshed. Along with route reflector-aware BGP speakers, it is possible to have BGP speakers that do not understand the concept of route reflectors. They can be members of either client or nonclient groups, allowing an easy and gradual migration from the old BGP model to the route reflector model. Initially, you could create a single cluster with a route reflector and a few clients. All other iBGP speakers could be nonclient peers to the route reflector and then more clusters could be created gradually. An autonomous system can have multiple route reflectors. A route reflector treats other route reflectors just like other iBGP speakers. A route reflector can be configured to have other route reflectors in a client group or nonclient group. In a simple configuration, the backbone could be divided into many clusters. Each route Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 39 Implementing BGP on Cisco ASR 9000 Series Router BGP Route Reflectorsreflector would be configured with other route reflectors as nonclient peers (thus, all route reflectors are fully meshed). The clients are configured to maintain iBGP sessions with only the route reflector in their cluster. Usually, a cluster of clients has a single route reflector. In that case, the cluster is identified by the router ID of the route reflector. To increase redundancy and avoid a single point of failure, a cluster might have more than one route reflector. In this case, all route reflectors in the cluster must be configured with the cluster ID so that a route reflector can recognize updates from route reflectors in the same cluster. All route reflectors serving a cluster should be fully meshed and all of them should have identical sets of client and nonclient peers. By default, the clients of a route reflector are not required to be fully meshed and the routes from a client are reflected to other clients. However, if the clients are fully meshed, the route reflector need not reflect routes to clients. As the iBGP learned routes are reflected, routing information may loop. The route reflector model has the following mechanisms to avoid routing loops: • Originator ID is an optional, nontransitive BGP attribute. It is a 4-byte attributed created by a route reflector. The attribute carriesthe router ID of the originator of the route in the local autonomoussystem. Therefore, if a misconfiguration causesrouting information to come back to the originator, the information is ignored. • Cluster-list is an optional, nontransitive BGP attribute. It is a sequence of cluster IDs that the route has passed. When a route reflector reflects a route from its clients to nonclient peers, and vice versa, it appends the local cluster ID to the cluster-list. If the cluster-list is empty, a new cluster-list is created. Using this attribute, a route reflector can identify if routing information is looped back to the same cluster due to misconfiguration. If the local cluster ID is found in the cluster-list, the advertisement is ignored. Default Address Family for show Commands Most of the show commands provide address family (AFI) and subaddress family (SAFI) arguments (see RFC 1700 and RFC 2858 for information on AFI and SAFI). The Cisco IOS XR software parser provides the ability to set the afi and safi so that it is not necessary to specify them while running a show command. The parser commands are: • set default-afi { ipv4 | ipv6 | all } • set default-safi { unicast | multicast | all } The parser automatically sets the default afi value to ipv4 and default safi value to unicast . It is necessary to use only the parser commands to change the default afi value from ipv4 or default safi value from unicast . Any afi or safi keyword specified in a show command overrides the values set using the parser commands. Use the following show default-afi-safi-vrf command to check the currently set value of the afi and safi. Distributed BGP Distributed BGP splits BGP functionality into three process types: • BGP process manager—Responsible for verifying configuration changes and for calculating and publishing the distribution of neighbors among BGP speaker processes. There is a single instance of this process. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 40 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Default Address Family for show Commands• bRIB process—Responsible for performing the best-path calculation of routes (receives partial best paths from the speaker). The best route is installed into the bRIB and is advertised back to all speakers. See the BGP Best Path Algorithm, on page 28 for information on best-path calculation. The bRIB process is also responsible for installing routes in the RIB, and for handling routes redistributed from the RIB. To accommodate route leaking from one RIB to another, bRIB may register for redistribution from multiple RIB routes into a single route in the bRIB process. There is a single instance of this process for each address family. • BGP speaker process—Responsible for handling all BGP connections to peers. The speaker stores received paths in the RIB and performs a partial best-path calculation, advertising the partial best paths to the bRIB (limited best-path calculation). Speakers perform a limited best-path calculation because to compare Multi Exit Discriminators (MEDs), paths need to be compared from the same AS but may not be received on the same speaker. Because BGP speakers do not have access to the entire BGP local RIB, BGP speakers can perform only a limited best-path calculation. (These are Step 1 through Step 7 in the BGP Best Path Algorithm, on page 28.) Only the best paths are advertised to the bRIB to reduce speaker/bRIB interprocess communications (IPC) and to reduce the number of paths to be processed in the bRIB. BGP speakers can only mark a path as active only after learning the result of the full best-path calculation from the bRIB. Neighbor import and export policies are imposed by the speaker. If the bgp bestpath med always command is enabled, complete best-path calculation happens inside speaker process. When the bgp bestpath med always command is not enabled,speakers calculate partial best paths only (performs the best-path steps up to the MED comparison) and send them to bRIB. bRIB calculatesthe final best path (performs all the stepsin the best-path calculation).When the bgp bestpath med always command is enabled, speakers can compare the MED across all ASs, allowing the speaker to calculate a single best path to send it to bRIB. bRIB is the ultimate process that calculates the final best path, but when the bgp bestpath med always command is enabled, the speakers send a single best path instead of potentially sending multiple partial best paths. There are multiple instances of this process in which each instance is responsible for a subset of BGP peer connections. Up to a total 15 speakers for all address families and one bRIB for each address family (IPv4, IPv6, and VPNv4) are supported. Distributed BGP is used to reduce the impact that a fault in one address family has on another address family. For example, you can have one speaker with only IPv6 neighbors (peering to IPv6 addresses) and a separate speaker with only IPv4 neighbors (peering to IPv4 addresses), and yet another speaker with only VPNv4 provider edge (PE) or customer edge (CE) neighbors (peering to IPv4 addresses distinct from the non-VPN neighbors). In this scenario, there is no overlap in processes (bgp, brib, and rib) between IPv4, IPv6, and VPNv4. Therefore, a bgp, brib, or rib process crash affects only one address family. Distributed BGP also allows more CPU capacity for receiving, computing, and sending BGP routing updates. When in distributed BGP mode, you can control the number of distributed speakers that are enabled, as well as which neighbors are assigned to each speaker. If no distributed speakers are enabled, BGP operates in standalone mode. If at least one distributed speaker is enabled, BGP operates in distributed mode. MPLS VPN Carrier Supporting Carrier Carrier supporting carrier (CSC) is a term used to describe a situation in which one service provider allows another service provider to use a segment of its backbone network. The service provider that provides the segment of the backbone network to the other provider is called the backbone carrier. The service provider that uses the segment of the backbone network is called the customer carrier. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 41 Implementing BGP on Cisco ASR 9000 Series Router MPLS VPN Carrier Supporting CarrierA backbone carrier offers Border Gateway Protocol and Multiprotocol Label Switching (BGP/MPLS) VPN services. The customer carrier can be either: • An Internet service provider (ISP) (By definition, an ISP does not provide VPN service.) • A BGP/MPLS VPN service provider You can configure a CSC network to enable BGP to transport routes and MPLS labels between the backbone carrier provider edge (PE) routers and the customer carrier customer edge (CE) routers using multiple paths. The benefits of using BGP to distribute IPv4 routes and MPLS label routes are: • BGP takes the place of an Interior Gateway Protocol (IGP) and Label Distribution Protocol (LDP) in a VPN routing and forwarding (VRF) table. You can use BGP to distribute routes and MPLS labels. Using a single protocol instead of two simplifies the configuration and troubleshooting. • BGP is the preferred routing protocol for connecting two ISPs, mainly because of its routing policies and ability to scale. ISPs commonly use BGP between two providers. This feature enables those ISPs to use BGP. For detailed information on configuring MPLS VPN CSC with BGP, see the Implementing MPLS Layer 3 VPNs on Cisco ASR 9000 Series Router module of the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide. BGP Keychains BGP keychains enable keychain authentication between two BGP peers. The BGP endpoints must both comply with draft-bonica-tcp-auth-05.txt and a keychain on one endpoint and a password on the other endpoint does not work. See the Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide for information on keychain management. BGP is able to use the keychain to implement hitless key rollover for authentication. Key rolloverspecification is time based, and in the event of clock skew between the peers, the rollover process is impacted. The configurable tolerance specification allows for the accept window to be extended (before and after) by that margin. This accept window facilitates a hitless key rollover for applications (for example, routing and management protocols). The key rollover does not impact the BGP session, unless there is a keychain configuration mismatch at the endpoints resulting in no common keys for the session traffic (send or accept). BGP Nonstop Routing The Border Gateway Protocol (BGP) Nonstop Routing (NSR) with Stateful Switchover (SSO) feature enables all bgp peerings to maintain the BGP state and ensure continuous packet forwarding during events that could interrupt service. Under NSR, events that might potentially interrupt service are not visible to peer routers. Protocolsessions are not interrupted and routing states are maintained across processrestarts and switchovers. BGP NSR provides nonstop routing during the following events: • Route processor switchover • Process crash or process failure of BGP or TCP Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 42 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP KeychainsIn case of process crash or process failure, NSR will be maintained only if nsr process-failures switchover command is configured. In the event of process failures of active instances, the nsr process-failuresswitchover configuresfailover as a recovery action and switches over to a standby route processor (RP) or a standby distributed route processor (DRP) thereby maintaining NSR. The nsr process-failures switchover command maintains both the NSR and BGP sessions in the event of a BGP or TCP process restart. Without configuring the nsr process-failures switchover, restarting the BGP or TCP process causes BGP flap. This is an expected behavior. Note During route processor switchover and In-Service System Upgrade (ISSU), NSR is achieved by stateful switchover (SSO) of both TCP and BGP. NSR does not force any software upgrades on other routers in the network, and peer routers are not required to support NSR. When a route processor switchover occurs due to a fault, the TCP connections and the BGP sessions are migrated transparently to the standby route processor, and the standby route processor becomes active. The existing protocol state is maintained on the standby route processor when it becomes active, and the protocol state does not need to be refreshed by peers. Events such as soft reconfiguration and policy modifications can trigger the BGP internal state to change. To ensure state consistency between active and standby BGP processes during such events, the concept of post-it is introduced that act as synchronization points. BGP NSR provides the following features: • NSR-related alarms and notifications • Configured and operational NSR states are tracked separately • NSR statistics collection • NSR statistics display using show commands • XML schema support • Auditing mechanisms to verify state synchronization between active and standby instances • CLI commands to enable and disable NSR • Support for 5000 NSR sessions BGP Prefix Independent Convergence Unipath Primary/Backup The Border Gateway Protocol Prefix Independent Convergence Unipath (BGP PIC Unipath) primary/backup feature provides the capability to install a backup path into the forwarding table. Installing the backup path provides prefix independent convergence in the event of a primary PE–CE link failure. The primary/backup path provides a mechanism for BGP to determine a backup best path. The backup best path acts as a backup to the overall best path, which is the primary best path. BGP programs both the paths into the Forwarding Information Base (FIB). The procedure to determine the backup best path is as follows: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 43 Implementing BGP on Cisco ASR 9000 Series Router BGP Prefix Independent Convergence Unipath Primary/Backup1 Determine the best path from the entire set of paths available for a prefix. 2 Eliminate the current best path. 3 Eliminate all the paths that have the same next hop as that of the current best path. 4 Rerun the best path algorithm on the remaining set of paths to determine the backup best path. The PE-CE local convergence is in the order of four to five seconds for 10000 prefixes. Installing a backup path on the linecards, so that the Forwarding Information Base (FIB) can immediately switch to an alternate path, in the event of a primary PE-CE link failure reduces the convergence time. In the case of primary PE-CE link failure, the FIB starts forwarding the received traffic towards the backup PE. FIB will continue forwarding the received traffic towards the backup PE for the duration of the network convergence. Since the approach of using a backup path is independent to the prefixes, Prefix Independent Convergence Unipath functionality provides a prefix independent sub second convergence. The additional-paths selection command installs the backup path in the Forwarding Information Base (FIB) to enable primary backup path. BGP Local Label Retention When a primary PE-CE link fails, BGP withdraws the route corresponding to the primary path along with its local label and programsthe backup path in the Routing Information Base (RIB) and the Forwarding Information Base (FIB), by default. However, until all the internal peers of the primary PE reconverge to use the backup path as the new bestpath, the traffic continues to be forwarded to the primary PE with the local label that was allocated for the primary path. Hence the previously allocated local label for the primary path must be retained on the primary PE for some configurable time after the reconvergence. BGP Local Label Retention feature enables the retention of the local label for a specified period. If no time is specified, the local lable is retained for a default value of five minutes. The retain local-label command enables the retention of the local label until the network is converged. Command Line Interface (CLI) Consistency for BGP Commands From Cisco IOS XR Release 3.9.0 onwards, the Border Gateway Protocol (BGP) commands use disable keyword to disable a feature. The keyword inheritance-disable disables the inheritance of the feature properties from the parent level. BGP Additional Paths The Border Gateway Protocol (BGP) Additional Paths feature modifies the BGP protocol machinery for a BGP speaker to be able to send multiple paths for a prefix. This gives 'path diversity' in the network. The add path enables BGP prefix independent convergence (PIC) at the edge routers. BGP add path enables add path advertisement in an iBGP network and advertises the following types of paths for a prefix: • Backup paths—to enable fast convergence and connectivity restoration. • Group-best paths—to resolve route oscillation. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 44 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Local Label Retention• All paths—to emulate an iBGP full-mesh. Add path is not be supported with MDT, tunnel, and L2VPN addressfamilies and eBGP peerings. Note iBGP Multipath Load Sharing When a Border Gateway Protocol (BGP)speaking router that has no local policy configured, receives multiple network layer reachability information (NLRI) from the internal BGP (iBGP) for the same destination, the router will choose one iBGP path as the best path. The best path is then installed in the IP routing table of the router. The iBGP Multipath Load Sharing feature enables the BGP speaking router to select multiple iBGP paths as the best paths to a destination. The best paths or multipaths are then installed in the IP routing table of the router. When there are multiple border BGP routers having reachability information heard over eBGP, if no local policy is applied, the border routers will choose their eBGP paths as best. They advertise that bestpath inside the ISP network. For a core router, there can be multiple paths to the same destination, but it will select only one path as best and use that path for forwarding. iBGP multipath load sharing adds the ability to enable load sharing among multiple equi-distant paths. Configuring multiple iBGP best paths enables a router to evenly share the traffic destined for a particular site. The iBGP Multipath Load Sharing feature functions similarly in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) with a service provider backbone. For multiple paths to the same destination to be considered as multipaths, the following criteria must be met: • All attributes must be the same. The attributes include weight, local preference, autonomous system path (entire attribute and not just length), origin code, Multi Exit Discriminator (MED), and Interior Gateway Protocol (iGP) distance. • The next hop router for each multipath must be different. Even if the criteria are met and multiple paths are considered multipaths, the BGP speaking router will still designate one of the multipaths as the best path and advertise this best path to its neighbors. Accumulated Interior Gateway Protocol Attribute The Accumulated Interior Gateway Protocol (AiGP)Attribute is an optional non-transitive BGP Path Attribute. The attribute type code for the AiGP Attribute isto be assigned by IANA. The value field of the AiGP Attribute is defined as a set of Type/Length/Value elements (TLVs). The AiGP TLV contains the Accumulated IGP Metric. The AiGP feature is required in the 3107 network to simulate the current OSPF behavior of computing the distance associated with a path. OSPF/LDP carries the prefix/label information only in the local area. Then, BGP carries the prefix/lable to all the remote areas by redistributing the routes into BGP at area boundaries. The routes/labels are then advertised using LSPs. The next hop for the route is changed at each ABR to local router which removes the need to leak OSPF routes across area boundaries. The bandwidth available on each Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 45 Implementing BGP on Cisco ASR 9000 Series Router iBGP Multipath Load Sharingof the core links is mapped to OSPF cost, hence it is imperative that BGP carries this cost correctly between each of the PEs. This functionality is achieved by using the AiGP. Per VRF and Per CE Label for IPv6 Provider Edge The per VRF and per CE label for IPv6 feature makes it possible to save label space by allocating labels per default VRF or per CE nexthop. All IPv6 Provider Edge (6PE) labels are allocated per prefix by default. Each prefix that belongs to a VRF instance is advertised with a single label, causing an additional lookup to be performed in the VRF forwarding table to determine the customer edge (CE) next hop for the packet. However, use the label-allocation-mode command with the per-ce keyword or the per-vrf keyword to avoid the additional lookup on the PE router and conserve label space. Use per-ce keyword to specify that the same label be used for all the routes advertised from a unique customer edge (CE) peer router. Use the per-vrf keyword to specify that the same label be used for all the routes advertised from a unique VRF. IPv4 BGP-Policy Accounting on Cisco ASR 9000's A9K-SIP-700 Border Gateway Protocol (BGP) policy accounting measures and classifies IP traffic that is sent to, or received from, different peers. Policy accounting is enabled on an individual input or output interface basis. Counters based on parameters such as community list, autonomous system number, or autonomous system path are assigned to identify the IP traffic. Using BGP policy accounting, you can account for traffic according to the route it traverses. Service providers can identify and account for all traffic by customer and bill accordingly. For more information on BGP policy accounting and how to configure BGP policy accounting, refer the Implementing Cisco Express Forwarding module in Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide. IPv6 Unicast Routing on Cisco ASR 9000's A9K-SIP-700 Cisco ASR 9000's A9K-SIP-700 provides complete Internet Protocol Version 6 (IPv6) unicast capability. An IPv6 unicast address is an identifier for a single interface, on a single node. A packet that is sent to a unicast address is delivered to the interface identified by that address. Cisco IOS XR software supports the following IPv6 unicast address types: • Global aggregatable address • Site-local address • Link-local address • IPv4-compatible IPv6 address For more information on IPv6 unicase addressing, refer the Implementing Network Stack IPv4 and IPv6 module in Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 46 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Per VRF and Per CE Label for IPv6 Provider EdgeIPv6 uRPF Support on Cisco ASR 9000's A9K-SIP-700 Unicast IPv6 Reverse Path Forwarding (uRPF) mitigates problems caused by the introduction of malformed orspoofed IP source addressesinto a network by discarding IP packetsthat lack a verifiable IP source address. Unicast RPF does this by doing a reverse lookup in the Cisco Express Forwarding (CEF) table. Therefore, uRPF is possible only if CEF is enabled on the router. Use the ipv6 verify unicast source reachable-via {any | rx} [allow-default] [allow-self-ping] command in interface configuration mode to enable IPV6 uRPF. For more information on IPv6 uRPF, refer Implementing Cisco Express Forwarding module in Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference Remove and Replace Private AS Numbers from AS Path in BGP Private autonomous system numbers (ASNs) are used by Internet Service Providers (ISPs) and customer networks to conserve globally unique AS numbers. Private AS numbers cannot be used to access the global Internet because they are not unique. AS numbers appear in eBGP AS paths in routing updates. Removing private ASNs from the AS path is necessary if you have been using private ASNs and you want to access the global Internet. Public AS numbers are assigned by InterNIC and are globally unique. They range from 1 to 64511. Private AS numbers are used to conserve globally unique AS numbers, and they range from 64512 to 65535. Private AS numbers cannot be leaked to a global BGP routing table because they are not unique, and BGP best path calculationsrequire unique AS numbers. Therefore, it might be necessary to remove private AS numbersfrom an AS path before the routes are propagated to a BGP peer. External BGP (eBGP) requires that globally unique AS numbers be used when routing to the global Internet. Using private AS numbers (which are not unique) would prevent access to the global Internet. The remove and replace private AS Numbers from AS Path in BGP feature allows routers that belong to a private AS to accessthe global Internet. A network administrator configuresthe routersto remove private AS numbersfrom the AS path contained in outgoing update messages and optionally, to replace those numbers with the ASN of the local router, so that the AS Path length remains unchanged. The ability to remove and replace private AS numbers from the AS Path is implemented in the following ways: • The remove-private-as command removes private AS numbers from the AS path even if the path contains both public and private ASNs. • The remove-private-as command removes private AS numbers even if the AS path contains only private AS numbers. There is no likelihood of a 0-length AS path because this command can be applied to eBGP peers only, in which case the AS number of the local router is appended to the AS path. • The remove-private-as command removes private AS numbers even if the private ASNs appear before the confederation segments in the AS path. • The replace-as command replaces the private AS numbers being removed from the path with the local AS number, thereby retaining the same AS path length. The feature can be applied to neighbors per address family (address family configuration mode). Therefore, you can apply the feature for a neighbor in one address family and not on another, affecting update messages on the outbound side for only the address family for which the feature is configured. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 47 Implementing BGP on Cisco ASR 9000 Series Router IPv6 uRPF Support on Cisco ASR 9000's A9K-SIP-700Use show bgp neighbors and show bgp update-group commands to verify that the that private AS numbers were removed or replaced. Selective VRF Download Selective VRF Download (SVD) feature is a solution to download only those prefixes and labels to a line card that are actively required to forward traffic through that line card. To meet the demand for a consolidated edge MSE platform, the number of VRFs, VRF interfaces, and prefix capacity increases. Convergence timings are different in different line card engines. One of the major factors that determine convergence timing is the time taken to process and program a prefix and its associated data structures. Hence, less number of prefixes and labels ensure better convergence timing. SVD reducesscalability and convergence problems in L3VPNs by enabling selective download of VRF routes to both Engine-3 (E3) and Engine-5 (E5) Linecards. SVD is enabled by default on the line cards. Use selective-vrf-download disable command to disable SVD. Use show svd role and show svd state commands to display the role and state information of SVD on the line cards. For more information on Selective VRF Download, see Cisco white paper, Selective Virtual Routing and Forwarding Table Download: A solution to increase Layer3 VPN scale at this URL http://www.cisco.com/ en/US/technologies/collateral/tk648/tk365/white_paper_c11-681649.html Line Card Roles and Filters In a Selective VRF Download (SVD) context, the line cards have these roles: • Core LC: A line card which has only core facing interfaces (interfaces that connect to other P/PEs • Customer LC: A line card which has one or more customer facing interfaces (interfaces that connect to CEs in different VRFs) The line cards handle these prefixes: • Local Prefix: A prefix that is received from a CE connected to the router in a configured VRF context • Remote Prefix: A prefix received from another PE and is imported to a configured VRF These filters are applicable to each line card type: • A core LC needs all the local prefixes and VRF labels so that the label and/or IP forwarding is set up correctly. • A customer LC needs both the local and remote prefixes for all the VRFs that it is connected to and for any other VRFs that some connected VRF has dependency on (This is based on the import/export RT configuration; VRF ‘A’ may have imported routes from VRF ‘B’, so the imported route in VRF ‘A’ points to a next-hop that is in VRF ‘B’. For route resolution, VRF ‘B’ routes need to be downloaded to each line card that has a VRF ‘A’ interface.) • If a line card is hosting both core facing and customer facing interfaces then it does not need to do any filtering at all. All the tables and all routes will be present on such line cards. These line cards will have a role called “standard”. All RPs and DRPs will have the standard role. • While the IPv4 default table needs to be present an all nodes, to correctly resolve L3VPN routes, if the line card does not have any IPv6 interfaces it can filter out all IPv6 tables and routes. In such a case the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 48 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Selective VRF Downloadline card can be deemed “not interested” in the IPv6 AFI and should behave similar to if IPv6 is not supported by the line card. BGP DMZ Link Bandwidth for Unequal Cost Recursive Load Balancing Border Gateway Protocol demilitarized zone (BGP DMZ) Link Bandwidth for Unequal Cost Recursive Load Balancing provides support for unequal cost load balancing for recursive prefixes on local node using BGP DMZ Link Bandwidth. The unequal load balance is achieved by using the dmz-link-bandwidth command in BGP Neighbor configuration mode and the bandwidth command in Interface configuration mode. BFD Multihop Support for BGP Bi-directional Forwarding Detection Multihop (BFD-MH) support is enabled for BGP. BFD Multihop establishes a BFD session between two addressesthat may span multiple network hops. Cisco IOS XR Software BFD Multihop is based on RFC 5883. For more information on BFD Multihop, refer Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide and Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference. BGP Multi-Instance/Multi-AS Support Multi-Instance BGP is support for multiple BGP instances. Each BGP instance is a separate process running on the same or on a different RP/DRP node. The BGP instances do not share any prefix table between them. No need for a common adj-rib-in (bRIB) as is the case with distributed BGP. The BGP instances do not communicate with each other and do not set up peering with each other. Each individual instance can set up peering with another router independently. Multi-AS BGP enables configuring each instance of a multi-instance BGP with a different AS number. Multi-Instance/Multi-AS BGP provides these capabilities: • Mechanism to consolidate the services provided by multiple routers using a common routing infrastructure into a single IOS-XR router. • Mechanism to achieve AF isolation by configuring the different AFs in different BGP instances. • Means to achieve higher session scale by distributing the overall peering sessions between multiple instances. • Mechanism to achieve higher prefix scale (especially on a RR) by having different instances carrying different BGP tables. • Improved BGP convergence under certain scenarios. • All BGP functionalities including NSR are supported for all the instances. BGP Prefix Origin Validation Based on RPKI A BGP route associates an address prefix with a set of autonomous systems (AS) that identify the interdomain path the prefix has traversed in the form of BGP announcements. This set is represented as the AS_PATH attribute in BGP and starts with the AS that originated the prefix. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 49 Implementing BGP on Cisco ASR 9000 Series Router BGP DMZ Link Bandwidth for Unequal Cost Recursive Load BalancingTo help reduce well-known threats against BGP including prefix mis-announcing and monkey-in-the-middle attacks, one of the security requirements is the ability to validate the origination AS of BGP routes. The AS number claiming to originate an address prefix (as derived from the AS_PATH attribute of the BGP route) needs to be verified and authorized by the prefix holder. The Resource Public Key Infrastructure (RPKI) is an approach to build a formally verifiable database of IP addresses and AS numbers as resources. The RPKI is a globally distributed database containing, among other things, information mapping BGP (internet) prefixes to their authorized origin-AS numbers. Routers running BGP can connect to the RPKI to validate the origin-AS of BGP paths. BGP 3107 PIC Updates for Global Prefixes The BGP 3107 PIC Updates for Global Prefixes feature supports Prefix Independent Convergence (PIC) updates for global IPv4 and IPv6 prefixes in an MPLS VPN provider network. This feature is based on RFC 3107 that describes using BGP to distribute MPLS labels for global IPv4 or IPv6 prefixes. This enables IGP to scale better and also provides PIC updates for fast convergence. RFC 3107 enables routes and labels to be carried in BGP. When BGP is used to distribute a particular route, it can also be used to distribute an MPLS label that is mapped to that route. The label mapping information for a particular route is piggybacked in the same BGP Update message that is used to distribute the route itself. RFC 3107 allows filtering of Next-Hop Loops from OSPF and reduces labels advertised by LDP. This implementation significantly reduces OSPF and LDP database. The 3107 PIC implementation supports the following address-families with additional-path configuration. • address-family ipv4 unicast • address-family ipv6 unicast • address-family vpnv4 unicast • address-family vpnv6 unicast The address-family l2vpn vpls-vpws does not support additional-path. Hence, the l2vpn service that uses address-family l2vpn vpls-vpws does not guarantee PIC convergence time. Note The 3107 PIC implementation supports these Cisco IOS XR features: • PIC Edge for 3107 • Traffic Engineering Fast-reroute (TE FRR)—Traffic convergence for core link failure is guaranteed within 50 milliseconds using verbatim tunnel. • L2VPN Service • L3VPN VPNv4 Service • 6 PE Service • 6 VPE Service • VPLS Service BGP 3107 PIC Updates for Global Prefixes implementation uses a shared recursive Load Info (RLDI) forwarding object in place of a Light-Weight recursive (LW-RLDI) object. The RLDI is shared between Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 50 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP 3107 PIC Updates for Global Prefixesmultiple leaves, while the LW-RLDI is instantiated per leaf. Sharing helps in handling PIC updates since it will be prefix independent. BGP Prefix Independent Convergence for RIB and FIB BGP PIC for RIB and FIB adds support for static recursive as PE-CE and faster backup activation by using fast re-route trigger. The BGP PIC for RIB and FIB feature supports: • FRR-like trigger for faster PE-CE link down detection, to further reduce the convergence time (Fast PIC-edge activation). • PIC-edge for static recursive routes. • BFD single-hop trigger for PIC-Edge without any explicit /32 static route configuration. • Recursive PIC activation at third level and beyond, on failure trigger at the first (IGP) level. • BGP path recursion constraints in FIB to ensure that FIB is in sync with BGP with respect to BGP next-hop resolution. • IPv6 loop-free alternate fast-reroute (LFA FRR) How to Implement BGP on Cisco IOS XR Software Enabling BGP Routing Perform this task to enable BGP routing and establish a BGP routing process. Configuring BGP neighbors is included as part of enabling BGP routing. At least one neighbor and at least one address family must be configured to enable BGP routing. At least one neighbor with both a remote AS and an address family must be configured globally using the address family and remote as commands. Note Before You Begin BGP must be able to obtain a router identifier (for example, a configured loopback address). At least, one address family must be configured in the BGP router configuration and the same address family must also be configured under the neighbor. If the neighbor is configured as an external BGP (eBGP) peer, you must configure an inbound and outbound route policy on the neighbor using the route-policy command. Note Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 51 Implementing BGP on Cisco ASR 9000 Series Router BGP Prefix Independent Convergence for RIB and FIBSUMMARY STEPS 1. configure 2. route-policy route-policy-name 3. end-policy 4. Do one of the following: • end • commit 5. configure 6. router bgp as-number 7. bgp router-id ip-address 8. address-family { ipv4 | ipv6 } unicast 9. exit 10. neighbor ip-address 11. remote-as as-number 12. address-family { ipv4 | ipv6 } unicast 13. route-policy route-policy-name { in | out } 14. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 (Optional) Creates a route policy and enters route policy configuration mode, where you can define the route policy. route-policy route-policy-name Example: RP/0/RSP0/CPU0:router(config)# route-policy Step 2 drop-as-1234 RP/0/RSP0/CPU0:router(config-rpl)# if as-path passes-through '1234' then RP/0/RSP0/CPU0:router(config-rpl)# apply check-communities RP/0/RSP0/CPU0:router(config-rpl)# else RP/0/RSP0/CPU0:router(config-rpl)# pass RP/0/RSP0/CPU0:router(config-rpl)# endif Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 52 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Enabling BGP RoutingCommand or Action Purpose (Optional) Ends the definition of a route policy and exits route policy configuration mode. end-policy Example: RP/0/RSP0/CPU0:router(config-rpl)# end-policy Step 3 Step 4 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 5 Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 6 bgp router-id ip-address Configures the local router with a specified router ID. Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp router-id 192.168.70.24 Step 7 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 53 Implementing BGP on Cisco ASR 9000 Series Router Enabling BGP RoutingCommand or Action Purpose Specifies either the IPv4 or IPv6 addressfamily and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 8 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-af)# exit Step 9 Placesthe router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 10 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Step 11 Specifies either the IPv4 or IPv6 addressfamily and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 12 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). (Optional) Applies the specified policy to inbound IPv4 unicast routes. route-policy route-policy-name { in | out } Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy drop-as-1234 in Step 13 Step 14 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 54 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Enabling BGP RoutingCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring a Routing Domain Confederation for BGP Perform this task to configure the routing domain confederation for BGP. This includes specifying a confederation identifier and autonomous systems that belong to the confederation. Configuring a routing domain confederation reducesthe internal BGP (iBGP) mesh by dividing an autonomous system into multiple autonomous systems and grouping them into a single confederation. Each autonomous system is fully meshed within itself and has a few connections to another autonomous system in the same confederation. The confederation maintains the next hop and local preference information, and that allows you to retain a single Interior Gateway Protocol (IGP) for all autonomous systems. To the outside world, the confederation looks like a single autonomous system. SUMMARY STEPS 1. configure 2. router bgp as-number 3. bgp confederation identifier as-number 4. bgp confederation peers as-number 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 55 Implementing BGP on Cisco ASR 9000 Series Router Configuring a Routing Domain Confederation for BGPCommand or Action Purpose Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router# router bgp 120 Step 2 bgp confederation identifier as-number Specifies a BGP confederation identifier. Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation identifier 5 Step 3 Specifies that the BGP autonomous systems belong to a specified BGP confederation identifier. You can associate multiple AS bgp confederation peers as-number Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp Step 4 numbers to the same confederation identifier, as shown in the example. confederation peers 1091 RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation peers 1092 RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation peers 1093 RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation peers 1094 RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation peers 1095 RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation peers 1096 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp)# commit ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 56 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a Routing Domain Confederation for BGPCommand or Action Purpose Resetting an eBGP Session Immediately Upon Link Failure By default, if a link goes down, all BGP sessions of any directly adjacent external peers are immediately reset. Use the bgp fast-external-fallover disable command to disable automatic resetting. Turn the automatic reset back on using the no bgp fast-external-fallover disable command. eBGP sessions flap when the node reaches 3500 eBGP sessions with BGP timer values set as 10 and 30. To support more than 3500 eBGP sessions, increase the packet rate by using the lpts pifib hardware police location location-id command. Following is a sample configuration to increase the eBGP sessions: RP/0/RSP0/CPU0:router#configure RP/0/RSP0/CPU0:router(config)#lpts pifib hardware police location 0/2/CPU0 RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#flow bgp configured rate 4000 RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#flow bgp known rate 4000 RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#flow bgp default rate 4000 RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#commit Logging Neighbor Changes Logging neighbor changes is enabled by default. Use the log neighbor changes disable command to turn off logging. The no log neighbor changes disable command can also be used to turn logging back on if it has been disabled. Adjusting BGP Timers Perform this task to set the timers for BGP neighbors. BGP uses certain timers to control periodic activities, such as the sending of keepalive messages and the interval after which a neighbor is assumed to be down if no messages are received from the neighbor during the interval. The values set using the timers bgp command in router configuration mode can be overridden on particular neighbors using the timers command in the neighbor configuration mode. SUMMARY STEPS 1. configure 2. router bgp as-number 3. timers bgp keepalive hold-time 4. neighbor ip-address 5. timers keepalive hold-time 6. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 57 Implementing BGP on Cisco ASR 9000 Series Router Resetting an eBGP Session Immediately Upon Link FailureDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 123 Step 2 timers bgp keepalive hold-time Sets a default keepalive time and a default hold time for all neighbors. Example: RP/0/RSP0/CPU0:router(config-bgp)# timers bgp 30 90 Step 3 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 4 (Optional) Sets the keepalive timer and the hold-time timer for the BGP neighbor. timers keepalive hold-time Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# timers 60 220 Step 5 Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 58 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Adjusting BGP TimersCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Changing the BGP Default Local Preference Value Perform this task to set the default local preference value for BGP paths. SUMMARY STEPS 1. configure 2. router bgp as-number 3. bgp default local-preference value 4. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 59 Implementing BGP on Cisco ASR 9000 Series Router Changing the BGP Default Local Preference ValueCommand or Action Purpose Sets the default local preference value from the default of 100, making it either a more preferable path (over 100) or less preferable path (under 100). bgp default local-preference value Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp default local-preference 200 Step 3 Step 4 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp)# commit ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring the MED Metric for BGP Perform this task to set the multi exit discriminator (MED) to advertise to peers for routes that do not already have a metric set (routes that were received with no MED attribute). Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 60 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring the MED Metric for BGPSUMMARY STEPS 1. configure 2. router bgp as-number 3. default-metric value 4. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifiesthe autonomoussystem number and entersthe BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Sets the default metric, which is used to set the MED to advertise to peers for routes that do not already have a metric set (routes that were received with no MED attribute). default-metric value Example: RP/0/RSP0/CPU0:router(config-bgp)# default metric 10 Step 3 Step 4 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:routerr(config-bgp)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 61 Implementing BGP on Cisco ASR 9000 Series Router Configuring the MED Metric for BGPCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring BGP Weights Perform this task to assign a weight to routes received from a neighbor. A weight is a number that you can assign to a path so that you can control the best-path selection process. If you have particular neighbors that you want to prefer for most of your traffic, you can use the weight command to assign a higher weight to all routes learned from that neighbor. Before You Begin Note The clear bgp command must be used for the newly configured weight to take effect. SUMMARY STEPS 1. configure 2. router bgp as-number 3. neighbor ip-address 4. remote-as as-number 5. address-family { ipv4 | ipv6 } unicast 6. weight weight-value 7. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 62 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP WeightsCommand or Action Purpose Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Placesthe router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 3 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Step 4 Specifies either the IPv4 or IPv6 addressfamily and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 5 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). weight weight-value Assigns a weight to all routes learned through the neighbor. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# weight 41150 Step 6 Step 7 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 63 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP WeightsCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Tuning the BGP Best-Path Calculation Perform this task to change the default BGP best-path calculation behavior. SUMMARY STEPS 1. configure 2. router bgp as-number 3. bgp bestpath med missing-as-worst 4. bgp bestpath med always 5. bgp bestpath med confed 6. bgp bestpath as-path ignore 7. bgp bestpath compare-routerid 8. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 126 Step 2 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 64 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Tuning the BGP Best-Path CalculationCommand or Action Purpose Directs the BGP software to consider a missing MED attribute in a path as having a value of infinity, making this path the least desirable path. bgp bestpath med missing-as-worst Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp bestpath med missing-as-worst Step 3 Configures the BGP speaker in the specified autonomous system to compare MEDs among all the paths for the prefix, regardless of the autonomous system from which the paths are received. bgp bestpath med always Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp bestpath med always Step 4 Enables BGP software to compare MED valuesfor pathslearned from confederation peers. bgp bestpath med confed Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp bestpath med confed Step 5 Configures the BGP software to ignore the autonomous system length when performing best-path selection. bgp bestpath as-path ignore Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp bestpath as-path ignore Step 6 Configure the BGP speaker in the autonomous system to compare the router IDs of similar paths. bgp bestpath compare-routerid Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp bestpath compare-routerid Step 7 Step 8 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 65 Implementing BGP on Cisco ASR 9000 Series Router Tuning the BGP Best-Path CalculationCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Indicating BGP Back-door Routes Perform this task to set the administrative distance on an external Border Gateway Protocol (eBGP) route to that of a locally sourced BGP route, causing it to be less preferred than an Interior Gateway Protocol (IGP) route. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. network { ip-address / prefix-length | ip-address mask } backdoor 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 66 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Indicating BGP Back-door RoutesCommand or Action Purpose Configures the local router to originate and advertise the specified network. network { ip-address / prefix-length | ip-address mask } backdoor Example: RP/0/RSP0/CPU0:router(config-bgp-af)# network 172.20.0.0/16 Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Aggregate Addresses Perform this task to create aggregate entries in a BGP routing table. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 67 Implementing BGP on Cisco ASR 9000 Series Router Configuring Aggregate AddressesSUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [ summary-only ] [ route-policy route-policy-name ] 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either the IPv4 or IPv6 addressfamily and enters addressfamily configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Creates an aggregate address. The path advertised for this route is an autonomous system set consisting of all elements contained in all paths that are being summarized. aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [ summary-only ] [ route-policy route-policy-name ] Step 4 Example: RP/0/RSP0/CPU0:router(config-bgp-af)# aggregate-address 10.0.0.0/8 as-set • The as-set keyword generates autonomous system set path information and community information from contributing paths. • The as-confed-set keyword generates autonomous system confederation set path information from contributing paths. • The summary-only keyword filters all more specific routes from updates. • The route-policy route-policy-name keyword and argument specify the route policy used to set the attributes of the aggregate route. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 68 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring Aggregate AddressesCommand or Action Purpose Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Redistributing iBGP Routes into IGP Perform this task to redistribute iBGP routes into an Interior Gateway Protocol (IGP), such as Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF). Use of the bgp redistribute-internal command requires the clear route * command to be issued to reinstall all BGP routes into the IP routing table. Note Redistributing iBGP routes into IGPs may cause routing loops to form within an autonomous system. Use this command with caution. Caution Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 69 Implementing BGP on Cisco ASR 9000 Series Router Redistributing iBGP Routes into IGPSUMMARY STEPS 1. configure 2. router bgp as-number 3. bgp redistribute-internal 4. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifiesthe autonomoussystem number and entersthe BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Allows the redistribution of iBGP routes into an IGP, such as IS-IS or OSPF. bgp redistribute-internal Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp redistribute-internal Step 3 Step 4 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 70 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Redistributing iBGP Routes into IGPCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Redistributing Prefixes into Multiprotocol BGP Perform this task to redistribute prefixes from another protocol into multiprotocol BGP. Redistribution is the process of injecting prefixes from one routing protocol into another routing protocol. This task shows how to inject prefixes from another routing protocol into multiprotocol BGP. Specifically, prefixes that are redistributed into multiprotocol BGP using the redistribute command are injected into the unicast database, the multicast database, or both. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. Do one of the following: • redistribute connected [ metric metric-value ] [ route-policy route-policy-name ] • redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]]} [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]]} [ metric metric-value ] [ route-policy route-policy-name ] • redistribute rip [ metric metric-value ] [ route-policy route-policy-name ] • redistribute static [ metric metric-value ] [ route-policy route-policy-name ] 5. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 71 Implementing BGP on Cisco ASR 9000 Series Router Redistributing Prefixes into Multiprotocol BGPDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Causesroutesfrom the specified instance to be redistributed into BGP. Step 4 Do one of the following: • redistribute connected [ metric metric-value ] [ route-policy route-policy-name ] • redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]]} [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]]} [ metric metric-value ] [ route-policy route-policy-name ] • redistribute rip [ metric metric-value ] [ route-policy route-policy-name ] • redistribute static [ metric metric-value ] [ route-policy route-policy-name ] Example: RP/0/RSP0/CPU0:router(config-bgp-af)# redistribute ospf 110 Step 5 Do one of the following: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 72 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Redistributing Prefixes into Multiprotocol BGPCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring BGP Route Dampening Perform this task to configure and monitor BGP route dampening. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 73 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Route DampeningSUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ] 5. Do one of the following: • end • commit 6. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics 7. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics regexp regular-expression 8. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics route-policy route-policy-name 9. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics { ip-address { mask | /prefix-length }} 10. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics { ip-address [{ mask | /prefix-length } [ longer-prefixes ]]} 11. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | labeled-unicast } | ipv6 unicast } } flap-statistics 12. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | labeled-unicast } | ipv6 unicast }} flap-statistics regexp regular-expression 13. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | labeled-unicast } | ipv6 unicast } } flap-statistics route-policy route-policy-name 14. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | labeled-unicast } | ipv6 unicast } } flap-statistics network / mask-length 15. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | labeled-unicast } | ipv6 unicast } } flap-statistics ip-address / mask-length 16. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] dampened-paths Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 74 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Route Dampening17. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | labeled-unicast } | ipv6 unicast } } dampening [ ip-address / mask-length ] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either the IPv4 or IPv6 address family and enters addressfamily configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Configures BGP dampening for the specified address family. bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ] Example: RP/0/RSP0/CPU0:router(config-bgp-af)# bgp dampening 30 1500 10000 120 Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end them before exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returnsthe router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 75 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Route DampeningCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | Displays BGP flap statistics. ipv6 unicast | all { unicast | multicast | all | labeled-unicast } Step 6 | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics Example: RP/0/RSP0/CPU0:router# show bgp flap statistics Displays BGP flap statistics for all paths that match the regular expression. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { Step 7 unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics regexp regular-expression Example: RP/0/RSP0/CPU0:router# show bgp flap-statistics regexp _1$ Displays BGP flap statistics for the specified route policy. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name Step 8 | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics route-policy route-policy-name Example: RP/0/RSP0/CPU0:router(config)# show bgp flap-statistics route-policy policy_A show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | Displays BGP flap for the specified prefix. ipv6 unicast | labeled all { unicast | multicast | all | Step 9 labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics { ip-address { mask | /prefix-length }} Example: RP/0/RSP0/CPU0:router# show bgp flap-statistics 172.20.1.1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 76 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Route DampeningCommand or Action Purpose Displays BGP flap statistics for more specific entries for the specified IP address. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { Step 10 unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics { ip-address [{ mask | /prefix-length } [ longer-prefixes ]]} Example: RP/0/RSP0/CPU0:router# show bgp flap-statistics 172.20.1.1 longer-prefixes clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | Clears BGP flap statistics for all routes. ipv6 unicast | all { unicast | multicast | all | labeled-unicast Step 11 } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | labeled-unicast } | ipv6 unicast } } flap-statistics Example: RP/0/RSP0/CPU0:router# clear bgp all all flap-statistics Clears BGP flap statisticsfor all pathsthat match the specified regular expression. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { Step 12 unicast | labeled-unicast } | ipv6 unicast }} flap-statistics regexp regular-expression Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics regexp _1$ Clears BGP flap statistics for the specified route policy. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | Step 13 labeled-unicast } | ipv6 unicast } } flap-statistics route-policy route-policy-name Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics route-policy policy_A Clears BGP flap statistics for the specified network. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | Step 14 labeled-unicast } | ipv6 unicast } } flap-statistics network / mask-length Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics 192.168.40.0/24 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 77 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Route DampeningCommand or Action Purpose Clears BGP flap statistics for routes received from the specified neighbor. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | Step 15 labeled-unicast } | ipv6 unicast } } flap-statistics ip-address / mask-length Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics 172.20.1.1 Displaysthe dampened routes, including the time remaining before they are unsuppressed. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name Step 16 | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] dampened-paths Example: RP/0/RSP0/CPU0:router# show bgp dampened paths Clears route dampening information and unsuppresses the suppressed routes. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } Step 17 | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | Always use the clear bgp dampening command for an individual address-family. The all option for address-families with clear bgp dampening should never be used during normal functioning of the system. For example, use clear bgp ipv4 unicast dampening prefix x.x.x./y Caution labeled-unicast } | ipv6 unicast } } dampening [ ip-address / mask-length ] Example: RP/0/RSP0/CPU0:router# clear bgp dampening Applying Policy When Updating the Routing Table Perform this task to apply a routing policy to routes being installed into the routing table. Before You Begin See the Implementing Routing Policy on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide (this publication) for a list of the supported attributes and operations that are valid for table policy filtering. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 78 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Applying Policy When Updating the Routing TableSUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. table-policy policy-name 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120.6 Step 2 Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Applies the specified policy to routes being installed into the routing table. table-policy policy-name Example: RP/0/RSP0/CPU0:router(config-bgp-af)# table-policy tbl-plcy-A Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end exiting(yes/no/cancel)?[cancel]: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 79 Implementing BGP on Cisco ASR 9000 Series Router Applying Policy When Updating the Routing TableCommand or Action Purpose ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Setting BGP Administrative Distance Perform this task to specify the use of administrative distances that can be used to prefer one class of route over another. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. distance bgp external-distance internal-distance local-distance 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 80 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Setting BGP Administrative DistanceCommand or Action Purpose Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Sets the external, internal, and local administrative distances to prefer one class of routes over another. The higher the value, the lower the trust rating. distance bgp external-distance internal-distance local-distance Example: RP/0/RSP0/CPU0:router(config-bgp-af)# distance bgp 20 20 200 Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 81 Implementing BGP on Cisco ASR 9000 Series Router Setting BGP Administrative DistanceConfiguring a BGP Neighbor Group and Neighbors Perform thistask to configure BGP neighbor groups and apply the neighbor group configuration to a neighbor. A neighbor group is a template that holds address family-independent and address family-dependent configurations associated with the neighbor. After a neighbor group is configured, each neighbor can inherit the configuration through the use command. If a neighbor is configured to use a neighbor group, the neighbor (by default) inherits the entire configuration of the neighbor group, which includes the address family-independent and address family-dependent configurations. The inherited configuration can be overridden if you directly configure commands for the neighbor or configure session groups or address family groups through the use command. You can configure an address family-independent configuration under the neighbor group. An address family-dependent configuration requires you to configure the address family under the neighbor group to enter address family submode. From neighbor group configuration mode, you can configure address family-independent parameters for the neighbor group. Use the address-family command when in the neighbor group configuration mode. After specifying the neighbor group name using the neighbor group command, you can assign options to the neighbor group. Note All commandsthat can be configured under a specified neighbor group can be configured under a neighbor. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. exit 5. neighbor-group name 6. remote-as as-number 7. address-family { ipv4 | ipv6 } unicast 8. route-policy route-policy-name { in | out } 9. exit 10. exit 11. neighbor ip-address 12. use neighbor-group group-name 13. remote-as as-number 14. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 82 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a BGP Neighbor Group and NeighborsDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either an IPv4 or IPv6 addressfamily unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-af)# exit Step 4 neighbor-group name Places the router in neighbor group configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group nbr-grp-A Step 5 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# remote-as 2002 Step 6 Specifies either an IPv4 or IPv6 addressfamily unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 7 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). (Optional) Applies the specified policy to inbound IPv4 unicast routes. route-policy route-policy-name { in | out } Example: RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# route-policy drop-as-1234 in Step 8 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 83 Implementing BGP on Cisco ASR 9000 Series Router Configuring a BGP Neighbor Group and NeighborsCommand or Action Purpose exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit Step 9 exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit Step 10 Placesthe router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 11 (Optional) Specifies that the BGP neighbor inherit configuration from the specified neighbor group. use neighbor-group group-name Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group nbr-grp-A Step 12 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Step 13 Step 14 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 84 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a BGP Neighbor Group and NeighborsCommand or Action Purpose • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Configuring a Route Reflector for BGP Perform this task to configure a route reflector for BGP. All the neighbors configured with the route-reflector-clientcommand are members of the client group, and the remaining iBGP peers are members of the nonclient group for the local route reflector. Together, a route reflector and its clients form a cluster. A cluster of clients usually has a single route reflector. In such instances, the cluster is identified by the software as the router ID of the route reflector. To increase redundancy and avoid a single point of failure in the network, a cluster can have more than one route reflector. If it does, all route reflectors in the cluster must be configured with the same 4-byte cluster ID so that a route reflector can recognize updates from route reflectors in the same cluster. The bgp cluster-id command is used to configure the cluster ID when the cluster has more than one route reflector. SUMMARY STEPS 1. configure 2. router bgp as-number 3. bgp cluster-id cluster-id 4. neighbor ip-address 5. remote-as as-number 6. address-family { ipv4 | ipv6 } unicast 7. route-reflector-client 8. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 85 Implementing BGP on Cisco ASR 9000 Series Router Configuring a Route Reflector for BGPCommand or Action Purpose Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Configures the local router as one of the route reflectors serving the cluster. It is configured with a specified cluster ID to identify the cluster. bgp cluster-id cluster-id Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp cluster-id 192.168.70.1 Step 3 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor Step 4 172.168.40.24 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2003 Step 5 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 6 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Configures the router as a BGP route reflector and configures the neighbor as its client. route-reflector-client Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-reflector-client Step 7 Step 8 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 86 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a Route Reflector for BGPCommand or Action Purpose ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring BGP Route Filtering by Route Policy Perform this task to configure BGP routing filtering by route policy. Before You Begin See the Implementing Routing Policy on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide (this publication) for a list of the supported attributes and operations that are valid for inbound and outbound neighbor policy filtering. SUMMARY STEPS 1. configure 2. route-policy name 3. end-policy 4. router bgp as-number 5. neighbor ip-address 6. address-family { ipv4 | ipv6 } unicast 7. route-policy route-policy-name { in | out } 8. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 87 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Route Filtering by Route PolicyDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 (Optional) Creates a route policy and enters route policy configuration mode, where you can define the route policy. route-policy name Example: RP/0/RSP0/CPU0:router(config)# route-policy Step 2 drop-as-1234 RP/0/RSP0/CPU0:router(config-rpl)# if as-path passes-through '1234' then RP/0/RSP0/CPU0:router(config-rpl)# apply check-communities RP/0/RSP0/CPU0:router(config-rpl)# else RP/0/RSP0/CPU0:router(config-rpl)# pass RP/0/RSP0/CPU0:router(config-rpl)# endif (Optional) Ends the definition of a route policy and exits route policy configuration mode. end-policy Example: RP/0/RSP0/CPU0:router(config-rpl)# end-policy Step 3 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 4 Placesthe router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 5 Specifies either an IPv4 or IPv6 addressfamily unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 6 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). route-policy route-policy-name { in | out } Applies the specified policy to inbound routes. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy drop-as-1234 in Step 7 Step 8 Do one of the following: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 88 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Route Filtering by Route PolicyCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • end • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring BGP Next-Hop Trigger Delay Perform this task to configure BGP next-hop trigger delay. The Routing Information Base (RIB) classifies the dampening notifications based on the severity of the changes. Event notifications are classified as critical and noncritical. This task allows you to specify the minimum batching interval for the critical and noncritical events. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. nexthop trigger-delay { critical delay | non-critical delay } 5. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 89 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Next-Hop Trigger DelayDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). nexthop trigger-delay { critical delay | Sets the critical next-hop trigger delay. non-critical delay } Step 4 Example: RP/0/RSP0/CPU0:router(config-bgp-af)# nexthop trigger-delay critical 15000 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 90 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Next-Hop Trigger DelayCommand or Action Purpose Disabling Next-Hop Processing on BGP Updates Perform this task to disable next-hop calculation for a neighbor and insert your own address in the next-hop field of BGP updates. Disabling the calculation of the best next hop to use when advertising a route causes all routes to be advertised with the network device as the next hop. Note Next-hop processing can be disabled for addressfamily group, neighbor group, or neighbor addressfamily. SUMMARY STEPS 1. configure 2. router bgp as-number 3. neighbor ip-address 4. remote-as as-number 5. address-family { ipv4 | ipv6 } unicast 6. next-hop-self 7. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 91 Implementing BGP on Cisco ASR 9000 Series Router Disabling Next-Hop Processing on BGP UpdatesCommand or Action Purpose Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 3 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 206 Step 4 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 5 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Sets the next-hop attribute for all routes advertised to the specified neighbor to the address of the local router. Disabling the calculation next-hop-self Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# next-hop-self Step 6 of the best next hop to use when advertising a route causes all routes to be advertised with the local network device as the next hop. Step 7 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 92 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Disabling Next-Hop Processing on BGP UpdatesConfiguring BGP Community and Extended-Community Advertisements Perform this task to specify that community/extended-community attributes should be sent to an eBGP neighbor. These attributes are not sent to an eBGP neighbor by default. By contrast, they are always sent to iBGP neighbors. This section provides examples on how to enable sending community attributes. The send-community-ebgp keyword can be replaced by the send-extended-community-ebgp keyword to enable sending extended-communities. If the send-community-ebgp command is configured for a neighbor group or address family group, all neighbors using the group inherit the configuration. Configuring the command specifically for a neighbor overrides inherited values. BGP community and extended-community filtering cannot be configured for iBGP neighbors. Communities and extended-communities are alwayssent to iBGP neighbors under IPv4, IPv6, VPNv4, and MDT address families. Note SUMMARY STEPS 1. configure 2. router bgp as-number 3. neighbor ip-address 4. remote-as as-number 5. address-family{ipv4{labeled-unicast | mdt | multicast | mvpn | tunnel | unicast} | ipv6 {labeled-unicast | mvpn | unicast}} 6. Use one of these commands: • send-community-ebgp • send-extended-community-ebgp 7. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 93 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Community and Extended-Community AdvertisementsCommand or Action Purpose Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 3 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Step 4 Enters neighbor address family configuration mode for the specified address family. Use either ipv4 or ipv6 address family keyword with one of the specified address family sub mode identifiers. address-family{ipv4{labeled-unicast | mdt | multicast | mvpn | tunnel | unicast} | ipv6 {labeled-unicast | mvpn | unicast}} Step 5 Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv6 unicast IPv6 address family mode supports these sub modes: • labeled-unicast • mvpn • unicast IPv4 address family mode supports these sub modes: • labeled-unicast • mdt • multicast • mvpn • tunnel • unicast Refer the address-family (BGP) command in BGP Commands module of Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference for more information on the Address Family Submode support. Specifies that the router send community attributes or extended community attributes (which are disabled by default for eBGP neighbors) to a specified eBGP neighbor. Step 6 Use one of these commands: • send-community-ebgp • send-extended-community-ebgp Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 94 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Community and Extended-Community AdvertisementsCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# send-community-ebgp or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# send-extended-community-ebgp Step 7 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring the BGP Cost Community Perform this task to configure the BGP cost community. BGP receives multiple paths to the same destination and it uses the best-path algorithm to decide which is the best path to install in RIB. To enable users to determine an exit point after partial comparison, the cost community is defined to tie-break equal paths during the best-path selection process. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 95 Implementing BGP on Cisco ASR 9000 Series Router Configuring the BGP Cost CommunitySUMMARY STEPS 1. configure 2. route-policy name 3. set extcommunity cost { cost-extcommunity-set-name | cost-inline-extcommunity-set } [ additive ] 4. end-policy 5. router bgp as-number 6. Do one of the following: • default-information originate • aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [summary-only ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute connected [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] 7. Do one of the following: • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv4 mdt | ipv6 unicast | ipv6 multicast | vpnv4 unicast | vpnv6 unicast } redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute rip [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute static [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } network { ip-address/prefix-length | ip-address mask } [ route-policy route-policy-name ] • neighbor ip-address remote-as as-number address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv4 ipv6 unicast | vpnv4 unicast } • route-policy route-policy-name { in | out } 8. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 96 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring the BGP Cost Community9. show bgp [ vrf vrf-name ] ip-address DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters route policy configuration mode and specifies the name of the route policy to be configured. route-policy name Example: RP/0/RSP0/CPU0:router(config)# route-policy costA Step 2 Specifiesthe BGP extended community attribute for cost. set extcommunity cost { cost-extcommunity-set-name | cost-inline-extcommunity-set } [ additive ] Example: RP/0/RSP0/CPU0:router(config)# set extcommunity cost cost_A Step 3 Ends the definition of a route policy and exits route policy configuration mode. end-policy Example: RP/0/RSP0/CPU0:router(config)# end-policy Step 4 Enters BGP configuration mode allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 5 Applies the cost community to the attach point (route policy). Step 6 Do one of the following: • default-information originate • aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [ summary-only ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute connected [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute isis process-id Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 97 Implementing BGP on Cisco ASR 9000 Series Router Configuring the BGP Cost CommunityCommand or Action Purpose [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] Step 7 Do one of the following: • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv4 mdt | ipv6 unicast | ipv6 multicast | vpnv4 unicast | vpnv6 unicast } redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute rip [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute static [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } network { ip-address/prefix-length | ip-address mask } [ route-policy route-policy-name ] • neighbor ip-address remote-as as-number address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv4 ipv6 unicast | vpnv4 unicast } • route-policy route-policy-name { in | out } Step 8 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end them before exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration or RP/0/RSP0/CPU0:router(config-bgp-af)# commit file, exits the configuration session, and returnsthe router to EXEC mode. ? Entering no exits the configuration session and returns the router to Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 98 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring the BGP Cost CommunityCommand or Action Purpose EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Displays the cost community in the following format: show bgp [ vrf vrf-name ] ip-address Example: RP/0/RSP0/CPU0:router# show bgp 172.168.40.24 Step 9 Cost: POI : cost-community-ID : cost-number Configuring Software to Store Updates from a Neighbor Perform this task to configure the software to store updates received from a neighbor. The soft-reconfiguration inbound command causes a route refresh request to be sent to the neighbor if the neighbor is route refresh capable. If the neighbor is not route refresh capable, the neighbor must be reset to relearn received routes using the clear bgp soft command. See the Resetting Neighbors Using BGP Inbound Soft Reset, on page 124. Storing updates from a neighbor works only if either the neighbor is route refresh capable or the soft-reconfiguration inbound command is configured. Even if the neighbor is route refresh capable and the soft-reconfiguration inbound command is configured, the original routes are not stored unless the always option is used with the command. The original routes can be easily retrieved with a route refresh request. Route refresh sends a request to the peer to resend itsrouting information. The soft-reconfiguration inbound command stores all pathsreceived from the peer in an unmodified form and refersto these stored paths during the clear. Soft reconfiguration is memory intensive. Note Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 99 Implementing BGP on Cisco ASR 9000 Series Router Configuring Software to Store Updates from a NeighborSUMMARY STEPS 1. configure 2. router bgp as-number 3. neighbor ip-address 4. address-family { ipv4 | ipv6 } unicast 5. soft-reconfiguration inbound [ always] 6. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 3 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 4 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Configures the software to store updates received from a specified neighbor. Soft reconfiguration inbound causes the software to store soft-reconfiguration inbound [ always] Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# soft-reconfiguration inbound always Step 5 the original unmodified route in addition to a route that is modified or filtered. This allows a “soft clear” to be performed after the inbound policy is changed. Soft reconfiguration enables the software to store the incoming updates before apply policy if route refresh is not supported by the peer (otherwise a copy of the update is not stored). The always Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 100 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring Software to Store Updates from a NeighborCommand or Action Purpose keyword forcesthe software to store a copy even when route refresh is supported by the peer. Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Distributed BGP Perform this task to configure distributed BGP. Configuring distributed BGP includes starting the speaker process and allocating the speaker process to a neighbor. Before You Begin If BGP is running in standalone mode, the clear bgp current-mode or clear bgp vrf all * command must be used to switch from standalone mode to distributed mode. Note Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 101 Implementing BGP on Cisco ASR 9000 Series Router Configuring Distributed BGPSUMMARY STEPS 1. configure 2. router bgp as-number 3. distributed speaker id 4. commit 5. address-family { ipv4 | ipv6 } unicast 6. exit 7. neighbor ip-address 8. remote-as as-number 9. speaker-id id 10. address-family { ipv4 | ipv6 } unicast 11. end 12. clear bgp current-mode DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 distributed speaker id Specifies the speaker process to start. Example: RP/0/RSP0/CPU0:router(config-bgp)# distributed speaker 2 Step 3 Saves the configuration changes to the running configuration file and remains within the configuration session. commit Example: RP/0/RSP0/CPU0:router(config-bgp)# commit Step 4 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 5 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 102 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring Distributed BGPCommand or Action Purpose exit Exits address family mode. Example: RP/0/RSP0/CPU0:router(config-bgp-af)# exit Step 6 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 7 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Step 8 speaker-id id Allocates a neighbor to a specified speaker process. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# speaker-id 2 Step 9 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 10 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Step 11 end Saves configuration changes. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 103 Implementing BGP on Cisco ASR 9000 Series Router Configuring Distributed BGPCommand or Action Purpose clear bgp current-mode Switches from standalone mode to distributed mode. Example: RP/0/RSP0/CPU0:router# clear bgp current-mode Step 12 Configuring a VPN Routing and Forwarding Instance in BGP Layer 2 and Layer 3 (virtual private network) VPN can be configured only if there is an available Layer 3 VPN license for the line card slot on which the feature is being configured. If the advanced IP license is enabled, 4096 Layer 3 VPN routing and forwarding instances (VRFs) can be configured on an interface. If the infrastructure VRF license is enabled, eight Layer 3 VRFs can be configured on the line card. See the Software Entitlement on Cisco ASR 9000 Series Router module in Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide for more information on advanced IP licencing. The following error message appears if the appropriate licence is not enabled: RP/0/RSP0/CPU0:router#LC/0/0/CPU0:Dec 15 17:57:53.653 : rsi_agent[247]: %LICENSE-ASR9K_LICENSE-2-INFRA_VRF_NEEDED : 5 VRF(s) are configured without license A9K-iVRF-LIC in violation of the Software Right To Use Agreement. This feature may be disabled by the system without the appropriate license. Contact Cisco to purchase the license immediately to avoid potential service interruption. The following tasks are used to configure a VPN routing and forwarding (VRF) instance in BGP: Defining the Virtual Routing and Forwarding Tables in Provider Edge Routers Perform this task to define the VPN routing and forwarding (VRF) tables in the provider edge (PE) routers. SUMMARY STEPS 1. configure 2. vrf vrf-name 3. address-family { ipv4 | ipv6 } unicast 4. maximum prefix maximum [ threshold ] 5. import route-policy policy-name 6. import route-target [ as-number : nn | ip-address : nn ] 7. export route-policy policy-name 8. export route-target [ as-number : nn | ip-address : nn ] 9. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 104 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 vrf vrf-name Configures a VRF instance. Example: RP/0/RSP0/CPU0:router(config)# vrf vrf_pe Step 2 Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Step 4 maximum prefix maximum [ threshold ] Configures a limit to the number of prefixes allowed in a VRF table. Example: RP/0/RSP0/CPU0:router(config-vrf-af)# maximum prefix 2300 A maximum number of routes is applicable only to dynamic routing protocols and not to static or connected routes. You can specify a threshold percentage of the prefix limit using the mid-threshold argument. (Optional) Provides finer control over what gets imported into a VRF. This import filter discards prefixes that do not match the specified policy-name argument. import route-policy policy-name Example: RP/0/RSP0/CPU0:router(config-vrf-af)# import route-policy policy_a Step 5 Specifies a list of route target (RT) extended communities. Only prefixes that are associated with the specified import route target extended communities are imported into the VRF. import route-target [ as-number : nn | ip-address : nn ] Example: RP/0/RSP0/CPU0:router(config-vrf-af)# import route-target 234:222 Step 6 (Optional) Provides finer control over what gets exported into a VRF. This export filter discards prefixes that do not match the specified policy-name argument. export route-policy policy-name Example: RP/0/RSP0/CPU0:router(config-vrf-af)# export route-policy policy_b Step 7 Specifies a list of route target extended communities. Export route target communities are associated with prefixes when they are export route-target [ as-number : nn | ip-address : nn ] Step 8 advertised to remote PEs. The remote PEs import them into VRFs Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 105 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose Example: RP/0/RSP0/CPU0:routerr(config-vrf-af)# export route-target 123;234 which have import RTs that match these exported route target communities. Step 9 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-vrf-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-vrf-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring the Route Distinguisher The route distinguisher (RD) makes prefixes unique across multiple VPN routing and forwarding (VRF) instances. In the L3VPN multipath same route distinguisher (RD)environment, the determination of whether to install a prefix in RIB or not is based on the prefix's bestpath. In a rare misconfiguration situation, where the best pah is not a valid path to be installed in RIB, BGP drops the prefix and does not consider the other paths. The behavior is different for different RD setup, where the non-best multipath will be installed if the best multipath is invalid to be installed in RIB. Perform this task to configure the RD. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 106 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS 1. configure 2. router bgp as-number 3. bgp router-id ip-address 4. vrf vrf-name 5. rd { as-number : nn | ip-address : nn | auto } 6. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters BGP configuration mode allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 bgp router-id ip-address Configures a fixed router ID for the BGP-speaking router. Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp router-id 10.0.0.0 Step 3 vrf vrf-name Configures a VRF instance. Example: RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_pe Step 4 Step 5 rd { as-number : nn | ip-address : nn | auto } Configures the route distinguisher. Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# rd 345:567 Use the auto keyword if you want the router to automatically assign a unique RD to the VRF. Automatic assignment of RDs is possible only if a router ID is configured using the bgp router-id command in router configuration mode. This allows you to configure a globally unique router ID that can be used for automatic RD generation. The router ID for the VRF does not need to be globally unique, and using the VRF router ID Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 107 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose would be incorrect for automatic RD generation. Having a single router ID also helpsin checkpointing RD information for BGP graceful restart, because it is expected to be stable across reboots. Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-vrf)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring PE-PE or PE-RR Interior BGP Sessions To enable BGP to carry VPN reachability information between provider edge (PE) routers you must configure the PE-PE interior BGP (iBGP) sessions. A PE uses VPN information carried from the remote PE router to determine VPN connectivity and the label value to be used so the remote (egress) router can demultiplex the packet to the correct VPN during packet forwarding. The PE-PE, PE-route reflector (RR) iBGP sessions are defined to all PE and RR routers that participate in the VPNs configured in the PE router. Perform this task to configure PE-PE iBGP sessions and to configure global VPN options on a PE. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 108 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family vpnv4 unicast 4. exit 5. neighbor ip-address 6. remote-as as-number 7. description text 8. password { clear | encrypted } password 9. shutdown 10. timers keepalive hold-time 11. update-source type interface-id 12. address-family vpnv4 unicast 13. route-policy route-policy-name in 14. route-policy route-policy-name out 15. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 address-family vpnv4 unicast Enters VPN address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpvn4 unicast Step 3 exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-af)# exit Step 4 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 109 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose neighbor ip-address Configures a PE iBGP neighbor. Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.16.1.1 Step 5 remote-as as-number Assigns the neighbor a remote autonomous system number. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1 Step 6 (Optional) Provides a description of the neighbor. The description is used to save comments and does not affect software function. description text Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# description neighbor 172.16.1.1 Step 7 Enables Message Digest 5 (MD5) authentication on the TCP connection between the two BGP neighbors. password { clear | encrypted } password Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# password encrypted 123abc Step 8 Terminates any active sessions for the specified neighbor and removes all associated routing information. shutdown Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# shutdown Step 9 timers keepalive hold-time Set the timers for the BGP neighbor. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# timers 12000 200 Step 10 Allows iBGP sessions to use the primary IP address from a specific interface as the local address when forming an iBGP session with a neighbor. update-source type interface-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source gigabitEthernet 0/1/5/0 Step 11 address-family vpnv4 unicast Enters VPN neighbor address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpvn4 unicast Step 12 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 110 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose Specifies a routing policy for an inbound route. The policy can be used to filter routes or modify route attributes. route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pe-pe-vpn-in in Step 13 Specifies a routing policy for an outbound route. The policy can be used to filter routes or modify route attributes. route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pe-pe-vpn-out out Step 14 Step 15 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Route Reflector to Hold Routes That Have a Defined Set of RT Communities A provider edge (PE) needsto hold the routesthat match the import route targets(RTs) of the VPNs configured on it. The PE router can discard all other VPNv4 routes. But, a route reflector (RR) must retain all VPNv4 routes, because it might peer with PE routers and different PEs might require different RT-tagged VPNv4 (making RRs non-scalable). You can configure an RR to only hold routes that have a defined set of RT communities. Also, a number of the RRs can be configured to service a differentset of VPNs(thereby achieving some scalability). A PE is then made to peer with all RRs that service the VRFs configured on the PE. When a new VRF is configured with an RT for which the PE does not already hold routes, the PE issues route refreshes to the RRs and retrieves the relevant VPN routes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 111 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPNote that this process can be more efficient if the PE-RR session supports extended community outbound route filter (ORF). Note Perform this task to configure a reflector to retain routes tagged with specific RTs. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family vpnv4 unicast 4. retain route-target { all | route-policy route-policy-name } 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 address-family vpnv4 unicast Enters VPN address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpvn4 unicast Step 3 Configures a reflector to retain routes tagged with particular RTs. Use the route-policy-name argument for the policy name that lists retain route-target { all | route-policy route-policy-name } Step 4 the extended communities that a path should have in order for the RR to retain that path. Example: RP/0/RSP0/CPU0:router(config-bgp-af)# retain route-target route-policy rr_ext-comm The all keyword is not required, because thisisthe default behavior of a route reflector. Note Step 5 Do one of the following: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 112 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • end • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring BGP as a PE-CE Protocol Perform this task to configure BGP on the PE and establish PE-CE communication using BGP. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 113 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS 1. configure 2. router bgp as-number 3. vrf vrf-name 4. bgp router-id ip-address 5. label-allocation-mode per-ce 6. address-family { ipv4 | ipv6 } unicast 7. network { ip-address / prefix-length | ip-address mask } 8. aggregate-address address / mask-length 9. exit 10. neighbor ip-address 11. remote-as as-number 12. password { clear | encrypted } password 13. ebgp-multihop [ ttl-value ] 14. Do one of the following: • address-family { ipv4 | ipv6 } unicast • address-family {ipv4 {unicast | labeled-unicast} | ipv6 unicast} 15. site-of-origin [ as-number : nn | ip-address : nn ] 16. as-override 17. allowas-in [ as-occurrence-number ] 18. route-policy route-policy-name in 19. route-policy route-policy-name out 20. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 114 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose vrf vrf-name Enables BGP routing for a particular VRF on the PE router. Example: RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_pe_2 Step 3 bgp router-id ip-address Configures a fixed router ID for a BGP-speaking router. Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# bgp router-id 172.16.9.9 Step 4 Step 5 label-allocation-mode per-ce • Configures the per-CE label allocation mode to avoid an extra lookup on the PE router and conserve labelspace Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# label-allocation-mode per-ce (per-prefix is the default label allocation mode). In this mode, the PE router allocates one label for every immediate next-hop (in most cases, this would be a CE router). This label is directly mapped to the next hop, so there is no VRF route lookup performed during data forwarding. However, the number of labels allocated would be one for each CE rather than one for each VRF. Because BGP knows all the next hops, it assigns a label for each next hop (not for each PE-CE interface). When the outgoing interface is a multiaccess interface and the media access control (MAC) address of the neighbor is not known, Address Resolution Protocol (ARP) is triggered during packet forwarding. • The per-vrf keyword configures the same label to be used for all the routes advertised from a unique VRF. Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 6 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Originates a network prefix in the address family table in the VRF context. network { ip-address / prefix-length | ip-address mask } Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# network Step 7 172.16.5.5/24 Configures aggregation in the VRF address family context to summarize routing information to reduce the state maintained aggregate-address address / mask-length Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# aggregate-address 10.0.0.0/24 Step 8 in the core. This summarization introduces some inefficiency in the PE edge, because an additional lookup is required to determine the ultimate next hop for a packet.When configured, Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 115 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose a summary prefix is advertised instead of a set of component prefixes, which are more specifics of the aggregate. The PE advertises only one label for the aggregate. Because component prefixes could have different next hops to CEs, an additional lookup has to be performed during data forwarding. exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# exit Step 9 Configures a CE neighbor. The ip-address argument must be a private address. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 10.0.0.0 Step 10 remote-as as-number Configures the remote AS for the CE neighbor. Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# remote-as 2 Step 11 Enable Message Digest 5 (MD5) authentication on a TCP connection between two BGP neighbors. password { clear | encrypted } password Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# password encrypted 234xyz Step 12 Configures the CE neighbor to accept and attempt BGP connections to external peers residing on networks that are not directly connected. ebgp-multihop [ ttl-value ] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# ebgp-multihop 55 Step 13 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. Step 14 Do one of the following: • address-family { ipv4 | ipv6 } unicast To see a list of all the possible keywords and arguments for this command, use the CLI help (?). • address-family {ipv4 {unicast | labeled-unicast} | ipv6 unicast} Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 116 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose Configures the site-of-origin (SoO) extended community. Routes that are learned from this CE neighbor are tagged with site-of-origin [ as-number : nn | ip-address : nn ] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# site-of-origin 234:111 Step 15 the SoO extended community before being advertised to the rest of the PEs. SoO is frequently used to detect loops when as-override is configured on the PE router. If the prefix is looped back to the same site, the PE detects this and does not send the update to the CE. Configures AS override on the PE router. This causes the PE router to replace the CE’s ASN with its own (PE) ASN. as-override Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# as-override Step 16 This loss of information could lead to routing loops; to avoid loops caused by as-override, use it in conjunction with site-of-origin. Note Allows an AS path with the PE autonomous system number (ASN) a specified number of times. allowas-in [ as-occurrence-number ] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# allowas-in 5 Step 17 Hub and spoke VPN networks need the looping back of routing information to the HUB PE through the HUB CE. When this happens, due to the presence of the PE ASN, the looped-back information is dropped by the HUB PE. To avoid this, use the allowas-in command to allow prefixes even if they have the PEs ASN up to the specified number of times. Specifies a routing policy for an inbound route. The policy can be used to filter routes or modify route attributes. route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy pe_ce_in_policy in Step 18 Specifies a routing policy for an outbound route. The policy can be used to filter routes or modify route attributes. route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy pe_ce_out_policy out Step 19 Step 20 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 117 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Redistribution of IGPs to BGP Perform this task to configure redistribution of a protocol into the VRF address family. Even if Interior Gateway Protocols (IGPs) are used as the PE-CE protocol, the import logic happens through BGP. Therefore, all IGP routes have to be imported into the BGP VRF table. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 118 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS 1. configure 2. router bgp as-number 3. vrf vrf-name 4. address-family { ipv4 | ipv6 } unicast 5. Do one of the following: • redistribute connected [ metric metric-value ] [ route-policy route-policy-name ] • redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute rip [ metric metric-value ] [ route-policy route-policy-name ] • redistribute static [ metric metric-value ] [ route-policy route-policy-name ] 6. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 vrf vrf-name Enables BGP routing for a particular VRF on the PE router. Example: RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_a Step 3 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 119 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 4 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Configures redistribution of a protocol into the VRF address family context. Step 5 Do one of the following: • redistribute connected [ metric metric-value ] [ route-policy route-policy-name ] The redistribute command is used if BGP is not used between the PE-CE routers. If BGP is used between PE-CE routers, the • redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [ route-policy route-policy-name ] IGP that is used has to be redistributed into BGP to establish VPN connectivity with other PE sites. Redistribution is also required for inter-table import and export. • redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute rip [ metric metric-value ] [ route-policy route-policy-name ] • redistribute static [ metric metric-value ] [ route-policy route-policy-name ] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# redistribute eigrp 23 Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 120 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Keychains for BGP Keychains provide secure authentication by supporting different MAC authentication algorithms and provide graceful key rollover. Perform this task to configure keychains for BGP. This task is optional. If a keychain is configured for a neighbor group or a session group, a neighbor using the group inherits the keychain. Values of commands configured specifically for a neighbor override inherited values. Note SUMMARY STEPS 1. configure 2. router bgp as-number 3. neighbor ip-address 4. remote-as as-number 5. keychain name 6. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 121 Implementing BGP on Cisco ASR 9000 Series Router Configuring Keychains for BGPDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 3 Creates a neighbor and assigns a remote autonomoussystem number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Step 4 keychain name Configures keychain-based authentication. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# keychain kych_a Step 5 Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 122 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring Keychains for BGPCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Disabling a BGP Neighbor Perform this task to administratively shut down a neighbor session without removing the configuration. SUMMARY STEPS 1. configure 2. router bgp as-number 3. neighbor ip-address 4. shutdown 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 127 Step 2 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 123 Implementing BGP on Cisco ASR 9000 Series Router Disabling a BGP NeighborCommand or Action Purpose Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 3 shutdown Disables all active sessions for the specified neighbor. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# shutdown Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-nbr)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Resetting Neighbors Using BGP Inbound Soft Reset Perform this task to trigger an inbound soft reset of the specified address families for the specified group or neighbors. The group is specified by the * , ip-address , as-number , or external keywords and arguments. Resetting neighbors is useful if you change the inbound policy for the neighbors or any other configuration that affects the sending or receiving of routing updates. If an inbound soft reset is triggered, BGP sends a REFRESH request to the neighbor if the neighbor has advertised the ROUTE_REFRESH capability. To determine whether the neighbor has advertised the ROUTE_REFRESH capability, use the show bgp neighbors command. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 124 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Resetting Neighbors Using BGP Inbound Soft ResetSUMMARY STEPS 1. show bgp neighbors 2. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } { * | ip-address | as as-number | external } soft [ in [ prefix-filter ] | out ] DETAILED STEPS Command or Action Purpose Verifies that received route refresh capability from the neighbor is enabled. show bgp neighbors Example: RP/0/RSP0/CPU0:router# show bgp neighbors Step 1 clear bgp { ipv4 { unicast | multicast | all | tunnel } Soft resets a BGP neighbor. | ipv6 unicast | all { unicast | multicast | all | tunnel Step 2 • The * keyword resets all BGP neighbors. } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } { * | ip-address | as as-number | external } soft [ in [ prefix-filter ] | out ] • The ip-address argument specifies the address of the neighbor to be reset. Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast 10.0.0.1 soft in • The as-number argument specifies that all neighbors that match the autonomous system number be reset. • The external keyword specifies that all external neighbors are reset. Resetting Neighbors Using BGP Outbound Soft Reset Perform this task to trigger an outbound soft reset of the specified address families for the specified group or neighbors. The group is specified by the * , ip-address , as-number , or external keywords and arguments. Resetting neighbors is useful if you change the outbound policy for the neighbors or any other configuration that affects the sending or receiving of routing updates. If an outbound soft reset is triggered, BGP resends all routes for the address family to the given neighbors. To determine whether the neighbor has advertised the ROUTE_REFRESH capability, use the show bgp neighbors command. SUMMARY STEPS 1. show bgp neighbors 2. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } { * | ip-address | as as-number | external } soft [ in [ prefix-filter ] | ] Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 125 Implementing BGP on Cisco ASR 9000 Series Router Resetting Neighbors Using BGP Outbound Soft ResetDETAILED STEPS Command or Action Purpose Verifies that received route refresh capability from the neighbor is enabled. show bgp neighbors Example: RP/0/RSP0/CPU0:router# show bgp neighbors Step 1 clear bgp { ipv4 { unicast | multicast | all | tunnel } | Soft resets a BGP neighbor. ipv6 unicast | all { unicast | multicast | all | tunnel Step 2 • The * keyword resets all BGP neighbors. } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } { * | ip-address | as as-number | external } soft [ in [ prefix-filter ] | ] • The ip-address argument specifies the address of the neighbor to be reset. Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast 10.0.0.2 soft out • The as-number argument specifies that all neighbors that match the autonomous system number be reset. • The external keyword specifies that all external neighbors are reset. Resetting Neighbors Using BGP Hard Reset Perform this task to reset neighbors using a hard reset. A hard reset removes the TCP connection to the neighbor, removes all routes received from the neighbor from the BGP table, and then re-establishes the session with the neighbor. If the graceful keyword is specified, the routes from the neighbor are not removed from the BGP table immediately, but are marked as stale. After the session is re-established, any stale route that has not been received again from the neighbor is removed. SUMMARY STEPS 1. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } | { * | ip-address | as as-number | external } [ graceful ] soft [ in [ prefix-filter ] | out ] DETAILED STEPS Command or Action Purpose clear bgp { ipv4 { unicast | multicast | all | tunnel } | Clears a BGP neighbor. ipv6 unicast | all { unicast | multicast | all | tunnel } Step 1 • The * keyword resets all BGP neighbors. | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } | { * | ip-address | as as-number | external } [ graceful ] soft [ in [ prefix-filter ] | out ] • The ip-address argument specifies the address of the neighbor to be reset. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 126 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Resetting Neighbors Using BGP Hard ResetCommand or Action Purpose Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast 10.0.0.3 graceful soft out • The as-number argument specifies that all neighbors that match the autonomous system number be reset. • The external keyword specifies that all external neighbors are reset. The graceful keyword specifies a graceful restart. Clearing Caches, Tables, and Databases Perform this task to remove all contents of a particular cache, table, or database. The clear bgp command resets the sessions of the specified group of neighbors (hard reset); it removes the TCP connection to the neighbor, removes all routes received from the neighbor from the BGP table, and then re-establishes the session with the neighbor. Clearing a cache, table, or database can become necessary when the contents of the particular structure have become, or are suspected to be, invalid. SUMMARY STEPS 1. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } ip-address 2. clear bgp external 3. clear bgp * DETAILED STEPS Command or Action Purpose clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast Clears a specified neighbor. | all { unicast | multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } ip-address Step 1 Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 172.20.1.1 clear bgp external Clears all external peers. Example: RP/0/RSP0/CPU0:router# clear bgp external Step 2 clear bgp * Clears all BGP neighbors. Example: RP/0/RSP0/CPU0:router# clear bgp * Step 3 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 127 Implementing BGP on Cisco ASR 9000 Series Router Clearing Caches, Tables, and DatabasesDisplaying System and Network Statistics Perform thistask to display specific statistics,such asthe contents of BGP routing tables, caches, and databases. Information provided can be used to determine resource usage and solve network problems. You can also display information about node reachability and discover the routing path that the packets of your device are taking through the network. SUMMARY STEPS 1. show bgp cidr-only 2. show bgp community community-list [ exact-match ] 3. show bgp regexp regular-expression 4. show bgp 5. show bgp neighbors ip-address [ advertised-routes | dampened-routes | flap-statistics | performance-statistics | received prefix-filter | routes ] 6. show bgp paths 7. show bgp neighbor-group group-name configuration 8. show bgp summary DETAILED STEPS Command or Action Purpose Displays routes with nonnatural network masks (classless interdomain routing [CIDR]) routes. show bgp cidr-only Example: RP/0/RSP0/CPU0:router# show bgp cidr-only Step 1 show bgp community community-list [ Displays routes that match the specified BGP community. exact-match ] Step 2 Example: RP/0/RSP0/CPU0:router# show bgp community 1081:5 exact-match Displaysroutesthat match the specified autonomoussystem path regular expression. show bgp regexp regular-expression Example: RP/0/RSP0/CPU0:router# show bgp regexp "^3 " Step 3 show bgp Displays entries in the BGP routing table. Example: RP/0/RSP0/CPU0:router# show bgp Step 4 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 128 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Displaying System and Network StatisticsCommand or Action Purpose Displays information about the BGP connection to the specified neighbor. show bgp neighbors ip-address [ advertised-routes | dampened-routes | Step 5 flap-statistics | performance-statistics | received prefix-filter | routes ] • The advertised-routes keyword displays all routes the router advertised to the neighbor. Example: RP/0/RSP0/CPU0:router# show bgp neighbors 10.0.101.1 • The dampened-routes keyword displays the dampened routes that are learned from the neighbor. • The flap-statistics keyword displays flap statistics of the routes learned from the neighbor. • The performance-statistics keyword displays performance statistics relating to work done by the BGP process for this neighbor. • The received prefix-filter keyword and argument display the received prefix list filter. • The routes keyword displays routes learned from the neighbor. show bgp paths Displays all BGP paths in the database. Example: RP/0/RSP0/CPU0:router# show bgp paths Step 6 Displays the effective configuration for a specified neighbor group, including any configuration inherited by this neighbor group. show bgp neighbor-group group-name configuration Example: RP/0/RSP0/CPU0:router# show bgp neighbor-group group_1 configuration Step 7 show bgp summary Displays the status of all BGP connections. Example: RP/0/RSP0/CPU0:router# show bgp summary Step 8 Displaying BGP Process Information Perform this task to display specific BGP process information. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 129 Implementing BGP on Cisco ASR 9000 Series Router Displaying BGP Process InformationSUMMARY STEPS 1. show bgp process 2. show bgp ipv4 unicast summary 3. show bgp vpnv4 unicast summary 4. show bgp vrf ( vrf-name | all } 5. show bgp process detail 6. show bgp summary 7. show placement program bgp 8. show placement program brib DETAILED STEPS Command or Action Purpose Displays status and summary information for the BGP process. The output shows various global and address family-specific BGP show bgp process Example: RP/0/RSP0/CPU0:router# show bgp process Step 1 configurations. A summary of the number of neighbors, update messages, and notification messages sent and received by the process is also displayed. Displays a summary of the neighbors for the IPv4 unicast address family. show bgp ipv4 unicast summary Example: RP/0/RSP0/CPU0:router# show bgp ipv4 unicast summary Step 2 Displays a summary of the neighbors for the VPNv4 unicast address family. show bgp vpnv4 unicast summary Example: RP/0/RSP0/CPU0:router# show bgp vpnv4 unicast summary Step 3 show bgp vrf ( vrf-name | all } Displays BGP VPN virtual routing and forwarding (VRF) information. Example: RP/0/RSP0/CPU0:router# show bgp vrf vrf_A Step 4 Displays detailed process information including the memory used by each of various internal structure types. show bgp process detail Example: RP/0/RSP0/CPU0:router# show bgp processes detail Step 5 show bgp summary Displays the status of all BGP connections. Example: RP/0/RSP0/CPU0:router# show bgp summary Step 6 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 130 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Displaying BGP Process InformationCommand or Action Purpose Step 7 show placement program bgp Displays BGP program information. Example: RP/0/RSP0/CPU0:router# show placement program bgp • If a program isshown as having ‘rejected locations’ (for example, locations where program cannot be placed), the locations in question can be viewed using the show placement program bgp command. • If a program has been placed but not started, the amount of elapsed time since the program was placed is displayed in the Waiting to start column. Step 8 show placement program brib Displays bRIB program information. Example: RP/0/RSP0/CPU0:router# show placement program brib • If a program isshown as having ‘rejected locations’ (for example, locations where program cannot be placed), the locations in question can be viewed using the show placement program bgp command. • If a program has been placed but not started, the amount of elapsed time since the program was placed is displayed in the Waiting to start column. Monitoring BGP Update Groups This task displays information related to the processing of BGP update groups. SUMMARY STEPS 1. show bgp [ ipv4 { unicast | multicast | all | tunnel } | ipv6 { unicast | all } | all { unicast | multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } [ ipv4 unicast ] update-group [ neighbor ip-address | process-id.index [ summary | performance-statistics ]] DETAILED STEPS Command or Action Purpose show bgp [ ipv4 { unicast | multicast | all | Displays information about BGP update groups. tunnel } | ipv6 { unicast | all } | all { unicast | Step 1 • The ip-address argument displays the update groups to which that neighbor belongs. multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } [ ipv4 unicast ] update-group [ neighbor ip-address | process-id.index [ summary | performance-statistics ]] • The process-id.index argument selects a particular update group to display and is specified as follows: process ID (dot) index. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 131 Implementing BGP on Cisco ASR 9000 Series Router Monitoring BGP Update GroupsCommand or Action Purpose Example: RP/0/RSP0/CPU0:router# show bgp update-group 0.0 Process ID range is from 0 to 254. Index range is from 0 to 4294967295. • The summary keyword displays summary information for neighbors in a particular update group. • If no argument is specified, this command displays information for all update groups (for the specified address family). • The performance-statistics keyword displays performance statistics for an update group. Configuring BGP Nonstop Routing Perform this task to configure BGP Nonstop Routing (NSR). SUMMARY STEPS 1. configure 2. router bgp as-number 3. nsr 4. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the BGP AS number, and enters the BGP configuration mode, for configuring BGP routing processes. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Step 3 nsr Activates BGP Nonstop routing. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 132 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Nonstop RoutingCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-bgp)# nsr BGP supports 5000 NSR sessions. Note Step 4 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting (yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Installing Primary Backup Path for Prefix Independent Convergence (PIC) Perform the following tasks to install a backup path into the forwarding table and provide prefix independent convergence (PIC) in case of a PE-CE link failure: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 133 Implementing BGP on Cisco ASR 9000 Series Router Installing Primary Backup Path for Prefix Independent Convergence (PIC)SUMMARY STEPS 1. configure 2. router bgp as-number 3. Do one of the following • address-family {vpnv4 unicast | vpnv6 unicast} • vrf vrf-name {ipv4 unicast | ipv6 unicast} 4. additional-paths selection route-policy route-policy-name 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifiesthe autonomoussystem number and entersthe BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 100 Step 2 Specifies the address family or VRF address family and enters the address family or VRF address family configuration submode. Step 3 Do one of the following • address-family {vpnv4 unicast | vpnv6 unicast} • vrf vrf-name {ipv4 unicast | ipv6 unicast} Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 134 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Installing Primary Backup Path for Prefix Independent Convergence (PIC)Command or Action Purpose Configures additional paths selection mode for a prefix. Use the additional-pathsselection command with an appropriate route-policy to calculate backup paths and to enable Prefix Independent Convergence (PIC) functionality. Note additional-paths selection route-policy route-policy-name Example: RP/0/RSP0/CPU0:router(config-bgp-af)# additional-paths selection route-policy ap1 Step 4 The route-policy configuration is a pre-requisite for configuring the additional-pathsselection mode for a prefix . Thisis an example route-policy configuration to use with additional-selection command: route-policy ap1 set path-selection backup 1 install end-policy Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Retaining Allocated Local Label for Primary Path Perform the following tasks to retain the previously allocated local label for the primary path on the primary PE for some configurable time after reconvergence: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 135 Implementing BGP on Cisco ASR 9000 Series Router Retaining Allocated Local Label for Primary PathSUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { vpnv4 unicast | vpnv6 unicast } 4. retain local-label minutes 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 100 Step 2 Specifies the address family and enters the address family configuration submode. address-family { vpnv4 unicast | vpnv6 unicast } Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast Step 3 Retains the previously allocated local label for the primary path on the primary PE for 10 minutes after reconvergence. retain local-label minutes Example: RP/0/RSP0/CPU0:router(config-bgp-af)# retain local-label 10 Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting (yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 136 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Retaining Allocated Local Label for Primary PathCommand or Action Purpose ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session Configuring BGP Additional Paths Perform these tasks to configure BGP Additional Paths capability: SUMMARY STEPS 1. configure 2. route-policy route-policy-name 3. if conditional-expression then action-statement else 4. pass endif 5. end-policy 6. router bgp as-number 7. address-family {ipv4 {unicast | multicast} | ipv6 {unicast | multicast | l2vpn vpls-vpws| vpnv4 unicast | vpnv6 unicast } 8. additional-paths receive 9. additional-paths send 10. additional-paths selection route-policy route-policy-name 11. Use one of these commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 137 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Additional PathsDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Defines the route policy and enters route-policy configuration mode. route-policy route-policy-name Example: RP/0/RSP0/CPU0:router (config)#route-policy add_path_policy Step 2 if conditional-expression then action-statement else Decidesthe actions and dispositionsfor the given route. Example: RP/0/RSP0/CPU0:router (config-rpl)#if community matches-any (*) then Step 3 set path-selection all advertise else pass endif Passesthe route for processing and endsthe ifstatement. Example: RP/0/RSP0/CPU0:router(config-rpl-else)#pass RP/0/RSP0/CPU0:router(config-rpl-else)#endif Step 4 Ends the route policy definition of the route policy and exits route-policy configuration mode. end-policy Example: RP/0/RSP0/CPU0:router(config-rpl)#end-policy Step 5 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)#router bgp 100 Step 6 Specifies the address family and enters address family configuration submode. address-family {ipv4 {unicast | multicast} | ipv6 {unicast | multicast | l2vpn vpls-vpws | vpnv4 unicast | vpnv6 unicast } Step 7 Example: RP/0/RSP0/CPU0:router(config-bgp)#address-family ipv4 unicast Configures receive capability of multiple paths for a prefix to the capable peers. additional-paths receive Example: RP/0/RSP0/CPU0:router(config-bgp-af)#additional-paths receive Step 8 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 138 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Additional PathsCommand or Action Purpose Configuressend capability of multiple pathsfor a prefix to the capable peers . additional-paths send Example: RP/0/RSP0/CPU0:router(config-bgp-af)#additional-paths send Step 9 Configures additional paths selection capability for a prefix. additional-paths selection route-policy route-policy-name Example: RP/0/RSP0/CPU0:router(config-bgp-af)#additional-paths selection route-policy add_path_policy Step 10 Step 11 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the or RP/0/RSP0/CPU0:router(config)# commit configuration session, and returnsthe router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Configuring iBGP Multipath Load Sharing Perform this task to configure the iBGP Multipath Load Sharing: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 139 Implementing BGP on Cisco ASR 9000 Series Router Configuring iBGP Multipath Load SharingSUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family {ipv4|ipv6} {unicast|multicast} 4. maximum-paths ibgp number 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 100 Step 2 Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. address-family {ipv4|ipv6} {unicast|multicast} Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 multicast Step 3 Configures the maximum number of iBGP paths for load sharing. maximum-paths ibgp number Example: RP/0/RSP0/CPU0:router(config-bgp-af)# maximum-paths ibgp 30 Step 4 Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 140 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring iBGP Multipath Load SharingCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Originating Prefixes with AiGP Perform this task to configure origination of routes with the AiGP metric: Before You Begin Origination of routes with the accumulated interior gateway protocol (AiGP) metric is controlled by configuration. AiGP attributes are attached to redistributed routes that satisfy following conditions: • The protocol redistributing the route is enabled for AiGP. • The route is an interior gateway protocol (iGP) route redistributed into border gateway protocol (BGP). The value assigned to the AiGP attribute is the value of iGP next hop to the route or as set by a route-policy. • The route is a static route redistributed into BGP. The value assigned is the value of next hop to the route or as set by a route-policy. • The route is imported into BGP through network statement. The value assigned is the value of next hop to the route or as set by a route-policy. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 141 Implementing BGP on Cisco ASR 9000 Series Router Originating Prefixes with AiGPSUMMARY STEPS 1. configure 2. route-policy aigp_policy 3. set aigp-metricigp-cost 4. exit 5. router bgp as-number 6. address-family {ipv4 | ipv6} unicast 7. redistribute ospf osp route-policy plcy_namemetric value 8. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters route-policy configuration mode and sets the route-policy route-policy aigp_policy Example: RP/0/RSP0/CPU0:router(config)# route-policy aip_policy Step 2 set aigp-metricigp-cost Sets the internal routing protocol cost as the aigp metric. Example: RP/0/RSP0/CPU0:router(config-rpl)# set aigp-metric igp-cost Step 3 exit Exits route-policy configuration mode. Example: RP/0/RSP0/CPU0:router(config-rpl)# exit Step 4 Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 100 Step 5 Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. address-family {ipv4 | ipv6} unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast Step 6 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 142 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Originating Prefixes with AiGPCommand or Action Purpose redistribute ospf osp route-policy plcy_namemetric value Allows the redistribution of AiBGP metric into OSPF. Example: RP/0/RSP0/CPU0:router(config-bgp-af)#redistribute ospf osp route-policy aigp_policy metric 1 Step 7 Step 8 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Enabling BGP Unequal Cost Recursive Load Balancing Perform this task to enable unequal cost recursive load balancing for external BGP (eBGP), interior BGP (iBGP), and eiBGP and to enable BGP to carry link bandwidth attribute of the demilitarized zone (DMZ) link. When the PE router includes the link bandwidth extended community in its updates to the remote PE through the Multiprotocol Interior BGP (MP-iBGP)session (either IPv4 or VPNv4), the remote PE automatically does load balancing if the maximum-paths command is enabled. Unequal cost recursive load balancing happens across maximum eight paths only. Note Enabling BGP unequal cost recursive load balancing feature is not supported on CPP based cards. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 143 Implementing BGP on Cisco ASR 9000 Series Router Enabling BGP Unequal Cost Recursive Load BalancingSUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. maximum-paths { ebgp | ibgp | eibgp } maximum [ unequal-cost ] 5. exit 6. neighbor ip-address 7. dmz-link-bandwidth 8. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Configures the maximum number of parallel routes that BGP installs in the routing table. maximum-paths { ebgp | ibgp | eibgp } maximum [ unequal-cost ] Step 4 Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# maximum-paths ebgp 3 Valid values for maximum-paths are eight, inclusive. Note • ebgp maximum : Consider only eBGP paths for multipath. • ibgp maximum [ unequal-cost ]: Consider load balancing between iBGP learned paths. • eibgp maximum : Consider both eBGP and iBGP learned pathsfor load balancing. eiBGP load balancing always does unequal-cost load balancing. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 144 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Enabling BGP Unequal Cost Recursive Load BalancingCommand or Action Purpose When eiBGP is applied, eBGP or iBGP load balancing cannot be configured; however, eBGP and iBGP load balancing can coexist. exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# exit Step 5 Configures a CE neighbor. The ip-address argument must be a private address. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 10.0.0.0 Step 6 Originates a demilitarized-zone (DMZ) link-bandwidth extended community for the link to an eBGP/iBGP neighbor. dmz-link-bandwidth Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# dmz-link-bandwidth Step 7 Step 8 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 145 Implementing BGP on Cisco ASR 9000 Series Router Enabling BGP Unequal Cost Recursive Load BalancingConfiguring RPKI Cache Perform this task to configure Resource Public Key Infrastructure (RPKI) cache parameters. Configure the RPKI cache configuration in rpki-cache submode under the router-bgp submode. Use the rpki cache ip_addres command to enter into the rpki-cache submode SUMMARY STEPS 1. configure 2. router bgp as-number 3. rpki cache {host-name | ip-address} 4. Use one of these commands: • transport ssh port port_number • transport tcp port port_number 5. (Optional) username user_name 6. (Optional) password 7. preference preference_value 8. purge-time time 9. Use one of these commands. • refresh-time time • refresh-time off 10. Use one these commands. • response-time time • response-time off 11. shutdown 12. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 146 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring RPKI CacheCommand or Action Purpose Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)#router bgp 100 Step 2 Entersrpki-cache submode and enables configuration of RPKI cache parameters. rpki cache {host-name | ip-address} Example: RP/0/RSP0/CPU0:router(config-bgp)#rpki cache 10.2.3.4 Step 3 Step 4 Use one of these commands: Specifies a transport method for the RPKI cache. • ssh—Select ssh to connect to the RPKI cache using SSH. • transport ssh port port_number • transport tcp port port_number • tcp—Select tcp to connect to the RPKI cache using TCP (unencrypted). Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#transport ssh port 1 • port port_number—Specify a port number for the specified RPKI cache transport. Range for the port number is 1 to 65535 for both ssh and tcp. Or RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#transport tcp port 2 You can set the transport to either tcp or ssh. Change of transport causes the cache session to flap. Note (Optional) Specifies a (SSH) username for the RPKI cache. username user_name Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#username ssh_rpki_cache Step 5 (Optional) Specifies a (SSH) password for the RPKI cache. password Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#password ssh_rpki_pass Step 6 The “username” and “password” configurations only apply if the SSH method of transport is active. Note Specifies a preference value for the RPKI cache. Range for the preference value is 1 to 10. Setting a lower preference value is better. preference preference_value Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#preference 1 Step 7 Configures the time BGP waits to keep routes from a cache after the cache session drops. Set purge time purge-time time Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#purge-time 30 Step 8 in seconds. Range for the purge time is 30 to 360 seconds. Configures the time BGP waits in between sending periodic serial queries to the cache. Set refresh-time Step 9 Use one of these commands. • refresh-time time in seconds. Range for the refresh time is 15 to 3600 • refresh-time off seconds. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 147 Implementing BGP on Cisco ASR 9000 Series Router Configuring RPKI CacheCommand or Action Purpose Configure the off option to specify not to send serial-queries periodically. Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#refresh-time 20 Or RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#refresh-time off Configures the time BGP waits for a response after sending a serial or reset query. Set response-time in Step 10 Use one these commands. • response-time time seconds. Range for the response time is 15 to 3600 • response-time off seconds. Configure the off option to wait indefinitely for a response. Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#response-time 30 Or RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#response-time off shutdown Configures shut down of the RPKI cache. Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#shutdown Step 11 Step 12 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them • commit Example: RP/0/RSP0/CPU0:router(config)# end before exiting(yes/no/cancel)? [cancel]: ? Entering yessaves configuration changes to the running configuration file, exits or RP/0/RSP0/CPU0:router(config)# commit the configuration session, and returnsthe router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 148 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring RPKI CacheCommand or Action Purpose configuration file and remain within the configuration session. Configuring RPKI Prefix Validation Perform this task to control the behavior of RPKI prefix validation processing. • SUMMARY STEPS 1. configure 2. router bgp as-number 3. Use one of these commands. • rpki origin-as validation disable • rpki origin-as validation time {off | prefix_validation_time 4. origin-as validity signal ibgp 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)#router bgp 100 Step 2 Step 3 Use one of these commands. Sets the BGP origin-AS validation parameters. • rpki origin-as validation disable • disable—Use disable option to disable RPKI origin-AS validation. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 149 Implementing BGP on Cisco ASR 9000 Series Router Configuring RPKI Prefix ValidationCommand or Action Purpose • time—Use time option to eitherset prefix validation time (in seconds) or to set off the automatic prefix validation after an RPKI update. • rpki origin-as validation time {off | prefix_validation_time Range for prefix validation time is 5 to 60 seconds. Example: RP/0/RSP0/CPU0:router(config-bgp)#rpki origin-as validation disable Configuring the disable option disables prefix validation for all eBGP paths and all eBGP paths are marked as "valid" by default. The rpki origin-as validation options can also configured in neighbor and neighbor address family submodes. The neighbor must be an ebgp neighbor. If configured at the neighbor or neighor address family level, prefix validation disable or time options will be valid only for that specific neighbor or neighbor address family. Note Or RP/0/RSP0/CPU0:router(config-bgp)#rpki origin-as validation time 50 Or RP/0/RSP0/CPU0:router(config-bgp)#rpki origin-as validation time off Step 4 origin-as validity signal ibgp Enablesthe iBGP signaling of validity state through an extended-community. Example: RP/0/RSP0/CPU0:router(config-bgp)#rpki origin-as validity signal ibgp This can also be configured in global address family submode. Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring RPKI Bestpath Computation Perform this task to configure RPKI bestpath computation options. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 150 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring RPKI Bestpath ComputationSUMMARY STEPS 1. configure 2. router bgp as-number 3. rpki bestpath use origin-as validity 4. rpki bestpath origin-as allow invalid 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)#router bgp 100 Step 2 Enables the validity states of BGP paths to affect the path's preference in the BGP bestpath process. This configuration can also be done in router BGP address family submode. rpki bestpath use origin-as validity Example: RP/0/RSP0/CPU0:router(config-bgp)#rpki bestpath use origin-as validity Step 3 Allows all "invalid" paths to be considered for BGP bestpath computation. This configuration can also be done at global address family, neighbor, and neighbor address family submodes. Configuring rpki bestpath origin-as allow invalid in router BGP and address family submodes allow all "invalid" paths to be considered for BGP bestpath computation. By default, all such paths are not bestpath candidates. Configuring pki bestpath origin-as allow invalid in neighbor and neighbor addressfamily submodes allow all "invalid" paths from that specific neighbor or neighbor address family to be considered as bestpath candidates. The neighbor must be an eBGP neighbor. Note rpki bestpath origin-as allow invalid Example: RP/0/RSP0/CPU0:router(config-bgp)#rpki bestpath origin-as allow invalid Step 4 This configuration takes effect only when the rpki bestpath use origin-as validity configuration is enabled. Step 5 Use one of these commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 151 Implementing BGP on Cisco ASR 9000 Series Router Configuring RPKI Bestpath ComputationCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuration Examples for Implementing BGP This section provides the following configuration examples: Enabling BGP: Example The following shows how to enable BGP. prefix-set static 2020::/64, 2012::/64, 10.10.0.0/16, 10.2.0.0/24 end-set route-policy pass-all pass end-policy route-policy set_next_hop_agg_v4 set next-hop 10.0.0.1 end-policy route-policy set_next_hop_static_v4 if (destination in static) then set next-hop 10.1.0.1 else drop endif end-policy route-policy set_next_hop_agg_v6 set next-hop 2003::121 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 152 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuration Examples for Implementing BGPend-policy route-policy set_next_hop_static_v6 if (destination in static) then set next-hop 2011::121 else drop endif end-policy router bgp 65000 bgp fast-external-fallover disable bgp confederation peers 65001 65002 bgp confederation identifier 1 bgp router-id 1.1.1.1 address-family ipv4 unicast aggregate-address 10.2.0.0/24 route-policy set_next_hop_agg_v4 aggregate-address 10.3.0.0/24 redistribute static route-policy set_next_hop_static_v4 address-family ipv4 multicast aggregate-address 10.2.0.0/24 route-policy set_next_hop_agg_v4 aggregate-address 10.3.0.0/24 redistribute static route-policy set_next_hop_static_v4 address-family ipv6 unicast aggregate-address 2012::/64 route-policy set_next_hop_agg_v6 aggregate-address 2013::/64 redistribute static route-policy set_next_hop_static_v6 address-family ipv6 multicast aggregate-address 2012::/64 route-policy set_next_hop_agg_v6 aggregate-address 2013::/64 redistribute static route-policy set_next_hop_static_v6 neighbor 10.0.101.60 remote-as 65000 address-family ipv4 unicast address-family ipv4 multicast neighbor 10.0.101.61 remote-as 65000 address-family ipv4 unicast address-family ipv4 multicast neighbor 10.0.101.62 remote-as 3 address-family ipv4 unicast route-policy pass-all in route-policy pass-all out address-family ipv4 multicast route-policy pass-all in route-policy pass-all out neighbor 10.0.101.64 remote-as 5 update-source Loopback0 address-family ipv4 unicast route-policy pass-all in route-policy pass-all out address-family ipv4 multicast route-policy pass-all in route-policy pass-all out Displaying BGP Update Groups: Example The following is sample output from the show bgp update-group command run in EXEC mode: RP/0/RSP0/CPU0:router# show bgp update-group Update group for IPv4 Unicast, index 0.1: Attributes: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 153 Implementing BGP on Cisco ASR 9000 Series Router Displaying BGP Update Groups: ExampleOutbound Route map:rm Minimum advertisement interval:30 Messages formatted:2, replicated:2 Neighbors in this update group: 10.0.101.92 Update group for IPv4 Unicast, index 0.2: Attributes: Minimum advertisement interval:30 Messages formatted:2, replicated:2 Neighbors in this update group: 10.0.101.91 BGP Neighbor Configuration: Example The following example shows how BGP neighbors on an autonomous system are configured to share information. In the example, a BGP router is assigned to autonomous system 109, and two networks are listed as originating in the autonomous system. Then the addresses of three remote routers (and their autonomous systems) are listed. The router being configured shares information about networks 172 .16 .0.0 and 192.168 .7.0 with the neighbor routers. The first router listed is in a different autonomous system; the second neighbor and remote-as commandsspecify an internal neighbor (with the same autonomoussystem number) at address 172 .26 .234.2; and the third neighbor and remote-as commandsspecify a neighbor on a different autonomous system. route-policy pass-all pass end-policy router bgp 109 address-family ipv4 unicast network 172 .16 .0.0 255.255 .0.0 network 192.168 .7.0 255.255 .0.0 neighbor 172 .16 .200.1 remote-as 167 exit address-family ipv4 unicast route-policy pass-all in route-policy pass-out out neighbor 172 .26 .234.2 remote-as 109 exit address-family ipv4 unicast neighbor 172 .26 .64.19 remote-as 99 exit address-family ipv4 unicast route-policy pass-all in route-policy pass-all out Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 154 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Neighbor Configuration: ExampleBGP Confederation: Example The following is a sample configuration thatshowsseveral peersin a confederation. The confederation consists of three internal autonomous systems with autonomous system numbers 6001, 6002, and 6003. To the BGP speakers outside the confederation, the confederation lookslike a normal autonomoussystem with autonomous system number 666 (specified using the bgp confederation identifier command). In a BGP speaker in autonomous system 6001, the bgp confederation peers command marks the peers from autonomous systems 6002 and 6003 as special eBGP peers. Hence, peers 171.16 .232.55 and 171.16 .232.56 get the local preference, next hop, and MED unmodified in the updates. The router at 171 .19 .69.1 is a normal eBGP speaker, and the updates received by it from this peer are just like a normal eBGP update from a peer in autonomous system 666. router bgp 6001 bgp confederation identifier 666 bgp confederation peers 6002 6003 exit address-family ipv4 unicast neighbor 171.16 .232.55 remote-as 6002 exit address-family ipv4 unicast neighbor 171.16 .232.56 remote-as 6003 exit address-family ipv4 unicast neighbor 171 .19 .69.1 remote-as 777 In a BGP speaker in autonomous system 6002, the peers from autonomous systems 6001 and 6003 are configured as special eBGP peers. Peer 171 .17 .70.1 is a normal iBGP peer, and peer 199.99.99.2 is a normal eBGP peer from autonomous system 700. router bgp 6002 bgp confederation identifier 666 bgp confederation peers 6001 6003 exit address-family ipv4 unicast neighbor 171 .17 .70.1 remote-as 6002 exit address-family ipv4 unicast neighbor 171.19 .232.57 remote-as 6001 exit address-family ipv4 unicast neighbor 171.19 .232.56 remote-as 6003 exit address-family ipv4 unicast neighbor 171 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 155 Implementing BGP on Cisco ASR 9000 Series Router BGP Confederation: Example.19 .99.2 remote-as 700 exit address-family ipv4 unicast route-policy pass-all in route-policy pass-all out In a BGP speaker in autonomous system 6003, the peers from autonomous systems 6001 and 6002 are configured as special eBGP peers. Peer 192 .168 .200.200 is a normal eBGP peer from autonomous system 701. router bgp 6003 bgp confederation identifier 666 bgp confederation peers 6001 6002 exit address-family ipv4 unicast neighbor 171.19 .232.57 remote-as 6001 exit address-family ipv4 unicast neighbor 171.19 .232.55 remote-as 6002 exit address-family ipv4 unicast neighbor 192 .168 .200.200 remote-as 701 exit address-family ipv4 unicast route-policy pass-all in route-policy pass-all out The following is a part of the configuration from the BGP speaker 192 .168 .200.205 from autonomoussystem 701 in the same example. Neighbor 171.16 .232.56 is configured as a normal eBGP speaker from autonomous system 666. The internal division of the autonomous system into multiple autonomous systems is not known to the peers external to the confederation. router bgp 701 address-family ipv4 unicast neighbor 172 .16 .232.56 remote-as 666 exit address-family ipv4 unicast route-policy pass-all in route-policy pass-all out exit address-family ipv4 unicast neighbor 192 .168 .200.205 remote-as 701 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 156 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Confederation: ExampleBGP Route Reflector: Example The following example shows how to use an address family to configure internal BGP peer 10.1.1.1 as a route reflector client for both unicast and multicast prefixes: router bgp 140 address-family ipv4 unicast neighbor 10.1.1.1 remote-as 140 address-family ipv4 unicast route-reflector-client exit address-family ipv4 multicast route-reflector-client BGP Nonstop Routing Configuration: Example The following example shows how to enable BGP NSR: RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)# nsr RP/0/RSP0/CPU0:router(config-bgp)# end The following example shows how to disable BGP NSR: RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)# no nsr RP/0/RSP0/CPU0:router(config-bgp)# end Primary Backup Path Installation: Example The following example shows how to enable installation of primary backup path: router bgp 120 address-family ipv4 unicast additional-paths receive additional-paths send additional-paths selection route-policy bgp_add_path ! ! end Allocated Local Label Retention: Example The following example shows how to retain the previously allocated local label for the primary path on the primary PE for 10 minutes after reconvergence: router bgp 100 address-family l2vpn vpls-vpws retain local-label 10 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 157 Implementing BGP on Cisco ASR 9000 Series Router BGP Route Reflector: Exampleend iBGP Multipath Loadsharing Configuration: Example The following is a sample configuration where 30 paths are used for loadsharing: router bgp 100 address-family ipv4 multicast maximum-paths ibgp 30 ! ! end Configuring BGP Additional Paths: Example This is a sample configuration for enabling BGP Additional Paths send, receive, and selcetion capabilities: route-policy add_path_policy if community matches-any (*) then set path-selection all advertise else pass endif end-policy ! router bgp 100 address-family ipv4 unicast additional-paths receive additional-paths send additional-paths selection route-policy add_path_policy ! ! end Originating Prefixes With AiGP: Example The following is a sample configuration for originating prefixes with the AiGP metric attribute: route-policy aigp-policy set aigp-metric 4 set aigp-metric igp-cost end-policy ! router bgp 100 address-family ipv4 unicast network 10.2.3.4/24 route-policy aigp-policy redistribute ospf osp1 metric 4 route-policy aigp-policy ! ! end Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 158 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router iBGP Multipath Loadsharing Configuration: ExampleBGP Unequal Cost Recursive Load Balancing: Example This is a sample configuration for unequal cost recursive load balancing: interface Loopback0 ipv4 address 20.20.20.20 255.255.255.255 ! interface MgmtEth0/RSP0/CPU0/0 ipv4 address 8.43.0.10 255.255.255.0 ! interface TenGigE0/3/0/0 bandwidth 8000000 ipv4 address 11.11.11.11 255.255.255.0 ipv6 address 11:11:0:1::11/64 ! interface TenGigE0/3/0/1 bandwidth 7000000 ipv4 address 11.11.12.11 255.255.255.0 ipv6 address 11:11:0:2::11/64 ! interface TenGigE0/3/0/2 bandwidth 6000000 ipv4 address 11.11.13.11 255.255.255.0 ipv6 address 11:11:0:3::11/64 ! interface TenGigE0/3/0/3 bandwidth 5000000 ipv4 address 11.11.14.11 255.255.255.0 ipv6 address 11:11:0:4::11/64 ! interface TenGigE0/3/0/4 bandwidth 4000000 ipv4 address 11.11.15.11 255.255.255.0 ipv6 address 11:11:0:5::11/64 ! interface TenGigE0/3/0/5 bandwidth 3000000 ipv4 address 11.11.16.11 255.255.255.0 ipv6 address 11:11:0:6::11/64 ! interface TenGigE0/3/0/6 bandwidth 2000000 ipv4 address 11.11.17.11 255.255.255.0 ipv6 address 11:11:0:7::11/64 ! interface TenGigE0/3/0/7 bandwidth 1000000 ipv4 address 11.11.18.11 255.255.255.0 ipv6 address 11:11:0:8::11/64 ! interface TenGigE0/4/0/0 description CONNECTED TO IXIA 1/3 transceiver permit pid all ! interface TenGigE0/4/0/2 ipv4 address 9.9.9.9 255.255.0.0 ipv6 address 9:9::9/64 ipv6 enable ! route-policy pass-all pass end-policy ! router static address-family ipv4 unicast 202.153.144.0/24 8.43.0.1 ! ! Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 159 Implementing BGP on Cisco ASR 9000 Series Router BGP Unequal Cost Recursive Load Balancing: Examplerouter bgp 100 bgp router-id 20.20.20.20 address-family ipv4 unicast maximum-paths eibgp 8 redistribute connected ! neighbor 11.11.11.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! neighbor 11.11.12.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! neighbor 11.11.13.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! neighbor 11.11.14.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! neighbor 11.11.15.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! neighbor 11.11.16.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! neighbor 11.11.17.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! neighbor 11.11.18.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! ! end Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 160 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Unequal Cost Recursive Load Balancing: ExampleWhere to Go Next For detailed information about BGP commands, see Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference Additional References The following sections provide references related to implementing BGP. Related Documents Related Topic Document Title Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference BGP commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference Cisco Express Forwarding (CEF) commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide MPLS VPN configuration information. Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide and Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference Bidirectional Forwarding Detection (BFD) Configuring AAA Services on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Task ID information. Standards Standards Title Authentication for TCP-based Routing and Management Protocols, by R. Bonica, B. Weis, S. Viswanathan, A. Lange, O. Wheeler draft-bonica-tcp-auth-05.txt A Border Gateway Protocol 4, by Y. Rekhter, T.Li, S. Hares draft-ietf-idr-bgp4-26.txt Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 161 Implementing BGP on Cisco ASR 9000 Series Router Where to Go NextStandards Title Definitions of Managed Objects for the Fourth Version of Border Gateway Protocol (BGP-4), by J. Hass and S. Hares draft-ietf-idr-bgp4-mib-15.txt Subcodes for BGP Cease Notification Message, by Enke Chen, V. Gillet draft-ietf-idr-cease-subcode-05.txt Avoid BGP Best Path Transitions from One External to Another, by Enke Chen, Srihari Sangli draft-ietf-idr-avoid-transition-00.txt BGP Support for Four-octet AS Number Space, by Quaizar Vohra, Enke Chen draft-ietf-idr-as4bytes-12.txt MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — RFCs RFCs Title RFC 1700 Assigned Numbers RFC 1997 BGP Communities Attribute Protection of BGP Sessions via the TCP MD5 Signature Option RFC 2385 RFC 2439 BGP Route Flap Damping Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing RFC 2545 BGP Route Reflection - An Alternative to Full Mesh IBGP RFC 2796 RFC 2858 Multiprotocol Extensions for BGP-4 RFC 2918 Route Refresh Capability for BGP-4 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 162 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Additional ReferencesRFCs Title RFC 3065 Autonomous System Confederations for BGP RFC 3392 Capabilities Advertisement with BGP-4 RFC 4271 A Border Gateway Protocol 4 (BGP-4) RFC 4364 BGP/MPLS IP Virtual Private Networks (VPNs) RFC 4724 Graceful Restart Mechanism for BGP Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 163 Implementing BGP on Cisco ASR 9000 Series Router Additional References Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 164 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 2 Implementing EIGRP on Cisco ASR 9000 Series Router The Enhanced Interior Gateway Routing Protocol (EIGRP) is an enhanced version of IGRP developed by Cisco. This module describes the concepts and tasks you need to implement basic EIGRP configuration using Cisco IOS XR software. EIGRP uses distance vector routing technology, which specifies that a router need not know all the router and link relationships for the entire network. Each router advertises destinations with a corresponding distance and upon receiving routes, adjuststhe distance and propagatesthe information to neighboring routes. For EIGRP configuration information related to the following features, see the Related Documents, on page 203 section of this module. • Multiprotocol Label Switching (MPLS) Layer 3 Virtual Private Network (VPN) • Site of Origin (SoO) Support For more information about EIGRP on the Cisco IOS XR software and complete descriptions of the EIGRP commandslisted in this module,see the Related Documents, on page 203 section of this module. To locate documentation for other commands that might appear while executing a configuration task, search online in the Cisco IOS XR software master command index. Note Feature History for Implementing EIGRP on Cisco ASR 9000 Series Router Software Release Modification Release 3.7.2 This feature was introduced. Release 3.9.0 No modification. • Prerequisites for Implementing EIGRP, page 166 • Restrictions for Implementing EIGRP , page 166 • Information About Implementing EIGRP, page 166 • How to Implement EIGRP , page 177 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 165• Configuration Examples for Implementing EIGRP , page 201 • Additional References, page 203 Prerequisites for Implementing EIGRP You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Restrictions for Implementing EIGRP The following restrictions are employed when running EIGRP on this version of Cisco IOS XR software: • Only one instance of an EIGRP process is supported. • Bidirectional Forwarding Detection (BFD) feature and the Simple Network Management Protocol (SNMP) MIB are not supported. • Interface static routes are not automatically redistributed into EIGRP, because there are no network commands. • Metric configuration (either through the default-metric command or a route policy) is required for redistribution of connected and static routes. • Auto summary is disabled by default. • Stub leak maps are not supported. Information About Implementing EIGRP To implement EIGRP, you need to understand the following concepts: EIGRP Functional Overview Enhanced Interior Gateway Routing Protocol (EIGRP) is an interior gateway protocolsuited for many different topologies and media. EIGRP scales well and provides extremely quick convergence times with minimal network traffic. EIGRP has very low usage of network resources during normal operation. Only hello packets are transmitted on a stable network. When a change in topology occurs, only the routing table changes are propagated and not the entire routing table. Propagation reduces the amount of load the routing protocol itself places on the network. EIGRP also provides rapid convergence times for changes in the network topology. The distance information in EIGRP isrepresented as a composite of available bandwidth, delay, load utilization, and link reliability with improved convergence properties and operating efficiency. The fine-tuning of link characteristics achieves optimal paths. The convergence technology that EIGRP usesis based on research conducted at SRI International and employs an algorithm referred to as the Diffusing Update Algorithm (DUAL). This algorithm guarantees loop-free Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 166 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Prerequisites for Implementing EIGRPoperation at every instant throughout a route computation and allows all devicesinvolved in a topology change to synchronize at the same time. Routers that are not affected by topology changes are not involved in recomputations. The convergence time with DUAL rivals that of any other existing routing protocol. EIGRP Features EIGRP offers the following features: • Fast convergence—The DUAL algorithm allows routing information to converge as quickly as any currently available routing protocol. • Partial updates—EIGRP sends incremental updates when the state of a destination changes, instead of sending the entire contents of the routing table. Thisfeature minimizesthe bandwidth required for EIGRP packets. • Neighbor discovery mechanism—This is a simple hello mechanism used to learn about neighboring routers. It is protocol independent. • Variable-length subnet masks (VLSMs). • Arbitrary route summarization. • Scaling—EIGRP scales to large networks. The following key features are supported in the Cisco IOS XR implementation: • Provider Edge (PE)-Customer Edge (CE) protocolsupport with Site of Origin (SoO) and Border Gateway Protocol (BGP) cost community support. • PECE protocol support for MPLS. EIGRP Components EIGRP has the following four basic components: • Neighbor discovery or neighbor recovery • Reliable transport protocol • DUAL finite state machine • Protocol-dependent modules Neighbor discovery or neighbor recovery is the process that routers use to dynamically learn of other routers on their directly attached networks. Routers must also discover when their neighbors become unreachable or inoperative. Neighbor discovery or neighbor recovery is achieved with low overhead by periodically sending small hello packets. As long as hello packets are received, the Cisco IOS XR software can determine that a neighbor is alive and functioning. After this status is determined, the neighboring routers can exchange routing information. The reliable transport protocol isresponsible for guaranteed, ordered delivery of EIGRP packetsto all neighbors. It supports intermixed transmission of multicast and unicast packets. Some EIGRP packets must be sent reliably and others need not be. For efficiency, reliability is provided only when necessary. For example, on a multiaccess network that has multicast capabilities (such as Ethernet) it is not necessary to send hello packets reliably to all neighbors individually. Therefore, EIGRP sends a single multicast hello with an indication in Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 167 Implementing EIGRP on Cisco ASR 9000 Series Router EIGRP Featuresthe packet informing the receivers that the packet need not be acknowledged. Other types of packets (such as updates) require acknowledgment, which is indicated in the packet. The reliable transport has a provision to send multicast packets quickly when unacknowledged packets are pending. This provision helps to ensure that convergence time remains low in the presence of various speed links. The DUAL finite state machine embodies the decision process for all route computations. It tracks all routes advertised by all neighbors. DUAL uses the distance information (known as a metric) to select efficient, loop-free paths. DUAL selectsroutesto be inserted into a routing table based on a calculation of the feasibility condition. A successor is a neighboring router used for packet forwarding that has a least-cost path to a destination that is guaranteed not to be part of a routing loop. When there are no feasible successors but there are neighbors advertising the destination, a recomputation must occur. This is the process whereby a new successor is determined. The amount of time required to recompute the route affects the convergence time. Recomputation is processor intensive; it is advantageous to avoid unneeded recomputation. When a topology change occurs, DUAL testsfor feasible successors. If there are feasible successors, it uses any it findsto avoid unnecessary recomputation. The protocol-dependent modules are responsible for network layer protocol-specific tasks. An example is the EIGRP module, which is responsible for sending and receiving EIGRP packets that are encapsulated in IP. It is also responsible for parsing EIGRP packets and informing DUAL of the new information received. EIGRP asks DUAL to make routing decisions, but the results are stored in the IP routing table. EIGRP is also responsible for redistributing routes learned by other IP routing protocols. EIGRP Configuration Grouping Cisco IOS XR software groups all EIGRP configuration under router EIGRP configuration mode, including interface configuration portions associated with EIGRP. To display EIGRP configuration in its entirety, use the show running-config router eigrp command. The command output displays the running configuration for the configured EIGRP instance, including the interface assignments and interface attributes. EIGRP Configuration Modes The following examples show how to enter each of the configuration modes. From a mode, you can enter the ? command to display the commands available in that mode. Router Configuration Mode The following example shows how to enter router configuration mode: RP/0/RSP0/CPU0:router# configuration RP/0/RSP0/CPU0:router(config)# router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)# VRF Configuration Mode The following example shows how to enter VRF configuration mode: RP/0/RSP0/CPU0:router# configuration RP/0/RSP0/CPU0:router(config)# router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)# vrf customer1 RP/0/RSP0/CPU0:router(config-eigrp-vrf)# Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 168 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router EIGRP Configuration GroupingIPv4 Address Family Configuration Mode The following example shows how to enter IPv4 address family configuration mode: RP/0/RSP0/CPU0:router# configuration RP/0/RSP0/CPU0:router(config)# router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 RP/0/RSP0/CPU0:router(config-eigrp-af)# IPv4 VRF Address Family Configuration Mode The following example shows how to enter IPv4 VRF address family configuration mode: RP/0/RSP0/CPU0:router# configuration RP/0/RSP0/CPU0:router(config)# router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)# vrf customer1 RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address-family ipv4 RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# Interface Configuration Mode The following example shows how to enter interface configuration mode in IPv4 addressfamily configuration mode: RP/0/RSP0/CPU0:router# configuration RP/0/RSP0/CPU0:router(config)# router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 RP/0/RSP0/CPU0:router(config-eigrp-af)# interface GigabitEthernet 0/3/0/0 RP/0/RSP0/CPU0:router(config-eigrp-af-if)# EIGRP Interfaces EIGRP interfaces can be configured as either of the following types: • Active—Advertises connected prefixes and forms adjacencies. This is the default type for interfaces. • Passive—Advertises connected prefixes but does not form adjacencies. The passive command is used to configure interfaces as passive. Passive interfaces should be used sparingly for important prefixes, such as loopback addresses, that need to be injected into the EIGRP domain. If many connected prefixes need to be advertised, then the redistribution of connected routes with the appropriate policy should be used instead. Redistribution for an EIGRP Process Routes from other protocols can be redistributed into EIGRP. A route policy can be configured along with the redistribute command. A metric is required, configured either through the default-metric command or under the route policy configured with the redistribute command to import routes into EIGRP. A route policy allows the filtering of routes based on attributes such as the destination, origination protocol, route type, route tag, and so on. When redistribution is configured under a VRF, EIGRP retrieves extended communities attached to the route in the routing information base (RIB). The SoO is used to filter out routing loops in the presence of MPSL VPN backdoor links. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 169 Implementing EIGRP on Cisco ASR 9000 Series Router EIGRP InterfacesMetric Weights for EIGRP Routing EIGRP uses the minimum bandwidth on the path to a destination network and the total delay to compute routing metrics. You can use the metric weights command to adjust the default behavior of EIGRP routing and metric computations. For example, this adjustment allows you to tune system behavior to allow forsatellite transmission. EIGRP metric defaults have been carefully selected to provide optimal performance in most networks. By default, the EIGRP composite metric is a 32-bit quantity that is a sum of the segment delays and lowest segment bandwidth (scaled and inverted) for a given route. For a network of homogeneous media, this metric reduces to a hop count. For a network of mixed media (FDDI, Ethernet, and serial lines running from 9600 bits per second to T1 rates), the route with the lowest metric reflects the most desirable path to a destination. Mismatched K Values Mismatched K values (EIGRP metrics) can prevent neighbor relationships from being established and can negatively impact network convergence. The following example explains this behavior between two EIGRP peers (ROUTER-A and ROUTER-B). The following error message is displayed in the console of ROUTER-B because the K values are mismatched: RP/0/RSP0/CPU0:Mar 13 08:19:55:eigrp[163]:%ROUTING-EIGRP-5-NBRCHANGE:IP-EIGRP(0) 1:Neighbor 11.0.0.20 (GigabitEthernet0/6/0/0) is down: K-value mismatch Two scenarios occur in which this error message can be displayed: • The two routers are connected on the same link and configured to establish a neighbor relationship. However, each router is configured with different K values. The following configuration is applied to ROUTER-A. The K values are changed with the metric weights command. A value of 2 is entered for the k1 argument to adjust the bandwidth calculation. The value of 1 is entered for the k3 argument to adjust the delay calculation. hostname ROUTER-A! interface GigabitEthernet0/6/0/0 ipv4 address 10.1.1.1 255.255.255.0 router eigrp 100 metric weights 0 2 0 1 0 0 interface GigabitEthernet0/6/0/0 The following configuration is applied to ROUTER-B. However, the metric weights command is not applied and the default K values are used. The default K values are 1, 0, 1, 0, and 0. hostname ROUTER-B! interface GigabitEthernet0/6/0/1 ipv4 address 10.1.1.2 255.255.255.0 router eigrp 100 interface GigabitEthernet0/6/0/1 The bandwidth calculation is set to 2 on ROUTER-A and set to 1 (by default) on ROUTER-B. This configuration prevents these peers from forming a neighbor relationship. • The K-value mismatch error message can also be displayed if one of the two peers has transmitted a “goodbye” message and the receiving router does not support this message. In this case, the receiving router interprets this message as a K-value mismatch. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 170 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Metric Weights for EIGRP RoutingGoodbye Message The goodbye message is a feature designed to improve EIGRP network convergence. The goodbye message is broadcast when an EIGRP routing process is shut down to inform adjacent peers about the impending topology change. This feature allows supporting EIGRP peers to synchronize and recalculate neighbor relationships more efficiently than would occur if the peers discovered the topology change after the hold timer expired. The following message is displayed by routers that run a supported release when a goodbye message is received: RP/0/RSP0/CPU0:Mar 13 09:13:17:eigrp[163]:%ROUTING-EIGRP-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.0.0.20 (GigabitEthernet0/6/0/0) is down: Interface Goodbye received A Cisco router that runs a software release that does not support the goodbye message can misinterpret the message as a K-value mismatch and display the following message: RP/0/RSP0/CPU0:Mar 13 09:13:17:eigrp[163]:%ROUTING-EIGRP-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.0.0.20 (GigabitEthernet0/6/0/0) is down: K-value mismatch The receipt of a goodbye message by a nonsupporting peer does not disrupt normal network operation. The nonsupporting peer terminates the session when the hold timer expires. The sending and receiving routers reconverge normally after the sender reloads. Note Percentage of Link Bandwidth Used for EIGRP Packets By default, EIGRP packets consume a maximum of 50 percent of the link bandwidth, as configured with the bandwidth interface configuration command. You might want to change that value if a different level of link utilization is required or if the configured bandwidth does not match the actual link bandwidth (it may have been configured to influence route metric calculations). Floating Summary Routes for an EIGRP Process You can also use a floating summary route when configuring the summary-address command. The floating summary route is created by applying a default route and administrative distance at the interface level. The following scenario illustrates the behavior of this enhancement. Figure 9: Floating Summary Route Is Applied to Router-B, on page 172 shows a network with three routers, Router-A, Router-B, and Router-C. Router-A learns a default route from elsewhere in the network and then advertises this route to Router-B. Router-B is configured so that only a default summary route is advertised to Router-C. The defaultsummary route is applied to interface 0/1 on Router-B with the following configuration: RP/0/RSP0/CPU0:router(config)# router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 RP/0/RSP0/CPU0:router(config-eigrp-af)# interface GigabitEthernet 0/3/0/0 RP/0/RSP0/CPU0:router(config-eigrp-af-if)# summary-address 100.0.0.0 0.0.0.0 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 171 Implementing EIGRP on Cisco ASR 9000 Series Router Percentage of Link Bandwidth Used for EIGRP PacketsFigure 9: Floating Summary Route Is Applied to Router-B The configuration of the default summary route on Router-B sends a 0.0.0.0/0 summary route to Router-C and blocks all other routes, including the 10.1.1.0/24 route, from being advertised to Router-C. However, this configuration also generates a local discard route on Router-B, a route for 0.0.0.0/0 to the null 0 interface with an administrative distance of 5. When this route is created, it overrides the EIGRP learned default route. Router-B is no longer able to reach destinations that it would normally reach through the 0.0.0.0.0/0 route. This problem is resolved by applying a floating summary route to the interface on Router-B that connects to Router-C. The floating summary route is applied by relating an administrative distance to the default summary route on the interface of Router-B with the following statement: RP/0/RSP0/CPU0:router(config-if)# summary-address 100 0.0.0.0 0.0.0.0 250 The administrative distance of 250, applied in the above statement, is now assigned to the discard route generated on Router-B. The 0.0.0.0/0, from Router-A, is learned through EIGRP and installed in the local routing table. Routing to Router-C is restored. If Router-A loses the connection to Router-B, Router-B continues to advertise a default route to Router-C, which allows traffic to continue to reach destinations attached to Router-B. However, traffic destined for networks to Router-A or behind Router-A is dropped when the traffic reaches Router-B. Figure 10: Floating Summary Route Applied for Dual-Homed Remotes, on page 173 shows a network with two connectionsfrom the core: Router-A and Router-D. Both routers have floating summary routes configured on the interfaces connected to Router-C. If the connection between Router-E and Router-C fails, the network Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 172 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Floating Summary Routes for an EIGRP Processcontinues to operate normally. All traffic flows from Router-C through Router-B to the hosts attached to Router-A and Router-D. Figure 10: Floating Summary Route Applied for Dual-Homed Remotes However, if the link between Router-D and Router-E fails, the network may dump traffic into a black hole because Router-E continues to advertise the default route (0.0.0.0/0) to Router-C, as long as at least one link (other than the link to Router-C) to Router-E is still active. In this scenario, Router-C still forwards traffic to Router-E, but Router-E drops the traffic creating the black hole. To avoid this problem, you should configure the summary address with an administrative distance on only single-homed remote routers or areas in which only one exit point exists between the segments of the network. If two or more exit points exist (from one segment of the network to another), configuring the floating default route can cause a black hole to form. Split Horizon for an EIGRP Process Split horizon controls the sending of EIGRP update and query packets. When split horizon is enabled on an interface, update and query packets are not sent for destinations for which this interface is the next hop. Controlling update and query packets in this manner reduces the possibility of routing loops. By default, split horizon is enabled on all interfaces. Split horizon blocks route information from being advertised by a router on any interface from which that information originated. This behavior usually optimizes communications among multiple routing devices, particularly when links are broken. However, with nonbroadcast networks (such as Frame Relay and SMDS), situations can arise for which this behavior islessthan ideal. For these situations, including networksin which you have EIGRP configured, you may want to disable split horizon. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 173 Implementing EIGRP on Cisco ASR 9000 Series Router Split Horizon for an EIGRP ProcessAdjustment of Hello Interval and Hold Time for an EIGRP Process You can adjust the interval between hello packets and the hold time. Routing devices periodically send hello packets to each other to dynamically learn of other routers on their directly attached networks. This information is used to discover neighbors and learn when neighbors become unreachable or inoperative. By default, hello packets are sent every 5 seconds. You can configure the hold time on a specified interface for a particular EIGRP routing process designated by the autonomous system number. The hold time is advertised in hello packets and indicates to neighbors the length of time they should consider the sender valid. The default hold time is three times the hello interval, or 15 seconds. Stub Routing for an EIGRP Process The EIGRP Stub Routing feature improves network stability, reduces resource usage, and simplifies stub router configuration. Stub routing is commonly used in a hub-and-spoke network topology. In a hub-and-spoke network, one or more end (stub) networks are connected to a remote router (the spoke) that is connected to one or more distribution routers (the hub). The remote router is adjacent only to one or more distribution routers. The only route for IP traffic to follow into the remote router is through a distribution router. This type of configuration is commonly used in WAN topologies in which the distribution router is directly connected to a WAN. The distribution router can be connected to many more remote routers. Often, the distribution router is connected to 100 or more remote routers. In a hub-and-spoke topology, the remote router must forward all nonlocal traffic to a distribution router, so it becomes unnecessary for the remote router to hold a complete routing table. Generally, the distribution router need not send anything more than a default route to the remote router. When using the EIGRP Stub Routing feature, you need to configure the distribution and remote routers to use EIGRP and configure only the remote router as a stub. Only specified routes are propagated from the remote (stub) router. The stub router responds to all queries for summaries, connected routes, redistributed static routes, external routes, and internal routes with the message “inaccessible.” A router that is configured as a stub sends a special peer information packet to all neighboring routers to report its status as a stub router. Any neighbor that receives a packet informing it of the stub status does not query the stub router for any routes, and a router that has a stub peer does not query that peer. The stub router depends on the distribution router to send the proper updates to all peers. This figure shows a simple hub-and-spoke configuration. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 174 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Adjustment of Hello Interval and Hold Time for an EIGRP ProcessFigure 11: Simple Hub-and-Spoke Network The stub routing feature by itself does not prevent routes from being advertised to the remote router. In the example in Figure 11: Simple Hub-and-Spoke Network, on page 174 , the remote router can access the corporate network and the Internet through the distribution router only. Having a full route table on the remote router, in this example, would serve no functional purpose because the path to the corporate network and the Internet would always be through the distribution router. The larger route table would only reduce the amount of memory required by the remote router. Bandwidth and memory can be conserved by summarizing and filtering routes in the distribution router. The remote router need not receive routes that have been learned from other networks because the remote router must send all nonlocal traffic, regardless of destination, to the distribution router. If a true stub network is desired, the distribution router should be configured to send only a default route to the remote router. The EIGRP Stub Routing feature does not automatically enable summarization on the distribution router. In most cases, the network administrator needs to configure summarization on the distribution routers. Without the stub feature, even after the routes that are sent from the distribution router to the remote router have been filtered orsummarized, a problem might occur. If a route islostsomewhere in the corporate network, EIGRP could send a query to the distribution router, which in turn sends a query to the remote router even if routes are being summarized. If there is a problem communicating over the WAN link between the distribution router and the remote router, an EIGRP stuck in active (SIA) condition could occur and cause instability elsewhere in the network. The EIGRP Stub Routing feature allows a network administrator to prevent queries from being sent to the remote router. Route Policy Options for an EIGRP Process Route policies comprise series of statements and expressions that are bracketed with the route-policy and end-policy keywords. Rather than a collection of individual commands (one for each line), the statements within a route policy have context relative to each other. Thus, instead of each line being an individual command, each policy orset is an independent configuration object that can be used, entered, and manipulated as a unit. Each line of a policy configuration is a logical subunit. At least one new line must follow the then , else , and end-policy keywords. A new line must also follow the closing parenthesis of a parameter list and the name string in a reference to an AS path set, community set, extended community set, or prefix set (in the EIGRP context). At least one new line must precede the definition of a route policy or prefix set. A new line must appear at the end of a logical unit of policy expression and may not appear anywhere else. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 175 Implementing EIGRP on Cisco ASR 9000 Series Router Route Policy Options for an EIGRP ProcessThis is the command to set the EIGRP metric in a route policy: RP/0/RSP0/CPU0:router(config-rpl)# set eigrp-metric bandwidth delay reliability loading mtu This is the command to provide EIGRP offset list functionality in a route policy: RP/0/RSP0/CPU0:router(config-rpl)# add eigrp-metric bandwidth delay reliability loading mtu A route policy can be used in EIGRP only if all the statements are applicable to the particular EIGRP attach point. The following commands accept a route policy: • default-information allowed—Match statements are allowed for destination. No set statements are allowed. • route-policy—Match statements are allowed for destination, next hop, and tag. Set statements are allowed for eigrp-metric and tag. • redistribute—Match statements are allowed for destination, next hop,source-protocol, tag and route-type. Set statements are allowed for eigrp-metric and tag. The range for setting a tag is 0 to 255 for internal routes and 0 to 4294967295 for external routes. EIGRP Layer 3 VPN PE-CE Site-of-Origin The EIGRP MPLS and IP VPN PE-CE Site-of-Origin (SoO) feature introduces the capability to filter Multiprotocol Label Switching (MPLS) and IP Virtual Private Network (VPN) traffic on a per-site basis for EIGRP networks. SoO filtering is configured at the interface level and is used to manage MPLS and IP VPN traffic and to prevent transient routing loops from occurring in complex and mixed network topologies. Router Interoperation with the Site-of-Origin Extended Community The configuration of the SoO extended community allows routers that support this feature to identify the site from which each route originated. When this feature is enabled, the EIGRP routing process on the PE or CE router checks each received route for the SoO extended community and filters based on the following conditions: • A received route from BGP or a CE router contains a SoO value that matches the SoO value on the receiving interface: ? If a route is received with an associated SoO value that matches the SoO value that is configured on the receiving interface, the route is filtered out because it was learned from another PE router or from a backdoor link. This behavior is designed to prevent routing loops. • A received route from a CE router is configured with a SoO value that does not match: ? If a route is received with an associated SoO value that does not match the SoO value that is configured on the receiving interface, the route is accepted into the EIGRP topology table so that it can be redistributed into BGP. ? If the route is already installed in the EIGRP topology table but is associated with a different SoO value, the SoO value from the topology table is used when the route is redistributed into BGP. • A received route from a CE router does not contain a SoO value: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 176 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router EIGRP Layer 3 VPN PE-CE Site-of-OriginIf a route is received without a SoO value, the route is accepted into the EIGRP topology table, and the SoO value from the interface that is used to reach the next-hop CE router is appended to the route before it is redistributed into BGP. ? When BGP and EIGRP peers that support the SoO extended community receive these routes, they also receive the associated SoO values and pass them to other BGP and EIGRP peers that support the SoO extended community. This filtering is designed to prevent transient routes from being relearned from the originating site, which prevents transient routing loops from occurring. In conjunction with BGP cost community, EIGRP, BGP, and the RIB ensure that paths over the MPLS VPN core are preferred over backdoor links. For MPLS and IP VPN and SoO configuration information, see Implementing MPLS Layer 3 VPNs in the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide. EIGRP v4/v6 Authentication Using Keychain EIGRP authentication using keychain introduces the capability to authenticate EIGRP protocol packets on a per-interface basis. The EIGRP routing authentication provides a mechanism to authenticate all EIGRP protocol traffic on one or more interfaces, based on Message Digest 5 (MD5) authentication. The EIGRP routing authentication uses the Cisco IOS XR software security keychain infrastructure to store and retrieve secret keys and to authenticate incoming and outgoing traffic on a per-interface basis. How to Implement EIGRP This section contains instructions for the following tasks: Note To save configuration changes, you must commit changes when the system prompts you. Enabling EIGRP Routing This task enables EIGRP routing and establishes an EIGRP routing process. Before You Begin Although you can configure EIGRP before you configure an IP address, no EIGRP routing occurs until at least one IP address is configured. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 177 Implementing EIGRP on Cisco ASR 9000 Series Router EIGRP v4/v6 Authentication Using KeychainSUMMARY STEPS 1. configure 2. router eigrp as-number 3. address-family { ipv4 } 4. router-id id 5. default-metric bandwidth delay reliability loading mtu 6. distance internal-distance external-distance 7. interface type interface-path-id 8. holdtime seconds 9. bandwidth-percent percent 10. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 address-family { ipv4 } Enters an address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 Step 3 Step 4 router-id id (Optional) Configures a router-id for an EIGRP process. Example: RP/0/RSP0/CPU0:router(config-eigrp)# router-id 172.20.1.1 It is good practice to use the router-id command to explicitly specify a unique 32-bit numeric value for the router ID. This action ensures that EIGRP can function regardless of the interface address configuration. Note default-metric bandwidth delay reliability (Optional) Sets metrics for an EIGRP process. loading mtu Step 5 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 178 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Enabling EIGRP RoutingCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# default-metric 1000 100 250 100 1500 (Optional) Allows the use of two administrative distances—internal and external—that could be a better route to a node. distance internal-distance external-distance Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# distance 80 130 Step 6 interface type interface-path-id Defines the interfaces on which the EIGRP routing protocol runs. Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# interface GigabitEthernet 0/1/0/0 Step 7 Step 8 holdtime seconds (Optional) Configures the hold time for an interface. Example: RP/0/RSP0/CPU0:router(config-eigrp-af-if)# holdtime 30 To ensure nonstop forwarding during RP failovers, as the number of neighbors increase, a higher holdtime than the default value is recommended. With 256 neighbors across all VRFs, we recommend 60 seconds. Note (Optional) Configuresthe percentage of bandwidth that may be used by EIGRP on an interface. bandwidth-percent percent Example: RP/0/RSP0/CPU0:router(config-eigrp-af-if)# bandwidth-percent 75 Step 9 Step 10 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-af-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and or returns the router to EXEC mode. RP/0/RSP0/CPU0:router(config-eigrp-af-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 179 Implementing EIGRP on Cisco ASR 9000 Series Router Enabling EIGRP RoutingCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Route Summarization for an EIGRP Process This task configures route summarization for an EIGRP process. You can configure a summary aggregate address for a specified interface. If any more specific routes are in the routing table, EIGRP advertisesthe summary addressfrom the interface with a metric equal to the minimum of all more specific routes. Before You Begin You should not use the summary-addresssummarization command to generate the default route (0.0.0.0) from an interface. This command creates an EIGRP summary default route to the null 0 interface with an administrative distance of 5. The low administrative distance of this default route can cause this route to displace default routes learned from other neighbors from the routing table. If the default route learned from the neighbors is displaced by the summary default route or the summary route is the only default route present, all traffic destined for the default route does not leave the router; instead, this traffic is sent to the null 0 interface, where it is dropped. The recommended way to send only the default route from a given interface is to use a route-policy command. Note SUMMARY STEPS 1. configure 2. router eigrp as-number 3. address-family { ipv4 } 4. route-policy name out 5. interface type interface-path-id 6. summary-address ip-address { / length | mask } [ admin-distance ] 7. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 180 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring Route Summarization for an EIGRP ProcessDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RRP/0/RSP0/CPU0:router# configure Step 1 Specifies the AS number of the routing process to configure an EIGRP routing process router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 address-family { ipv4 } Enters an address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 Step 3 Applies a routing policy to updates advertised to or received from an EIGRP neighbor. route-policy name out Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# route-policy FILTER_DEFAULT out Step 4 interface type interface-path-id Defines the interfaces on which the EIGRP routing protocol runs. Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# interface GigabitEthernet 0/1/0/0 Step 5 Configures a summary aggregate addressfor the specified EIGRP interface. summary-address ip-address { / length | mask } [ admin-distance ] Example: RP/0/RSP0/CPU0:router(config-eigrp-af-if)# summary-address 192.168.0.0/16 95 Step 6 Step 7 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-af-if)# end exiting(yes/no/cancel)?[cancel]: ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 181 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring Route Summarization for an EIGRP ProcessCommand or Action Purpose or RP/0/RSP0/CPU0:router(config-eigrp-af-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Redistributing Routes for EIGRP This task explains how to redistribute routes, apply limits on the number of routes, and set timers for nonstop forwarding. SUMMARY STEPS 1. configure 2. router eigrp as-number 3. address-family { ipv4 } 4. redistribute {{ bgp | connected | isis | ospf | rip | static } [ as-number ]} [ route-policy name ] 5. redistribute maximum-prefix maximum [ threshold ] [[ dampened ] [ reset-time minutes ] [ restart minutes ] [ restart-count number ] | [ warning-only ]] 6. timers nsf route-hold seconds 7. maximum paths maximum 8. maximum-prefix maximum [ threshold ] [[ dampened ] [ reset-time minutes ] [ restart minutes ] [ restart-count number ] | [ warning-only]] 9. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 182 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Redistributing Routes for EIGRPDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the AS number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 address-family { ipv4 } Enters an address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 Step 3 Redistributes the routes from the specified protocol and AS number to the EIGRP process. Optionally, the redistributed redistribute {{ bgp | connected | isis | ospf | rip | static } [ as-number ]} [ route-policy name ] Step 4 routes can be filtered into the EIGRP process by providing the route policy. Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# redistribute bgp 100 Limits the maximum number of prefixes that are redistributed to the EIGRP process. redistribute maximum-prefix maximum [ threshold ] [[ dampened ] [ reset-time minutes ] [ restart minutes ] [ restart-count number ] | [ warning-only ]] Step 5 Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# redistribute maximum-prefix 5000 95 warning-only Sets the timer that determines how long an NSF-aware EIGRP router holds routes for an inactive peer. timers nsf route-hold seconds Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# timers nsf route-hold 120 Step 6 Controls the maximum number of parallel routes that the EIGRP can support. maximum paths maximum Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# maximum paths 10 Step 7 Limits the number of prefixes that are accepted under an address family by EIGRP. maximum-prefix maximum [ threshold ] [[ dampened ] [ reset-time minutes ] [ restart minutes ] [ restart-count number ] | [ warning-only]] Step 8 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 183 Implementing EIGRP on Cisco ASR 9000 Series Router Redistributing Routes for EIGRPCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# maximum-prefix 50000 Step 9 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-eigrp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Creating a Route Policy and Attaching It to an EIGRP Process This task defines a route policy and shows how to attach it to an EIGRP process. A route policy definition consists of the route-policy command and name argument followed by a sequence of optional policy statements, and then closed with the end-policy command. A route policy is not useful until it is applied to routes of a routing protocol. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 184 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Creating a Route Policy and Attaching It to an EIGRP ProcessSUMMARY STEPS 1. configure 2. route-policy name 3. set eigrp-metric bandwidth delay reliability load mtu 4. end-policy 5. Do one of the following: • end • commit 6. configure 7. router eigrp as-number 8. address-family { ipv4 } 9. route-policy route-policy-name { in | out } 10. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 route-policy name Defines a route policy and enters route-policy configuration mode. Example: RP/0/RSP0/CPU0:router(config)# route-policy IN-IPv4 Step 2 set eigrp-metric bandwidth delay reliability (Optional) Sets the EIGRP metric attribute. load mtu Step 3 Example: RP/0/RSP0/CPU0:router(config-rpl)# set eigrp metric 42 100 200 100 1200 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 185 Implementing EIGRP on Cisco ASR 9000 Series Router Creating a Route Policy and Attaching It to an EIGRP ProcessCommand or Action Purpose Endsthe definition of a route policy and exitsroute-policy configuration mode. end-policy Example: RP/0/RSP0/CPU0:router(config-rpl)# end-policy Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-rpl)# end exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-rpl)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router Step 6 Specifies the autonomous system number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 7 address-family { ipv4 } Enters an address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 Step 8 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 186 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Creating a Route Policy and Attaching It to an EIGRP ProcessCommand or Action Purpose Applies a routing policy to updates advertised to or received from an EIGRP neighbor. route-policy route-policy-name { in | out } Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# route-policy IN-IPv4 in Step 9 Step 10 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns or the router to EXEC mode. RP/0/RSP0/CPU0:router(config-eigrp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Stub Routing for an EIGRP Process This task configures the distribution and remote routers to use an EIGRP process for stub routing. Before You Begin EIGRP stub routing should be used only on remote routers. A stub router is defined as a router connected to the network core or distribution layer through which core transit traffic should not flow. A stub router should not have any EIGRP neighbors other than distribution routers. Ignoring this restriction causes undesirable behavior. Note Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 187 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring Stub Routing for an EIGRP ProcessSUMMARY STEPS 1. configure 2. router eigrp as-number 3. address-family { ipv4 } 4. stub [ receive-only | {[ connected ] [ redistributed ] [ static ] [ summary ]}] 5. Do one of the following: • end • commit 6. show eigrp [ ipv4 ] [ vrf { vrf-name | all }] neighbors [ as-number ] [ detail ] [ type interface-path-id | static ] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RRP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 address-family { ipv4 } Enters an address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 Step 3 stub [ receive-only | {[ connected ] [ Configures a router as a stub for EIGRP. redistributed ] [ static ] [ summary ]}] Step 4 Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# stub receive-only Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 188 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring Stub Routing for an EIGRP ProcessCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# end exiting(yes/no/cancel)?[cancel]: ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-eigrp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Verifies that a remote router has been configured as a stub router with EIGRP. show eigrp [ ipv4 ] [ vrf { vrf-name | all }] neighbors [ as-number ] [ detail ] [ type interface-path-id | static ] Step 6 The last line of the output shows the stub status of the remote or spoke router. Example: RP/0/RSP0/CPU0:router# show eigrp neighbors detail Configuring EIGRP as a PE-CE Protocol Perform thistask to configure EIGRP on the provider edge (PE) and establish provider edge-to-customer edge (PE-CE) communication using EIGRP. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 189 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring EIGRP as a PE-CE ProtocolSUMMARY STEPS 1. configure 2. router eigrp as-number 3. vrf vrf-name 4. address-family { ipv4 } 5. router-id router-id 6. autonomous-system as-number 7. redistribute {{ bgp | connected | isis | ospf | ospfv3 | rip | static } [ as-number | instance-name ]} [ route-policy name ] 8. interface type interface-path-id 9. site-of-origin { as-number:number | ip-address : number } 10. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number of the routing process to configure an EIGRP routing process router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 vrf vrf-name Configures a VPN routing and forwarding (VRF) instance. Example: RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf_A Step 3 address-family { ipv4 } Enters a VRF address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address-family ipv4 Step 4 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 190 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring EIGRP as a PE-CE ProtocolCommand or Action Purpose router-id router-id Configures a router ID for the EIGRP process. Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# router-id 33 Step 5 Configures an EIGRP routing process to run within the VRF instance. autonomous-system as-number Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# autonomous-system 2 Step 6 You must configure the autonomoussystem under VRF configuration to bring-up the VRF interface. Note redistribute {{ bgp | connected | isis | ospf | ospfv3 Injects routes from one routing domain into EIGRP. | rip | static } [ as-number | instance-name ]} [ route-policy name ] Step 7 Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# redistribute bgp 100 Configures the interface on which EIGRP the routing protocol runs. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# interface gigabitEthernet 0/1/5/0 Step 8 Configuresthe site-of-origin (SoO) filtering on the EIGRP interface. site-of-origin { as-number:number | ip-address : number } Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# site-of-origin 3:4 Step 9 Step 10 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# end before exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 191 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring EIGRP as a PE-CE ProtocolCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Redistributing BGP Routes into EIGRP Perform this task to redistribute BGP routes into EIGRP. Typically, EIGRP routes are redistributed into BGP with extended community information appended to the route. BGP carries the route over the VPN backbone with the EIGRP-specific information encoded in the BGP extended community attributes. After the peering customer site receives the route, EIGRP redistributes the BGP route then extractsthe BGP extended community information and reconstructsthe route asit appeared in the original customer site. When redistributing BGP routes into EIGRP, the receiving provider edge (PE) EIGRP router looks for BGP extended community information. If the information is received, it is used to recreate the original EIGRP route. If the information is missing, EIGRP uses the configured default metric value. If the metric values are not derived from the BGP extended community and a default metric is not configured, the route is not advertised to the customer edge (CE) router by the PE EIGRP. When BGP is redistributed into BGP, metrics may not be added to the BGP prefix as extended communities; for example, if EIGRP is not running on the other router. In this case, EIGRP is redistributed into BGP with a “no-metrics” option. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 192 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Redistributing BGP Routes into EIGRPSUMMARY STEPS 1. configure 2. router eigrp as-number 3. vrf vrf-name 4. address-family { ipv4 } 5. redistribute {{ bgp | connected | isis | ospf | ospfv3 | rip | static } [ as-number | instance-name ]} [ route-policy name ] 6. route-policy route-policy-name { in | out } 7. default-metric bandwidth delay reliability loading mtu 8. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 vrf vrf-name Configures a VRF instance. Example: RP/0/RSP0/CPU0:router(config-eigrp)# router eigrp 100 Step 3 address-family { ipv4 } Enters a VRF address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address-family ipv4 Step 4 redistribute {{ bgp | connected | isis | ospf | Injects routes from one routing domain into EIGRP. ospfv3 | rip | static } [ as-number | instance-name ]} [ route-policy name ] Step 5 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 193 Implementing EIGRP on Cisco ASR 9000 Series Router Redistributing BGP Routes into EIGRPCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# redistribute bgp 100 Applies a routing policy to updates advertised to or received from an EIGRP neighbor. route-policy route-policy-name { in | out } Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# route-policy policy_A in Step 6 default-metric bandwidth delay reliability loading mtu Configures metrics for EIGRP. Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# default-metric 1000 100 250 100 1500 Step 7 Step 8 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Monitoring EIGRP Routing The commands in this section are used to log neighbor adjacency changes, monitor the stability of the routing system, and help detect problems. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 194 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Monitoring EIGRP RoutingSUMMARY STEPS 1. configure 2. router eigrp as-number 3. address-family [ ipv4 ] 4. log-neighbor-changes 5. log-neighbor-warnings 6. Do one of the following: • end • commit 7. clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] neighbors [ ip-address | type interface-path-id ] 8. clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] topology [ prefix mask ] [ prefix / length ] 9. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] accounting 10. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] interfaces [ type interface-path-id ] [ detail ] 11. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] neighbors [ detail ] [ type interface-path-id | static ] 12. show protocols eigrp [ vrf vrf-name ] 13. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] topology [ ip-address mask ] [ active | all-links | detail-links | pending | summary | zero-successors ] 14. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] traffic DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 address-family [ ipv4 ] Enters an address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 Step 3 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 195 Implementing EIGRP on Cisco ASR 9000 Series Router Monitoring EIGRP RoutingCommand or Action Purpose Enables the logging of changes in EIGRP neighbor adjacencies. log-neighbor-changes Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# log-neighbor-changes Step 4 Enables the logging of EIGRP neighbor warning messages. log-neighbor-warnings Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# log-neighbor-warnings Step 5 Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the or RP/0/RSP0/CPU0:router(config-eigrp-af)# commit configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Deletes EIGRP and VPN neighbor entries from the appropriate table. clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] neighbors [ ip-address | type interface-path-id ] Example: RP/0/RSP0/CPU0:routerr# clear eigrp 20 neighbors GigabitEthernet 0/1/0/0 Step 7 Deletes EIGRP and VRF topology entries from the appropriate tab. clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] topology [ prefix mask ] [ prefix / length ] Example: RP/0/RSP0/CPU0:router# clear eigrp topology Step 8 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 196 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Monitoring EIGRP RoutingCommand or Action Purpose Displays prefix accounting information for EIGRP processes. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] accounting Example: RP/0/RSP0/CPU0:router# show eigrp vrf all accounting Step 9 Displays information about interfaces configured for EIGRP. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] interfaces [ type interface-path-id ] [ detail ] Example: RP/0/RSP0/CPU0:router# show eigrp interfaces detail Step 10 show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] Displays the neighbors discovered by EIGRP. neighbors [ detail ] [ type interface-path-id | static ] Step 11 Example: RP/0/RSP0/CPU0:router# show eigrp neighbors 20 detail static Displays information about the EIGRP process configuration. show protocols eigrp [ vrf vrf-name ] Example: RP/0/RSP0/CPU0:router# show protocols eigrp Step 12 show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] Displays entries in the EIGRP topology table. topology [ ip-address mask ] [ active | all-links | detail-links | pending | summary | zero-successors ] Step 13 Example: RP/0/RSP0/CPU0:router# show eigrp topology 10.0.0.1 253.254.255.255 summary show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] Displaysthe number of EIGRP packetssent and received. traffic Step 14 Example: RP/0/RSP0/CPU0:router# show eigrp traffic Configuring an EIGRP Authentication Keychain Perform the following tasks to configure an authentication keychain on EIGRP interfaces. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 197 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring an EIGRP Authentication KeychainConfiguring an Authentication Keychain for an IPv4/IPv6 Interface on a Default VRF Perform this task to configure an authentication keychain for an IPv4/IPv6 interface on a default VRF. SUMMARY STEPS 1. configure 2. router eigrp as-number 3. address-family { ipv4 | ipv6 } 4. interface type interface-path-id 5. authentication keychain keychain-name 6. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 address-family { ipv4 | ipv6 } Enters a VRF address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 Step 3 Configures the interface on which EIGRP the routing protocol runs. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# Step 4 interface gigabitEthernet 0/1/5/0 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 198 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring an EIGRP Authentication KeychainCommand or Action Purpose Authenticates all EIGRP protocol traffic on the interface, based on the MD5 algorithm. authentication keychain keychain-name Example: RP/0/RSP0/CPU0:router(config-eigrp-af-if)# authentication keychain Step 5 Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#end ? Entering yes saves configuration changes to the running configuration file, exits the or RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#commit configuration session, and returns the router to EXEC mode. ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Configuring an Authentication Keychain for an IPv4/IPv6 Interface on a Nondefault VRF Perform this task to configure an authentication keychain for an IPv4/IPv6 interface on a nondefault VRF. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 199 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring an EIGRP Authentication KeychainSUMMARY STEPS 1. configure 2. router eigrp as-number 3. vrf vrf-name 4. address-family { ipv4 | ipv6 } 5. interface type interface-path-id 6. authentication keychain keychain-name 7. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 Creates a VRF instance and enters VRF configuration mode. vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf1 Step 3 address-family { ipv4 | ipv6 } Enters a VRF address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address-family ipv4 Step 4 interface type interface-path-id Configures the interface on which EIGRP runs. Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# Step 5 interface gigabitEthernet 0/1/5/0 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 200 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring an EIGRP Authentication KeychainCommand or Action Purpose Authenticates all EIGRP protocol traffic on the interface, based on the MD5 algorithm. authentication keychain keychain-name Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# authentication keychain Step 6 Step 7 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#end ? Entering yes saves configuration changes to the running configuration file, exits the or RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#commit configuration session, and returns the router to EXEC mode. ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Configuration Examples for Implementing EIGRP This section provides the following configuration examples: Configuring a Basic EIGRP Configuration: Example The following example shows how to configure EIGRP with a policy that filters incoming routes. This is a typical configuration for a router that has just one neighbor, but advertises other connected subnets. router eigrp 144 address-family ipv4 metric maximum-hops 20 router-id 10.10.9.4 route-policy GLOBAL_FILTER_POLICY in log-neighbor-changes Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 201 Implementing EIGRP on Cisco ASR 9000 Series Router Configuration Examples for Implementing EIGRPlog-neighbor-warnings interface Loopback0 ! interface GigabitEthernet 0/2/0/0 passive-interface ! interface GigabitEthernet 0/6/0/0 hello-interval 8 hold-time 30 summary-address 10.0.0.0 255.255.0.0 ! Configuring an EIGRP Stub Operation: Example The following example shows how to configure an EIGRP stub. Stub operation allows only connected, static, and summary routes to be advertised to neighbors. router eigrp 200 address-family ipv4 stub connected static summary router-id 172.16.82.22 log-neighbor-changes log-neighbor-warnings redistribute connected route-policy CONN_POLICY interface GigabitEthernet0/6/0/0 passive-interface neighbor 10.0.0.31 ! interface GigabitEthernet0/6/0/1 passive-interface neighbor 10.0.1.21 ! ! ! Configuring an EIGRP PE-CE Configuration with Prefix-Limits: Example The following example shows how to configure EIGRP to operate as a PE-CE protocol on a PE router. The configuration is under VRF CUSTOMER_1. A maximum prefix is typically configured to ensure that one set of customer routes do not overwhelm the EIGRP process. router eigrp 500 vrf CUSTOMER_1 address-family ipv4 timers nsf route-hold 300 router-id 172.16.6.11 maximum-prefix 450 70 default-metric 200000 10000 195 10 1500 log-neighbor-changes log-neighbor-warnings redistribute maximum-prefix 350 70 redistribute bgp 1.65500 route-policy SITE_1_POLICY interface GigabitEthernet 0/4/0/5 neighbor 10.22.1.1 ! ! ! Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 202 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring an EIGRP Stub Operation: ExampleConfiguring an EIGRP Authentication Keychain: Example The following example shows how to configure an authentication keychain for an IPv4 interface on a nondefault VRF: RP/0/RSP0/CPU0:router(config)#router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)#vrf vrf1 RP/0/RSP0/CPU0:router(config-eigrp-vrf)#address-family ipv4 RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#interface POS 0/1/0/0 RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#authentication keychain key1 The following example shows how to configure an authentication keychain for an IPv6 interface on a default VRF: RP/0/RSP0/CPU0:router(config)#router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)#address-family ipv6 RP/0/RSP0/CPU0:router(config-eigrp-af)#interface POS 0/1/0/0 RP/0/RSP0/CPU0:router(config-eigrp-af-if)#authentication keychain key2 Additional References The following sections provide references related to implementing EIGRP. Related Documents Related Topic Document Title Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference EIGRP commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples Implementing MPLS Layer 3 VPNs module and Implementing MPLS Layer 2 VPNs module in Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide MPLS VPN support for EIGRP feature information Implementing MPLS Traffic Engineering on Cisco ASR 9000 Series Router module in Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide Site of Origin (SoO) support for EIGRP feature information Cisco ASR 9000 Series Aggregation Services Router MIB Specification Guide. MIB Reference Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 203 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring an EIGRP Authentication Keychain: ExampleStandards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — RFCs RFCs Title No new or modified RFCs are supported by this — feature, and support for existing standards has not been modified by this feature. Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 204 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 3 Implementing IS-IS on Cisco ASR 9000 Series Router Integrated Intermediate System-to-Intermediate System (IS-IS), Internet Protocol Version 4 (IPv4), is a standards-based Interior Gateway Protocol (IGP). Cisco IOS XR software implements the IP routing capabilities described in International Organization for Standardization (ISO)/International Engineering Consortium (IEC) 10589 and RFC 1995, and adds the standard extensions for single topology and multitopology IS-IS for IP Version 6 (IPv6). This module describes how to implement IS-IS (IPv4 and IPv6) on your Cisco IOS XR network. This module describes how to implement IS-IS (IPv4 and IPv6) on Cisco ASR 9000 Series Aggregation Services Routers. For more information about IS-IS on Cisco IOS XR software and complete descriptions of the IS-IS commands listed in this module, refer to the Related Documents, on page 269 section of this module. To locate documentation for other commands that might appear while executing a configuration task, search online in the Cisco ASR 9000 Series Aggregation Services Router Commands Master List. Note Feature History for Implementing IS-IS Release Modification Release 3.7.2 This feature was introduced. Release 3.9.0 Support for IPv6 and was added. Support was added for the following features: • IP Fast Re-route Per Prefix Computation. • IP Fast Re-route Per Link Computation. Release 4.0.1 • Prerequisites for Implementing IS-IS, page 206 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 205• Restrictions for Implementing IS-IS, page 206 • Information About Implementing IS-IS , page 206 • How to Implement IS-IS, page 217 • Configuration Examples for Implementing IS-IS , page 266 • Where to Go Next, page 269 • Additional References, page 269 Prerequisites for Implementing IS-IS You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Restrictions for Implementing IS-IS When multiple instances of IS-IS are being run, an interface can be associated with only one instance (process). Instances may not share an interface. Information About Implementing IS-IS To implement IS-IS you need to understand the following concepts: IS-IS Functional Overview Small IS-IS networks are typically built as a single area that includes all routers in the network. As the network grows larger, it may be reorganized into a backbone area made up of the connected set of all Level 2 routers from all areas, which is in turn connected to local areas. Within a local area, routers know how to reach all system IDs. Between areas, routers know how to reach the backbone, and the backbone routers know how to reach other areas. The IS-IS routing protocolsupportsthe configuration of backbone Level 2 and Level 1 areas and the necessary support for moving routing information between the areas. Routers establish Level 1 adjacencies to perform routing within a local area (intra-area routing). Routers establish Level 2 adjacencies to perform routing between Level 1 areas (interarea routing). For Cisco IOS XR software software, each IS-IS instance can support either a single Level 1 or Level 2 area, or one of each. By default, all IS-IS instances automatically support Level 1 and Level 2 routing. You can change the level of routing to be performed by a particular routing instance using the is-type command. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 206 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Prerequisites for Implementing IS-ISKey Features Supported in the Cisco IOS XR IS-IS Implementation The Cisco IOS XR implementation of IS-IS conforms to the IS-IS Version 2 specifications detailed in RFC 1195 and the IPv6 IS-IS functionality based on the Internet Engineering Task Force (IETF) IS-IS Working Group draft-ietf-isis-ipv6.txt document. The following list outlines key features supported in the Cisco IOS XR implementation: • Single topology IPv6 • Multitopology • Nonstop forwarding (NSF), both Cisco proprietary and IETF • Three-way handshake • Mesh groups • Multiple IS-IS instances • Configuration of a broadcast medium connecting two networking devices as a point-to-point link • Fast-flooding with different threads handling flooding and shortest path first (SPF). For information on IS-IS support for Bidirectional Forwarding Detection (BFD), see Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide and Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference. Note IS-IS Configuration Grouping Cisco IOS XR groups all of the IS-IS configuration in router IS-IS configuration mode, including the portion of the interface configurations associated with IS-IS. To display the IS-IS configuration in its entirety, use the show running router isis command. The command output displays the running configuration for all configured IS-IS instances, including the interface assignments and interface attributes. IS-IS Configuration Modes The following sections show how to enter each of the configuration modes. From a mode, you can enter the ? command to display the commands available in that mode. Router Configuration Mode The following example shows how to enter router configuration mode: RP/0/RSP0/CPU0:router# configuration RP/0/RSP0/CPU0:router(config)# router isis isp RP/0/RSP0/CPU0:router(config-isis)# Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 207 Implementing IS-IS on Cisco ASR 9000 Series Router Key Features Supported in the Cisco IOS XR IS-IS ImplementationRouter Address Family Configuration Mode The following example shows how to enter router address family configuration mode: RP/0/RSP0/CPU0:router(config)# router isis isp RP/0/RSP0/CPU0:router(config-isis)# address-family ipv4 u nicast RP/0/RSP0/CPU0:router(config-isis-af)# Interface Configuration Mode The following example shows how to enter interface configuration mode: RP/0/RSP0/CPU0:router(config)# router isis isp RP/0/RSP0/CPU0:router(config-isis)# interface GigabitEthernet 0 /3/0/0 RP/0/RSP0/CPU0:router(config-isis-if)# Interface Address Family Configuration Mode The following example shows how to enter interface address family configuration mode: RP/0/RSP0/CPU0:router(config)# router isis isp RP/0/RSP0/CPU0:router(config-isis)# interface GigabitEthernet 0 /3/0/0 RP/0/RSP0/CPU0:router(config-isis-if)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-isis-if-af)# IS-IS Interfaces IS-IS interfaces can be configured as one of the following types: • Active—advertises connected prefixes and forms adjacencies. This is the default for interfaces. • Passive—advertises connected prefixes but does not form adjacencies. The passive command is used to configure interfaces as passive. Passive interfaces should be used sparingly for important prefixes such as loopback addresses that need to be injected into the IS-IS domain. If many connected prefixes need to be advertised then the redistribution of connected routes with the appropriate policy should be used instead. • Suppressed—does not advertise connected prefixes but forms adjacencies. The suppress command is used to configure interfaces as suppressed. • Shutdown—does not advertise connected prefixes and does not form adjacencies. The shutdown command is used to disable interfaces without removing the IS-IS configuration. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 208 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router IS-IS InterfacesMultitopology Configuration Cisco IOS XR software supports multitopology for IPv6 IS-IS unless single topology is explicitly configured in IPv6 address-family configuration mode. IS-IS supports IP routing and not Open Systems Interconnection (OSI) Connectionless Network Service (CLNS) routing. Note IPv6 Routing and Configuring IPv6 Addressing By default, IPv6 routing is disabled in the Cisco IOS XR software. To enable IPv6 routing, you must assign IPv6 addresses to individual interfaces in the router using the ipv6 enable or ipv6 address command. See the Network Stack IPv4 and IPv6 Commands on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference. Limit LSP Flooding Limiting link-state packets (LSP) may be desirable in certain “meshy” network topologies. An example of such a network might be a highly redundant one such as a fully meshed set of point-to-point links over a nonbroadcast multiaccess(NBMA) transport. In such networks, full LSP flooding can limit network scalability. One way to restrict the size of the flooding domain is to introduce hierarchy by using multiple Level 1 areas and a Level 2 area. However, two other techniques can be used instead of or with hierarchy: Block flooding on specific interfaces and configure mesh groups. Both techniques operate by restricting the flooding of LSPs in some fashion. A direct consequence is that although scalability of the network isimproved, the reliability of the network (in the face of failures) isreduced because a series of failures may prevent LSPs from being flooded throughout the network, even though links exist that would allow flooding if blocking or mesh groups had not restricted their use. In such a case, the link-state databases of different routers in the network may no longer be synchronized. Consequences such as persistent forwarding loops can ensue. For this reason, we recommend that blocking or mesh groups be used only if specifically required, and then only after careful network design. Flood Blocking on Specific Interfaces With this technique, certain interfaces are blocked from being used for flooding LSPs, but the remaining interfaces operate normally for flooding. This technique is simple to understand and configure, but may be more difficult to maintain and more error prone than mesh groups in the long run. The flooding topology that IS-IS usesisfine-tuned rather than restricted. Restricting the topology too much (blocking too many interfaces) makes the network unreliable in the face of failures. Restricting the topology too little (blocking too few interfaces) may fail to achieve the desired scalability. To improve the robustness of the network in the event that all nonblocked interfaces drop, use the csnp-interval command in interface configuration mode to force periodic complete sequence number PDUs(CSNPs) packets to be used on blocked point-to-point links. The use of periodic CSNPs enables the network to become synchronized. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 209 Implementing IS-IS on Cisco ASR 9000 Series Router Multitopology ConfigurationMesh Group Configuration Configuring mesh groups (a set of interfaces on a router) can help to limit flooding. All routers reachable over the interfaces in a particular mesh group are assumed to be densely connected with each router having at least one link to every other router. Many links can fail without isolating one or more routers from the network. In normal flooding, a new LSP is received on an interface and is flooded out over all other interfaces on the router. With mesh groups, when a new LSP is received over an interface that is part of a mesh group, the new LSP is not flooded over the other interfaces that are part of that mesh group. Maximum LSP Lifetime and Refresh Interval By default, the routersends a periodic LSP refresh every 15 minutes. LSPsremain in a database for 20 minutes by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or maximum LSP lifetime. The LSP interval should be less than the LSP lifetime or else LSPs time out before they are refreshed. In the absence of a configured refresh interval, the software adjuststhe LSP refresh interval, if necessary, to prevent the LSPs from timing out. Single-Topology IPv6 Support Single-topology IPv6 support on Cisco IOS XR software software allows IS-IS for IPv6 to be configured on interfaces along with an IPv4 network protocol. All interfaces must be configured with the identical set of network protocols, and all routers in the IS-IS area (for Level 1 routing) or the domain (for Level 2 routing) must support the identical set of network layer protocols on all interfaces. In single-topology mode, IPv6 topologies work with both narrow and wide metric styles in IPv4 unicast topology. During single-topology operation, one shortest path first (SPF) computation for each level is used to compute both IPv4 and IPv6 routes. Using a single SPF is possible because both IPv4 IS-IS and IPv6 IS-IS routing protocols share a common link topology. Multitopology IPv6 Support Multitopology IPv6 support on Cisco IOS XR software for IS-IS assumes that multitopology support is required as soon as it detects interfaces configured for both IPv6 and IPv4 within the IS-IS stanza. Because multitopology is the default behavior in the software, you must explicitly configure IPv6 to use the same topology asIPv4 to enable single-topology IPv6. Configure the single-topology command in IPv6 router address family configuration submode of the IS-IS router stanza. IS-IS Authentication Authentication is available to limit the establishment of adjacencies by using the hello-password command, and to limit the exchange of LSPs by using the lsp-password command. IS-IS supports plain-text authentication, which does not provide security against unauthorized users. Plain-text authentication allows you to configure a password to prevent unauthorized networking devices from forming adjacencies with the router. The password is exchanged as plain text and is potentially visible to an agent able to view the IS-IS packets. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 210 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Maximum LSP Lifetime and Refresh IntervalWhen an HMAC-MD5 password is configured, the password is never sent over the network and is instead used to calculate a cryptographic checksum to ensure the integrity of the exchanged data. IS-IS stores a configured password using simple encryption. However, the plain-text form of the password is used in LSPs, sequence number protocols (SNPs), and hello packets, which would be visible to a process that can view IS-IS packets. The passwords can be entered in plain text (clear) or encrypted form. To set the domain password, configure the lsp-password command for Level 2; to set the area password, configure the lsp-password command for Level 1. The keychain feature allows IS-IS to reference configured keychains. IS-IS key chains enable hello and LSP keychain authentication. Keychains can be configured at the router level (in the case of the lsp-password command) and at the interface level (in the case of the hello-password command) within IS-IS. These commands reference the global keychain configuration and instruct the IS-IS protocol to obtain security parameters from the global set of configured keychains. IS-IS is able to use the keychain to implement hitless key rollover for authentication. ey rollover specification is time based, and in the event of clock skew between the peers, the rollover process is impacted. The configurable tolerance specification allows for the accept window to be extended (before and after) by that margin. This accept window facilitates a hitless key rollover for applications (for example, routing and management protocols). See Cisco ASR 9000 Series Aggregation Services Router System Security Guide for information on keychain management. Nonstop Forwarding On Cisco IOS XR software, NSF minimizes the amount of time a network is unavailable to its users following a route processor (RP) failover. The main objective of NSF is to continue forwarding IP packets and perform a graceful restart following an RP failover. When a router restarts, all routing peers of that device usually detect that the device went down and then came back up. This transition results in what is called a routing flap, which could spread across multiple routing domains. Routing flaps caused by routing restarts create routing instabilities, which are detrimental to the overall network performance. NSF helps to suppress routing flaps in NSF-aware devices, thus reducing network instability. NSF allows for the forwarding of data packets to continue along known routes while the routing protocol information is being restored following an RP failover. When the NSF feature is configured, peer networking devices do not experience routing flaps. Data traffic is forwarded through intelligent line cards while the standby RP assumes control from the failed active RP during a failover. The ability of line cards to remain up through a failover and to be kept current with the Forwarding Information Base (FIB) on the active RP is key to NSF operation. When the Cisco IOS XR router running IS-IS routing performs an RP failover, the router must perform two tasks to resynchronize its link-state database with its IS-IS neighbors. First, it must relearn the available IS-IS neighbors on the network without causing a reset of the neighbor relationship. Second, it must reacquire the contents of the link-state database for the network. The IS-IS NSF feature offers two options when configuring NSF: • IETF NSF • Cisco NSF Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 211 Implementing IS-IS on Cisco ASR 9000 Series Router Nonstop ForwardingIf neighbor routers on a network segment are NSF aware, meaning that neighbor routers are running a software version that supports the IETF Internet draft for router restartability, they assist an IETF NSF router that is restarting. With IETF NSF, neighbor routers provide adjacency and link-state information to help rebuild the routing information following a failover. In Cisco IOS XR software, Cisco NSF checkpoints (stores persistently) all the state necessary to recover from a restart without requiring any special cooperation from neighboring routers. The state is recovered from the neighboring routers, but only using the standard features of the IS-IS routing protocol. This capability makes Cisco NSF suitable for use in networksin which other routers have not used the IETF standard implementation of NSF. If you configure IETF NSF on the Cisco IOS XR router and a neighbor router does not support IETF NSF, the affected adjacencies flap, but nonstop forwarding is maintained to all neighbors that do support IETF NSF. A restart reverts to a cold start if no neighbors support IETF NSF. Note Multi-Instance IS-IS You can configure up to five IS-IS instances. MPLS can run on multiple IS-IS processes as long as the processesrun on differentsets of interfaces. Each interface may be associated with only a single IS-IS instance. Cisco IOS XR software preventsthe double-booking of an interface by two instances at configuration time—two instances of MPLS configuration causes an error. Because the Routing Information Base (RIB) treats each of the IS-IS instances as equal routing clients, you must be careful when redistributing routes between IS-IS instances. The RIB does not know to prefer Level 1 routes over Level 2 routes. For this reason, if you are running Level 1 and Level 2 instances, you must enforce the preference by configuring different administrative distances for the two instances. Multiprotocol Label Switching Traffic Engineering The MPLS TE feature enables an MPLS backbone to replicate and expand the traffic engineering capabilities of Layer 2 ATM and Frame Relay networks. MPLS is an integration of Layer 2 and Layer 3 technologies. For IS-IS, MPLS TE automatically establishes and maintains MPLS TE label-switched paths across the backbone by using Resource Reservation Protocol (RSVP). The route that a label-switched path uses is determined by the label-switched paths resource requirements and network resources, such as bandwidth. Available resources are flooded by using special IS-IS TLV extensions in the IS-IS. The label-switched paths are explicit routes and are referred to as traffic engineering (TE) tunnels. Overload Bit on Router The overload bit is a special bit of state information that is included in an LSP of the router. If the bit is set on the router, it notifies routers in the area that the router is not available for transit traffic. This capability is useful in four situations: 1 During a serious but nonfatal error, such as limited memory. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 212 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Multi-Instance IS-IS2 During the startup and restart of the process. The overload bit can be set until the routing protocol has converged. However, it is not employed during a normal NSF restart or failover because doing so causes a routing flap. 3 During a trial deployment of a new router. The overload bit can be set until deployment is verified, then cleared. 4 During the shutdown of a router. The overload bit can be set to remove the router from the topology before the router is removed from service. Overload Bit Configuration During Multitopology Operation Because the overload bit applies to forwarding for a single topology, it may be configured and cleared independently for IPv4 and IPv6 during multitopology operation. For this reason, the overload is set from the router address family configuration mode. If the IPv4 overload bit is set, all routers in the area do not use the router for IPv4 transit traffic. However, they can still use the router for IPv6 transit traffic. IS-IS Overload Bit Avoidance The IS-IS overload bit avoidance feature allows network administratorsto prevent labelswitched paths(LSPs) from being disabled when a router in that path has its Intermediate System-to-Intermediate System (IS-IS) overload bit set. When the IS-IS overload bit avoidance feature is activated, all nodes with the overload bit set, including head nodes, mid nodes, and tail nodes, are ignored, which means that they are still available for use with label switched paths (LSPs). The IS-IS overload bit avoidance feature does not change the default behavior on nodes that have their overload bit set if those nodes are not included in the path calculation (PCALC). Note The IS-IS overload bit avoidance feature is activated using the following command: mpls traffic-eng path-selection ignore overload The IS-IS overload bit avoidance feature is deactivated using the no form of this command: no mpls traffic-eng path-selection ignore overload When the IS-IS overload bit avoidance feature is deactivated, nodes with the overload bit set cannot be used as nodes of last resort. Default Routes You can force a default route into an IS-IS routing domain. Whenever you specifically configure redistribution of routes into an IS-IS routing domain, the Cisco IOS XR software does not, by default, redistribute the default route into the IS-IS routing domain. The default-information originate command generates a default route into IS-IS, which can be controlled by a route policy. You can use the route policy to identify the level into which the default route is to be announced, and you can specify other filtering options configurable under a route policy. You can use a route policy to conditionally advertise the default route, depending on the existence of another route in the routing table of the router. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 213 Implementing IS-IS on Cisco ASR 9000 Series Router Overload Bit Configuration During Multitopology OperationAttached Bit on an IS-IS Instance The attached bit is set in a router that is configured with the is-type command and level-1-2 keyword. The attached bit indicates that the router is connected to other areas (typically through the backbone). This functionality means that the router can be used by Level 1 routers in the area as the default route to the backbone. The attached bit is usually set automatically as the router discovers other areas while computing its Level 2 SPF route. The bit is automatically cleared when the router becomes detached from the backbone. If the connectivity for the Level 2 instance is lost, the attached bit in the Level 1 instance LSP would continue sending traffic to the Level 2 instance and cause the traffic to be dropped. Note To simulate this behavior when using multiple processes to represent the level-1-2 keyword functionality, you would manually configure the attached bit on the Level 1 process. IS-IS Support for Route Tags The IS-IS Support for route tags feature provides the capability to associate and advertise a tag with an IS-IS route prefix. Additionally, the feature allows you to prioritize the order of installation of route prefixes in the RIB based on a tag of a route. Route tags may also be used in route policy to match route prefixes(for example, to select certain route prefixes for redistribution). Multicast-Intact Feature The multicast-intact feature provides the ability to run multicast routing (PIM) when IGP shortcuts are configured and active on the router. Both OSPFv2 and IS-IS support the multicast-intact feature. MPLS TE and IP multicast coexistence is supported in Cisco IOS XR software by using the mpls traffic-eng multicast-intact IS-IS or OSPF router command. You can enable multicast-intact in the IGP when multicast routing protocols (PIM) are configured and IGP shortcuts are configured on the router. IGP shortcuts are MPLS tunnels that are exposed to IGP. The IGPs route the IP traffic over these tunnels to destinations that are downstream from the egress router of the tunnel (from an SPF perspective). PIM cannot use IGP shortcuts for propagating PIM joins because reverse path forwarding (RPF) cannot work across a unidirectional tunnel. When you enable multicast-intact on an IGP, the IGP publishes a parallel or alternate set of equal-cost next-hops for use by PIM. These next-hops are called mcast-intact next-hops. The mcast-intact next-hops have the following attributes: • They are guaranteed not to contain any IGP shortcuts. • They are not used for unicast routing but are used only by PIM to look up an IPv4 next-hop to a PIM source. • They are not published to the FIB. • When multicast-intact is enabled on an IGP, all IPv4 destinations that were learned through link-state advertisements are published with a set equal-cost mcast-intact next-hops to the RIB. This attribute applies even when the native next-hops have no IGP shortcuts. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 214 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Attached Bit on an IS-IS Instance• In IS-IS, the max-paths limit is applied by counting both the native and mcast-intact next-hops together. (In OSPFv2, the behavior is slightly different.) Multicast Topology Support Using IS-IS Multicast topology support allowsfor the configuration of IS-IS multicast topologiesfor IPv4 or IPv6 routing. IS-IS maintains a separate topology for multicast and runs a separate Shortest Path First (SPF) over the multicast topology. IS-IS multicast inserts routes from the IS-IS multicast topology into the multicast-unicast Routing Information Base (muRIB) table in the RIB for the corresponding address family. Since PIM uses the muRIB, PIM uses routes from the multicast topology instead of routes from the unicast topology. MPLS Label Distribution Protocol IGP Synchronization Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) Interior Gateway Protocol (IGP) Synchronization ensures that LDP has completed label exchange before the IGP path is used for switching. MPLS traffic loss can occur in the following two situations: • When an IGP adjacency is established, the router begins forwarding packets using the new adjacency before LDP has exchanged labels with peers on that link. • When an LDP session closes, the router continues to forward traffic using the link associated with the LDP peer rather than using an alternate path with an established LDP session. This feature provides a mechanism to synchronize LDP and IS-IS to minimize MPLS packet loss. The synchronization is accomplished by changing the link metric for a neighbor IS-IS link-state packet (LSP), based on the state of the LDP session. When an IS-IS adjacency is established on a link but the LDP session is lost or LDP has not yet completed exchanging labels, IS-IS advertisesthe maximum metric on that link. In thisinstance, LDP IS-IS synchronization is not yet achieved. In IS-IS, a link with a maximum wide metric (0xFFFFFF) is not considered for shortest path first (SPF). Therefore, the maximum wide metric of -1 (0XFFFFFE) is used with MPLS LDP IGP synchronization. Note When LDP IS-IS synchronization is achieved, IS-IS advertises a regular (configured or default) metric on that link. MPLS LDP-IGP Synchronization Compatibility with LDP Graceful Restart LDP graceful restart protects traffic when an LDP session is lost. If a graceful restart-enabled LDP session fails, MPLS LDP IS-IS synchronization is still achieved on the interface while it is protected by graceful restart. MPLS LDP IGP synchronization is eventually lost under the following circumstances: • LDP fails to restart before the LDP graceful restart reconnect timer expires. • The LDP session on the protected interface fails to recover before the LDP graceful restart recovery timer expires. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 215 Implementing IS-IS on Cisco ASR 9000 Series Router Multicast Topology Support Using IS-ISMPLS LDP-IGP Synchronization Compatibility with IGP Nonstop Forwarding IS-IS nonstop forwarding (NSF) protectstraffic during IS-IS processrestarts and route processor (RP) failovers. LDP IS-IS synchronization is supported with IS-IS NSF only if LDP graceful restart is also enabled over the interface. If IS-IS NSF is not enabled, the LDP synchronization state is not retained acrossrestarts and failovers. Label Distribution Protocol IGP Auto-configuration Label Distribution Protocol (LDP) Interior Gateway Protocol (IGP) auto-configuration simplifiesthe procedure to enable LDP on a set of interfaces used by an IGP instance. LDP IGP auto-configuration can be used on a large number interfaces(for example, when LDP is used for transport in the core) and on multiple IGP instances simultaneously. This feature supports the IPv4 address family for the default VPN routing and forwarding (VRF) instance. LDP IGP auto-configuration can also be explicitly disabled on individual interfaces under LDP using the igp auto-config disable command. This allows LDP to receive all IGP interfaces except the ones explicitly disabled. See Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide for information on configuring LDP IGP auto-configuration. MPLS TE Forwarding Adjacency MPLS TE forwarding adjacency allows a network administrator to handle a traffic engineering, label switch path (LSP) tunnel as a link in an Interior Gateway Protocol (IGP) network, based on the Shortest Path First (SPF) algorithm. A forwarding adjacency can be created between routers in the same IS-IS level. The routers can be located multiple hopsfrom each other. As a result, a TE tunnel is advertised as a link in an IGP network, with the cost of the link associated with it. Routers outside of the TE domain see the TE tunnel and use it to compute the shortest path for routing traffic throughout the network. MPLS TE forwarding adjacency is considered in IS-IS SPF only if a two-way connectivity check is achieved. This is possible if the forwarding adjacency is bidirectional or the head end and tail end routers of the MPLS TE tunnel are adjacent. The MPLS TE forwarding adjacency feature is supported by IS-IS. For details on configuring MPLS TE forwarding adjacency, see the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide. MPLS TE Interarea Tunnels MPLS TE interarea tunnels allow you to establish MPLS TE tunnels that span multiple IGP areas (Open Shorted Path First [OSPF]) and levels (IS-IS), removing the restriction that required that both the tunnel headend and tailend routers be in the same area. The IGP can be either IS-IS or OSPF. See the Configuring MPLS Traffic Engineering for IS-IS, on page 243 for information on configuring MPLS TE for IS-IS. For details on configuring MPLS TE interarea tunnels, see the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 216 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Label Distribution Protocol IGP Auto-configurationIP Fast Reroute The IP Fast Reroute (IPFRR) loop-free alternate (LFA) computation provides protection against link failure. Locally computed repair paths are used to prevent packet loss caused by loops that occur during network reconvergence after a failure. See IETF draft-ietf-rtgwg-ipfrr-framework-06.txt and draft-ietf-rtgwg-lf-conv-frmwk-00.txt for detailed information on IPFRR LFA. IPFRR LFA is different from Multiprotocol Label Switching (MPLS) as it is applicable to networks using conventional IP routing and forwarding. See Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide for information on configuring MPLS IPFRR. How to Implement IS-IS This section contains the following procedures: Note To save configuration changes, you must commit changes when the system prompts you. Enabling IS-IS and Configuring Level 1 or Level 2 Routing This task explains how to enable IS-IS and configure the routing level for an area. Configuring the routing level in Step 4 is optional, but is highly recommended to establish the proper level of adjacencies. Note Before You Begin Although you can configure IS-IS before you configure an IP address, no IS-IS routing occurs until at least one IP address is configured. SUMMARY STEPS 1. configure 2. router isis instance-id 3. net network-entity-title 4. is-type { level-1 | level-1-2 | level-2-only } 5. Do one of the following: • end • commit 6. show isis [ instance instance-id ] protocol Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 217 Implementing IS-IS on Cisco ASR 9000 Series Router IP Fast RerouteDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 2 • By default, all IS-IS instances are automatically Level 1 and Level 2. You can change the level of routing to be performed by a particular routing instance by using the is-type router configuration command. Step 3 net network-entity-title Configures network entity titles (NETs) for the routing instance. Example: RP/0/RSP0/CPU0:router(config-isis)# net 47.0004.004d.0001.0001.0c11.1110.00 • Specify a NET for each routing instance if you are configuring multi-instance IS-IS. • This example configures a router with area ID 47.0004.004d.0001 and system ID 0001.0c11.1110.00. • To specify more than one area address, specify additional NETs. Although the area address portion of the NET differs, the systemID portion of the NET must match exactly for all of the configured items. Step 4 is-type { level-1 | level-1-2 | level-2-only } (Optional) Configures the system type (area or backbone router). Example: RP/0/RSP0/CPU0:router(config-isis)# is-type level-2-only • By default, every IS-IS instance acts as a level-1-2 router. • The level-1 keyword configures the software to perform Level 1 (intra-area) routing only. Only Level 1 adjacencies are established. The software learns about destinations inside its area only. Any packets containing destinations outside the area are sent to the nearest level-1-2 router in the area. • The level-2-only keyword configures the software to perform Level 2 (backbone) routing only, and the router establishes only Level 2 adjacencies, either with other Level 2-only routers or with level-1-2 routers. • The level-1-2 keyword configures the software to perform both Level 1 and Level 2 routing. Both Level 1 and Level 2 adjacencies are established. The router acts as a border router between the Level 2 backbone and its Level 1 area. Step 5 Do one of the following: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 218 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Enabling IS-IS and Configuring Level 1 or Level 2 RoutingCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • end • commit Example: RP/0/RSP0/CPU0:router(config-isis)# end exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show isis [ instance instance-id ] protocol (Optional) Displays summary information about the IS-IS instance. Example: RP/0/RSP0/CPU0:router# show isis protocol Step 6 Configuring Single Topology for IS-IS After an IS-IS instance is enabled, it must be configured to compute routes for a specific network topology. This task explains how to configure the operation of the IS-IS protocol on an interface for an IPv4 or IPv6 topology. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 219 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Single Topology for IS-ISBefore You Begin To enable the router to run in single-topology mode, configure each of the IS-IS interfaces with all of the address families enabled and “single-topology” in the address-family IPv6 unicast in the IS-IS router stanza. You can use either the IPv6 address family or both IPv4 and IPv6 address families, but your configuration must represent the set of all active address families on the router. Additionally, explicitly enable single-topology operation by configuring it in the IPv6 router address family submode. Two exceptions to these instructions exist: Note 1 If the address-family stanza in the IS-IS process contains the adjacency-check disable command, then an interface is not required to have the address family enabled. 2 The single-topology command is not valid in the ipv4 address-family submode. The default metric style for single topology is narrow metrics. However, you can use either wide metrics or narrow metrics. How to configure them depends on how single topology is configured. If both IPv4 and IPv6 are enabled and single topology is configured, the metric style is configured in the address-family ipv4 stanza. You may configure the metric style in the address-family ipv6 stanza, but it is ignored in this case. If only IPv6 is enabled and single topology is configured, then the metric style is configured in the address-family ipv6 stanza. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 220 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Single Topology for IS-ISSUMMARY STEPS 1. configure 2. interface type interface-path-id 3. Do one of the following: • ipv4 address address mask • ipv6 address ipv6-prefix / prefix-length [ eui-64 ] • ipv6 address ipv6-address { / prefix-length | link-local } • ipv6 enable 4. exit 5. router isis instance-id 6. net network-entity-title 7. address-family ipv6 [ unicast ] 8. single-topology 9. exit 10. interface type interface-path-id 11. circuit-type { level-1 | level-1-2 | level-2-only } 12. address-family { ipv4 | ipv6 } [ unicast | multicast ] 13. Do one of the following: • end • commit 14. show isis [ instance instance-id ] interface [ type interface-path-id ] [ detail ] [ level { 1 | 2 }] 15. show isis [ instance instance-id ] topology [ systemid system-id ] [ level { 1 | 2 }] [ summary ] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 interface type interface-path-id Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 0/1/0/3 Step 2 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 221 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Single Topology for IS-ISCommand or Action Purpose Definesthe IPv4 addressfor the interface. An IP addressisrequired on all interfaces in an area enabled for IS-IS if any one interface is configured for IS-IS routing. Step 3 Do one of the following: • ipv4 address address mask • ipv6 address ipv6-prefix / prefix-length [ eui-64 ] or Specifies an IPv6 network assigned to the interface and enables • IPv6 processing on the interface with the eui-64 keyword. ipv6 address ipv6-address { / prefix-length | link-local } or • ipv6 enable Specifies an IPv6 address assigned to the interface and enablesIPv6 processing on the interface with the link-local keyword. Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 address 10.0.1.3 255.255.255.0 or Automatically configures an IPv6 link-local address on the interface while also enabling the interface for IPv6 processing. or RP/0/RSP0/CPU0:router(config-if)# ipv6 address 3ffe:1234:c18:1::/64 eui-64 • The link-local address can be used only to communicate with nodes on the same link. RP/0/RSP0/CPU0:router(config-if)# ipv6 • Specifying the ipv6 address ipv6-prefix / prefix-length interface configuration command without the eui-64 keyword configures site-local and global IPv6 addresses. address FE80::260:3EFF:FE11:6770 link-local RP/0/RSP0/CPU0:router(config-if)# ipv6 enable or • Specifying the ipv6 address ipv6-prefix / prefix-length command with the eui-64 keyword configures site-local and global IPv6 addresses with an interface ID in the low-order 64 bits of the IPv6 address. Only the 64-bit network prefix for the address needs to be specified; the last 64 bits are automatically computed from the interface ID. • Specifying the ipv6 address command with the link-local keyword configures a link-local address on the interface that is used instead of the link-local address that is automatically configured when IPv6 is enabled on the interface. Exits interface configuration mode, and returns the router to global configuration mode. exit Example: RP/0/RSP0/CPU0:router(config-if)# exit Step 4 Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 5 • By default, all IS-IS instances are Level 1 and Level 2. You can change the level of routing to be performed by a particular routing instance by using the is-type command. Step 6 net network-entity-title Configures NETs for the routing instance. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 222 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Single Topology for IS-ISCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-isis)# net 47.0004.004d.0001.0001.0c11.1110.00 • Specify a NET for each routing instance if you are configuring multi-instance IS-IS. You can specify a name for a NET and for an address. • This example configures a router with area ID 47.0004.004d.0001 and system ID 0001.0c11.1110.00. • To specify more than one area address, specify additional NETs. Although the area address portion of the NET differs, the system ID portion of the NET must match exactly for all of the configured items. Specifies the IPv6 address family and enters router address family configuration mode. address-family ipv6 [ unicast ] Example: RP/0/RSP0/CPU0:router(config-isis)# address-family ipv6 unicast Step 7 • This example specifies the unicast IPv6 address family. (Optional) Configures the link topology for IPv4 when IPv6 is configured. single-topology Example: RP/0/RSP0/CPU0:router(config-isis-af)# single-topology Step 8 • The single-topology command is valid only in IPv6 submode. The command instructs IPv6 to use the single topology rather than the default configuration of a separate topology in the multitopology mode. • See the Single-Topology IPv6 Support, on page 210 for more information. Exits router address family configuration mode, and returns the router to router configuration mode. exit Example: RP/0/RSP0/CPU0:router(config-isis-af)# exit Step 9 interface type interface-path-id Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config-isis)# interface GigabitEthernet 0/1/0/3 Step 10 Step 11 circuit-type { level-1 | level-1-2 | level-2-only } (Optional) Configures the type of adjacency. Example: RP/0/RSP0/CPU0:router(config-isis-if)# circuit-type level-1-2 • The default circuit type is the configured system type (configured through the is-type command). • Typically, the circuit type must be configured when the router is configured as only level-1-2 and you want to constrain an interface to form only level-1 or level-2-only adjacencies. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 223 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Single Topology for IS-ISCommand or Action Purpose Specifies the IPv4 or IPv6 address family, and enters interface address family configuration mode. address-family { ipv4 | ipv6 } [ unicast | multicast ] Step 12 Example: RP/0/RSP0/CPU0:router(config-isis-if)# address-family ipv4 unicast • This example specifiesthe unicast IPv4 addressfamily on the interface. Step 13 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-isis-if-af)# end exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis-if-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show isis [ instance instance-id ] interface [ type (Optional) Displays information about the IS-IS interface. interface-path-id ] [ detail ] [ level { 1 | 2 }] Step 14 Example: RP/0/RSP0/CPU0:router# show isis interface GigabitEthernet 0/1/0/1 show isis [ instance instance-id ] topology [ (Optional) Displays a list of connected routers in all areas. systemid system-id ] [ level { 1 | 2 }] [ summary ] Step 15 Example: RP/0/RSP0/CPU0:router# show isis topology Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 224 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Single Topology for IS-ISConfiguring Multitopology Routing This set of procedures configures multitopology routing, which is used by PIM for reverse-path forwarding (RPF) path selection. Restrictions for Configuring Multitopology Routing • Only the default VRF is currently supported in a multitopology solution. • Only protocol-independent multicast (PIM) and intermediate system-intermediate system (IS-IS) routing protocols are currently supported. • Topology selection is restricted solely to (S, G) route sources for both SM and SSM. Static and IS-IS are the only interior gateway protocols (IGPs) that support multitopology deployment. For non-(S, G) route sources like a rendezvous point or bootstrap router (BSR), or when a route policy is not configured, the current policy default remains in effect. In other words, either a unicast-default or multicast-default table is selected for all sources, based on OSFP/IS-IS/Multiprotocol Border Gateway Protocol (MBGP) configuration. Although both multicast and unicast keywords are available when using the address-family {ipv4 | ipv6} command in routing policy language (RPL), only topologies under multicast SAFI can be configured globally. Note Information About Multitopology Routing Configuring multitopology networks requires the following tasks: Configuring a Global Topology and Associating It with an Interface Follow these stepsto enable a global topology in the default VRF and to enable its use with a specific interface. SUMMARY STEPS 1. configure 2. address-family { ipv4 | ipv6 } multicast topology topo-name 3. maximum prefix limit 4. interface type interface-path-id 5. address-family { ipv4 | ipv6 } multicast topology topo-name 6. Repeat Step 4 and Step 5 until you have specified all the interface instances you want to associate with your topologies. 7. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 225 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Multitopology RoutingDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Configures a topology in the default VRF table that will be associated with a an interface. address-family { ipv4 | ipv6 } multicast topology topo-name Example: RP/0/RSP0/CPU0:router(config)# address-family ipv4 multicast topology green Step 2 (Optional) Limits the number of prefixes allowed in a topology routing table. Range is 32 to 2000000. maximum prefix limit Example: RP/0/RSP0/CPU0:router(config-af)# maximum prefix 100 Step 3 Specifiesthe interface to be associated with the previously specified VRF table that will add the connected and local routes to the appropriate routing table. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-af)# interface GigabitEthernet 0/3/0/0 Step 4 Enablesthe topology for the interface specified in Step 4, on page 226, adding the connected and local routesto the appropriate routing table. address-family { ipv4 | ipv6 } multicast topology topo-name Example: RP/0/RSP0/CPU0:router(config-if)# address-family ipv4 multicast topology green Step 5 Repeat Step 4 and Step 5 until you have specified all the — interface instances you want to associate with your topologies. Step 6 Example: RP/0/RSP0/CPU0:router(config-if-af)# interface gigabitethernet 0/3/2/0 RP/0/RSP0/CPU0:routerrouter(config-if)# address-family ipv4 multicast topology purple RP/0/RSP0/CPU0:router(config-if-af)# Step 7 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them • commit Example: RP/0/RSP0/CPU0:router(config-mcast-default-ipv4)# end before exiting(yes/no/cancel)?[cancel]: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 226 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Multitopology RoutingCommand or Action Purpose ? Entering yes saves configuration changes to the running configuration file, exits the or RP/0/RSP0/CPU0:router(config-mcast-default-ipv4)# commit configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Enabling an IS-IS Topology To enable a topology in IS-IS, you must associate an IS-IS topology ID with the named topology. IS-IS uses the topology ID to differentiate topologies in the domain. Note This command must be configured prior to other topology commands. SUMMARY STEPS 1. configure 2. router isis instance-id 3. address-family { ipv4 | ipv6 } multicast topology topo-name 4. topology-id multitoplogy-id 5. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 227 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Multitopology RoutingDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 router isis instance-id Enters IS-IS configuration submode. Example: RP/0/RSP0/CPU0:router(config)# router isis purple Step 2 address-family { ipv4 | ipv6 } multicast Associates an IS-IS topology ID with the named topology. topology topo-name Step 3 Example: RP/0/RSP0/CPU0:router(config-isis)# address-family ipv4 multicast topology green Configures the numeric multitopologyID in IS-IS that identifies the topology. Range is 6 to 4095. topology-id multitoplogy-id Example: RP/0/RSP0/CPU0:router(config-isis-af)# toplogy-id 122 Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-isis-if-af)# end exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis-if-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 228 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Multitopology RoutingCommand or Action Purpose Placing an Interface in a Topology in IS-IS To associate an interface with a topology in IS-IS, follow these steps. SUMMARY STEPS 1. configure 2. router isis instance-id 3. net network-entity-title 4. interface type interface-path-id 5. address-family { ipv4 | ipv6 } multicast topology topo-name 6. Repeat Step 4, on page 230 and Step 5, on page 230 until you have specified all the interface instances and associated topologies you want to configure in your network. 7. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 router isis instance-id Enters IS-IS configuration submode. Example: RP/0/RSP0/CPU0:router(config)# router isis purple Step 2 net network-entity-title Creates a network entity title for the configured isis interface. Example: RP/0/RSP0/CPU0:router(config-isis)# net netname Step 3 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 229 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Multitopology RoutingCommand or Action Purpose Enters isis interface configuration submode and creates an interface instance. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-isis)# interface gigabitethernet 0/3/0/0 Step 4 address-family { ipv4 | ipv6 } multicast topology topo-name Step 5 • Entersisis address-family interface configuration submode. • Places the interface instance into a topology. Example: RP/0/RSP0/CPU0:router(config-isis-if)# address-family ipv4 multicast topology green Repeat Step 4, on page 230 and Step 5, on page 230 — until you have specified all the interface instances and Step 6 associated topologies you want to configure in your network. Step 7 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-isis-if-af)# end exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis-if-af)# commit ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Configuring a Routing Policy For more information about creating a routing policy and about the set rpf-topology command, see Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 230 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Multitopology RoutingSUMMARY STEPS 1. configure 2. route-policy policy-name 3. end-policy 4. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Defines a routing policy and enters routing policy configuration submode. route-policy policy-name Example: RP/0/RSP0/CPU0:router(config)# route-policy Step 2 For detailed information about the use of the set-rpf-topology and other routing configuration commands,see Cisco ASR 9000 Series mt1 Aggregation Services Router Routing Command Reference. RP/0/RSP0/CPU0:router(config-rpl)# if destination in 225.0.0.1, 225.0.0.11 then RP/0/RSP0/CPU0:router(config-rpl-if)# if source in (10.10.10.10) then RP/0/RSP0/CPU0:router(config-rpl-if-2)# set rpf-topology ipv4 multicast topology greentable RP/0/RSP0/CPU0:router(config-rpl-if-2)# else RP/0/RSP0/CPU0:router(config-rpl-if-else-2)# set rpf-topology ipv4 multicast topology bluetable RP/0/RSP0/CPU0:router(config-rpl-if-else-2)# endif RP/0/RSP0/CPU0:router(config-rpl-if)# endif Signifies the end of route policy definition and exits routing policy configuration submode. end-policy Example: RP/0/RSP0/CPU0:router(config-rpl)# end-policy Step 3 RP/0/RSP0/CPU0:router(config)# Step 4 Do one of the following: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 231 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Multitopology RoutingCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • end • commit Example: RP/0/RSP0/CPU0:router(config)# end exiting(yes/no/cancel)?[cancel]: ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Multitopology for IS-IS Multitopology is configured in the same way asthe single topology. However, the single - topology command is omitted, invoking the default multitopology behavior. This task is optional. Controlling LSP Flooding for IS-IS Flooding of LSPs can limit network scalability. You can control LSP flooding by tuning your LSP database parameters on the router globally or on the interface. This task is optional. Many of the commands to control LSP flooding contain an option to specify the level to which they apply. Without the option, the command applies to both levels. If an option is configured for one level, the other level continues to use the default value. To configure options for both levels, use the command twice. For example: RP/0/RSP0/CPU0:router(config-isis)# lsp-refresh-interval 1200 level 2 RP/0/RSP0/CPU0:router(config-isis)# lsp-refresh-interval 1100 level 1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 232 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Multitopology for IS-ISSUMMARY STEPS 1. configure 2. router isis instance-id 3. lsp-refresh-interval seconds [ level { 1 | 2 }] 4. lsp-check-interval seconds [ level { 1 | 2 }] 5. lsp-gen-interval { [ initial-wait initial | secondary-wait secondary | maximum-wait maximum ] ... } [ level { 1 | 2 }] 6. lsp-mtu bytes [ level { 1 | 2 }] 7. max-lsp-lifetime seconds [ level { 1 | 2 }] 8. ignore-lsp-errors disable 9. interface type interface-path-id 10. lsp-interval milliseconds [ level { 1 | 2 }] 11. csnp-interval seconds [ level { 1 | 2 }] 12. retransmit-interval seconds [ level { 1 | 2 }] 13. retransmit-throttle-interval milliseconds [ level { 1 | 2 }] 14. mesh-group { number | blocked } 15. Do one of the following: • end • commit 16. show isis interface [ type interface-path-id | level { 1 | 2 }] [ brief ] 17. show isis [ instance instance-id ] database [ level { 1 | 2 }] [ detail | summary | verbose ] [ * | lsp-id ] 18. show isis [ instance instance-id ] lsp-log [ level { 1 | 2 }] 19. show isis database-log [ level { 1 | 2 }] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 2 • You can change the level of routing to be performed by a particular routing instance by using the is-type router configuration command. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 233 Implementing IS-IS on Cisco ASR 9000 Series Router Controlling LSP Flooding for IS-ISCommand or Action Purpose (Optional) Sets the time between regeneration of LSPs that contain different sequence numbers lsp-refresh-interval seconds [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis)# lsp-refresh-interval 10800 Step 3 • The refresh interval should always be set lower than the max-lsp-lifetime command. (Optional) Configuresthe time between periodic checks of the entire database to validate the checksums of the LSPs in the database. lsp-check-interval seconds [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis)# lsp-check-interval 240 Step 4 • This operation is costly in terms of CPU and so should be configured to occur infrequently. (Optional) Reduces the rate of LSP generation during periods of instability in the network. Helps reduce the CPU load on the router and number of LSP transmissions to its IS-IS neighbors. lsp-gen-interval { [ initial-wait initial | secondary-wait secondary | maximum-wait maximum ] ... } [ level { 1 | 2 }] Step 5 Example: RP/0/RSP0/CPU0:router(config-isis)# • During prolonged periods of network instability, repeated recalculation of LSPs can cause an increased CPU load on the local router. Further, the flooding of these recalculated lsp-gen-interval maximum-wait 15 LSPsto the other Intermediate Systemsin the network causes initial-wait 5 increased traffic and can result in other routers having to spend more time running route calculations. (Optional) Sets the maximum transmission unit (MTU) size of LSPs. lsp-mtu bytes [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis)# lsp-mtu 1300 Step 6 (Optional) Sets the initial lifetime given to an LSP originated by the router. max-lsp-lifetime seconds [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis)# max-lsp-lifetime 11000 Step 7 • Thisisthe amount of time that the LSP persistsin the database of a neighbor unless the LSP is regenerated or refreshed. (Optional) Sets the router to purge LSPs received with checksum errors. ignore-lsp-errors disable Example: RP/0/RSP0/CPU0:router(config-isis)# ignore-lsp-errors disable Step 8 interface type interface-path-id Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config-isis)# interface GigabitEthernet 0/1/0/3 Step 9 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 234 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Controlling LSP Flooding for IS-ISCommand or Action Purpose (Optional) Configures the amount of time between each LSP sent on an interface. lsp-interval milliseconds [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis-if)# lsp-interval 100 Step 10 (Optional) Configures the interval at which periodic CSNP packets are sent on broadcast interfaces. csnp-interval seconds [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis-if)# csnp-interval 30 level 1 Step 11 • Sending more frequent CSNPs means that adjacent routers must work harder to receive them. • Sending less frequent CSNP means that differences in the adjacent routers may persist longer. (Optional) Configures the amount of time that the sending router waits for an acknowledgment before it considers that the LSP was not received and subsequently resends. retransmit-interval seconds [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis-if)# retransmit-interval 60 Step 12 RP/0/RSP0/CPU0:router(config-isis-if)# retransmit-interval 60 (Optional) Configures the amount of time between retransmissions on each LSP on a point-to-point interface. retransmit-throttle-interval milliseconds [ level { 1 | 2 }] Step 13 Example: RP/0/RSP0/CPU0:router(config-isis-if)# retransmit-throttle-interval 1000 • This time is usually greater than or equal to the lsp-interval command time because the reason for lost LSPs may be that a neighboring router is busy. A longer interval gives the neighbor more time to receive transmissions. (Optional) Optimizes LSP flooding in NBMA networks with highly meshed, point-to-point topologies. mesh-group { number | blocked } Example: RP/0/RSP0/CPU0:router(config-isis-if)# mesh-group blocked Step 14 • This command is appropriate only for an NBMA network with highly meshed, point-to-point topologies. Step 15 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-isis-if)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-isis-if)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 235 Implementing IS-IS on Cisco ASR 9000 Series Router Controlling LSP Flooding for IS-ISCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show isis interface [ type interface-path-id | (Optional) Displays information about the IS-IS interface. level { 1 | 2 }] [ brief ] Step 16 Example: RP/0/RSP0/CPU0:router# show isis interface GigabitEthernet 0/1/0/1 brief show isis [ instance instance-id ] database [ (Optional) Displays the IS-IS LSP database. level { 1 | 2 }] [ detail | summary | verbose ] [ * | lsp-id ] Step 17 Example: RP/0/RSP0/CPU0:router# show isis database level 1 show isis [ instance instance-id ] lsp-log [ level (Optional) Displays LSP log information. { 1 | 2 }] Step 18 Example: RP/0/RSP0/CPU0:router# show isis lsp-log show isis database-log [ level { 1 | 2 }] (Optional) Display IS-IS database log information. Example: RP/0/RSP0/CPU0:router# show isis database-log level 1 Step 19 Configuring Nonstop Forwarding for IS-IS This task explains how to configure your router with NSF that allows the Cisco IOS XR software to resynchronize the IS-IS link-state database with its IS-IS neighbors after a process restart. The process restart could be due to an: • RP failover (for a warm restart) Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 236 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Nonstop Forwarding for IS-IS• Simple process restart (due to an IS-IS reload or other administrative request to restart the process) • IS-IS software upgrade In all cases, NSF mitigates link flaps and loss of user sessions. This task is optional. SUMMARY STEPS 1. configure 2. router isis instance-id 3. nsf { cisco | ietf } 4. nsf interface-expires number 5. nsf interface-timer seconds 6. nsf lifetime seconds 7. Do one of the following: • end • commit 8. show running-config [ command ] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 2 • You can change the level of routing to be performed by a particular routing instance by using the is-type router configuration command. Step 3 nsf { cisco | ietf } Enables NSF on the next restart. Example: RP/0/RSP0/CPU0:router(config-isis)# nsf ietf • Enter the cisco keyword to run IS-IS in heterogeneous networks that might not have adjacent NSF-aware networking devices. • Enter the ietf keyword to enable IS-IS in homogeneous networks where all adjacent networking devices support IETF draft-based restartability. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 237 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Nonstop Forwarding for IS-ISCommand or Action Purpose Configures the number of resends of an acknowledged NSF-restart acknowledgment. nsf interface-expires number Example: RP/0/RSP0/CPU0:router(config-isis)# nsf interface-expires 1 Step 4 • If the resend limit is reached during the NSF restart, the restart falls back to a cold restart. nsf interface-timer seconds Configuresthe number ofsecondsto wait for each restart acknowledgment. Example: RP/0/RSP0/CPU0:router(config-isis) nsf interface-timer 15 Step 5 Step 6 nsf lifetime seconds Configures the maximum route lifetime following an NSF restart. Example: RP/0/RSP0/CPU0:router(config-isis)# nsf lifetime 20 • This command should be configured to the length of time required to perform a full NSF restart because it is the amount of time that the Routing Information Base (RIB) retains the routes during the restart. • Setting this value too high results in stale routes. • Setting this value too low could result in routes purged too soon. Step 7 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-isis)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 238 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Nonstop Forwarding for IS-ISCommand or Action Purpose (Optional) Displays the entire contents of the currently running configuration file or a subset of that file. show running-config [ command ] Example: RP/0/RSP0/CPU0:router# show running-config router isis isp Step 8 • Verify that “nsf” appearsin the IS-IS configuration of the NSF-aware device. • This example shows the contents of the configuration file for the “isp” instance only. Configuring Authentication for IS-IS This task explains how to configure authentication for IS-IS. This task is optional. SUMMARY STEPS 1. configure 2. router isis instance-id 3. lsp-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only ] [ snp send-only ] 4. interface type interface-path-id 5. hello-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only ] 6. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 2 • You can change the level of routing to be performed by a particular routing instance by using the is-type command. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 239 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Authentication for IS-ISCommand or Action Purpose lsp-password { hmac-md5 | text } { clear | encrypted } Configures the LSP authentication password. password [ level { 1 | 2 }] [ send-only ] [ snp send-only ] Step 3 • The hmac-md5 keyword specifies that the password is used in HMAC-MD5 authentication. Example: RP/0/RSP0/CPU0:router(config-isis)# lsp-password hmac-md5 clear password1 level 1 • The text keyword specifies that the password uses cleartext password authentication. • The clear keyword specifies that the password is unencrypted when entered. • The encrypted keyword specifies that the password is encrypted using a two-way algorithm when entered. • The level 1 keyword sets a password for authentication in the area (in Level 1 LSPs and Level SNPs). • The level 2 keywordsset a password for authentication in the backbone (the Level 2 area). • The send-only keyword adds authentication to LSP and sequence number protocol data units (SNPs) when they are sent. It does not authenticate received LSPs or SNPs. • The snp send-only keyword adds authentication to SNPs when they are sent. It does not authenticate received SNPs. To disable SNP password checking, the snp send-only keywords must be specified in the lsp-password command. Note interface type interface-path-id Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config-isis)# interface GigabitEthernet 0/1/0/3 Step 4 hello-password { hmac-md5 | text } { clear | encrypted Configuresthe authentication password for an IS-IS interface. } password [ level { 1 | 2 }] [ send-only ] Step 5 Example: RP/0/RSP0/CPU0:router(config-isis-if)#hello-password text clear mypassword Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 240 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Authentication for IS-ISCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-isis-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. or RP/0/RSP0/CPU0:router(config-isis-if)# commit ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Keychains for IS-IS This task explains how to configure keychains for IS-IS. This task is optional. Keychains can be configured at the router level ( lsp-password command) and at the interface level ( hello-password command) within IS-IS. These commands reference the global keychain configuration and instruct the IS-IS protocol to obtain security parameters from the global set of configured keychains. The router-level configuration (lsp-password command) sets the keychain to be used for all IS-IS LSPs generated by this router, as well as for all Sequence Number Protocol Data Units (SN PDUs). The keychain used for HELLO PDUs is set at the interface level, and may be set differently for each interface configured for IS-IS. SUMMARY STEPS 1. configure 2. router isis instance-id 3. l sp-password keychain keychain-name [ level { 1 | 2 }] [ send-only ] [ snp send-only ] 4. interface type interface-path-id 5. h ello-password keychain keychain-name [ level { 1 | 2 }] [ send-only ] 6. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 241 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Keychains for IS-ISDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 2 • You can change the level of routing to be performed by a particular routing instance by using the is-type command. l sp-password keychain keychain-name [ level { 1 | 2 }] Configures the keychain. [ send-only ] [ snp send-only ] Step 3 Example: RP/0/RSP0/CPU0:router(config-isis)# lsp-password keychain isis_a level 1 interface type interface-path-id Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config-isis)# interface GigabitEthernet 0/1/0/3 Step 4 Configures the authentication password for an IS-IS interface. h ello-password keychain keychain-name [ level { 1 | 2 }] [ send-only ] Example: RP/0/RSP0/CPU0:router(config-isis-if)#hello-password keychain isis_b Step 5 Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them • commit Example: RP/0/RSP0/CPU0:router(config-isis-if)# end before exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the or RP/0/RSP0/CPU0:router(config-isis-if)# commit configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 242 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Keychains for IS-ISCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring MPLS Traffic Engineering for IS-IS This task explains how to configure IS-IS for MPLS TE. This task is optional. For a description of the MPLS TE tasks and commands that allow you to configure the router to support tunnels, configure an MPLS tunnel that IS-IS can use, and troubleshoot MPLS TE, see Implementing MPLS Traffic Engineering on Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide Before You Begin Your network must support the MPLS Cisco IOS XR software feature before you enable MPLS TE for IS-IS on your router. You must enter the commands in the following task list on every IS-IS router in the traffic-engineered portion of your network. Note MPLS traffic engineering currently does not support routing and signaling of LSPs over unnumbered IP links. Therefore, do not configure the feature over those links. Note Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 243 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring MPLS Traffic Engineering for IS-ISSUMMARY STEPS 1. configure 2. router isis instance-id 3. address-family { ipv4 | ipv6 } [ unicast | multicast ] 4. mpls traffic-eng level { 1 | 2 } 5. mpls traffic-eng router-id { ip-address | interface-name interface-instance } 6. metric-style wide [ level { 1 | 2 }] 7. Do one of the following: • end • commit 8. show isis [ instance instance-id ] mpls traffic-eng tunnel 9. show isis [ instance instance-id ] mpls traffic-eng adjacency-log 10. show isis [ instance instance-id ] mpls traffic-eng advertisements DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 2 • You can change the level of routing to be performed by a particular routing instance by using the is-type router configuration command. Specifies the IPv4 or IPv6 address family, and enters router address family configuration mode. address-family { ipv4 | ipv6 } [ unicast | multicast ] Example: RP/0/RSP0/CPU0:router(config-isis)#address-family ipv4 unicast Step 3 Configures a router running IS-IS to flood MPLS TE link information into the indicated IS-IS level. mpls traffic-eng level { 1 | 2 } Example: RP/0/RSP0/CPU0:router(config-isis-af)# mpls traffic-eng level 1 Step 4 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 244 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring MPLS Traffic Engineering for IS-ISCommand or Action Purpose Specifies that the MPLS TE router identifier for the node is the given IP address or an IP address associated with the given interface. mpls traffic-eng router-id { ip-address | interface-name interface-instance } Example: RP/0/RSP0/CPU0:router(config-isis-af)# mpls traffic-eng router-id loopback0 Step 5 Configures a router to generate and accept only wide link metrics in the Level 1 area. metric-style wide [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis-af)# metric-style wide level 1 Step 6 Step 7 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-isis-af)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show isis [ instance instance-id ] mpls traffic-eng (Optional) Displays MPLS TE tunnel information. tunnel Step 8 Example: RP/0/RSP0/CPU0:router# show isis instance isp mpls traffic-eng tunnel Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 245 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring MPLS Traffic Engineering for IS-ISCommand or Action Purpose (Optional) Displays a log of MPLS TE IS-IS adjacency changes. show isis [ instance instance-id ] mpls traffic-eng adjacency-log Example: RP/0/RSP0/CPU0:router# show isis instance isp mpls traffic-eng adjacency-log Step 9 (Optional) Displays the latest flooded record from MPLS TE. show isis [ instance instance-id ] mpls traffic-eng advertisements Example: RP/0/RSP0/CPU0:router# show isis instance isp mpls traffic-eng advertisements Step 10 Tuning Adjacencies for IS-IS This task explains how to enable logging of adjacency state changes, alter the timers for IS-IS adjacency packets, and display various aspects of adjacency state. Tuning your IS-IS adjacencies increases network stability when links are congested. This task is optional. For point-to-point links, IS-IS sends only a single hello for Level 1 and Level 2, which means that the level modifiers are meaningless on point-to-point links. To modify hello parameters for a point-to-point interface, omit the specification of the level options. The options configurable in the interface submode apply only to that interface. By default, the values are applied to both Level 1 and Level 2. The hello-password command can be used to prevent adjacency formation with unauthorized or undesired routers. This ability is particularly useful on a LAN, where connections to routers with which you have no desire to establish adjacencies are commonly found. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 246 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Tuning Adjacencies for IS-ISSUMMARY STEPS 1. configure 2. router isis instance-id 3. log adjacency changes 4. interface type interface-path-id 5. hello-padding { disable | sometimes } [ level { 1 | 2 }] 6. hello-interval seconds [ level { 1 | 2 }] 7. hello-multiplier multiplier [ level { 1 | 2 }] 8. h ello-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only ] 9. Do one of the following: • end • commit 10. show isis [ instance instance-id ] adjacency t ype interface- path-id ] [ detail ] [ systemid system-id ] 11. show isis adjacency-log 12. show isis [ instance instance-id ] interface [ type interface-path-id ] [ brief | detail ] [ level { 1 | 2 }] 13. show isis [ instance instance-id ] neighbors [ interface-type interface-instance ] [ summary ] [ detail ] [ systemid system-id ] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 2 • You can change the level of routing to be performed by a particular routing instance by using the is-type command. Generates a log message when an IS-IS adjacency changes state (up or down). log adjacency changes Example: RP/0/RSP0/CPU0:router(config-isis)# log adjacency changes Step 3 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 247 Implementing IS-IS on Cisco ASR 9000 Series Router Tuning Adjacencies for IS-ISCommand or Action Purpose interface type interface-path-id Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config-isis)# interface GigabitEthernet 0/1/0/3 Step 4 Configures padding on IS-IS hello PDUs for an IS-IS interface on the router. hello-padding { disable | sometimes } [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis-if)# hello-padding sometimes Step 5 • Hello padding appliesto only thisinterface and not to all interfaces. Specifies the length of time between hello packets that the software sends. hello-interval seconds [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis-if)#hello-interval 6 Step 6 Specifies the number of IS-IS hello packets a neighbor must miss before the routershould declare the adjacency as down. hello-multiplier multiplier [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis-if)# hello-multiplier 10 Step 7 • A higher value increases the networks tolerance for dropped packets, but also may increase the amount of time required to detect the failure of an adjacent router. • Conversely, not detecting the failure of an adjacent router can result in greater packet loss. Specifies that this system include authentication in the hello packets and requires successful authentication of h ello-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only ] Step 8 the hello packet from the neighbor to establish an adjacency. Example: RP/0/RSP0/CPU0:router(config-isis-if)# hello-password text clear mypassword Step 9 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them • commit Example: RP/0/RSP0/CPU0:router(config-isis-if)# end before exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the or RP/0/RSP0/CPU0:router(config-isis-if)# commit configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 248 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Tuning Adjacencies for IS-ISCommand or Action Purpose ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show isis [ instance instance-id ] adjacency t ype interface- (Optional) Displays IS-IS adjacencies. path-id ] [ detail ] [ systemid system-id ] Step 10 Example: RP/0/RSP0/CPU0:router# show isis instance isp adjacency (Optional) Displays a log of the most recent adjacency state transitions. show isis adjacency-log Example: RP/0/RSP0/CPU0:router# show isis adjacency-log Step 11 show isis [ instance instance-id ] interface [ type (Optional) Displaysinformation about the IS-IS interface. interface-path-id ] [ brief | detail ] [ level { 1 | 2 }] Step 12 Example: RP/0/RSP0/CPU0:router# show isis interface GigabitEthernet 0/1/0/1 brief show isis [ instance instance-id ] neighbors [ interface-type (Optional) Displays information about IS-IS neighbors. interface-instance ] [summary ] [ detail ] [systemid system-id ] Step 13 Example: RP/0/RSP0/CPU0:router# show isis neighbors summary Setting SPF Interval for a Single-Topology IPv4 and IPv6 Configuration This task explains how to make adjustments to the SPF calculation to tune router performance. This task is optional. Because the SPF calculation computes routes for a particular topology, the tuning attributes are located in the router address family configuration submode. SPF calculation computes routes for Level 1 and Level 2 separately. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 249 Implementing IS-IS on Cisco ASR 9000 Series Router Setting SPF Interval for a Single-Topology IPv4 and IPv6 ConfigurationWhen IPv4 and IPv6 address families are used in a single-topology mode, only a single SPF for the IPv4 topology exists. The IPv6 topology “borrows” the IPv4 topology; therefore, no SPF calculation is required for IPv6. To tune the SPF calculation parameters for single-topology mode, configure the address-family ipv4 unicast command. The incremental SPF algorithm can be enabled separately. When enabled, the incremental shortest path first (ISPF) is not employed immediately. Instead, the full SPF algorithm is used to “seed” the state information required for the ISPF to run. The startup delay prevents the ISPF from running for a specified interval after an IS-IS restart (to permit the database to stabilize). After the startup delay elapses, the ISPF is principally responsible for performing all of the SPF calculations. The reseed interval enables a periodic running of the full SPF to ensure that the iSFP state remains synchronized. SUMMARY STEPS 1. configure 2. router isis instance-id 3. address-family { ipv4 | ipv6 } [ unicast | multicast ] 4. spf-interval {[ initial-wait initial | secondary-wait secondary | maximum-wait maximum ] ...} [ level { 1 | 2 }] 5. ispf [ level { 1 | 2 }] 6. Do one of the following: • end • commit 7. show isis [ instance instance-id ] [[ ipv4 | ipv6 | afi-all ] [ unicast | multicast | safi-all ]] spf-log [ level { 1 | 2 }] [ ispf | fspf | prc | nhc ] [ detail | verbose ] [ last number | first number ] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 2 • You can change the level of routing to be performed by a particular routing instance by using the is-type router configuration command. Specifies the IPv4or IPv6 address family, and enters router address family configuration mode. address-family { ipv4 | ipv6 } [ unicast | multicast ] Example: RP/0/RSP0/CPU0:router(config-isis)#address-family ipv4 unicast Step 3 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 250 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Setting SPF Interval for a Single-Topology IPv4 and IPv6 ConfigurationCommand or Action Purpose (Optional) Controlsthe minimum time between successive SPF calculations. spf-interval {[ initial-wait initial | secondary-wait secondary | maximum-wait maximum ] ...} [ level { 1 | 2 }] Step 4 • This value imposes a delay in the SPF computation after an event trigger and enforces a minimum elapsed time between SPF runs. Example: RP/0/RSP0/CPU0:router(config-isis-af)# spf-interval initial-wait 10 maximum-wait 30 • If this value is configured too low, the router can lose too many CPU resources when the network is unstable. • Configuring the value too high delays changes in the network topology that result in lost packets. • The SPF interval does not apply to the running of the ISPF because that algorithm runs immediately on receiving a changed LSP. (Optional) Configures incremental IS-IS ISPF to calculate network topology. ispf [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis-af)# ispf Step 5 Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-isis-af)# end exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays how often and why the router has run a full SPF calculation. show isis [ instance instance-id ] [[ ipv4 | ipv6 | afi-all ] [ unicast | multicast | safi-all ]] spf-log [ level { 1 | 2 }] [ ispf | fspf | prc | nhc ] [ detail | verbose ] [ last number | first number ] Step 7 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 251 Implementing IS-IS on Cisco ASR 9000 Series Router Setting SPF Interval for a Single-Topology IPv4 and IPv6 ConfigurationCommand or Action Purpose Example: RP/0/RSP0/CPU0:router# show isis instance 1 spf-log ipv4 Customizing Routes for IS-IS This task explains how to perform route functions that include injecting default routes into your IS-IS routing domain and redistributing routes learned in another IS-IS instance. This task is optional. SUMMARY STEPS 1. configure 2. router isis instance-id 3. set-overload-bit [ on-startup { delay | wait-for-bgp }] [ level { 1 | 2 }] 4. address-family { ipv4 | ipv6 } [ unicast | multicast ] 5. default-information originate [ route-policy route-policy-name ] 6. redistribute isis instance [ level-1 | level-2 | level-1-2 ] [ metric metric ] [ metric-type { internal | external }] [ policy policy-name ] 7. Do one of the following: • summary-prefix address / prefix-length [ level { 1 | 2 }] • summary-prefix ipv6-prefix / prefix-length [ level { 1 | 2 }] 8. maximum-paths route-number 9. distance weight [ address / prefix-length [ route-list-name ]] 10. set-attached-bit 11. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 252 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Customizing Routes for IS-ISDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables IS-IS routing for the specified routing process, and places the router in router configuration mode. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 2 • By default, all IS-IS instances are automatically Level 1 and Level 2. You can change the level of routing to be performed by a particular routing instance by using the is-type command. set-overload-bit [ on-startup { delay | (Optional) Sets the overload bit. wait-for-bgp }] [ level { 1 | 2 }] Step 3 The configured overload bit behavior does not apply to NSF restarts because the NSF restart does not set the overload bit during restart. Note Example: RP/0/RSP0/CPU0:router(config-isis)# set-overload-bit Specifies the IPv4 or IPv6 address family, and enters router address family configuration mode. address-family { ipv4 | ipv6 } [ unicast | multicast ] Example: RP/0/RSP0/CPU0:router(config-isis)# address-family ipv4 unicast Step 4 (Optional) Injects a default IPv4 or IPv6 route into an IS-IS routing domain. default-information originate [ route-policy route-policy-name ] Step 5 Example: RP/0/RSP0/CPU0:router(config-isis-af)# default-information originate • The route-policy keyword and route-policy-name argument specify the conditions under which the IPv4 or IPv6 default route is advertised. • If the route-policy keyword is omitted, then the IPv4 or IPv6 default route is unconditionally advertised at Level 2. (Optional) Redistributes routes from one IS-IS instance into another instance. redistribute isis instance [ level-1 | level-2 | level-1-2 ] [ metric metric ] [ metric-type { internal | external }] [ policy policy-name ] Step 6 • In this example, an IS-IS instance redistributes Level 1 routes from another IS-IS instance. Example: RP/0/RSP0/CPU0:router(config-isis-af)# redistribute isis 2 level-1 (Optional) Allows a Level 1-2 router to summarize Level 1 IPv4 and IPv6 prefixes at Level 2, instead of advertising the Level 1 prefixes directly when the router advertises the summary. Step 7 Do one of the following: • summary-prefix address / prefix-length [ level { 1 | 2 }] Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 253 Implementing IS-IS on Cisco ASR 9000 Series Router Customizing Routes for IS-ISCommand or Action Purpose • This example specifies an IPv4 address and mask. • summary-prefix ipv6-prefix / prefix-length [ level { 1 | 2 }] or Example: RP/0/RSP0/CPU0:router(config-isis-af)# summary-prefix 10.1.0.0/16 level 1 • This example specifies an IPv6 prefix, and the command must be in the form documented in RFC 2373 in which the address is specified in hexadecimal using 16-bit values between colons. • Note that IPv6 prefixes must be configured only in the IPv6 router address family configuration submode, and IPv4 prefixes in the IPv4 router address family configuration submode. or RP/0/RSP0/CPU0:router(config-isis-af)# summary-prefix 3003:xxxx::/24 level 1 (Optional) Configuresthe maximum number of parallel paths allowed in a routing table. maximum-paths route-number Example: RP/0/RSP0/CPU0:router(config-isis-af)# maximum-paths 16 Step 8 (Optional) Defines the administrative distance assigned to routes discovered by the IS-IS protocol. distance weight [ address / prefix-length [ route-list-name ]] Step 9 Example: RP/0/RSP0/CPU0:router(config-isis-af)# distance 90 • A different administrative distance may be applied for IPv4 and IPv6. (Optional) Configures an IS-IS instance with an attached bit in the Level 1 LSP. set-attached-bit Example: RP/0/RSP0/CPU0:router(config-isis-af)# set-attached-bit Step 10 Step 11 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-isis-af)# end exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 254 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Customizing Routes for IS-ISCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring MPLS LDP IS-IS Synchronization This task explains how to enable Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) IS-IS synchronization. MPLS LDP synchronization can be enabled for an address family under interface configuration mode. Only IPv4 unicast address family is supported. This task is optional. SUMMARY STEPS 1. configure 2. router isis instance-id 3. interface type interface-path-id 4. address-family ipv4 unicast 5. mpls ldp sync [ level { 1 | 2 }] 6. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 EnablesIS-IS routing for the specified routing process, and places the router in router configuration mode. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 2 • By default, all IS-IS instances are automatically Level 1 and Level 2. You can change the level of routing to be performed by a particular routing instance by using the is-type command. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 255 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring MPLS LDP IS-IS SynchronizationCommand or Action Purpose interface type interface-path-id Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config-isis)# interface GigabitEthernet 0/1/0/3 Step 3 Specifiesthe IPv4 addressfamily and entersrouter addressfamily configuration mode. address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-isis-if)# address-family ipv4 unicast Step 4 Enables MPLS LDP synchronization for the IPv4 address family under interface GigabitEthernet 0/1/0/3. mpls ldp sync [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis-if-af)# mpls ldp sync level 1 Step 5 Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-isis-if-af)# end exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis-if-af)# commit ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commitcommand to save the configuration changes to the running configuration file and remain within the configuration session. Enabling Multicast-Intact This optional task describes how to enable multicast-intact for IS-IS routes that use IPv4 and IPv6 addresses. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 256 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Enabling Multicast-IntactSUMMARY STEPS 1. configure 2. router isis instance-id 3. address-family { ipv4 | ipv6 } [ unicast | multicast ] 4. mpls traffic-eng multicast-intact 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables IS-IS routing for the specified routing process, and places the router in router configuration mode. In this example, the IS-IS instance is called isp. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 2 Specifies the IPv4 or IPv6 address family, and enters router address family configuration mode. address-family { ipv4 | ipv6 } [ unicast | multicast ] Example: RP/0/RSP0/CPU0:router(config-isis)# address-family ipv4 unicast Step 3 mpls traffic-eng multicast-intact Enables multicast-intact. Example: RP/0/RSP0/CPU0:router(config-isis-af)# mpls traffic-eng multicast-intact Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-isis-af)# end exiting(yes/no/cancel)?[cancel]: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 257 Implementing IS-IS on Cisco ASR 9000 Series Router Enabling Multicast-IntactCommand or Action Purpose ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Tagging IS-IS Interface Routes This optional task describes how to associate a tag with a connected route of an IS-IS interface. SUMMARY STEPS 1. configure 2. router isis instance-id 3. address-family { ipv4 | ipv6 } [ unicast | multicast ] 4. metric-style wide [ transition ] [ level { 1 | 2 }] 5. exit 6. interface type number 7. address-family { ipv4 | ipv6 } [ unicast | multicast ] 8. tag tag 9. Do one of the following: • end • commit 10. show isis [ ipv4 | ipv6 | afi-all ] [ unicast | multicast | safi-all ] route [ detail ] Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 258 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Tagging IS-IS Interface RoutesDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables IS-IS routing for the specified routing process, and placesthe router in router configuration mode. In this example, the IS-IS instance is called isp. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 2 Specifies the IPv4 or IPv6 address family, and enters router address family configuration mode. address-family { ipv4 | ipv6 } [ unicast | multicast ] Example: RP/0/RSP0/CPU0:router(config-isis)# address-family ipv4 unicast Step 3 Configures a router to generate and accept only wide link metrics in the Level 1 area. metric-style wide [ transition ] [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis-af)# metric-style wide level 1 Step 4 Exits router address family configuration mode, and returns the router to router configuration mode. exit Example: RP/0/RSP0/CPU0:router(config-isis-af)# exit Step 5 interface type number Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config-isis)# interface GigabitEthernet 0/1/0/3 Step 6 Specifies the IPv4 or IPv6 address family, and enters address family configuration mode. address-family { ipv4 | ipv6 } [ unicast | multicast ] Example: RP/0/RSP0/CPU0:router(config-isis-if)# address-family ipv4 unicast Step 7 Sets the value of the tag to associate with the advertised connected route. tag tag Example: RP/0/RSP0/CPU0:router(config-isis-if-af)# tag 3 Step 8 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 259 Implementing IS-IS on Cisco ASR 9000 Series Router Tagging IS-IS Interface RoutesCommand or Action Purpose Step 9 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-isis-if-af)# end exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis-if-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Displays tag information. Verify that all tags are present in the RIB. show isis [ ipv4 | ipv6 | afi-all ] [ unicast | multicast | safi-all ] route [ detail ] Example: RP/0/RSP0/CPU0:router(config-isis-if-af)# show isis ipv4 route detail Step 10 Setting the Priority for Adding Prefixes to the RIB This optional task describes how to set the priority (order) for which specified prefixes are added to the RIB. The prefixes can be chosen using an access list (ACL), prefix list, or by matching a tag value. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 260 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Setting the Priority for Adding Prefixes to the RIBSUMMARY STEPS 1. configure 2. router isis instance-id 3. address-family { ipv4 | ipv6 } [ unicast | multicast ] 4. metric-style wide [ transition ] [ level { 1 | 2 }] 5. spf prefix-priority [ level { 1 | 2 }] { critical | high | medium } { access-list-name | tag tag } 6. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables IS-IS routing for the specified routing process, and places the router in router configuration mode. In this example, the IS-IS instance is called isp. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 2 Specifies the IPv4 or IPv6 address family, and enters router address family configuration mode. address-family { ipv4 | ipv6 } [ unicast | multicast ] Example: RP/0/RSP0/CPU0:router(config-isis)# address-family ipv4 unicast Step 3 Configures a router to generate and accept only wide-link metrics in the Level 1 area. metric-style wide [ transition ] [ level { 1 | 2 }] Example: RP/0/RSP0/CPU0:router(config-isis-af)# metric-style wide level 1 Step 4 spf prefix-priority [ level { 1 | 2 }] { critical | Installs all routes tagged with the value 3 first. high | medium } { access-list-name | tag tag } Step 5 Example: RP/0/RSP0/CPU0:router(config-isis-af)# spf prefix-priority high tag 3 Step 6 Do one of the following: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 261 Implementing IS-IS on Cisco ASR 9000 Series Router Setting the Priority for Adding Prefixes to the RIBCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • end • commit Example: RP/0/RSP0/CPU0:router(config-isis-af)# end exiting(yes/no/cancel)?[cancel]: ? Entering yessaves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring IP/LDP Fast Reroute This optional task describes how to enable the IP/LDP fast reroute computation to converge traffic flows around link failures. To enable node protection on broadcast links, fast reroute and bidirectional forwarding detection (BFD) must be enabled on the interface under IS-IS. Note Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 262 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring IP/LDP Fast RerouteSUMMARY STEPS 1. configure 2. router isis instance-id 3. interface type interface-path-id 4. circuit-type { level-1 | level-1-2 | level-2-only } 5. address-family { ipv4 | ipv6 } [ unicast | multicast ] 6. fast-reroute {per-link | per-prefix} 7. Do one of the following: • fast-reroute per-link { level { 1 | 2 }} • fast-reroute per-prefix { level { 1 | 2 }} 8. Do one of the following: • fast-reroute per-link exclude interface type interface-path-id { level { 1 | 2 }} • fast-reroute per-prefix exclude interface type interface-path-id { level { 1 | 2 }} 9. Do one of the following: • fast-reroute per-link lfa-candidate interface type interface-path-id { level { 1 | 2 }} • fast-reroute per-prefix lfa-candidate interface type interface-path-id { level { 1 | 2 }} 10. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables IS-IS routing for the specified routing process, and places the router in router configuration mode. In this example, the IS-IS instance is called isp. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis isp Step 2 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 263 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring IP/LDP Fast RerouteCommand or Action Purpose interface type interface-path-id Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config-isis)# interface POS 0/1/0/3 Step 3 circuit-type { level-1 | level-1-2 | level-2-only } (Optional) Configures the type of adjacency. Example: RP/0/RSP0/CPU0:router(config-isis-if)# circuit-type level-1 Step 4 Specifies the address family, and enters router address family configuration mode. address-family { ipv4 | ipv6 } [ unicast | multicast ] Example: RP/0/RSP0/CPU0:router(config-isis-if)# address-family ipv4 unicast Step 5 • This example specifies the unicast IPv4 address family. Specifies fast-reroute computation on per-link or per-prefix basis. fast-reroute {per-link | per-prefix} Example: RP/0/RSP0/CPU0:router8(config-isis-if-af)# fast-reroute per-link Step 6 • per-link—Used for prefix independent per-link computation. • per-prefix—Used for prefix dependent computation. Configures fast-reroute per-link or per-prefix computation for one level; use either level 1 or level 2. Step 7 Do one of the following: • fast-reroute per-link { level { 1 | 2 }} • fast-reroute per-prefix { level { 1 | 2 }} Example: RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute per-link level 1 Or RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute per-prefix level 2 Step 8 Do one of the following: Excludes an interface from fast-reroute computation. • fast-reroute per-link exclude interface type interface-path-id { level { 1 | 2 }} • fast-reroute per-prefix exclude interface type interface-path-id { level { 1 | 2 }} Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 264 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring IP/LDP Fast RerouteCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute per-link exclude interface Loopback0 level 1 Or RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute per-prefix exclude interface POS0/6/0/0 level 2 Configures to include an interface to LFA candidate in fast-reroute computation. Step 9 Do one of the following: • fast-reroute per-link lfa-candidate interface type interface-path-id { level { 1 | 2 }} • fast-reroute per-prefix lfa-candidate interface type interface-path-id { level { 1 | 2 }} Example: RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute per-link lfa-candidate interface MgmtEth0/RP0/CPU0/0 level 1 Or RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute per-prefix lfa-candidate interface MgmtEth0/RP1/CPU0/0 level 2 Step 10 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them • commit Example: RP/0/RSP0/CPU0:router(config-isis-if-af)# end before exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-isis-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 265 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring IP/LDP Fast RerouteCommand or Action Purpose Configuring IS-IS Overload Bit Avoidance This task describes how to activate IS-IS overload bit avoidance. Before You Begin The IS-IS overload bit avoidance feature is valid only on networks that support the following Cisco IOS XR features: • MPLS • IS-IS SUMMARY STEPS 1. configure 2. mpls traffic-eng path-selection ignore overload DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls traffic-eng path-selection ignore overload Activates IS-IS overload bit avoidance. Example: RP/0/RSP0/CPU0:router(config)# mpls traffic-eng path-selection ignore overload Step 2 Configuration Examples for Implementing IS-IS This section provides the following configuration examples: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 266 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring IS-IS Overload Bit AvoidanceConfiguring Single-Topology IS-IS for IPv6: Example The following example shows single-topology mode being enabled. An IS-IS instance is created, the NET is defined, IPv6 is configured along with IPv4 on an interface, and IPv4 link topology is used for IPv6. This configuration allows POS interface 0/3/0/0 to form adjacencies for both IPv4 and IPv6 addresses. router isis isp net 49.0000.0000.0001.00 address-family ipv6 unicast single-topology interface POS0/3/0/0 address-family ipv4 unicast ! address-family ipv6 unicast ! exit ! interface POS0/3/0/0 ipv4 address 10.0.1.3 255.255.255.0 ipv6 address 2001::1/64 Configuring Multitopology IS-IS for IPv6: Example The following example shows multitopology IS-IS being configured in IPv6. router isis isp net 49.0000.0000.0001.00 interface POS0/3/0/0 address-family ipv6 unicast metric-style wide level 1 exit ! interface POS0/3/0/0 ipv6 address 2001::1/64 Redistributing IS-IS Routes Between Multiple Instances: Example The following example shows usage of the set- attached-bit and redistribute commands. Two instances, instance “1” restricted to Level 1 and instance “2” restricted to Level 2, are configured. The Level 1 instance is propagating routes to the Level 2 instance using redistribution. Note that the administrative distance is explicitly configured higher on the Level 2 instance to ensure that Level 1 routes are preferred. Attached bit is being set for the Level 1 instance since it is redistributing routes into the Level 2 instance. Therefore, instance “1” is a suitable candidate to get from the area to the backbone. router isis 1 is-type level-2-only net 49.0001.0001.0001.0001.00 address-family ipv4 unicast distance 116 redistribute isis 2 level 2 ! interface GigabitEthernet 0/3/0/0 address-family ipv4 unicast Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 267 Implementing IS-IS on Cisco ASR 9000 Series Router Configuring Single-Topology IS-IS for IPv6: Example! ! router isis 2 is-type level-1 net 49.0002.0001.0001.0002.00 address-family ipv4 unicast set -attached -bit ! interface GigabitEthernet 0/1/0/0 address-family ipv4 unicast Tagging Routes: Example The following example shows how to tag routes. route-policy isis-tag-55 end-policy ! route-policy isis-tag-555 if destination in (5.5.5.0/24 eq 24) then set tag 555 pass else drop endif end-policy ! router static address-family ipv4 unicast 0.0.0.0/0 2.6.0.1 5.5.5.0/24 Null0 ! ! router isis uut net 00.0000.0000.12a5.00 address-family ipv4 unicast metric-style wide redistribute static level-1 route-policy isis-tag-555 spf prefix-priority critical tag 13 spf prefix-priority high tag 444 spf prefix-priority medium tag 777 Configuring IS-IS Overload Bit Avoidance: Example The following example shows how to activate IS-IS overload bit avoidance: RP/0/RSP0/CPU0:router# config RP/0/RSP0/CPU0:router(config)# mpls traffic-eng path-selection ignore overload RP/0/RSP0/CPU0:router(config)# The following example shows how to deactivate IS-IS overload bit avoidance: RP/0/RSP0/CPU0:router# config RP/0/RSP0/CPU0:router(config)# no mpls traffic-eng path-selection ignore overload RP/0/RSP0/CPU0:router(config)# Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 268 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Tagging Routes: ExampleWhere to Go Next To implement more IP routing protocols, see the following document modules in Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide: • Implementing OSPF • Implementing BGP • Implementing EIGRP • Implementing RIP Additional References The following sections provide references related to implementing IS-IS. Related Documents Related Topic Document Title Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference IS-IS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples Implementing MPLS Traffic Engineering on Cisco ASR 9000 Series Router module in Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide MPLS TE feature information Intermediate System-to-Intermediate System (IS-IS) TLVs at: http://www.cisco.com/en/US/tech/tk365/ technologies_tech_note09186a0080094bbd.shtml IS-IS TLVs Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide and Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference Bidirectional Forwarding Detection (BFD) Standards Standards Title Draft-ietf-isis-ipv6-05.txt Routing IPv6 with IS-IS, by Christian E. Hopps M-ISIS: Multi Topology (MT) Routing in IS-IS, by Tony Przygienda, Naiming Shen, and Nischal Sheth Draft-ietf-isis-wg-multi-topology-06.txt Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 269 Implementing IS-IS on Cisco ASR 9000 Series Router Where to Go NextStandards Title IS-IS Extensions for Traffic Engineering, by Henk Smit and Toni Li Draft-ietf-isis-traffic-05.txt Restart Signaling for IS-IS, by M. Shand and Les Ginsberg Draft-ietf-isis-restart-04.txt Point-to-point operation over LAN in link-state routing protocols, by Naiming Shen Draft-ietf-isis-igp-p2p-over-lan-05.txt IP Fast Reroute Framework, by M. Shand and S. Bryant Draft-ietf-rtgwg-ipfrr-framework-06.txt A Framework for Loop-free Convergence, by M. Shand and S. Bryant Draft-ietf-rtgwg-lf-conv-frmwk-00.txt MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — RFCs RFCs Title RFC 1142 OSI IS-IS Intra-domain Routing Protocol Use of OSI IS-IS for Routing in TCP/IP and Dual Environments RFC 1195 RFC 2763 Dynamic Hostname Exchange Mechanism for IS-IS Domain-wide Prefix Distribution with Two-Level IS-IS RFC 2966 RFC 2973 IS-IS Mesh Groups RFC 3277 IS-IS Transient Blackhole Avoidance Three-Way Handshake for IS-IS Point-to-Point Adjacencies RFC 3373 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 270 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Additional ReferencesRFCs Title RFC 3567 IS-IS Cryptographic Authentication RFC 4444 IS-IS Management Information Base Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 271 Implementing IS-IS on Cisco ASR 9000 Series Router Additional References Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 272 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 4 Implementing OSPF on Cisco ASR 9000 Series Router Open Shortest Path First (OSPF) is an Interior Gateway Protocol (IGP) developed by the OSPF working group of the Internet Engineering Task Force (IETF). Designed expressly for IP networks, OSPF supports IP subnetting and tagging of externally derived routing information. OSPF also allows packet authentication and uses IP multicast when sending and receiving packets. OSPF Version 3 (OSPFv3) expands on OSPF Version 2, providing support for IPv6 routing prefixes. This module describes the concepts and tasks you need to implement both versions of OSPF on your Cisco ASR 9000 Series Router . The term “OSPF? implies both versions of the routing protocol, unless otherwise noted. For more information about OSPF on Cisco IOS XR software and complete descriptions of the OSPF commandslisted in this module,see the Related Documents, on page 378 section of this module. To locate documentation for other commands that might appear during execution of a configuration task, search online in the Cisco ASR 9000 Series Aggregation Services Router Commands Master List Note Feature History for Implementing OSPF Release Modification Release 3.7.2 This feature was introduced. Support was added for the following features: • OSPFv2 SPF Prefix Prioritization. • IP fast reroute loop-free alternates computation • Warm Standby for OSPF Version 3 Release 3.9.0 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 273 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-26127-02© 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S P r e f a c e Preface v Changes to this Document v Obtaining Documentation and Submitting a Service Request v C H A P T E R 1 Configuring NetFlow 1 Prerequisites for Configuring NetFlow 2 Restrictions for Configuring NetFlow 2 Information About Configuring NetFlow 2 NetFlow Overview 2 Monitor Map Overview 3 Sampler Map Overview 3 Exporter Map Overview 3 NetFlow Configuration Submodes 4 Flow Exporter Map Configuration Submode 5 Flow Exporter Map Version Configuration Submode 5 Flow Monitor Map Configuration Submode 6 Sampler Map Configuration Submode 6 Enabling the NetFlow BGP Data Export Function 6 MPLS Flow Monitor with IPv4 and IPv6 Support 7 MPLS Cache Reorganization to Support Both IPv4 and IPv6 7 MPLS Packets with IPv6 Flows 7 Destination-based NetFlow Accounting 8 How to Configure NetFlow on Cisco IOS XR Software 9 Configuring an Exporter Map 9 Configuring a Sampler Map 12 Configuring a Monitor Map 14 Applying a Monitor Map and a Sampler Map to an Interface 18 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 iiiClearing NetFlow Data 19 Configuring NetFlow Collection of MPLS Packets with IPv6 Fields 20 Configuring Destination-based NetFlow Accounting 25 Trident Netflow 27 Supported features 27 Punt path policer rate 27 Calculating Punt path policer rate 27 Trident base line cards supported features 28 Configuration Examples for NetFlow 28 Sampler Map: Example 28 Exporter Map: Example 28 Flow Monitor Map: Examples 29 MPLS Flow Monitor with IPv4 and IPv6 Support: Examples 30 Destination-based NetFlow Accounting: Example 30 Additional References 31 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x iv OL-26127-02 ContentsPreface This guide describes the Cisco IOS XR Netflow configurations. The preface for the Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration guide contains the following sections • Changes to this Document, page v • Obtaining Documentation and Submitting a Service Request, page v Changes to this Document This table lists the changes made to this document since it was first printed Revision Date Change Summary Republished with documentation updates for Cisco IOS XR Release 4.2.1 OL-26127-02 June 2012 OL-26127-01 December 2011 Initial release of this document. Obtaining Documentation and Submitting a Service Request For information on obtaining documentation,submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 v Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x vi OL-26127-02 Preface Obtaining Documentation and Submitting a Service RequestC H A P T E R 1 Configuring NetFlow This module describes the configuration of NetFlow . A NetFlow flow is a unidirectional sequence of packets that arrive on a single interface (or subinterface), and have the same values for key fields. NetFlow is useful for the following: • Accounting/Billing—NetFlow data provides fine grained metering for highly flexible and detailed resource utilization accounting. • Network Planning and Analysis—NetFlow data provides key information forstrategic network planning. • Network Monitoring—NetFlow data enables near real-time network monitoring capabilities. Feature History for Configuring NetFlow Release Modification Release 3.9.1 This feature was introduced. Release 4.0.0 IPv6 Sampled NetFlow feature was introduced. Release 4.2.0 Destination-based Netflow Accounting feature was introduced. This module includes the following sections: • Prerequisites for Configuring NetFlow, page 2 • Restrictions for Configuring NetFlow, page 2 • Information About Configuring NetFlow, page 2 • How to Configure NetFlow on Cisco IOS XR Software, page 9 • Configuration Examples for NetFlow, page 28 • Additional References, page 31 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 1Prerequisites for Configuring NetFlow To perform these configuration tasks, your Cisco IOS XR software system administrator must assign you to a user group associated with a task group that includes the corresponding command task IDs. If you need assistance with your task group assignment, contact your system administrator. Restrictions for Configuring NetFlow Consider the following restrictions when configuring NetFlow in Cisco IOS XR software: • You must configure a source interface. If you do not configure a source interface, the exporter will remain in a disabled state. • Supports export format Version 9 only. • You must configure a valid record map name for every flow monitor map. We recommend that you do not use the management interface to export NetFlow packets. Exporting the management interface does not work efficiently. Tip Information About Configuring NetFlow To implement NetFlow, you must understand the following concepts: NetFlow Overview A flow is exported as part of a NetFlow export User Datagram Protocol (UDP) datagram under the following circumstances: • The flow has been inactive or active for too long. • The flow cache is getting full. • One of the counters (packets and or bytes) has wrapped. • The user forces the flow to export. NetFlow export UDP datagrams are sent to an external flow collector device that provides NetFlow export data filtering and aggregation. The export of data consists of expired flows and control information. The NetFlow infrastructure is based on the configuration and use of the following maps: • Monitor map • Sampler map • Exporter map Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 2 OL-26127-02 Configuring NetFlow Prerequisites for Configuring NetFlowThese maps are described in the sections that follow. Monitor Map Overview A monitor map contains name references to the flow record map and flow exporter map. Monitor maps are applied to an interface. You can configure the following monitor map attributes: • Number of entries in the flow cache • Type of cache (permanent or normal). Permanent caches do not have their entries removed from the cache unless they are explicitly cleared by the user • Active flow timeout • Inactive flow timeout • Update timeout • Default timeouts • Record type of packets sampled and collected The record name specifiesthe type of packetsthat NetFlow samples asthey passthrough the router. Currently, MPLS, IPv4, and IPv6 packet sampling is supported. Note The active flow and inactive flow timeouts are associated with a normal cache type. The update timeout is associated with the permanent cache type. Note Sampler Map Overview The sampler map specifies the rate at which packets (one out of n packets) are sampled. On high bandwidth interfaces, applying NetFlow processing to every single packet can result in significant CPU utilization. Sampler map configuration is typically geared towards such high speed interfaces. The Policer rate is based on the network processor (NP). If netflow is applied on 1 NP, the aggregated maximum flow packet processing rate per line card (LC) is 100k flow packets per second (irrespective of the direction and the number of interface netflow that is applied in that NP). However, depending on the Netflow monitor configuration distribution among NPs in an LC, policing of flow packet can take effect with an aggregated rate that is less than 100k. For example, if Netflow is applied to 1 interface per NP in a 4 NP LC, then the Policer rate per NP is 25K packets per second. Exporter Map Overview An exporter map contains user network specification and transport layer detailsfor the NetFlow export packet. The flow exporter-map command allows you to configure collector and version attributes. You can configure the following collector information: Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 3 Configuring NetFlow Monitor Map Overview• Export destination IP address • DSCP value for export packet • Source interface • UDP port number (This is where the collector is listening for NetFlow packets.) • Transport protocol for export packets Note In Cisco IOS XR Software, UDP is the only supported transport protocol for export packets. NetFlow export packets use the IP address that is assigned to the source interface. If the source interface does not have an IP address assigned to it, the exporter will be inactive. Note You can also configure the following export version attributes: • Template timeout • Template data timeout • Template options timeout • Interface table timeout • Sampler table timeout Note A single flow monitor map can support up to eight exporters. NetFlow Configuration Submodes In Cisco IOS XR Software, NetFlow map configuration takes place in map-specific submodes. Cisco IOS XR Software supports the following NetFlow map configuration submodes: The Cisco IOS XR Software allows you to issue most commands available under submodes as one single command string from global configuration mode. For example, you can issue the record ipv4 command from the flow monitor map configuration submode as follows: Note RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm RP/0/RSP0/CPU0:router(config-fmm)# record ipv4 Alternatively, you can issue the same command from global configuration mode, as shown in the following example: RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm record ipv4 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 4 OL-26127-02 Configuring NetFlow NetFlow Configuration SubmodesFlow Exporter Map Configuration Submode When you issue the flow exporter-map fem-name command in global configuration mode, the command-line interface (CLI) prompt changes to “config-fem,” indicating that you have entered the flow exporter map configuration submode. In the following sample output, the question mark (?) online help function displays all the commands available under the flow exporter map configuration submode: RP/0/RSP0/CPU0:router(config)# flow exporter-map fem RP/0/RSP0/CPU0:router(config-fem)# ? clear Clear the uncommitted configuration clear Clear the configuration commit Commit the configuration changes to running describe Describe a command without taking real actions destination Export destination configuration do Run an exec command dscp Specify DSCP value for export packets exit Exit from this submode no Negate a command or set its defaults pwd Commands used to reach current submode root Exit to the global configuration mode show Show contents of configuration source Source interface transport Specify the transport protocol for export packets version Specify export version parameters Note If you enter the version command, you enter the flow exporter map version configuration submode. Note A single flow monitor map can support up to eight exporters. Flow Exporter Map Version Configuration Submode When you issue the version v9 command in the flow exporter map configuration submode, the CLI prompt changes to “config-fem-ver,” indicating that you have entered the flow exporter map version configuration submode. In the following sample output, the question mark (?) online help function displays all the commands available under the flow exporter map version configuration submode: RP/0/RSP0/CPU0:router(config-fem)# version v9 RP/0/RSP0/CPU0:router(config-fem-ver)# ? commit Commit the configuration changes to running describe Describe a command without taking real actions do Run an exec command exit Exit from this submode no Negate a command or set its defaults options Specify export of options template show Show contents of configuration template Specify template export parameters Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 5 Configuring NetFlow NetFlow Configuration SubmodesFlow Monitor Map Configuration Submode When you issue the flow monitor-map map_name command in global configuration mode, the CLI prompt changes to “config-fmm,” indicating that you have entered the flow monitor map configuration submode. In the following sample output, the question mark (?) online help function displays all the commands available under the flow monitor map configuration submode: RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm RP/0/RSP0/CPU0:router(config-fmm)# ? cache Specify flow cache attributes commit Commit the configuration changes to running describe Describe a command without taking real actions do Run an exec command exit Exit from this submode exporter Specify flow exporter map name no Negate a command or set its defaults record Specify a flow record map name show Show contents of configuration Sampler Map Configuration Submode When you issue the sampler-map map_name command in global configuration mode, the CLI prompt changes to “config-sm,” indicating that you have entered the sampler map configuration submode. In the following sample output, the question mark (?) online help function displays all the commands available under the sampler map configuration submode: RP/0/RSP0/CPU0(config)# sampler-map fmm RP/0/RSP0/CPU0:router(config-sm)# ? clear Clear the uncommitted configuration clear Clear the configuration commit Commit the configuration changes to running describe Describe a command without taking real actions do Run an exec command exit Exit from this submode no Negate a command or set its defaults pwd Commands used to reach current submode random Use random mode for sampling packets root Exit to the global configuration mode show Show contents of configuration RP/0/RSP0/CPU0(config-sm)#RP/0/RP0/CP0:router(config-sm)# Enabling the NetFlow BGP Data Export Function Use the bgp attribute-download command to enable NetFlow BGP routing attribute collection. The routing attributes are then exported. When no routing attributes are collected, zeroes (0) are exported. When BGP attribute download is enabled, BGP downloads the attribute information for prefixes (community, extended community, and as-path) to the Routing Information Base (RIB) and Forwarding Information Base (FIB). This enables FIB to associate the prefixes with attributes and send the NetFlow statistics along with the associated attributes. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 6 OL-26127-02 Configuring NetFlow NetFlow Configuration SubmodesMPLS Flow Monitor with IPv4 and IPv6 Support Cisco IOS XR Software supports the NetFlow collection of MPLS packets. It also supports the NetFlow collection of MPLS packets carrying IPv4, IPv6, or both IPv4 and IPv6 payloads. MPLS Cache Reorganization to Support Both IPv4 and IPv6 In Cisco IOS XR Software, at a time, you can have only one MPLS flow monitor running on an interface. If you apply an additional MPLS flow monitor to the interface, the new flow monitor overwrites the existing one. At a time, you can apply only one flow monitor on an interface per direction. You can apply either the same flow monitor to an interface in both directions, or each direction can have its own flow monitor. You can configure the MPLS flow monitor to collect IPv4 fields, IPv6 fields, or IPv4-IPv6 fields. IPv4-IPv6 configuration collects both IPv4 and IPv6 addresses using one MPLS flow monitor. IPv4 configuration collects only IPv4 addresses. IPv6 configuration collects only IPv6 addresses. The MPLS flow monitor supports up to 1,000,000 cache entries. NetFlow entries include the following types of fields: • IPv4 fields • IPv6 fields • MPLS with IPv4 fields • MPLS with IPv6 fields The maximum number of bytes per NetFlow cache entry is as follows: • IPv4–88 bytes per entry • MPLS–88 bytes per entry • IPv6–108 bytes per entry • MPLS with IPv4 fields–108 bytes per entry • MPLS with IPv6 fields–128 bytes per entry The different types of NetFlow entries are stored in separate caches. Consequently, the number of NetFlow entries on a line card can significantly impact the amount of available memory on the line card. Also, even though the sampling rate for IPv6 is the same as the sampling rate for IPv4, the CPU utilization for IPv6 is higher due to the longer keys used by the IPv6 fields. Note MPLS Packets with IPv6 Flows The collection of IPv6 flows in MPLS packets is an option. The CPU uses 128 bytes for each IPv6 field. IPv6 flows may contain the following types of information: • Source IP address Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 7 Configuring NetFlow MPLS Flow Monitor with IPv4 and IPv6 Support• Destination IP address • Traffic class value • Layer 4 protocol number • Layer 4 source port number • Layer 4 destination port number • Flow ID • Header option mask To collect the IPv6 fields in MPLS packets, you must activate the MPLS record type, ipv6-fields by running the record mpls ipv6-fields command. You can also specify the number of labels to be used for aggregation with this command. Destination-based NetFlow Accounting Destination-based NetFlow accounting (DBA) is a usage-based billing application that tracks and records traffic according to its destination and enables service providers to do destination-specific accounting and billing. The destination-based NetFlow accounting record includes the destination peer autonomous system (AS) number and the BGP next-hop IP address. DBA is supported on ASR9000 Gigabit Ethernet and ASR9000 Enhanced Gigabit Ethernet linecards. In destination-based NetFlow accounting, the following fields are collected and exported: • Destination peer AS number • BGP next-hop IP address • Ingress interface • Egress interface • Forwarding status • Incoming IPv4 TOS • Counter of packets in the flow • Counter of bytes in the flow • Timestamp for the first and last packets in the flow Destination-based NetFlow accounting supports the following features: • Only IPv4 addresses • Configuration on physical interfaces, bundle interfaces, and logical subinterfaces • IPv4 unicast and multicast traffic • Only ingress traffic • Only full mode NetFlow • NetFlow export format Version 9 over User Datagram Protocols (UDPs) Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 8 OL-26127-02 Configuring NetFlow Destination-based NetFlow AccountingDestination-based NetFlow accounting does not support the following features : • IPv6 addresses • MPLS IPv4 and IPv6 • Configuration for individual Modular QoS Command-Line Interface (MQC) classes • Simultaneous configuration of destination-based NetFlow accounting with IPv4 sampled NetFlow on the same interface, in the same direction. • Layer 2 switched MPLS traffic • Egress traffic • Sampled mode NetFlow • NetFlow export formats version 5, version 8, IP Flow Information Export (IPFIX), or Stream Control Transmission Protocol (SCTP). How to Configure NetFlow on Cisco IOS XR Software The steps that follow provide a general overview of NetFlow configuration: SUMMARY STEPS 1. Create and configure an exporter map. 2. Create and configure a monitor map and a sampler map. 3. Apply the monitor map and sampler map to an interface. DETAILED STEPS Step 1 Create and configure an exporter map. Step 2 Create and configure a monitor map and a sampler map. The monitor map must reference the exporter map you created in Step 1. If you do not apply an exporter-map to the monitor-map, the flow records are not exported, and aging is done according to the cache parameters specified in the monitor-map. Note Step 3 Apply the monitor map and sampler map to an interface. These steps are described in detail in the following sections: Configuring an Exporter Map Configure an exporter map and apply it to the monitor map with the flow monitor-map map_name exporter map_name command. You can configure the exporter map prior to configuring the monitor map, or you can configure the monitor map first and then configure and apply an exporter map later on. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 9 Configuring NetFlow How to Configure NetFlow on Cisco IOS XR SoftwareNote Cisco IOS XR Software supports the configuration of a single collector only in the exporter map. The steps that follow describe how to create and configure an exporter map. SUMMARY STEPS 1. configure 2. flow exporter-map map_name 3. destination hostname_or_IP_address 4. dscp dscp_value 5. source type interface-path-id 6. transport udp port 7. version v9 8. options {interface-table | sampler-table} [timeout seconds] 9. template [data | options] timeout seconds 10. Use one of these commands: • end • commit 11. exit 12. exit 13. show flow exporter-map map_name DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Creates an exporter map, configures the exporter map name, and enters flow exporter map configuration mode. flow exporter-map map_name Example: RP/0/RSP0/CPU0:router(config)# flow exporter-map fem Step 2 Configures the export destination for the flow exporter map. The destination can be a hostname or an IP address. destination hostname_or_IP_address Example: RP/0/RSP0/CPU0:router(config-fem)# destination nnn.nnn.nnn.nnn Step 3 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 10 OL-26127-02 Configuring NetFlow Configuring an Exporter MapCommand or Action Purpose (Optional) Specifies the differentiated services codepoint (DSCP) value for export packets. Replace the dscp_value argument with a value in the range from 0 through 63. dscp dscp_value Example: RP/0/RSP0/CPU0:router(config-fem)# dscp 55 Step 4 source type interface-path-id Specifies a source interface, in the format type interface-path-id. Example: RP/0/RSP0/CPU0:router(config-fem)# source gigabitEthernet 0/0/0/0 Step 5 (Optional) Specifiesthe destination port for UDP packets. Replace port with the destination UDP port value, in the range from 1024 through 65535. transport udp port Example: RP/0/RSP0/CPU0:router(config-fem)# transport udp 9991 Step 6 (Optional) Enters flow exporter map version configuration submode. version v9 Example: RP/0/RSP0/CPU0:router(config-fem-ver)# version v9 Step 7 (Optional) Configures the export timeout value for the sampler table. Replace seconds with the export timeout value, in the range from 1 through 604800 seconds. options {interface-table | sampler-table} [timeout seconds] Example: RP/0/RSP0/CPU0:router(config-fem-ver)# options sampler-table timeout 2000 Step 8 Default is 1800 seconds. (Optional) Configures the export period for data packets. Replace seconds with the export timeout value, in the range from 1 through 604800 seconds. template [data | options] timeout seconds Example: RP/0/RSP0/CPU0:router(config-fem-ver)# template data timeout 10000 Step 9 Step 10 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 11 Configuring NetFlow Configuring an Exporter MapCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. exit Exits flow exporter map version configuration submode. Example: RP/0/RSP0/CPU0:router(config-fem-ver)# exit Step 11 exit Enters EXEC mode. Example: RP/0/RSP0/CPU0:router(config)# exit Step 12 show flow exporter-map map_name Displays exporter map data. Example: RP/0/RSP0/CPU0:router# show flow exporter-map fem Step 13 Configuring a Sampler Map The steps that follow describe how to create and configure a sampler map. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 12 OL-26127-02 Configuring NetFlow Configuring a Sampler MapSUMMARY STEPS 1. configure 2. sampler-map map_name 3. random 1 out-of sampling_interval 4. Use one of these commands: • end • commit 5. exit 6. exit 7. show sampler-map map_name DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router configure Step 1 Step 2 sampler-map map_name Creates a sampler map and enters sampler map configuration mode. Example: RP/0/RSP0/CPU0:router(config)# Keep the following in mind when configuring a sampler map: • • sampler-map sm RP/0/RSP0/CPU0:router(config-sm)# Configures the sampling interval to use random mode for sampling packets. Replace the sampling_interval argument with a number, in the range from 1 through 65535 units. random 1 out-of sampling_interval Example: RP/0/RSP0/CPU0:router(config-sm)# random 1 out-of 65535 Step 3 Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 13 Configuring NetFlow Configuring a Sampler MapCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Exits sampler map configuration mode and enters global configuration mode. exit Example: RP/0/RSP0/CPU0:router(config-sm)# exit Step 5 exit Exits global configuration mode and enters EXEC mode. Example: RP/0/RSP0/CPU0:router(config)# exit Step 6 show sampler-map map_name Displays sampler map data. Example: RP/0/RSP0/CPU0:router# show sampler-map fsm Step 7 Configuring a Monitor Map The steps that follow describe how to create and configure a monitor map. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 14 OL-26127-02 Configuring NetFlow Configuring a Monitor MapSUMMARY STEPS 1. configure 2. flow monitor-map map_name 3. Do one of the following: • record ipv4 • record ipv4 [peer as] • record ipv6 • record mpls [labels number] • record mpls [ipv4-fields] [labels number] • record mpls [ipv6-fields] [labels number] • record mpls [ipv4-ipv6-fields] [labels number] 4. cache entries number 5. cache permanent 6. cache timeout {active timeout_value | inactive timeout_value | update timeout_value} 7. exporter map_name 8. Use one of these commands: • end • commit 9. exit 10. exit 11. show flow monitor-map map_name DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Creates a monitor map and configures a monitor map name and entersflow monitor map configuration submode. flow monitor-map map_name Example: RP/0/RSP0/CPU0:router(config)# flow Step 2 monitor-map fmm RP/0/RSP0/CPU0:router(config-fmm)# Step 3 Do one of the following: Configures the flow record map name for IPv4, IPv6, or MPLS. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 15 Configuring NetFlow Configuring a Monitor MapCommand or Action Purpose • Use the record ipv4 command to configure the flow record map name for IPv4. By default, you collect and export the originating autonomous system (AS) numbers. • record ipv4 • record ipv4 [peer as] • record ipv6 • Use the record ipv4 [peer as] command to record peer AS. Here, you collect and export the peer AS numbers. • record mpls [labels number] • record mpls [ipv4-fields] [labels number] Ensure that the bgp attribute-download command is configured. Else, no AS is collected when the record ipv4 [peer-as] command is configured. Note • record mpls [ipv6-fields] [labels number] • Use the record ipv6 command to configure the flow record map name for IPv6. • record mpls [ipv4-ipv6-fields] [labels number] • Use the record mpls labels command with the number argument to specify the number of labels that you want to aggregate. By default, Example: RP/0/RSP0/CPU0:router(config-fmm)# record ipv4 MPLS-aware NetFlow aggregates the top six labels of the MPLS label stack. The maximum value is 6. • Use the record mpls ipv4-fields command to collect IPv4 fields in the MPLS-aware NetFlow. • Use the record mpls ipv6-fields command to collect IPV6 fields in the MPLS-aware NetFlow. • Use the record mpls ipv4-ipv6-fields command to collect IPv4 and IPv6 fields in the MPLS-aware NetFlow. (Optional) Configures the number of entries in the flow cache. Replace the number argument with the number of flow entries allowed in the flow cache, in the range from 4096 through 1000000. cache entries number Example: RP/0/RSP0/CPU0:router(config-fmm)# cache entries 10000 Step 4 The default number of cache entries is 65535. cache permanent (Optional) Disables removal of entries from flow cache. Example: RP/0/RSP0/CPU0:router(config-fmm)# flow monitor-map fmm cache permanent Step 5 (Optional) Configures the active, inactive, or update flow cache timeout value. cache timeout {active timeout_value | inactive timeout_value | update timeout_value} Step 6 • The default timeout value for the inactive flow cache is 15 seconds. Example: RP/0/RSP0/CPU0:router(config-fmm)# cache timeout inactive 1000 • The default timeout value for the active flow cache is 1800 seconds. • The default timeout value for the update flow cache is 1800 seconds. The update timeout_value keyword argument is used for permanent caches only. It specifies the timeout value that is used to export entries from permanent caches. In this case, the entries are exported but remain the cache. Note Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 16 OL-26127-02 Configuring NetFlow Configuring a Monitor MapCommand or Action Purpose Step 7 exporter map_name Associates an exporter map with a monitor map. Example: RP/0/RSP0/CPU0:router(config-fmm)# exporter fem A single flow monitor map can support up to eight exporters. Note Step 8 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. exit Exits flow monitor map configuration submode. Example: RP/0/RSP0/CPU0:router(config-fmm)# exit Step 9 exit Exits global configuration mode. Example: RP/0/RSP0/CPU0:router(config)# exit Step 10 show flow monitor-map map_name Displays flow monitor map data. Example: RP/0/RSP0/CPU0:router# show flow monitor-map fmm Step 11 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 17 Configuring NetFlow Configuring a Monitor MapApplying a Monitor Map and a Sampler Map to an Interface SUMMARY STEPS 1. configure 2. interface type number 3. flow [ipv4 | ipv6 | mpls] monitor monitor_map sampler sampler_map {egress | ingress} 4. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 interface type number Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config)# interface Step 2 gigabitEthernet 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow [ipv4 | ipv6 | mpls] monitor monitor_map Associates a monitor map and a sampler map with an interface. sampler sampler_map {egress | ingress} Step 3 Enter ipv4 to enable IPV4 NetFlow on the specified interface. Enter ipv6 to enable IPV6 NetFlow on the specified interface. Enter mpls to enable Example: MPLS-aware NetFlow on the specified interface. RP/0/RSP0/CPU0:router(config-if)# flow ipv4 monitor fmm sampler fsm egress Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 18 OL-26127-02 Configuring NetFlow Applying a Monitor Map and a Sampler Map to an InterfaceCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Clearing NetFlow Data The steps that follow describe how to clear flow exporter map and flow monitor map data. SUMMARY STEPS 1. clear flow exporter [exporter_name] {restart | statistics} location node-id 2. clear flow monitor [monitor_name] cache [force-export | statistics] location node-id} DETAILED STEPS Command or Action Purpose clear flow exporter [exporter_name] {restart |statistics} Clears the flow exporter data. location node-id Step 1 Specify the statistics option to clear exporter statistics. Specify the restart option to export all of the templatesthat are currently Example: configured on the specified node. RP/0/RSP0/CPU0:router# clear flow exporter statistics location 0/0/CPU0 clear flow monitor [monitor_name] cache [force-export Clears the flow monitor data. | statistics] location node-id} Step 2 Specify the statistics option to clear cache statistics. Specify the force-export option to export the data from cache to server Example: first and then clear the entries from cache. RP/0/RSP0/CPU0:router# clear flow monitor cache force-export location 0/0/CPU0 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 19 Configuring NetFlow Clearing NetFlow DataConfiguring NetFlow Collection of MPLS Packets with IPv6 Fields The following steps show how to configure NetFlow collection of MPLS packets with IPv6 fields. SUMMARY STEPS 1. configure 2. flow exporter-map map_name 3. version v9 4. options {interface-table | sampler-table} [timeout seconds] 5. template [data | options] timeout seconds 6. exit 7. transport udp port 8. source type interface-path-id 9. destination hostname_or_IP_address 10. exit 11. flow monitor-map map_name 12. record mpls [ipv4-ipv6-fields] [labels number] 13. exporter map_name 14. cache entries number 15. cache timeout {active timeout_value | inactive timeout_value | update timeout_value} 16. cache permanent 17. exit 18. sampler-map map_name 19. random 1 out-of sampling_interval 20. exit 21. interface type number 22. flow [ipv4 | ipv6 | mpls] monitor monitor_map sampler sampler_map {egress | ingress} 23. Use one of these commands: • end • commit 24. exit 25. exit 26. show flow monitor-map map_name 27. show flow exporter-map map_name Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 20 OL-26127-02 Configuring NetFlow Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Creates an exporter map, configures the exporter map name, and enters flow exporter map configuration mode. flow exporter-map map_name Example: RP/0/RSP0/CPU0:router(config)# flow Step 2 exporter-map exp1 version v9 (Optional) Entersflow exporter map version configuration submode. Example: RP/0/RSP0/CPU0:router(config-fem)# version Step 3 v9 (Optional) Configures the export timeout value for the interface table or the sampler table. Replace seconds with the export timeout options {interface-table | sampler-table} [timeout seconds] Step 4 value, in the range from 1 through 604800 seconds. The default is 1800 seconds for both the interface table and the sample table. Example: RP/0/RSP0/CPU0:router(config-fem-ver)# options interface-table timeout 300 You must perform this step twice to configure the export timeout value for both an interface table and a sample table. (Optional) Configures the export period for data packets or options packets. Replace seconds with the export timeout value, in the range from 1 through 604800 seconds. template [data | options] timeout seconds Example: RP/0/RSP0/CPU0:router(config-fem-ver)# template data timeout 300 Step 5 You must perform this step twice to configure the export period for both data packets and options packets. Exits flow exporter map version configuration mode, and enters flow exporter map configuration mode. exit Example: RSP0/CPU0:router(config-fem-ver)# exit Step 6 (Optional) Specifies the destination port for UDP packets. Replace port with the destination UDP port value, in the range from 1024 through 65535. transport udp port Example: RP/0/RSP0/CPU0:router(config-fem)# transport udp 12515 Step 7 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 21 Configuring NetFlow Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose Specifies a source interface, in the format type interface-path-id. For example: POS 0/1/0/1 or Loopback0 source type interface-path-id Example: RP/0/RSP0/CPU0:router(config-fem)# source Loopback0 Step 8 Configures the export destination for the flow exporter map. The destination can be a hostname or an IP address. destination hostname_or_IP_address Example: RP/0/RSP0/CPU0:router(config-fem)# destination 170.1.1.11 Step 9 Exits flow exporter map configuration mode, and enters flow exporter map configuration mode. exit Example: RP/0/RSP0/CPU0:router(config-fem)# exit Step 10 Creates a monitor map and configures a monitor map name and enters flow monitor map configuration submode. flow monitor-map map_name Example: RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv6-fmm Step 11 Configures the flow record map name for IPv4, IPv6, or MPLS. Use the ipv4-ipv6-fields keyword to collect IPv4 and IPv6 fields in an MPLS-aware NetFlow. record mpls [ipv4-ipv6-fields] [labels number] Example: RP/0/RSP0/CPU0:router(config-fmm)# record mpls ipv6-fields labels 3 Step 12 Step 13 exporter map_name Associates an exporter map with a monitor map. Example: RP/0/RSP0/CPU0:router(config-fmm)# exporter exp1 A single flow monitor map can support up to eight exporters. Note (Optional) Configures the number of entries in the flow cache. Replace the number argument with the number of flow entries allowed in the flow cache, in the range from 4096 through 1000000. cache entries number Example: RP/0/RSP0/CPU0:router(config-fmm)# cache entries 10000 Step 14 The default number of cache entries is 65535. (Optional) Configures the active, inactive, or update flow cache timeout value. cache timeout {active timeout_value | inactive timeout_value | update timeout_value} Step 15 Example: RP/0/RSP0/CPU0:router(config-fmm)# cache timeout inactive 1800 • The default timeout value for the inactive flow cache is 15 seconds. • The default timeout value for the active flow cache is 1800 seconds. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 22 OL-26127-02 Configuring NetFlow Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose • The default timeout value for the update flow cache is 1800 seconds. The inactive and active keywords are not applicable to permanent caches. Note The update keyword is used for permanent caches only. It specifies the timeout value that is used to export entries from permanent caches. In this case, the entries are exported but remain the cache. Note cache permanent (Optional) Disables the removal of entries from flow cache. Example: RP/0/RSP0/CPU0:router(config-fmm)# flow monitor-map fmm cache permanent Step 16 exit Exits flow monitor map configuration submode. Example: RP/0/RSP0/CPU0:router(config-fmm)# exit Step 17 Step 18 sampler-map map_name Creates a sampler map and enterssampler map configuration mode. Example: RP/0/RSP0/CPU0:router(config)# sampler-map Keep the following in mind when configuring a sampler map: fsm RP/0/RSP0/CPU0:router(config-sm)# Configures the sampling interval to use random mode for sampling packets. Replace the sampling_interval argument with a number, in the range from 1 through 65535 units. random 1 out-of sampling_interval Example: RP/0/RSP0/CPU0:router(config-sm)# random 1 out-of 65535 Step 19 Exits sampler map configuration mode and enters global configuration mode. exit Example: RP/0/RSP0/CPU0:router(config-sm)#exit Step 20 interface type number Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config)# interface Step 21 gigabitEthernet 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow [ipv4 | ipv6 | mpls] monitor monitor_map Associates a monitor map and a sampler map with an interface. sampler sampler_map {egress | ingress} Step 22 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 23 Configuring NetFlow Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose Enter ipv4 to enable IPV4 NetFlow on the specified interface. Enter ipv6 to enable IPV6 NetFlow on the specified interface. Enter mpls to enable MPLS-aware NetFlow on the specified interface. Example: RP/0/RSP0/CPU0:router(config-if)# flow ipv4 monitor MPLS-IPv6-fmm sampler fsm egress Step 23 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. exit Exits interface configuration submode for the Ethernet interface. Example: RP/0/RSP0/CPU0:router(config-if)# exit Step 24 exit Exits global configuration mode. Example: RP/0/RSP0/CPU0:router(config)# exit Step 25 show flow monitor-map map_name Displays flow monitor map data. Example: RP/0/RSP0/CPU0:router# show flow monitor-map fmm Step 26 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 24 OL-26127-02 Configuring NetFlow Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose show flow exporter-map map_name Displays exporter map data. Example: RP/0/RSP0/CPU0:router# show flow exporter-map fem Step 27 Configuring Destination-based NetFlow Accounting You configure destination-based NetFlow accounting by configuring the flow monitor map, flow record, and flow monitor as described in the following steps. SUMMARY STEPS 1. configure 2. flow monitor-map map_name 3. record ipv4 destination 4. exit 5. interface type interface-path-id 6. flow ipv4 monitor name ingress 7. Use one of these commands: • end • commit 8. show flow exporter-map map_name DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Creates a monitor map and configures a monitor map name and enters flow monitor map configuration submode. flow monitor-map map_name Example: RP/0/RSP0/CPU0:router(config)# flow Step 2 monitor-map map1 RP/0/RSP0/CPU0:router(config-fmm)# Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 25 Configuring NetFlow Configuring Destination-based NetFlow AccountingCommand or Action Purpose Configures the flow record for an IPv4 destination-based NetFlow accounting record. The destination keyword specifies that the record is for IPv4 destination-based NetFlow accounting. record ipv4 destination Example: RP/0/RSP0/CPU0:router(config-fmm)# record ipv4 destination. Step 3 exit Exits flow monitor map mode to global configuration mode. Example: RP/0/RSP0/CPU0:router(config-fmm)# exit Step 4 Interface type and physical interface-path-id in the format type rack/slot/module/port. interface type interface-path-id Example: RP/0/RSP0/CPU0:router# interface POS 0/1/0/0 Step 5 type—POS, Ethernet, ATM, etc. rack—Chassis number of the rack. slot—Physical slot number of the line card or modular services card. module—Module number. A physical layer interface module (PLIM) is always 0. port—Physical port number of the interface. Configures an IPv4 flow monitor for the ingress direction and assigns the name of the monitor. flow ipv4 monitor name ingress Example: RP/0/RSP0/CPU0:router# flow ipv4 monitor monitor1 ingress Step 6 Step 7 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 26 OL-26127-02 Configuring NetFlow Configuring Destination-based NetFlow AccountingCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show flow exporter-map map_name Verifies exporter map data. Example: RP/0/RSP0/CPU0:router# show flow exporter-map fem Step 8 Trident Netflow Trident Netflow exports using only the V9 (Version 9) format. V9 is the most flexible NetFlow export. This format is flexible and extensible. It provides the flexibility to support new fields and record types. Supported features • Flow monitor type of IPv4, IPv6, and MPLS can all be configured to an interface per direction. • Sampled Netflow. There is no support for full mode sampling. • Non-deterministic Random Sampling Algorithm. • Different traffic types, including unicast and multicast traffic. Punt path policer rate In order to achieve the maximum flow processing without overloading the LC CPU, all flow packets that are punted from each Network Processor are policed. This is done to avoid overloading the CPU. The aggregate punt policer rate is 100 Kpps. To avoid having flow packets arrive at the CPU at a huge rate, the punt path policer needs to be applied on all NPs that have the netflow feature applied on them. The Punt path policer rate can be calculated in following way: Calculating Punt path policer rate The policer rate of each NP_NetflowMonitor is 100k, where NP_NetflowMonitor is NP that has Netflow monitor configured to its associated interfaces; or any of its associated interfaces are member of a bundle interfaces or bundle sub-interfaces that has Netflow monitor applied. Determining NP for NP_NetflowMonitor or non - NP_NetflowMonitor: 1 If any of its associated interface or sub-interface has any flow monitor applied, then it is NP_NetflowMonitor. Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 27 Configuring NetFlow Trident Netflow2 If any of its interfaces is a member of a bundle interface or bundle sub-interface that has Netflow monitor configured, the NP is considered as non- NP_NetflowMonitor. Trident base line cards supported features • Supports ingress and egress Netflow (IPv4, IPv6, MPLS) on L3 physical interface, L3-sub-interface, L3-Bundle interface, and L3 bundle sub-interface. • Supports configurable Sampling Rate 1:1 ~ 1: 65535 • Supports only up to 4 Sampling Rates (or Intervals) per LC. • Supports up to 8k (Large memory LC) or 4k (Small Memory LC) interfaces/subinterfaces • Supports configuration with flow monitor per NP. • Supports maximum aggregate Netflow processing rate of 50k flow packets perseconds per LC, enforced by Netflow Punt Policer on each NPs. • Supports netflow processing of 100Kpps, with CPU utilization not exceeding 50%. • Supports up to 4 flow exporters per flow monitor. • Supports exporting packet rates of up to 100k flows per second. Configuration Examples for NetFlow The following examples show NetFlow configurations: Sampler Map: Example The following example shows how to create a new sampler map called “fsm1,” which samples 1 out of 65535 packets: RP/0/RSP0/CPU0:router# sampler-map fsm1 RP/0/RSP0/CPU0:router(config-sm)# random 1 out-of 65535 RP/0/RSP0/CPU0:router(config)# exit Exporter Map: Example The following example shows how to create a new flow exporter map called “fem1,” which uses the version 9 (V9) export format for NetFlow export packets. The data template flow-set is inserted into the V9 export packets once every 10 minutes, and the options interface table flow-set is inserted into the V9 export packet. The export packets are sent to the flow collector destination 10.1.1.1, where the source address is identical to the interface IP address of Loopback 0. The UDP destination port is 1024, and the DSCP value is 10: RP/0/RSP0/CPU0:router(config)# flow exporter-map fem1 RP/0/RSP0/CPU0:router(config-fem)# destination 10.1.1.1 RP/0/RSP0/CPU0:router(config-fem)# source Loopback 0 RP/0/RSP0/CPU0:router(config-fem)# transport udp 1024 RP/0/RSP0/CPU0:router(config-fem)# dscp 10 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 28 OL-26127-02 Configuring NetFlow Configuration Examples for NetFlowRP/0/RSP0/CPU0:router(config-fem)# exit RP/0/RSP0/CPU0:router(config-fem)# version v9 RP/0/RSP0/CPU0:router(config-fem-ver)# template data timeout 600 RP/0/RSP0/CPU0:router(config-fem-ver)# options interface-table RP/0/RSP0/CPU0:router(config-fem-ver)# exit Flow Monitor Map: Examples The following example shows how to create a new flow monitor map with name “fmm1”. This flow monitor map references the flow exporter map “fem1,” and sets the flow cache attributes to 10000 cache entries. The active entries from the cache are aged every 30 seconds, while the inactive entries from the cache are aged every 15 seconds. The record map for this monitor map is IPv4: RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm1 RP/0/RSP0/CPU0:router(config-fmm)# record ipv4 RP/0/RSP0/CPU0:router(config-fmm)# exporter fem1 RP/0/RSP0/CPU0:router(config-fmm)# cache entries 10000 RP/0/RSP0/CPU0:router(config-fmm)# cache timeout active 30 RP/0/RSP0/CPU0:router(config-fmm)# cache timeout inactive 15 RP/0/RSP0/CPU0:router(config-fmm)# exit The following example shows how to apply the flow monitor “fmm1”and the sampler “fsm1” to the TenGigE 0/0/0/0 interface in the ingress direction: RP/0/RSP0/CPU0:router(config)# interface TenGigE 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow ipv4 monitor fmm1 sampler fsm1 ingress RP/0/RSP0/CPU0:router(config-if)# exit The following example shows how to configure the NetFlow monitor to collect MPLS packets with IPv6 fields: RP/0/RSP0/CPU0:router# config RP/0/RSP0/CPU0:router(config)# flow exporter-map exp1 RP/0/RSP0/CPU0:router(config-fem)# version v9 RP/0/RSP0/CPU0:router(config-fem-ver)# options interface-table timeout 300 RP/0/RSP0/CPU0:router(config-fem-ver)# options sampler-table timeout 300 RP/0/RSP0/CPU0:router(config-fem-ver)# template data timeout 300 RP/0/RSP0/CPU0:router(config-fem-ver)# template options timeout 300 RP/0/RSP0/CPU0:router(config-fem-ver)# exit RP/0/RSP0/CPU0:router(config-fem)# transport udp 12515 RP/0/RSP0/CPU0:router(config-fem)# source Loopback0 RP/0/RSP0/CPU0:router(config-fem)# destination 170.1.1.11 RP/0/RSP0/CPU0:router(config-fmm)# exit RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv6-fmm RP/0/RSP0/CPU0:router(config-fmm)# record mpls ipv6-fields labels 3 RP/0/RSP0/CPU0:router(config-fmm)# exporter exp1 RP/0/RSP0/CPU0:router(config-fmm)# cache entries 10000 RP/0/RSP0/CPU0:router(config-fmm)# cache permanent RP/0/RSP0/CPU0:router(config-fmm)# exit RP/0/RSP0/CPU0:router(config)# sampler-map FSM RP/0/RSP0/CPU0:router(config-sm)# random 1 out-of 65535 RP/0/RSP0/CPU0:router(config-sm)# exit RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv6-fmm sampler FSM ingress Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 29 Configuring NetFlow Flow Monitor Map: ExamplesMPLS Flow Monitor with IPv4 and IPv6 Support: Examples The following configuration collects MPLS traffic, but no payload information is collected. RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-fmm RP/0/RSP0/CPU0:router(config-fmm)# record mpls labels 3 RP/0/RSP0/CPU0:router(config-fmm)# cache permanent RP/0/RSP0/CPU0:router(config)# exit RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-fmm sampler fsm ingress The following configuration collects MPLS traffic with IPv4 payloads. It also collects MPLS traffic without IPv4 payloads, but it populates the IPv4 fields with zeros (0). RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv4-fmm RP/0/RSP0/CPU0:router(config-fmm)# record mpls IPv4-fields labels 3 RP/0/RSP0/CPU0:router(config-fmm)# cache permanent RP/0/RSP0/CPU0:router(config-fmm)# exit RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv4-fmm sampler fsm ingress The following configuration collects MPLS traffic with IPv6 payloads. It also collects MPLS traffic without IPv6 payloads, but it populates the IPv6 fields with zeros (0). RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv6-fmm RP/0/RSP0/CPU0:router(config-fmm)# record mpls IPv6-fields labels 3 RP/0/RSP0/CPU0:router(config-fmm)# cache permanent RP/0/RSP0/CPU0:router(config-fmm)# exit RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv6-fmm sampler fsm ingress The following configuration collects MPLS traffic with both IPv6 and IPv4 fields. It also collects MPLS traffic without IPv4 or IPv6 payloads, but it populates the IPv6 and IPv4 fields with zeros (0). RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv4-IPv6-fmm RP/0/RSP0/CPU0:router(config-fmm)# record mpls IPv4-IPv6-fields labels 3 RP/0/RSP0/CPU0:router(config-fmm)# cache permanent RP/0/RSP0/CPU0:router(config-fmm)# exit RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0 RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv4-IPv6-fmm sampler fsm ingress Note Flow records are exported using the Version 9 format. Destination-based NetFlow Accounting: Example The following example shows how to configure an IPv4 flow record for destination-based NetFlow accounting: RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)# flow monitor-map map1 RP/0/RSP0/CPU0:router(config-fmm)# record ipv4 destination RP/0/RSP0/CPU0:router(config-fmm)# exporter fem RP/0/RSP0/CPU0:router(config-fmm)# exit RP/0/RSP0/CPU0:router(config)# interface pos 0/1/0/0 RP/0/RSP0/CPU0:router(config-if)# flow ipv4 monitor map1 ingress Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 30 OL-26127-02 Configuring NetFlow MPLS Flow Monitor with IPv4 and IPv6 Support: ExamplesRP/0/RSP0/CPU0:router(config-if)# end RP/0/RSP0/CPU0:router# show flow exporter-map fem RP/0/RSP0/CPU0:router# show flow monitor-map map1 Additional References The following sections provide references related to interface configuration. Related Documents Related Topic Document Title Cisco IOS XR master command reference Cisco IOS XR Master Commands List Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference Cisco IOS XR interface configuration commands Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Initial system bootup and configuration information for a router using the Cisco IOS XR software. Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference Information about user groups and task IDs Information about configuring interfaces and other Cisco Craft Works Interface User Guide components from a remote Craft Works Interface (CWI) client management application. Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 31 Configuring NetFlow Additional ReferencesRFCs RFCs Title 3954 NetFlow services export protocol Version 9. Technical Assistance Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x 32 OL-26127-02 Configuring NetFlow Additional ReferencesI N D E X A accounting for IPv4, destination-based 8, 25 Additional References command 31 C cache entries command 14 cache permanent command 14 cache timeout command 14 Configuration Examples for NetFlow command 28 configuring 9 D destination command 9 Destination-based NetFlow Accounting 30 Example command 30 dscp command 9 E exporter command 14 exporter map 3 Exporter Map 28 Example command 28 F flow exporter map configuration submode 5 flow exporter map version configuration submode 5 flow exporter-map command 9 Flow Monitor Map 29 Examples 29 flow monitor map configuration submode 6 flow monitor-map command 9, 14, 25 M monitor map 3 MPLS Flow Monitor with IPv4 and IPv6 Support 30 Examples 30 N NetFlow 1, 2, 3, 5, 6, 8, 9, 25 accounting for IPv4, destination-based 8, 25 configuring 9 exporter map 3 flow exporter map configuration submode 5 flow exporter map version configuration submode 5 flow monitor map configuration submode 6 monitor map 3 overview 1, 2 restrictions 2 sampler map 3 sampler map configuration submode 6 O options command 9 overview 1, 2 R random command 12 record ipv4 command 14 record ipv4 destination command 25 record ipv6 command 14 restrictions 2 S sampler map 3 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x OL-26127-02 IN-1Sampler Map 28 Example command 28 sampler map configuration submode 6 sampler-map command 12 show flow exporter-map command 9, 25 show flow monitor map command 14 show sampler-map command 12 source command 9 T template command 9 transport udp command 9 Trident Netflow 27 V version v9 command 9 Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x IN-2 OL-26127-02 Index Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide Cisco IOS XR Software Release 4.2.x Text Part Number: OL-26115-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide © 2012 Cisco Systems, Inc. All rights reserved.iii Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 C O N T E N T S Preface VPC-vii Implementing MPLS Layer 3 VPNs VPC-9 Contents VPC-10 Prerequisites for Implementing MPLS L3VPN VPC-10 MPLS L3VPN Restrictions VPC-11 Information About MPLS Layer 3 VPNs VPC-11 MPLS L3VPN Overview VPC-11 MPLS L3VPN Benefits VPC-12 How MPLS L3VPN Works VPC-13 Virtual Routing and Forwarding Tables VPC-13 VPN Routing Information: Distribution VPC-13 BGP Distribution of VPN Routing Information VPC-14 MPLS Forwarding VPC-14 Automatic Route Distinguisher Assignment VPC-15 MPLS L3VPN Major Components VPC-15 Inter-AS Support for L3VPN VPC-15 Inter-AS Support: Overview VPC-16 Inter-AS and ASBRs VPC-16 Confederations VPC-17 MPLS VPN Inter-AS BGP Label Distribution VPC-18 Exchanging IPv4 Routes with MPLS labels VPC-19 BGP Routing Information VPC-20 BGP Messages and MPLS Labels VPC-20 Sending MPLS Labels with Routes VPC-21 Generic Routing Encapsulation Support for L3VPN VPC-21 GRE Restriction for L3VPN VPC-21 VPNv4 Forwarding Using GRE Tunnels VPC-21 Carrier Supporting Carrier Support for L3VPN VPC-23 CSC Prerequisites VPC-23 CSC Benefits VPC-23 Configuration Options for the Backbone and Customer Carriers VPC-24 Customer Carrier: ISP with IP Core VPC-24 Customer Carrier: MPLS Service Provider VPC-25Contents iv Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 How to Implement MPLS Layer 3 VPNs VPC-26 Configuring the Core Network VPC-26 Assessing the Needs of MPLS VPN Customers VPC-26 Configuring Routing Protocols in the Core VPC-27 Configuring MPLS in the Core VPC-27 Determining if FIB Is Enabled in the Core VPC-27 Configuring Multiprotocol BGP on the PE Routers and Route Reflectors VPC-28 Connecting MPLS VPN Customers VPC-29 Defining VRFs on the PE Routers to Enable Customer Connectivity VPC-30 Configuring VRF Interfaces on PE Routers for Each VPN Customer VPC-32 Configuring BGP as the Routing Protocol Between the PE and CE Routers VPC-34 Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers VPC-38 Configuring Static Routes Between the PE and CE Routers VPC-41 Configuring OSPF as the Routing Protocol Between the PE and CE Routers VPC-42 Configuring EIGRP as the Routing Protocol Between the PE and CE Routers VPC-45 Configuring EIGRP Redistribution in the MPLS VPN VPC-48 Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels VPC-50 Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels VPC-50 Configuring the Route Reflectors to Exchange VPN-IPv4 Routes VPC-53 Configuring the Route Reflector to Reflect Remote Routes in its AS VPC-56 Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses VPC-59 Configuring the ASBRs to Exchange VPN-IPv4 Addresses VPC-59 Configuring a Static Route to an ASBR Peer VPC-62 Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a Confederation VPC-64 Configuring MPLS Forwarding for ASBR Confederations VPC-66 Configuring a Static Route to an ASBR Confederation Peer VPC-68 Configuring Carrier Supporting Carrier VPC-70 Identifying the Carrier Supporting Carrier Topology VPC-70 Configuring the Backbone Carrier Core VPC-71 Configuring the CSC-PE and CSC-CE Routers VPC-71 Configuring a Static Route to a Peer VPC-78 Verifying the MPLS Layer 3 VPN Configuration VPC-80 Configuring L3VPN over GRE VPC-83 Creating a GRE Tunnel between Provider Edge Routers VPC-83 Configuring IGP between Provider Edge Routers VPC-85 Configuring LDP/GRE on the Provider Edge Routers VPC-87 Configuring L3VPN VPC-89Contents v Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuration Examples for Implementing MPLS Layer 3 VPNs VPC-95 Configuring an MPLS VPN Using BGP: Example VPC-95 Configuring the Routing Information Protocol on the PE Router: Example VPC-96 Configuring the PE Router Using EIGRP: Example VPC-96 Configuration Examples for MPLS VPN CSC VPC-97 Configuring the Backbone Carrier Core: Examples VPC-97 Configuring the Links Between CSC-PE and CSC-CE Routers: Examples VPC-97 Configuring a Static Route to a Peer: Example VPC-98 Configuring L3VPN over GRE: Example VPC-98 Additional References VPC-102 Related Documents VPC-102 Standards VPC-102 MIBs VPC-102 RFCs VPC-103 Technical Assistance VPC-103 Implementing IPv6 VPN Provider Edge Transport over MPLS VPC-105 Contents VPC-105 Prerequisites for Implementing 6PE/VPE VPC-106 Information About 6PE/VPE VPC-106 Overview of 6PE/VPE VPC-106 Benefits of 6PE/VPE VPC-107 Deploying IPv6 over MPLS Backbones VPC-107 IPv6 on the Provider Edge and Customer Edge Routers VPC-107 IPv6 Provider Edge Multipath VPC-108 OSPFv3 6VPE VPC-108 Multiple VRF Support VPC-108 OSPFv3 PE-CE Extensions VPC-109 VRF Lite VPC-109 How to Implement 6PE/VPE VPC-109 Configuring 6PE/VPE VPC-109 Configuring PE to PE Core VPC-111 Configuring PE to CE Core VPC-115 Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers VPC-118 Configuration Examples for 6PE VPC-122 Configuring 6PE on a PE Router: Example VPC-122 Configuring 6VPE on a PE Router: Example VPC-122 Configuring OSPFv3 between PE to CE: Example: VPC-123 Additional References VPC-124Contents vi Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Related Document VPC-124 Standards VPC-124 MIBs VPC-124 RFCs VPC-124 Technical Assistance VPC-125 Indexvii Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Preface The preface consists of these sections: • Changes to This Document, page VPC-vii • Obtaining Documentation and Submitting a Service Request, page VPC-vii Changes to This Document Table 1 lists the technical changes made to this document since it was first printed. Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0. Table 1 Changes to This Document Revision Date Change Summary OL-26115-02 May 2012 Support for GRE tunnel interfaces was increased to 2000. OL-26115-01 December 2011 Initial release of this document.Preface viii Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-029 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Implementing MPLS Layer 3 VPNs A Multiprotocol Label Switching (MPLS) Layer 3 Virtual Private Network (VPN) consists of a set of sites that are interconnected by means of an MPLS provider core network. At each customer site, one or more customer edge (CE) routers attach to one or more provider edge (PE) routers. This module provides the conceptual and configuration information for MPLS Layer 3 VPNs on Cisco ASR 9000 Series Aggregation Services Routers. Note You must acquire an evaluation or permanent license in order to use MPLS Layer 3 VPN functionality. However, if you are upgrading from a previous version of the software, MPLS Layer 3 VPN functionality will continue to work using an implicit license for 90 days (during which time, you can purchase a permanent license). For more information about licenses, see the Software Entitlement on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide. Note For a complete description of the commands listed in this module, refer to the Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference . To locate documentation of other commands that appear in this chapter, use the command reference master index, or search online. Feature History for Implementing MPLS Layer 3 VPNs on Cisco ASR 9000 Series Routers Release Modification Release 3.7.2 This feature was introduced. Release 4.2.0 Support for Generic Routing Encapsulation (GRE) was added on A9K-SIP-700 line card. Release 4.2.1 The maximum number of supported tunnel interfaces was increased to 2000 for the ASR 9000 Enhanced Ethernet and ASR 9000 Ethernet line cards.Implementing MPLS Layer 3 VPNs Contents 10 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Contents • Prerequisites for Implementing MPLS L3VPN, page VPC-10 • MPLS L3VPN Restrictions, page VPC-11 • Information About MPLS Layer 3 VPNs, page VPC-11 • How to Implement MPLS Layer 3 VPNs, page VPC-26 • Configuration Examples for Implementing MPLS Layer 3 VPNs, page VPC-95 • Additional References, page VPC-102 Prerequisites for Implementing MPLS L3VPN These prerequisites are required to configure MPLS Layer 3 VPN: • You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. These prerequisites are required for configuring MPLS VPN Inter-AS with autonomous system boundary routers (ASBRs) exchanging VPN-IPV4 addresses or IPv4 routes and MPLS labels: • Before configuring external Border Gateway Protocol (eBGP) routing between autonomous systems or subautonomous systems in an MPLS VPN, ensure that all MPLS VPN routing instances and sessions are properly configured (see the How to Implement MPLS Layer 3 VPNs, page VPC-26 for procedures). • These tasks must be performed: – Define VPN routing instances – Configure BGP routing sessions in the MPLS core – Configure PE-to-PE routing sessions in the MPLS core – Configure BGP PE-to-CE routing sessions – Configure a VPN-IPv4 eBGP session between directly connected ASBRs To configure MPLS Layer 3 VPNs, routers must support MPLS forwarding and Forwarding Information Base (FIB).Implementing MPLS Layer 3 VPNs MPLS L3VPN Restrictions 11 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 MPLS L3VPN Restrictions These are restrictions for implementing MPLS Layer 3 VPNs: • Multihop VPN-IPv4 eBGP is not supported for configuring eBGP routing between autonomous systems or subautonomous systems in an MPLS VPN. • MPLS VPN supports only IPv4 address families. These restrictions apply when configuring MPLS VPN Inter-AS with ASBRs exchanging IPv4 routes and MPLS labels: • For networks configured with eBGP multihop, a label switched path (LSP) must be configured between nonadjacent routers. • Inter-AS supports IPv4 routes only. IPv6 is not supported. Note The physical interfaces that connect the BGP speakers must support FIB and MPLS. These restrictions apply to routing protocols OSPF and RIP: • IPv6 is not supported on OSPF and RIP. Information About MPLS Layer 3 VPNs To implement MPLS Layer 3 VPNs, you need to understand these concepts: • MPLS L3VPN Overview, page VPC-11 • MPLS L3VPN Benefits, page VPC-12 • How MPLS L3VPN Works, page VPC-13 • MPLS L3VPN Major Components, page VPC-15 • Generic Routing Encapsulation Support for L3VPN, page VPC-21 MPLS L3VPN Overview Before defining an MPLS VPN, VPN in general must be defined. A VPN is: • An IP-based network delivering private network services over a public infrastructure • A set of sites that are allowed to communicate with each other privately over the Internet or other public or private networks Conventional VPNs are created by configuring a full mesh of tunnels or permanent virtual circuits (PVCs) to all sites in a VPN. This type of VPN is not easy to maintain or expand, as adding a new site requires changing each edge device in the VPN. MPLS-based VPNs are created in Layer 3 and are based on the peer model. The peer model enables the service provider and the customer to exchange Layer 3 routing information. The service provider relays the data between the customer sites without customer involvement. MPLS VPNs are easier to manage and expand than conventional VPNs. When a new site is added to an MPLS VPN, only the edge router of the service provider that provides services to the customer site needs to be updated. Implementing MPLS Layer 3 VPNs Information About MPLS Layer 3 VPNs 12 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 The components of the MPLS VPN are described as follows: • Provider (P) router—Router in the core of the provider network. PE routers run MPLS switching and do not attach VPN labels to routed packets. VPN labels are used to direct data packets to the correct private network or customer edge router. • PE router—Router that attaches the VPN label to incoming packets based on the interface or subinterface on which they are received, and also attaches the MPLS core labels. A PE router attaches directly to a CE router. • Customer (C) router—Router in the Internet service provider (ISP) or enterprise network. • Customer edge (CE) router—Edge router on the network of the ISP that connects to the PE router on the network. A CE router must interface with a PE router. Figure 1 shows a basic MPLS VPN topology. Figure 1 Basic MPLS VPN Topology MPLS L3VPN Benefits MPLS L3VPN provides these benefits: • Service providers can deploy scalable VPNs and deliver value-added services. • Connectionless service guarantees that no prior action is necessary to establish communication between hosts. • Centralized Service: Building VPNs in Layer 3 permits delivery of targeted services to a group of users represented by a VPN. • Scalability: Create scalable VPNs using connection-oriented, point-to-point overlays, Frame Relay, or ATM virtual connections. • Security: Security is provided at the edge of a provider network (ensuring that packets received from a customer are placed on the correct VPN) and in the backbone. • Integrated Quality of Service (QoS) support: QoS provides the ability to address predictable performance and policy implementation and support for multiple levels of service in an MPLS VPN. MPLS Backbone Customer Site Customer Site Provider Edge (PE) router Provider Edge (PE) router Provider (P) routers Provider (P) routers 103875 Customer Edge (CE) router Customer Edge (CE) routerImplementing MPLS Layer 3 VPNs Information About MPLS Layer 3 VPNs 13 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 • Straightforward Migration: Service providers can deploy VPN services using a straightforward migration path. • Migration for the end customer is simplified. There is no requirement to support MPLS on the CE router and no modifications are required for a customer intranet. How MPLS L3VPN Works MPLS VPN functionality is enabled at the edge of an MPLS network. The PE router performs these tasks: • Exchanges routing updates with the CE router • Translates the CE routing information into VPN version 4 (VPNv4) routes • Exchanges VPNv4 routes with other PE routers through the Multiprotocol Border Gateway Protocol (MP-BGP) Virtual Routing and Forwarding Tables Each VPN is associated with one or more VPN routing and forwarding (VRF) instances. A VRF defines the VPN membership of a customer site attached to a PE router. A VRF consists of these components: • An IP version 4 (IPv4) unicast routing table • A derived FIB table • A set of interfaces that use the forwarding table • A set of rules and routing protocol parameters that control the information that is included in the routing table These components are collectively called a VRF instance. A one-to-one relationship does not necessarily exist between customer sites and VPNs. A site can be a member of multiple VPNs. However, a site can associate with only one VRF. A VRF contains all the routes available to the site from the VPNs of which it is a member. Packet forwarding information is stored in the IP routing table and the FIB table for each VRF. A separate set of routing and FIB tables is maintained for each VRF. These tables prevent information from being forwarded outside a VPN and also prevent packets that are outside a VPN from being forwarded to a router within the VPN. VPN Routing Information: Distribution The distribution of VPN routing information is controlled through the use of VPN route target communities, implemented by BGP extended communities. VPN routing information is distributed as follows: • When a VPN route that is learned from a CE router is injected into a BGP, a list of VPN route target extended community attributes is associated with it. Typically, the list of route target community extended values is set from an export list of route targets associated with the VRF from which the route was learned.Implementing MPLS Layer 3 VPNs Information About MPLS Layer 3 VPNs 14 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 • An import list of route target extended communities is associated with each VRF. The import list defines route target extended community attributes that a route must have for the route to be imported into the VRF. For example, if the import list for a particular VRF includes route target extended communities A, B, and C, then any VPN route that carries any of those route target extended communities—A, B, or C—is imported into the VRF. BGP Distribution of VPN Routing Information A PE router can learn an IP prefix from these sources: • A CE router by static configuration • An eBGP session with the CE router • A Routing Information Protocol (RIP) exchange with the CE router • Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), and RIP as Interior Gateway Protocols (IGPs) The IP prefix is a member of the IPv4 address family. After the PE router learns the IP prefix, the PE converts it into the VPN-IPv4 prefix by combining it with a 64-bit route distinguisher. The generated prefix is a member of the VPN-IPv4 address family. It uniquely identifies the customer address, even if the customer site is using globally nonunique (unregistered private) IP addresses. The route distinguisher used to generate the VPN-IPv4 prefix is specified by the rd command associated with the VRF on the PE router. BGP distributes reachability information for VPN-IPv4 prefixes for each VPN. BGP communication takes place at two levels: • Within the IP domain, known as an autonomous system. • Between autonomous systems. PE to PE or PE to route reflector (RR) sessions are iBGP sessions, and PE to CE sessions are eBGP sessions. PE to CE eBGP sessions can be directly or indirectly connected (eBGP multihop). BGP propagates reachability information for VPN-IPv4 prefixes among PE routers by the BGP protocol extensions (see RFC 2283, Multiprotocol Extensions for BGP-4), which define support for address families other than IPv4. Using the extensions ensures that the routes for a given VPN are learned only by other members of that VPN, enabling members of the VPN to communicate with each other. MPLS Forwarding Based on routing information stored in the VRF IP routing table and the VRF FIB table, packets are forwarded to their destination using MPLS. A PE router binds a label to each customer prefix learned from a CE router and includes the label in the network reachability information for the prefix that it advertises to other PE routers. When a PE router forwards a packet received from a CE router across the provider network, it labels the packet with the label learned from the destination PE router. When the destination PE router receives the labeled packet, it pops the label and uses it to direct the packet to the correct CE router. Label forwarding across the provider backbone is based on either dynamic label switching or traffic engineered paths. A customer data packet carries two levels of labels when traversing the backbone: • The top label directs the packet to the correct PE router. • The second label indicates how that PE router should forward the packet to the CE router.Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 15 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 More labels can be stacked if other features are enabled. For example, if traffic engineering (TE) tunnels with fast reroute (FRR) are enabled, the total number of labels imposed in the PE is four (Layer 3 VPN, Label Distribution Protocol (LDP), TE, and FRR). Automatic Route Distinguisher Assignment To take advantage of iBGP load balancing, every network VRF must be assigned a unique route distinguisher. VRFs require a route distinguisher for BGP to distinguish between potentially identical prefixes received from different VPNs. With thousands of routers in a network each supporting multiple VRFs, configuration and management of route distinguishers across the network can present a problem. Cisco IOS XR software simplifies this process by assigning unique route distinguisher to VRFs using the rd auto command. To assign a unique route distinguisher for each router, you must ensure that each router has a unique BGP router-id. If so, the rd auto command assigns a Type 1 route distinguisher to the VRF using this format: ip-address:number. The IP address is specified by the BGP router-id statement and the number (which is derived as an unused index in the 0 to 65535 range) is unique across the VRFs. Finally, route distinguisher values are checkpointed so that route distinguisher assignment to VRF is persistent across failover or process restart. If an route distinguisher is explicitely configured for a VRF, this value is not overridden by the autoroute distinguisher. MPLS L3VPN Major Components An MPLS-based VPN network has three major components: • VPN route target communities—A VPN route target community is a list of all members of a VPN community. VPN route targets need to be configured for each VPN community member. • Multiprotocol BGP (MP-BGP) peering of the VPN community PE routers—MP-BGP propagates VRF reachability information to all members of a VPN community. MP-BGP peering needs to be configured in all PE routers within a VPN community. • MPLS forwarding—MPLS transports all traffic between all VPN community members across a VPN service-provider network. A one-to-one relationship does not necessarily exist between customer sites and VPNs. A given site can be a member of multiple VPNs. However, a site can associate with only one VRF. A customer-site VRF contains all the routes available to the site from the VPNs of which it is a member. Inter-AS Support for L3VPN This section contains these topics: • Inter-AS Support: Overview, page VPC-16 • Inter-AS and ASBRs, page VPC-16 • Confederations, page VPC-17 • MPLS VPN Inter-AS BGP Label Distribution, page VPC-18 • Exchanging IPv4 Routes with MPLS labels, page VPC-19Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 16 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Inter-AS Support: Overview An autonomous system (AS) is a single network or group of networks that is controlled by a common system administration group and uses a single, clearly defined routing protocol. As VPNs grow, their requirements expand. In some cases, VPNs need to reside on different autonomous systems in different geographic areas. In addition, some VPNs need to extend across multiple service providers (overlapping VPNs). Regardless of the complexity and location of the VPNs, the connection between autonomous systems must be seamless. An MPLS VPN Inter-AS provides these benefits: • Allows a VPN to cross more than one service provider backbone. Service providers, running separate autonomous systems, can jointly offer MPLS VPN services to the same end customer. A VPN can begin at one customer site and traverse different VPN service provider backbones before arriving at another site of the same customer. Previously, MPLS VPN could traverse only a single BGP autonomous system service provider backbone. This feature lets multiple autonomous systems form a continuous, seamless network between customer sites of a service provider. • Allows a VPN to exist in different areas. A service provider can create a VPN in different geographic areas. Having all VPN traffic flow through one point (between the areas) allows for better rate control of network traffic between the areas. • Allows confederations to optimize iBGP meshing. Internal Border Gateway Protocol (iBGP) meshing in an autonomous system is more organized and manageable. You can divide an autonomous system into multiple, separate subautonomous systems and then classify them into a single confederation. This capability lets a service provider offer MPLS VPNs across the confederation, as it supports the exchange of labeled VPN-IPv4 Network Layer Reachability Information (NLRI) between the subautonomous systems that form the confederation. Inter-AS and ASBRs Separate autonomous systems from different service providers can communicate by exchanging IPv4 NLRI in the form of VPN-IPv4 addresses. The ASBRs use eBGP to exchange that information. Then an Interior Gateway Protocol (IGP) distributes the network layer information for VPN-IPV4 prefixes throughout each VPN and each autonomous system. These protocols are used for sharing routing information: • Within an autonomous system, routing information is shared using an IGP. • Between autonomous systems, routing information is shared using an eBGP. An eBGP lets service providers set up an interdomain routing system that guarantees the loop-free exchange of routing information between separate autonomous systems. The primary function of an eBGP is to exchange network reachability information between autonomous systems, including information about the list of autonomous system routes. The autonomous systems use EBGP border edge routers to distribute the routes, which include label switching information. Each border edge router rewrites the next-hop and MPLS labels. Inter-AS configurations supported in an MPLS VPN can include:Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 17 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 • Interprovider VPN—MPLS VPNs that include two or more autonomous systems, connected by separate border edge routers. The autonomous systems exchange routes using eBGP. No IGP or routing information is exchanged between the autonomous systems. • BGP Confederations—MPLS VPNs that divide a single autonomous system into multiple subautonomous systems and classify them as a single, designated confederation. The network recognizes the confederation as a single autonomous system. The peers in the different autonomous systems communicate over eBGP sessions; however, they can exchange route information as if they were iBGP peers. Confederations A confederation is multiple subautonomous systems grouped together. A confederation reduces the total number of peer devices in an autonomous system. A confederation divides an autonomous system into subautonomous systems and assigns a confederation identifier to the autonomous systems. A VPN can span service providers running in separate autonomous systems or multiple subautonomous systems that form a confederation. In a confederation, each subautonomous system is fully meshed with other subautonomous systems. The subautonomous systems communicate using an IGP, such as Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS). Each subautonomous system also has an eBGP connection to the other subautonomous systems. The confederation eBGP (CEBGP) border edge routers forward next-hop-self addresses between the specified subautonomous systems. The next-hop-self address forces the BGP to use a specified address as the next hop rather than letting the protocol choose the next hop. You can configure a confederation with separate subautonomous systems two ways: • Configure a router to forward next-hop-self addresses between only the CEBGP border edge routers (both directions). The subautonomous systems (iBGP peers) at the subautonomous system border do not forward the next-hop-self address. Each subautonomous system runs as a single IGP domain. However, the CEBGP border edge router addresses are known in the IGP domains. • Configure a router to forward next-hop-self addresses between the CEBGP border edge routers (both directions) and within the iBGP peers at the subautonomous system border. Each subautonomous system runs as a single IGP domain but also forwards next-hop-self addresses between the PE routers in the domain. The CEBGP border edge router addresses are known in the IGP domains. Figure 2 illustrates a typical MPLS VPN confederation configuration. In this configuration: • The two CEBGP border edge routers exchange VPN-IPv4 addresses with labels between the two autonomous systems. • The distributing router changes the next-hop addresses and labels and uses a next-hop-self address. • IGP-1 and IGP-2 know the addresses of CEBGP-1 and CEBGP-2.Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 18 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Figure 2 eBGP Connection Between Two Subautonomous Systems in a Confederation In this confederation configuration: • CEBGP border edge routers function as neighboring peers between the subautonomous systems. The subautonomous systems use eBGP to exchange route information. • Each CEBGP border edge router (CEBGP-1 and CEBGP-2) assigns a label for the router before distributing the route to the next subautonomous system. The CEBGP border edge router distributes the route as a VPN-IPv4 address by using the multiprotocol extensions of BGP. The label and the VPN identifier are encoded as part of the NLRI. • Each PE and CEBGP border edge router assigns its own label to each VPN-IPv4 address prefix before redistributing the routes. The CEBGP border edge routers exchange IPV-IPv4 addresses with the labels. The next-hop-self address is included in the label (as the value of the eBGP next-hop attribute). Within the subautonomous systems, the CEBGP border edge router address is distributed throughout the iBGP neighbors, and the two CEBGP border edge routers are known to both confederations. For more information about how to configure confederations, see the “Configuring MPLS Forwarding for ASBR Confederations” section on page MPC-66. MPLS VPN Inter-AS BGP Label Distribution Note This section is not applicable to Inter-AS over IP tunnels. You can set up the MPLS VPN Inter-AS network so that the ASBRs exchange IPv4 routes with MPLS labels of the provider edge (PE) routers. Route reflectors (RRs) exchange VPN-IPv4 routes by using multihop, multiprotocol external Border Gateway Protocol (eBGP). This method of configuring the Inter-AS system is often called MPLS VPN Inter-AS BGP Label Distribution. Configuring the Inter-AS system so that the ASBRs exchange the IPv4 routes and MPLS labels has these benefits: CE-1 CE-2 CE-3 CE-4 CE-5 PE-1 PE-2 PE-3 CEGBP-1 CEBGP-2 Core of P routers Core of P routers 43880 Sub-AS2 with IGP-2 Sub-AS1 with IGP-1 eBGP intraconfederation for VPNv4 routes with label distribution Service Provider 1 Service Provider 1 VPN 1 VPN 1Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 19 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 • Saves the ASBRs from having to store all the VPN-IPv4 routes. Using the route reflectors to store the VPN-IPv4 routes and forward them to the PE routers results in improved scalability compared with configurations in which the ASBR holds all the VPN-IPv4 routes and forwards the routes based on VPN-IPv4 labels. • Having the route reflectors hold the VPN-IPv4 routes also simplifies the configuration at the border of the network. • Enables a non-VPN core network to act as a transit network for VPN traffic. You can transport IPv4 routes with MPLS labels over a non-MPLS VPN service provider. • Eliminates the need for any other label distribution protocol between adjacent label switch routers (LSRs). If two adjacent LSRs are also BGP peers, BGP can handle the distribution of the MPLS labels. No other label distribution protocol is needed between the two LSRs. Exchanging IPv4 Routes with MPLS labels Note This section is not applicable to Inter-AS over IP tunnels. You can set up a VPN service provider network to exchange IPv4 routes with MPLS labels. You can configure the VPN service provider network as follows: • Route reflectors exchange VPN-IPv4 routes by using multihop, multiprotocol eBGP. This configuration also preserves the next-hop information and the VPN labels across the autonomous systems. • A local PE router (for example, PE1 in Figure 3) needs to know the routes and label information for the remote PE router (PE2). This information can be exchanged between the PE routers and ASBRs in one of two ways: – Internal Gateway Protocol (IGP) and Label Distribution Protocol (LDP): The ASBR can redistribute the IPv4 routes and MPLS labels it learned from eBGP into IGP and LDP and from IGP and LDP into eBGP. – Internal Border Gateway Protocol (iBGP) IPv4 label distribution: The ASBR and PE router can use direct iBGP sessions to exchange VPN-IPv4 and IPv4 routes and MPLS labels. Alternatively, the route reflector can reflect the IPv4 routes and MPLS labels learned from the ASBR to the PE routers in the VPN. This reflecting of learned IPv4 routes and MPLS labels is accomplished by enabling the ASBR to exchange IPv4 routes and MPLS labels with the route reflector. The route reflector also reflects the VPN-IPv4 routes to the PE routers in the VPN. For example, in VPN1, RR1 reflects to PE1 the VPN-IPv4 routes it learned and IPv4 routes and MPLS labels learned from ASBR1. Using the route reflectors to store the VPN-IPv4 routes and forward them through the PE routers and ASBRs allows for a scalable configuration.Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 20 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Figure 3 VPNs Using eBGP and iBGP to Distribute Routes and MPLS Labels BGP Routing Information BGP routing information includes these items: • Network number (prefix), which is the IP address of the destination. • Autonomous system (AS) path, which is a list of the other ASs through which a route passes on the way to the local router. The first AS in the list is closest to the local router; the last AS in the list is farthest from the local router and usually the AS where the route began. • Path attributes, which provide other information about the AS path, for example, the next hop. BGP Messages and MPLS Labels MPLS labels are included in the update messages that a router sends. Routers exchange these types of BGP messages: • Open messages—After a router establishes a TCP connection with a neighboring router, the routers exchange open messages. This message contains the number of the autonomous system to which the router belongs and the IP address of the router that sent the message. • Update messages—When a router has a new, changed, or broken route, it sends an update message to the neighboring router. This message contains the NLRI, which lists the IP addresses of the usable routes. The update message includes any routes that are no longer usable. The update message also includes path attributes and the lengths of both the usable and unusable paths. Labels for VPN-IPv4 routes are encoded in the update message, as specified in RFC 2858. The labels for the IPv4 routes are encoded in the update message, as specified in RFC 3107. • Keepalive messages—Routers exchange keepalive messages to determine if a neighboring router is still available to exchange routing information. The router sends these messages at regular intervals. (Sixty seconds is the default for Cisco routers.) The keepalive message does not contain routing data; it contains only a message header. • Notification messages—When a router detects an error, it sends a notification message. RR1 PE1 CE1 CE2 VPN1 VPN2 PE2 RR2 ASBR1 ASBR2 Multihop Multiprotocol VPNv4 BGP IPv4 routes and label with multipath support 59251Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 21 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Sending MPLS Labels with Routes When BGP (eBGP and iBGP) distributes a route, it can also distribute an MPLS label that is mapped to that route. The MPLS label mapping information for the route is carried in the BGP update message that contains the information about the route. If the next hop is not changed, the label is preserved. When you issue the show bgp neighbors ip-address command on both BGP routers, the routers advertise to each other that they can then send MPLS labels with the routes. If the routers successfully negotiate their ability to send MPLS labels, the routers add MPLS labels to all outgoing BGP updates. Generic Routing Encapsulation Support for L3VPN Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate many types of packets to enable data transmission using a tunnel. The GRE tunneling protocol enables: • High assurance Internet Protocol encryptor (HAIPE) devices for encryption over the public Internet and nonsecure connections. • Service providers (that do not run MPLS in their core network) to provide VPN services along with the security services. Note GRE is used with IP to create a virtual point-to-point link to routers at remote points in a network. For detailed information about configuring GRE tunnel interfaces, refer to the Cisco IOS XR Interfaces and Hardware Components Configuration Guide. For a PE to PE (core) link, enable LDP (with implicit null) on the GRE interfaces for L3VPN. GRE Restriction for L3VPN The following restrictions are applicable to L3VPN forwarding over GRE: • Carrier Supporting Carrier (CsC) or Inter-AS is not supported. • GRE-based L3VPN does not interwork with MPLS or IP VPNs. • GRE tunnel is supported only as a core link(PE-PE, PE-P, P-P, P-PE). A PE-CE (edge) link is not supported. • VPNv6 forwarding using GRE tunnels is not supported. VPNv4 Forwarding Using GRE Tunnels This section describes the working of VPNv4 forwarding over GRE tunnels. The following description assumes that GRE is used only as a core link between the encapsulation and decapsulation provider edge (PE) routers that are connected to one or more customer edge (CE) routers. Ingress of Encapsulation Router On receiving prefixes from the CE routers, Border Gateway Protocol (BGP) assigns the VPN label to the prefixes that need to be exported. These VPN prefixes are then forwarded to the Forwarding Information Base (FIB) using the Route Information Base (RIB) or the label switched database (LSD). The FIB then populates the prefix in the appropriate VRF table. The FIB also populates the label in the global label table. Using BGP, the prefixes are then relayed to the remote PE router (decapsulation router).Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN 22 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Egress of Encapsulation Router The forwarding behavior on egress of the encapsulation PE router is similar to the MPLS VPN label imposition. Regardless of whether the VPN label imposition is performed on the ingress or egress side, the GRE tunnel forwards a packet that has an associated label. This labeled packet is then encapsulated with a GRE header and forwarded based on the IP header. Ingress of Decapsulation Router The decapsulation PE router learns the VPN prefixes and label information from the remote encapsulation PE router using BGP. The next-hop information for the VPN prefix is the address of the GRE tunnel interface connecting the two PE routers. BGP downloads these prefixes to the RIB. The RIB downloads the routes to the FIB and the FIB installs the routes in the hardware. Egress of Decapsulation Router The egress forwarding behavior on the decapsulation PE router is similar to VPN disposition and forwarding, based on the protocol type of the inner payload.Implementing MPLS Layer 3 VPNs Carrier Supporting Carrier Support for L3VPN 23 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Carrier Supporting Carrier Support for L3VPN This section provides conceptual information about MPLS VPN Carrier Supporting Carrier (CSC) functionality and includes these topics: • CSC Prerequisites, page VPC-23 • CSC Benefits, page VPC-23 • Configuration Options for the Backbone and Customer Carriers, page VPC-24 Throughout this document, the following terminology is used in the context of CSC: backbone carrier—Service provider that provides the segment of the backbone network to the other provider. A backbone carrier offers BGP and MPLS VPN services. customer carrier—Service provider that uses the segment of the backbone network. The customer carrier may be an Internet service provider (ISP) or a BGP/MPLS VPN service provider. CE router—A customer edge router is part of a customer network and interfaces to a provider edge (PE) router. In this document, the CE router sits on the edge of the customer carrier network. PE router—A provider edge router is part of a service provider's network connected to a customer edge (CE) router. In this document, the PE router sits on the edge of the backbone carrier network ASBR—An autonomous system boundary router connects one autonomous system to another. CSC Prerequisites These prerequisites are required to configure CSC: • You must be able to configure MPLS VPNs with end-to-end (CE-to-CE router) pings working. • You must be able to configure Interior Gateway Protocols (IGPs), MPLS Label Distribution Protocol (LDP), and Multiprotocol Border Gateway Protocol (MP-BGP). • You must ensure that CSC-PE and CSC-CE routers support BGP label distribution. Note BGP is the only supported label distribution protocol on the link between CE and PE. CSC Benefits This section describes the benefits of CSC to the backbone carrier and customer carriers. Benefits to the Backbone Carrier • The backbone carrier can accommodate many customer carriers and give them access to its backbone. • The MPLS VPN carrier supporting carrier feature is scalable. • The MPLS VPN carrier supporting carrier feature is a flexible solution. Benefits to the Customer Carriers • The MPLS VPN carrier supporting carrier feature removes from the customer carrier the burden of configuring, operating, and maintaining its own backbone.Implementing MPLS Layer 3 VPNs Carrier Supporting Carrier Support for L3VPN 24 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 • Customer carriers who use the VPN services provided by the backbone carrier receive the same level of security that Frame Relay or ATM-based VPNs provide. • Customer carriers can use any link layer technology to connect the CE routers to the PE routers. • The customer carrier can use any addressing scheme and still be supported by a backbone carrier. Benefits of Implementing MPLS VPN CSC Using BGP The benefits of using BGP to distribute IPv4 routes and MPLS label routes are: • BGP takes the place of an IGP and LDP in a VPN forwarding and routing instance (VRF) table. • BGP is the preferred routing protocol for connecting two ISPs, Configuration Options for the Backbone and Customer Carriers To enable CSC, the backbone and customer carriers must be configured accordingly: • The backbone carrier must offer BGP and MPLS VPN services. • The customer carrier can take several networking forms. The customer carrier can be: – An ISP with an IP core (see the “Customer Carrier: ISP with IP Core” section on page MPC-24). – An MPLS service provider with or without VPN services (see “Customer Carrier: MPLS Service Provider” section on page MPC-25). Note An IGP in the customer carrier network is used to distribute next hops and loopbacks to the CSC-CE. IBGP with label sessions are used in the customer carrier network to distribute next hops and loopbacks to the CSC-CE. Customer Carrier: ISP with IP Core Figure 4 shows a network configuration where the customer carrier is an ISP. The customer carrier has two sites, each of which is a point of presence (POP). The customer carrier connects these sites using a VPN service provided by the backbone carrier. The backbone carrier uses MPLS or IP tunnels to provide VPN services. The ISP sites use IP. Figure 4 Network: Customer Carrier Is an ISP The links between the CE and PE routers use eBGP to distribute IPv4 routes and MPLS labels. Between the links, the PE routers use multiprotocol iBGP to distribute VPNv4 routes. ISP site 1 CSC-CE1 IP IP MPLS CSC-PE1 CSC-PE2 CSC-CE2 Backbone carrier ISP site 2 50846Implementing MPLS Layer 3 VPNs Carrier Supporting Carrier Support for L3VPN 25 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Customer Carrier: MPLS Service Provider Figure 5 shows a network configuration where the backbone carrier and the customer carrier are BGP/MPLS VPN service providers. The customer carrier has two sites. The customer carrier uses MPLS in its network while the backbone carrier may use MPLS or IP tunnels in its network. Figure 5 Network: Customer Carrier Is an MPLS VPN Service Provider In this configuration (Figure 5), the customer carrier can configure its network in one of these ways: • The customer carrier can run an IGP and LDP in its core network. In this case, the CSC-CE1 router in the customer carrier redistributes the eBGP routes it learns from the CSC-PE1 router of the backbone carrier to an IGP. • The CSC-CE1 router of the customer carrier system can run an IPv4 and labels iBGP session with the PE1 router. CE1 PE1 Customer carrier MPLS VPN SP Backbone carrier MPLS VPN SP Customer carrier MPLS VPN SP CSC-CE1 CSC-PE1 CSC-PE2 IPv4 + labels IPv4 + labels CSC-CE2 PE2 CE2 MP-IBGP exchanging VPNv4 prefixes MP-IBGP exchanging VPNv4 prefixes 65682Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 26 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 How to Implement MPLS Layer 3 VPNs This section contains instructions for these tasks: • Configuring the Core Network, page VPC-26 • Connecting MPLS VPN Customers, page VPC-29 • Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels, page VPC-50 (optional) • Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses, page VPC-59 (optional) • Configuring Carrier Supporting Carrier, page VPC-70 (optional) • Verifying the MPLS Layer 3 VPN Configuration, page VPC-80 • Configuring L3VPN over GRE, page VPC-83 Configuring the Core Network Configuring the core network includes these tasks: • Assessing the Needs of MPLS VPN Customers, page VPC-26 • Configuring Routing Protocols in the Core, page VPC-27 • Configuring MPLS in the Core, page VPC-27 • Determining if FIB Is Enabled in the Core, page VPC-27 • Configuring Multiprotocol BGP on the PE Routers and Route Reflectors, page VPC-28 Assessing the Needs of MPLS VPN Customers Before configuring an MPLS VPN, the core network topology must be identified so that it can best serve MPLS VPN customers. Perform this task to identify the core network topology. SUMMARY STEPS 1. Identify the size of the network. 2. Identify the routing protocols in the core. 3. Determine if MPLS High Availability support is required. 4. Determine if BGP load sharing and redundant paths are required.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 27 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Configuring Routing Protocols in the Core To configure a routing protocol, see the Cisco ASR 9000 Series Aggregation Services Routers Routing Configuration Guide. Configuring MPLS in the Core To enable MPLS on all routers in the core, you must configure a Label Distribution Protocol (LDP). You can use either of these as an LDP: • MPLS LDP—See the Implementing MPLS Label Distribution Protocol on Cisco ASR 9000 Series Routersfor configuration information. • MPLS Traffic Engineering Resource Reservation Protocol (RSVP)—See Implementing RSVP for MPLS-TE on Cisco ASR 9000 Series Routers module in this document for configuration information. Determining if FIB Is Enabled in the Core Forwarding Information Base (FIB) must be enabled on all routers in the core, including the provider edge (PE) routers. For information on how to determine if FIB is enabled, see the Implementing Cisco Express Forwarding on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide. Command or Action Purpose Step 1 Identify the size of the network. Identify these to determine the number of routers and ports required: • How many customers will be supported? • How many VPNs are required for each customer? • How many virtual routing and forwarding (VRF) instances are there for each VPN? Step 2 Identify the routing protocols in the core. Determine which routing protocols are required in the core network. Step 3 Determine if MPLS High Availability support is required. MPLS VPN nonstop forwarding and graceful restart are supported on select routers and Cisco IOS XR software releases. Step 4 Determine if BGP load sharing and redundant paths are required. Determine if BGP load sharing and redundant paths in the MPLS VPN core are required.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 28 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring Multiprotocol BGP on the PE Routers and Route Reflectors Perform this task to configure multiprotocol BGP (MP-BGP) connectivity on the PE routers and route reflectors. SUMMARY STEPS 1. configure 2. router bgp autonomous-system-number 3. address-family vpnv4 unicast 4. neighbor ip-address remote-as autonomous-system-number 5. address-family vpnv4 unicast end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Enters BGP configuration mode allowing you to configure the BGP routing process. Step 3 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast Enters VPNv4 address family configuration mode for the VPNv4 address family. Step 4 neighbor ip-address remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 29 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Connecting MPLS VPN Customers To connect MPLS VPN customers to the VPN, perform these tasks: • Defining VRFs on the PE Routers to Enable Customer Connectivity, page VPC-30 • Configuring VRF Interfaces on PE Routers for Each VPN Customer, page VPC-32 • Configuring BGP as the Routing Protocol Between the PE and CE Routers, page VPC-34 (optional) • Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers, page VPC-38 (optional) • Configuring Static Routes Between the PE and CE Routers, page VPC-41 (optional) • Configuring OSPF as the Routing Protocol Between the PE and CE Routers, page VPC-42 (optional) • Configuring EIGRP as the Routing Protocol Between the PE and CE Routers, page VPC-45 (optional) • Configuring EIGRP Redistribution in the MPLS VPN, page VPC-48 (optional) Step 5 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast Enters VPNv4 address family configuration mode for the VPNv4 address family. Step 6 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting (yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 30 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Defining VRFs on the PE Routers to Enable Customer Connectivity Perform this task to define VPN routing and forwarding (VRF) instances. SUMMARY STEPS 1. configure 2. vrf vrf-name 3. address-family ipv4 unicast 4. import route-policy policy-name 5. import route-target [as-number:nn | ip-address:nn] 6. export route-policy policy-name 7. export route-target [as-number:nn | ip-address:nn] 8. exit 9. exit 10. router bgp autonomous-system-number 11. vrf vrf-name 12. rd {as-number | ip-address | auto} 13. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config)# vrf vrf_1 Configures a VRF instance and enters VRF configuration mode. Step 3 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Enters VRF address family configuration mode for the IPv4 address family. Step 4 import route-policy policy-name Example: RP/0/RSP0/CPU0:router(config-vrf-af)# import route-policy policy_A Specifies a route policy that can be imported into the local VPN.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 31 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 5 import route-target [as-number:nn | ip-address:nn] Example: RP/0/RSP0/CPU0:router(config-vrf-af)# import route-target 120:1 Allows exported VPN routes to be imported into the VPN if one of the route targets of the exported route matches one of the local VPN import route targets. Step 6 export route-policy policy-name Example: RP/0/RSP0/CPU0:router(config-vrf-af)# export route-policy policy_B Specifies a route policy that can be exported from the local VPN. Step 7 export route-target [as-number:nn | ip-address:nn] Example: RP/0/RSP0/CPU0:router(config-vrf-af)# export route-target 120:2 Associates the local VPN with a route target. When the route is advertised to other provider edge (PE) routers, the export route target is sent along with the route as an extended community. Step 8 exit Example: RP/0/RSP0/CPU0:router(config-vrf-af)# exit Exits VRF address family configuration mode and returns the router to VRF configuration mode. Step 9 exit Example: RP/0/RSP0/CPU0:router(config-vrf)# exit Exits VRF configuration mode and returns the router to global configuration mode. Step 10 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Enters BGP configuration mode allowing you to configure the BGP routing process. Step 11 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_1 Configures a VRF instance and enters VRF configuration mode for BGP routing. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 32 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring VRF Interfaces on PE Routers for Each VPN Customer Perform this task to associate a VPN routing and forwarding (VRF) instance with an interface or a subinterface on the PE routers. Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is rejected. SUMMARY STEPS 1. configure 2. interface type interface-path-id 3. vrf vrf-name 4. ipv4 address ipv4-address mask 5. end or commit Step 12 rd {as-number | ip-address | auto} Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# rd auto Automatically assigns a unique route distinguisher (RD) to vrf_1. Step 13 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# end or RP/0/RSP0/CPU0:router(config-bgp-vrf)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 33 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 0/3/0/0 Enters interface configuration mode. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-if)# vrf vrf_A Configures a VRF instance and enters VRF configuration mode. Step 4 ipv4 address ipv4-address mask Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 address 192.168.1.27 255.255.255.0 Configures a primary IPv4 address for the specified interface. Step 5 end or commit Example: RP/0/RSP0/CPU0:router(config-if)# end or RP/0/RSP0/CPU0:router(config-if)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 34 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring BGP as the Routing Protocol Between the PE and CE Routers Perform this task to configure PE-to-CE routing sessions using BGP. SUMMARY STEPS 1. configure 2. router bgp autonomous-system-number 3. bgp router-id {ip-address} 4. vrf vrf-name 5. label-allocation-mode per-ce 6. address-family ipv4 unicast 7. redistribute connected [metric metric-value] [route-policy route-policy-name] or redistribute isis process-id [level {1 | 1-inter-area | 2}] [metric metric-value] [route-policy route-policy-name] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [route-policy route-policy-name] or redistribute static [metric metric-value] [route-policy route-policy-name] 8. aggregate-address address/mask-length [as-set] [as-confed-set] [summary-only] [route-policy route-policy-name] 9. network {ip-address/prefix-length | ip-address mask} [route-policy route-policy-name] 10. exit 11. neighbor ip-address 12. remote-as autonomous-system-number 13. password {clear | encrypted} password 14. ebgp-multihop [ttl-value] 15. address-family ipv4 unicast 16. allowas-in [as-occurrence-number] 17. route-policy route-policy-name in 18. route-policy route-policy-name out 19. end or commitImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 35 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process. Step 3 bgp router-id {ip-address} Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp router-id 192.168.70.24 Configures the local router with a router ID of 192.168.70.24. Step 4 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_1 Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for BGP routing. Step 5 label-allocation-mode per-ce Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# label-allocation-mode per-ce Sets the MPLS VPN label allocation mode for each customer edge (CE) label mode allowing the provider edge (PE) router to allocate one label for every immediate next-hop. Step 6 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# address-family ipv4 unicast Enters VRF address family configuration mode for the IPv4 address family. Step 7 redistribute connected [metric metric-value] [route-policy route-policy-name] or redistribute isis process-id [level {1 | 1-inter-area | 2}] [metric metric-value] [route-policy route-policy-name] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [route-policy route-policy-name] or redistribute static [metric metric-value] [route-policy route-policy-name] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# redistribute connected Causes routes to be redistributed into BGP. The routes that can be redistributed into BGP are: • Connected • Intermediate System-to-Intermediate System (IS-IS) • Open Shortest Path First (OSPF) • StaticImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 36 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 8 aggregate-address address/mask-length [as-set] [as-confed-set] [summary-only] [route-policy route-policy-name] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# aggregate-address 10.0.0.0/8 as-set Creates an aggregate address. The path advertised for this route is an autonomous system set consisting of all elements contained in all paths that are being summarized. • The as-set keyword generates autonomous system set path information and community information from contributing paths. • The as-confed-set keyword generates autonomous system confederation set path information from contributing paths. • The summary-only keyword filters all more specific routes from updates. • The route-policy route-policy-name keyword and argument specify the route policy used to set the attributes of the aggregate route. Step 9 network {ip-address/prefix-length | ip-address mask} [route-policy route-policy-name] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# network 172.20.0.0/16 Configures the local router to originate and advertise the specified network. Step 10 exit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# exit Exits VRF address family configuration mode and returns the router to VRF configuration mode for BGP routing. Step 11 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 172.168.40.24 Places the router in VRF neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as a BGP peer. Step 12 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number. Step 13 password {clear | encrypted} password Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# password clear pswd123 Configures neighbor 172.168.40.24 to use MD5 authentication with the password pswd123. Step 14 ebgp-multihop [ttl-value] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# ebgp-multihop Allows a BGP connection to neighbor 172.168.40.24. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 37 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 15 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 unicast Enters VRF neighbor address family configuration mode for BGP routing. Step 16 allowas-in [as-occurrence-number] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# allowas-in 3 Replaces the neighbor autonomous system number (ASN) with the PE ASN in the AS path three times. Step 17 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy In-Ipv4 in Applies the In-Ipv4 policy to inbound IPv4 unicast routes. Step 18 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy In-Ipv4 in Applies the In-Ipv4 policy to outbound IPv4 unicast routes. Step 19 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 38 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions using Routing Information Protocol version 2 (RIPv2). SUMMARY STEPS 1. configure 2. router rip 3. vrf vrf-name 4. interface type instance 5. site-of-origin {as-number:number | ip-address:number} 6. exit 7. redistribute bgp as-number [[external | internal | local] [route-policy name] or redistribute connected [route-policy name] or redistribute isis process-id [level-1 | level-1-2 | level-2] [route-policy name] or redistribute eigrp as-number [route-policy name] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [route-policy name] or redistribute static [route-policy name] 8. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router rip Example: RP/0/RSP0/CPU0:router(config)# router rip Enters the Routing Information Protocol (RIP) configuration mode allowing you to configure the RIP routing process. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-rip)# vrf vrf_1 Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for RIP routing.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 39 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 4 interface type instance Example: RP/0/RSP0/CPU0:router(config-rip-vrf)# interface GigabitEthernet 0/3/0/0 Enters VRF interface configuration mode. Step 5 site-of-origin {as-number:number | ip-address:number} Example: RP/0/RSP0/CPU0:router(config-rip-vrf-if)# site-of-origin 200:1 Identifies routes that have originated from a site so that the re-advertisement of that prefix back to the source site can be prevented. Uniquely identifies the site from which a PE router has learned a route. Step 6 exit Example: RP/0/RSP0/CPU0:router(config-rip-vrf-if)# exit Exits VRF interface configuration mode, and returns the router to VRF configuration mode for RIP routing. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 40 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 7 redistribute bgp as-number [[external | internal | local] [route-policy name] or redistribute connected [route-policy name] or redistribute eigrp as-number [route-policy name] or redistribute isis process-id [level-1 | level-1-2 | level-2] [route-policy name] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [route-policy name] or redistribute static [route-policy name] Example: RP/0/RSP0/CPU0:router(config-rip-vrf)# redistribute connected Causes routes to be redistributed into RIP. The routes that can be redistributed into RIP are: • Border Gateway Protocol (BGP) • Connected • Enhanced Interior Gateway Routing Protocol (EIGRP) • Intermediate System-to-Intermediate System (IS-IS) • Open Shortest Path First (OSPF) • Static Step 8 end or commit Example: RP/0/RSP0/CPU0:router(config-rip-vrf)# end or RP/0/RSP0/CPU0:router(config-rip-vrf)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 41 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring Static Routes Between the PE and CE Routers Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use static routes. Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is rejected. SUMMARY STEPS 1. configure 2. router static 3. vrf vrf-name 4. address-family ipv4 unicast 5. prefix/mask [vrf vrf-name] {ip-address | type interface-path-id} 6. prefix/mask [vrf vrf-name] bfd fast-detect 7. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router static Example: RP/0/RSP0/CPU0:router(config)# router static Enters static routing configuration mode allowing you to configure the static routing process. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-static)# vrf vrf_1 Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for static routing. Step 4 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-static-vrf)# address-family ipv4 unicast Enters VRF address family configuration mode for the IPv4 address family.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 42 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring OSPF as the Routing Protocol Between the PE and CE Routers Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Open Shortest Path First (OSPF). SUMMARY STEPS 1. configure 2. router ospf process-name 3. vrf vrf-name 4. router-id {router-id | type interface-path-id} 5. redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] Step 5 prefix/mask [vrf vrf-name] {ip-address | type interface-path-id} Example: RP/0/RSP0/CPU0:router(config-static-vrf-afi)# 172.168.40.24/24 vrf vrf_1 10.1.1.1 Assigns the static route to vrf_1. Step 6 prefix/mask [vrf vrf-name] bfd fast-detect Example: RP/0/RSP0/CPU0:router(config-static-vrf-afi)# 172.168.40.24/24 vrf vrf_1 bfd fast-detect Enables bidirectional forwarding detection (BFD) to detect failures in the path between adjacent forwarding engines. This option is available is when the forwarding router address is specified in Step 5. Step 7 end or commit Example: RP/0/RSP0/CPU0:router(config-static-vrf-afi)# end or RP/0/RSP0/CPU0:router(config-static-vrf-afi)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 43 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] 6. area area-id 7. interface type interface-path-id 8. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router ospf process-name Example: RP/0/RSP0/CPU0:router(config)# router ospf 109 Enters OSPF configuration mode allowing you to configure the OSPF routing process. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-ospf)# vrf vrf_1 Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for OSPF routing. Step 4 router-id {router-id | type interface-path-id} Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# router-id 172.20.10.10 Configures the router ID for the OSPF routing process.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 44 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 5 redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]]}[metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# redistribute connected Causes routes to be redistributed into OSPF. The routes that can be redistributed into OSPF are: • Border Gateway Protocol (BGP) • Connected • Enhanced Interior Gateway Routing Protocol (EIGRP) • OSPF • Static • Routing Information Protocol (RIP) Step 6 area area-id Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# area 0 Configures the OSPF area as area 0. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 45 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring EIGRP as the Routing Protocol Between the PE and CE Routers Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Enhanced Interior Gateway Routing Protocol (EIGRP). Using EIGRP between the PE and CE routers allows you to transparently connect EIGRP customer networks through an MPLS-enable Border Gateway Protocol (BGP) core network so that EIGRP routes are redistributed through the VPN across the BGP network as internal BGP (iBGP) routes. Prerequisites BGP must configured in the network. See the Implementing BGP on Cisco ASR 9000 Series Routers module in Cisco ASR 9000 Series Aggregation Services Routers Routing Configuration Guide. Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is rejected. Step 7 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-ospf-vrf-ar)# interface GigabitEthernet 0/3/0/0 Associates interface GigabitEthernet 0/3/0/0 with area 0. Step 8 end or commit Example: RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)# end or RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 46 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 SUMMARY STEPS 1. configure 2. router eigrp as-number 3. vrf vrf-name 4. address-family ipv4 5. router-id router-id 6. autonomous-system as-number 7. default-metric bandwidth delay reliability loading mtu 8. redistribute {{bgp | connected | isis | ospf| rip | static} [as-number | instance-name]} [route-policy name] 9. interface type interface-path-id 10. site-of-origin {as-number:number | ip-address:number} 11. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 24 Enters EIGRP configuration mode allowing you to configure the EIGRP routing process. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf_1 Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for EIGRP routing. Step 4 address-family ipv4 Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address family ipv4 Enters VRF address family configuration mode for the IPv4 address family. Step 5 router-id router-id Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# router-id 172.20.0.0 Configures the router ID for the Enhanced Interior Gateway Routing Protocol (EIGRP) routing process.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 47 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 6 autonomous-system as-number Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# autonomous-system 6 Configures the EIGRP routing process to run within a VRF. Step 7 default-metric bandwidth delay reliability loading mtu Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# default-metric 100000 4000 200 45 4470 Sets the metrics for an EIGRP. Step 8 redistribute {{bgp | connected | isis | ospf| rip | static} [as-number | instance-name]} [route-policy name] Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# redistribute connected Causes connected routes to be redistributed into EIGRP. Step 9 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# interface GigabitEthernet 0/3/0/0 Associates interface GigabitEthernet 0/3/0/0 with the EIGRP routing process. Step 10 site-of-origin {as-number:number | ip-address:number} Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# site-of-origin 201:1 Configures site of origin (SoO) on interface GigabitEthernet 0/3/0/0. Step 11 end or commit Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# end or RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 48 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring EIGRP Redistribution in the MPLS VPN Perform this task for every provider edge (PE) router that provides VPN services to enable Enhanced Interior Gateway Routing Protocol (EIGRP) redistribution in the MPLS VPN. Prerequisites The metric can be configured in the route-policy configuring using the redistribute command (or configured with the default-metric command). If an external route is received from another EIGRP autonomous system or a non-EIGRP network without a configured metric, the route is not installed in the EIGRP database. If an external route is received from another EIGRP autonomous system or a non-EIGRP network without a configured metric, the route is not advertised to the CE router. See the Implementing EIGRP on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Routers Routing Configuration Guide. Restrictions Redistribution between native EIGRP VPN routing and forwarding (VRF) instances is not supported. This behavior is designed. SUMMARY STEPS 1. configure 2. router eigrp as-number 3. vrf vrf-name 4. address-family ipv4 5. redistribute bgp [as-number] [route-policy policy-name] 6. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 24 Enters EIGRP configuration mode allowing you to configure the EIGRP routing process. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf_1 Configures a VRF instance and enters VRF configuration mode for EIGRP routing.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 49 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 4 address-family ipv4 Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address family ipv4 Enters VRF address family configuration mode for the IPv4 address family. Step 5 redistribute bgp [as-number] [route-policy policy-name] Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# redistribute bgp 24 route-policy policy_A Causes Border Gateway Protocol (BGP) routes to be redistributed into EIGRP. Step 6 end or commit Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# end or RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 50 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels Note This section is not applicable to Inter-AS over IP tunnels. This section contains instructions for these tasks: • Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels, page VPC-50 • Configuring the Route Reflectors to Exchange VPN-IPv4 Routes, page VPC-53 • Configuring the Route Reflector to Reflect Remote Routes in its AS, page VPC-56 Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels Perform this task to configure the autonomous system boundary routers (ASBRs) to exchange IPv4 routes and MPLS labels. SUMMARY STEPS 1. configure 2. router bgp autonomous-system-number 3. address-family ipv4 unicast 4. allocate-label all 5. neighbor ip-address 6. remote-as autonomous-system-number 7. address-family ipv4 labeled-unicast 8. route-policy route-policy-name in 9. route-policy route-policy-name out 10. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)# Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 51 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 3 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)# Enters global address family configuration mode for the IPv4 unicast address family. Step 4 allocate-label all Example: RP/0/RSP0/CPU0:router(config-bgp-af)# allocate-label all Allocates the MPLS labels for a specific IPv4 unicast or VPN routing and forwarding (VRF) IPv4 unicast routes so that the BGP router can send labels with BGP routes to a neighboring router that is configured for a labeled-unicast session. Step 5 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 172.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as a BGP peer. Step 6 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number. Step 7 address-family ipv4 labeled-unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af) Enters neighbor address family configuration mode for the IPv4 labeled-unicast address family. Step 8 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in Applies a routing policy to updates that are received from a BGP neighbor. • Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. • Use the in keyword to define the policy for inbound routes. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 52 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 9 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out Applies a routing policy to updates that are sent to a BGP neighbor. • Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. • Use the out keyword to define the policy for outbound routes. Step 10 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 53 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring the Route Reflectors to Exchange VPN-IPv4 Routes Perform this task to enable the route reflectors to exchange VPN-IPv4 routes by using multihop. This task specifies that the next-hop information and the VPN label are to be preserved across the autonomous system. SUMMARY STEPS 1. configure 2. router bgp autonomous-system-number 3. neighbor ip-address 4. remote-as autonomous-system-number 5. ebgp-multihop [ttl-value] 6. update-source type interface-path-id 7. address-family vpnv4 unicast 8. route-policy route-policy-name in 9. route-policy route-policy-name out 10. next-hop-unchanged 11. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)# Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process. Step 3 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as a BGP peer. Step 4 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 54 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 5 ebgp-multihop [ttl-value] Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# ebgp-multihop Enables multihop peerings with external BGP neighbors. Step 6 update-source type interface-path-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0 Allows BGP sessions to use the primary IP address from a particular interface as the local address. Step 7 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Configures VPNv4 address family. Step 8 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in Applies a routing policy to updates that are received from a BGP neighbor. • Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. • Use the in keyword to define the policy for inbound routes. Step 9 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out Applies a routing policy to updates that are sent to a BGP neighbor. • Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. • Use the out keyword to define the policy for outbound routes. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 55 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 10 next-hop-unchanged Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# next-hop-unchanged Disables overwriting of the next hop before advertising to external Border Gateway Protocol (eBGP) peers. Step 11 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 56 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring the Route Reflector to Reflect Remote Routes in its AS Perform this task to enable the route reflector (RR) to reflect the IPv4 routes and labels learned by the autonomous system boundary router (ASBR) to the provider edge (PE) routers in the autonomous system. This task is accomplished by making the ASBR and PE route reflector clients of the RR. SUMMARY STEPS 1. configure 2. router bgp autonomous-system-number 3. address-family ipv4 unicast 4. allocate-label all 5. neighbor ip-address 6. remote-as autonomous-system-number 7. update-source type interface-path-id 8. address-family ipv4 labeled-unicast 9. route-reflector-client 10. neighbor ip-address 11. remote-as autonomous-system-number 12. update-source type interface-path-id 13. address-family ipv4 labeled-unicast 14. route-reflector-client 15. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process. Step 3 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)# Enters global address family configuration mode for the IPv4 unicast address family.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 57 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 4 allocate-label all Example: RP/0/RSP0/CPU0:router(config-bgp-af)# allocate-label all Allocates the MPLS labels for a specific IPv4 unicast or VPN routing and forwarding (VRF) IPv4 unicast routes so that the BGP router can send labels with BGP routes to a neighboring router that is configured for a labeled-unicast session. Step 5 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 172.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as an ASBR eBGP peer. Step 6 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number. Step 7 update-source type interface-path-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0 Allows BGP sessions to use the primary IP address from a particular interface as the local address. Step 8 address-family ipv4 labeled-unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Enters neighbor address family configuration mode for the IPv4 labeled-unicast address family. Step 9 route-reflector-client Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-reflector-client Configures the router as a BGP route reflector and neighbor 172.168.40.24 as its client. Step 10 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# neighbor 10.40.25.2 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 10.40.25.2 as an VPNv4 iBGP peer. Step 11 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 58 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 12 update-source type interface-path-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0 Allows BGP sessions to use the primary IP address from a particular interface as the local address. Step 13 address-family ipv4 labeled-unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Enters neighbor address family configuration mode for the IPv4 labeled-unicast address family. Step 14 route-reflector-client Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-reflector-client Configures the neighbor as a route reflector client. Step 15 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 59 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses This section contains instructions for these tasks: • Configuring the ASBRs to Exchange VPN-IPv4 Addresses, page VPC-59 • Configuring a Static Route to an ASBR Peer, page VPC-62 • Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a Confederation, page VPC-64 • Configuring MPLS Forwarding for ASBR Confederations, page VPC-66 • Configuring a Static Route to an ASBR Confederation Peer, page VPC-68 Configuring the ASBRs to Exchange VPN-IPv4 Addresses Perform this task to configure an external Border Gateway Protocol (eBGP) autonomous system boundary router (ASBR) to exchange VPN-IPv4 routes with another autonomous system. SUMMARY STEPS 1. configure 2. router bgp autonomous-system-number 3. address-family vpnv4 unicast 4. retain route-target {all | route-policy route-policy-name} 5. neighbor ip-address 6. remote-as autonomous-system-number 7. address-family vpnv4 unicast 8. route-policy route-policy-name in 9. route-policy route-policy-name out 10. neighbor ip-address 11. remote-as autonomous-system-number 12. update-source type interface-path-id 13. address-family vpnv4 unicast 14. end or commitImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 60 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)# Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process. Step 3 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)# Configures VPNv4 address family. Step 4 retain route-target {all | route-policy route-policy-name} Example: RP/0/RSP0/CPU0:router(config-bgp-af)# retain route-target route-policy policy1 Retrieves VPNv4 table from PE routers. The retain route-target command is required on an Inter-AS option B ASBR. You can use this command with either all or route-policy keyword Step 5 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 172.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as an ASBR eBGP peer. Step 6 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number. Step 7 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Configures VPNv4 address family.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 61 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 8 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in Applies a routing policy to updates that are received from a BGP neighbor. • Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. • Use the in keyword to define the policy for inbound routes. Step 9 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out Applies a routing policy to updates that are sent from a BGP neighbor. • Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. • Use the out keyword to define the policy for outbound routes. Step 10 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# neighbor 10.40.25.2 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 10.40.25.2 as an VPNv4 iBGP peer. Step 11 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number. Step 12 update-source type interface-path-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0 Allows BGP sessions to use the primary IP address from a particular interface as the local address. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 62 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring a Static Route to an ASBR Peer Perform this task to configure a static route to an ASBR peer. SUMMARY STEPS 1. configure 2. router static 3. address-family ipv4 unicast 4. A.B.C.D/length next-hop 5. end or commit Step 13 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Configures VPNv4 address family. Step 14 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 63 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router static Example: RP/0/RSP0/CPU0:router(config)# router static RP/0/RSP0/CPU0:router(config-static)# Enters router static configuration mode. Step 3 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-static)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-static-afi)# Enables an IPv4 address family. Step 4 A.B.C.D/length next-hop Example: RP/0/RSP0/CPU0:router(config-static-afi)# 10.10.10.10/32 10.9.9.9 Enters the address of the destination router (including IPv4 subnet mask). Step 5 end or commit Example: RP/0/RSP0/CPU0:router(config-static-afi)# end or RP/0/RSP0/CPU0:router(config-static-afi)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 64 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a Confederation Perform this task to configure external Border Gateway Protocol (eBGP) routing to exchange VPN routes between subautonomous systems in a confederation. Note To ensure that host routes for VPN-IPv4 eBGP neighbors are propagated (by means of the Interior Gateway Protocol [IGP]) to other routers and PE routers, specify the redistribute connected command in the IGP configuration portion of the confederation eBGP (CEBGP) router. If you are using Open Shortest Path First (OSPF), make sure that the OSPF process is not enabled on the CEBGP interface in which the “redistribute connected” subnet exists. SUMMARY STEPS 1. configure 2. router bgp autonomous-system-number 3. bgp confederation peers peer autonomous-system-number 4. bgp confederation identifier autonomous-system-number 5. address-family vpnv4 unicast 6. neighbor ip-address 7. remote-as autonomous-system-number 8. address-family vpnv4 unicast 9. route-policy route-policy-name in 10. route-policy route-policy-name out 11. next-hop-self 12. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp autonomous-system-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)# Enters BGP configuration mode allowing you to configure the BGP routing process.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 65 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 3 bgp confederation peers peer autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation peers 8 Configures the peer autonomous system number that belongs to the confederation. Step 4 bgp confederation identifier autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation identifier 5 Specifies the autonomous system number for the confederation ID. Step 5 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)# Configures VPNv4 address family. Step 6 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 10.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 10.168.40.24 as a BGP peer. Step 7 remote-as autonomous-system-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Creates a neighbor and assigns it a remote autonomous system number. Step 8 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Configures VPNv4 address family. Step 9 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy In-Ipv4 in Applies a routing policy to updates received from a BGP neighbor. Step 10 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy Out-Ipv4 out Applies a routing policy to updates advertised to a BGP neighbor. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 66 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring MPLS Forwarding for ASBR Confederations Perform this task to configure MPLS forwarding for autonomous system boundary router (ASBR) confederations (in BGP) on a specified interface. Note This configuration adds the implicit NULL rewrite corresponding to the peer associated with the interface, which is required to prevent BGP from automatically installing rewrites by LDP (in multihop instances). SUMMARY STEPS 1. configure 2. router bgp as-number 3. mpls activate 4. interface type interface-path-id 5. end or commit Step 11 next-hop-self Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# next-hop-self Disables next-hop calculation and let you insert your own address in the next-hop field of BGP updates. Step 12 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 67 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp) Enters BGP configuration mode allowing you to configure the BGP routing process. Step 3 mpls activate Example: RP/0/RSP0/CPU0:router(config-bgp)# mpls activate RP/0/RSP0/CPU0:router(config-bgp-mpls)# Enters BGP MPLS activate configuration mode. Step 4 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-bgp-mpls)# interface GigabitEthernet 0/3/0/0 Enables MPLS on the interface. Step 5 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-mpls)# end or RP/0/RSP0/CPU0:router(config-bgp-mpls)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 68 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring a Static Route to an ASBR Confederation Peer Perform this task to configure a static route to an Inter-AS confederation peer. For more detailed information, see “Configuring a Static Route to a Peer” section on page MPC-78. SUMMARY STEPS 1. configure 2. router static 3. address-family ipv4 unicast 4. A.B.C.D/length next-hop 5. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router static Example: RP/0/RSP0/CPU0:router(config)# router static RP/0/RSP0/CPU0:router(config-static)# Enters router static configuration mode. Step 3 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-static)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-static-afi)# Enables an IPv4 address family.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 69 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 4 A.B.C.D/length next-hop Example: RP/0/RSP0/CPU0:router(config-static-afi)# 10.10.10.10/32 10.9.9.9 Enters the address of the destination router (including IPv4 subnet mask). Step 5 end or commit Example: RP/0/RSP0/CPU0:router(config-static-afi)# end or RP/0/RSP0/CPU0:router(config-static-afi)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 70 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring Carrier Supporting Carrier Perform the tasks in this section to configure Carrier Supporting Carrier (CSC): • Identifying the Carrier Supporting Carrier Topology, page VPC-70 • Configuring the Backbone Carrier Core, page VPC-71 • Configuring the CSC-PE and CSC-CE Routers, page VPC-71 • Configuring a Static Route to a Peer, page VPC-78 Identifying the Carrier Supporting Carrier Topology Before you configure the MPLS VPN CSC with BGP, you must identify both the backbone and customer carrier topology. Note You can connect multiple CSC-CE routers to the same PE, or you can connect a single CSC-CE router to multiple CSC-PEs using more than one CSC-CE interface to provide redundancy and multiple path support in a CSC topology. Perform this task to identify the carrier supporting carrier topology. SUMMARY STEPS 1. Identify the type of customer carrier, ISP, or MPLS VPN service provider. 2. Identify the CE routers. 3. Identify the customer carrier core router configuration. 4. Identify the customer carrier edge (CSC-CE) routers. 5. Identify the backbone carrier router configuration. DETAILED STEPS Command or Action Purpose Step 1 Identify the type of customer carrier, ISP, or MPLS VPN service provider. Sets up requirements for configuration of carrier supporting carrier network. Step 2 Identify the CE routers. Sets up requirements for configuration of CE to PE connections. Step 3 Identify the customer carrier core router configuration. Sets up requirements for configuration between core (P) routers and between P routers and edge routers (PE and CSC-CE routers). Step 4 Identify the customer carrier edge (CSC-CE) routers. Sets up requirements for configuration of CSC-CE to CSC-PE connections. Step 5 Identify the backbone carrier router configuration. Sets up requirements for configuration between CSC core routers and between CSC core routers and edge routers (CSC-CE and CSC-PE routers).Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 71 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring the Backbone Carrier Core Configuring the backbone carrier core requires setting up connectivity and routing functions for the CSC core and the CSC-PE routers. To do so, you must complete these high-level tasks: • Verify IP connectivity in the CSC core. • Verify LDP configuration in the CSC core. Note This task is not applicable to CSC over IP tunnels. • Configure VRFs for CSC-PE routers. • Configure multiprotocol BGP for VPN connectivity in the backbone carrier. Configuring the CSC-PE and CSC-CE Routers Perform these tasks to configure links between a CSC-PE router and the carrier CSC-CE router for an MPLS VPN CSC network that uses BGP to distribute routes and MPLS labels: • Configuring a CSC-PE • Configuring a CSC-CE Figure 6 shows the configuration for the peering with directly connected interfaces between CSC-PE and CSC-CE routers. This configuration is used as the example in the tasks that follow. Figure 6 Configuration for Peering with Directly Connected Interfaces Between CSC-PE and CSC-CE Routers Configuring a CSC-PE Perform this task to configure a CSC-PE. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family vpnv4 unicast 4. neighbor A.B.C.D 5. remote-as as-number 6. update-source type interface-path-id 7. address-family vpnv4 unicast 8. vrf vrf-name 9. rd {as-number:nn | ip-address:nn | auto} CSC-CE e1/0 e1/0 10.0.0.1 10.0.0.2 CSC-PE 121190Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 72 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 10. address-family ipv4 unicast 11. allocate-label all 12. neighbor A.B.C.D 13. remote-as as-number 14. address-family ipv4 labeled-unicast 15. route-policy route-policy-name in 16. route-policy route-policy-name out 17. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 2 RP/0/RSP0/CPU0:router(config-bgp)# Configures a BGP routing process and enters router configuration mode. • Range for 2-byte numbers is 1 to 65535. Range for 4-byte numbers is 1.0 to 65535.65535. Step 3 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)# Configures VPNv4 address family. Step 4 neighbor A.B.C.D Example: RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 10.10.10.0 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Configures the IP address for the BGP neighbor. Step 5 remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 888 Configures the AS number for the BGP neighbor. Step 6 update-source type interface-path-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0 Allows BGP sessions to use the primary IP address from a particular interface as the local address.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 73 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 7 address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Configures VPNv4 unicast address family. Step 8 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# vrf 9999 RP/0/RSP0/CPU0:router(config-bgp-vrf)# Configures a VRF instance. Step 9 rd {as-number:nn | ip-address:nn | auto} Example: RP/0/RSP0/CPU0:router(onfig-bgp-vrf)# rd auto Configures a route distinguisher. Note Use the auto keyword to automatically assign a unique route distinguisher. Step 10 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# Configures IPv4 unicast address family. Step 11 allocate-label all Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# allocate-label all Allocate labels for all local prefixes and prefixes received with labels. Step 12 neighbor A.B.C.D Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# neighbor 10.10.10.0 RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# Configures the IP address for the BGP neighbor. Step 13 remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# remote-as 888 Enables the exchange of information with a neighboring BGP router. Step 14 address-family ipv4 labeled-unicast Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# Configures IPv4 labeled-unicast address family. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 74 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 15 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy pass-all in Applies the pass-all policy to all inbound routes. Step 16 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy pass-all out Applies the pass-all policy to all outbound routes. Step 17 end or commit Example: RP/0/RSP0/CPU0:router(cconfig-bgp-vrf-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 75 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring a CSC-CE Perform this task to configure a CSC-CE. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family ipv4 unicast 4. redistribute ospf instance-number 5. allocate-label route-policy route-policy-name 6. exit 7. neighbor A.B.C.D 8. remote-as as-number 9. address-family ipv4 labeled-unicast 10. route-policy route-policy-name in 11. route-policy route-policy-name out 12. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 1 Configures a BGP routing process and enters router configuration mode. • Range for 2-byte numbers is 1 to 65535. Range for 4-byte numbers is 1.0 to 65535.65535. Step 3 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast Configures IPv4 unicast address-family. Step 4 redistribute ospf instance-number Example: RP/0/RSP0/CPU0:router(config-router-af)# redistribute ospf 1 Redistributes OSPF routes into BGP.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 76 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 5 allocate-label route-policy route-policy-name Example: RP/0/RSP0/CPU0:router(config-router-af)# allocate-label route-policy internal-routes Allocates labels for those routes that match the route policy. These labeled routes are advertised to neighbors configured with address-family ipv4 labeled-unicast. Step 6 exit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# exit Exits the current configuration mode. Step 7 neighbor A.B.C.D Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.0.1 Configures the IP address for the BGP neighbor. Step 8 remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1 Enables the exchange of information with a neighboring BGP router. Step 9 address-family ipv4 labeled-unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# Configures IPv4 labeled-unicast address family. Step 10 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in Applies the route-policy to all inbound routes. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 77 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 11 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out Applies the route-policy to all outbound routes. Step 12 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end or RP/0/RSP0/CPU0:router(config-bgp)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 78 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring a Static Route to a Peer Perform this task to configure a static route to an Inter-AS or CSC-CE peer. When you configure an Inter-AS or CSC peer, BGP allocates a label for a /32 route to that peer and performs a NULL label rewrite. When forwarding a labeled packet to the peer, the router removes the top label from the label stack; however, in such an instance, BGP expects a /32 route to the peer. This task ensures that there is, in fact, a /32 route to the peer. Please be aware of these facts before performing this task: • A /32 route is not required to establish BGP peering. A route using a shorter prefix length will also work. • A shorter prefix length route is not associated with the allocated label; even though the BGP session comes up between the peers, without the static route, forwarding will not work. Note To configure a static route on a CSC-PE, you must configure the router under the VRF (as noted in the detailed steps). SUMMARY STEPS 1. configure 2. router static 3. address-family ipv4 unicast 4. A.B.C.D/length next-hop 5. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router(config)# configure Enters global configuration mode. Step 2 router static Example: RP/0/RSP0/CPU0:router(config)# router static Enters router static configuration mode. Step 3 address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-static)# address-family ipv4 unicast Enables an IPv4 address family. Note To configure a static route on a CSC-PE, you must first configure the VRF using the vrf command before address-family. Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 79 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 4 A.B.C.D/length next-hop Example: RP/0/RSP0/CPU0:router(config-static-afi)# 10.10.10.10/32 10.9.9.9 Enters the address of the destination router (including IPv4 subnet mask). Step 5 end or commit Example: RP/0/RSP0/CPU0:router(config-static-af)# end or RP/0/RSP0/CPU0:router(config-static-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 80 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Verifying the MPLS Layer 3 VPN Configuration Perform this task to verify the MPLS Layer 3 VPN configuration. SUMMARY STEPS 1. show running-config router bgp as-number vrf vrf-name 2. show running-config routes 3. show ospf vrf vrf-name database 4. show running-config router bgp as-number vrf vrf-name neighbor ip-address 5. show bgp vrf vrf-name summary 6. show bgp vrf vrf-name neighbors ip-address 7. show bgp vrf vrf-name 8. show route vrf vrf-name ip-address 9. show bgp vpn unicast summary 10. show running-config router isis 11. show running-config mpls 12. show isis adjacency 13. show mpls ldp forwarding 14. show bgp vpnv4 unicast show bgp vrf vrf-name 15. show bgp vrf vrf-name imported-routes 16. show route vrf vrf-name ip-address 17. show cef vrf vrf-name ip-address 18. show cef vrf vrf-name ip-address location node-id 19. show bgp vrf vrf-name ip-address 20. show ospf vrf vrf-name database DETAILED STEPS Command or Action Purpose Step 1 show running-config router bgp as-number vrf vrf-name Example: RP/0/RSP0/CPU0:router# show running-config router bgp 3 vrf vrf_A Displays the specified VPN routing and forwarding (VRF) content of the currently running configuration. Step 2 show running-config routes Example: RP/0/RSP0/CPU0:router# show running-config routes Displays the Open Shortest Path First (OSPF) routes table in the currently running configuration.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 81 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 3 show ospf vrf vrf-name database Example: RP/0/RSP0/CPU0:router# show ospf vrf vrf_A database Displays lists of information related to the OSPF database for a specified VRF. Step 4 show running-config router bgp as-number vrf vrf-name neighbor ip-address Example: RP/0/RSP0/CPU0:router# show running-config router bgp 3 vrf vrf_A neighbor 172.168.40.24 Displays the Border Gateway Protocol (BGP) VRF neighbor content of the currently running configuration. Step 5 show bgp vrf vrf-name summary Example: RP/0/RSP0/CPU0:router# show bgp vrf vrf_A summary Displays the status of the specified BGP VRF connections. Step 6 show bgp vrf vrf-name neighbors ip-address Example: RP/0/RSP0/CPU0:router# show bgp vrf vrf_A neighbors 172.168.40.24 Displays information about BGP VRF connections to the specified neighbors. Step 7 show bgp vrf vrf-name Example: RP/0/RSP0/CPU0:router# show bgp vrf vrf_A Displays information about a specified BGP VRF. Step 8 show route vrf vrf-name ip-address Example: RP/0/RSP0/CPU0:router# show route vrf vrf_A 10.0.0.0 Displays the current routes in the Routing Information Base (RIB) for a specified VRF. Step 9 show bgp vpn unicast summary Example: RP/0/RSP0/CPU0:router# show bgp vpn unicast summary Displays the status of all BGP VPN unicast connections. Step 10 show running-config router isis Example: RP/0/RSP0/CPU0:router# show running-config router isis Displays the Intermediate System-to-Intermediate System (IS-IS) content of the currently running configuration. Step 11 show running-config mpls Example: RP/0/RSP0/CPU0:router# show running-config mpls Displays the MPLS content of the currently running-configuration. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 82 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 12 show isis adjacency Example: RP/0/RSP0/CPU0:router# show isis adjacency Displays IS-IS adjacency information. Step 13 show mpls ldp forwarding Example: RP/0/RSP0/CPU0:router# show mpls ldp forwarding Displays the Label Distribution Protocol (LDP) forwarding state installed in MPLS forwarding. Step 14 show bgp vpnv4 unicast Example: RP/0/RSP0/CPU0:router# show bgp vpnv4 unicast Displays entries in the BGP routing table for VPNv4 unicast addresses. Step 15 show bgp vrf vrf-name Example: RP/0/RSP0/CPU0:router# show bgp vrf vrf_A Displays entries in the BGP routing table for VRF vrf_A. Step 16 show bgp vrf vrf-name imported-routes Example: RP/0/RSP0/CPU0:router# show bgp vrf vrf_A imported-routes Displays BGP information for routes imported into specified VRF instances. Step 17 show route vrf vrf-name ip-address Example: RP/0/RSP0/CPU0:router# show route vrf vrf_A 10.0.0.0 Displays the current specified VRF routes in the RIB. Step 18 show cef vrf vrf-name ip-address Example: RP/0/RSP0/CPU0:router# show cef vrf vrf_A 10.0.0.1 Displays the IPv4 Cisco Express Forwarding (CEF) table for a specified VRF. Step 19 show cef vrf vrf-name ip-address location node-id Example: RP/0/RSP0/CPU0:router# show cef vrf vrf_A 10.0.0.1 location 0/1/cpu0 Displays the IPv4 CEF table for a specified VRF and location. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 83 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring L3VPN over GRE Perform the following tasks to configure L3VPN over GRE: • Creating a GRE Tunnel between Provider Edge Routers • Configuring IGP between Provider Edge Routers • Configuring LDP/GRE on the Provider Edge Routers • Configuring L3VPN Creating a GRE Tunnel between Provider Edge Routers Perform this task to configure a GRE tunnel between provider edge routers. SUMMARY STEPS 1. configure 2. interface tunnel-ip number 3. ipv4 address ipv4-address subnet-mask 4. ipv6 address ipv6-prefix/prefix-length 5. tunnel mode gre ipv4 6. tunnel source type number 7. tunnel destination ip-address 8. end or commit Step 20 show bgp vrf vrf-name ip-address Example: RP/0/RSP0/CPU0:router# show bgp vrf vrf_A 10.0.0.0 Displays entries in the BGP routing table for VRF vrf_A. Step 21 show ospf vrf vrf-name database Example: RP/0/RSP0/CPU0:router# show ospf vrf vrf_A database Displays lists of information related to the OSPF database for a specified VRF. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 84 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 interface tunnel-ip number Example: RP/0/RSP0/CPU0:router(config)# interface tunnel-ip 4000 Enters tunnel interface configuration mode. • number is the number associated with the tunnel interface. Step 3 ipv4 address ipv4-address subnet-mask Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 address 10.1.1.1 255.255.255.0 Specifies the IPv4 address and subnet mask for the interface. • ipv4-address specifies the IP address of the interface. • subnet-mask specifies the subnet mask of the interface. Step 4 ipv6 address ipv6-prefix/prefix-length Example: RP/0/RSP0/CPU0:router(config-if)# ipv6 address 100:1:1:1::1/64 Specifies an IPv6 network assigned to the interface. Step 5 tunnel mode gre ipv4 Example: RP/0/RSP0/CPU0:router(config-if)# tunnel mode gre ipv4 Sets the encapsulation mode of the tunnel interface to GRE. Step 6 tunnel source type path-id Example: RP/0/RSP0/CPU0:router(config-if)# tunnel source TenGigE0/2/0/1 Specifies the source of the tunnel interface. Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 85 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring IGP between Provider Edge Routers Perform this task to configure IGP between provider edge routers. SUMMARY STEPS 1. configure 2. router ospf process-name 3. nsr 4. router-id {router-id} 5. mpls ldp sync 6. dead-interval seconds 7. hello-interval seconds 8. area area-id 9. interface tunnel-ip number 10. end or commit Step 7 tunnel destination ip-address Example: RP/0/RSP0/CPU0:router(config-if)# tunnel destination 145.12.5.2 Defines the tunnel destination. Step 8 end or commit Example: RP/0/RSP0/CPU0:router(config-if)# end or RP/0/RSP0/CPU0:router(config-if)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 86 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router ospf process-name Example: RP/0/RSP0/CPU0:router(config)# router ospf 1 Enables OSPF routing for the specified routing process and places the router in router configuration mode. Step 3 nsr Example: RP/0/RSP0/CPU0:router(config-ospf)# nsr Activates BGP NSR. Step 4 router-id {router-id} Example: RP/0/RSP0/CPU0:router(config-ospf)# router-id 1.1.1.1 Configures a router ID for the OSPF process. Note We recommend using a stable IP address as the router ID. Step 5 mpls ldp sync Example: RP/0/RSP0/CPU0:router(config-ospf)# mpls ldp sync Enables MPLS LDP synchronization. Step 6 dead-interval seconds Example: RP/0/RSP0/CPU0:router(config-ospf)# dead-interval 60 Sets the time to wait for a hello packet from a neighbor before declaring the neighbor down. Step 7 hello-interval seconds Example: RP/0/RSP0/CPU0:router(config-ospf)# hello-interval 15 Specifies the interval between hello packets that OSPF sends on the interface. Step 8 area area-id Example: RP/0/RSP0/CPU0:router(config-ospf)# area 0 Enters area configuration mode and configures an area for the OSPF process.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 87 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring LDP/GRE on the Provider Edge Routers Perform this task to configure LDP/GRE on the provider edge routers. SUMMARY STEPS 1. configure 2. mpls ldp 3. router-id {router-id} 4. discovery hello holdtime seconds 5. discovery hello interval seconds 6. nsr 7. graceful-restart 8. graceful-restart reconnect-timeout seconds 9. graceful-restart forwarding-state-holdtime seconds 10. holdtime seconds 11. neighbor ip-address 12. interface tunnel-ip number Step 9 interface tunnel-ip number Example: RP/0/RSP0/CPU0:router(config-ospf)# interface tunnel-ip 4 Enters tunnel interface configuration mode. • number is the number associated with the tunnel interface. Step 10 end or commit Example: RP/0/RSP0/CPU0:router(config-ospf)# end or RP/0/RSP0/CPU0:router(config-ospf)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 88 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 13. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 mpls ldp Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Enables MPLS LDP configuration mode. Step 3 router-id {router-id} Example: RP/0/RSP0/CPU0:router(config-ldp)# router-id 1.1.1.1 Configures a router ID for the OSPF process. Note We recommend using a stable IP address as the router ID. Step 4 discovery hello holdtime seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# discovery hello holdtime 40 Defines the period of time a discovered LDP neighbor is remembered without receipt of an LDP Hello message from the neighbor. Step 5 discovery hello interval seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# discovery hello holdtime 20 Defines the period of time between the sending of consecutive Hello messages. Step 6 nsr Example: RP/0/RSP0/CPU0:router(config-ldp)# nsr Activates BGP NSR. Step 7 graceful-restart Example: RP/0/RSP0/CPU0:router(config-ldp)# graceful-restart Enables graceful restart on the router. Step 8 graceful-restart reconnect-timeout seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# graceful-restart recoonect-timeout 180 Defines the time for which the neighbor should wait for a reconnection if the LDP session is lost. Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 89 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring L3VPN Perform this task to configure L3VPN. SUMMARY STEPS 1. configure 2. vrf vrf-name Step 9 graceful-restart forwarding-state-holdtime seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# graceful-restart forwarding-state-holdtime 300 Defines the time that the neighbor should retain the MPLS forwarding state during a recovery. Step 10 holdtime seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# holdtime 90 Configures the hold time for an interface. Step 11 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-ldp)# neighbor 10.1.1.0 Defines a neighboring router. Step 12 interface tunnel-ip number Example: RP/0/RSP0/CPU0:router(config-ldp)# interface tunnel-ip 4 Enters tunnel interface configuration mode. • number is the number associated with the tunnel interface. Step 13 end or commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end or RP/0/RSP0/CPU0:router(config-ldp)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 90 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 3. address-family { ipv4 | ipv6 } unicast 4. import route-target [as-number:nn | ip-address:nn] 5. export route-target [as-number:nn | ip-address:nn] 6. interface type interface-path-id 7. vrf vrf-name 8. ipv4 address ipv4-address subnet-mask 9. dot1q vlan vlan-id 10. router bgp process-name 11. nsr 12. bgp router-id ip-address 13. address-family {vpnv4 | vpnv6} unicast 14. neighbor ip-address 15. remote-as as-number 16. update-source type interface-path-id 17. address-family {vpnv4 | vpnv6} unicast 18. route-policy policy-name in 19. route-policy policy-name out 20. vrf vrf-name 21. rd {as-number:nn | ip-address:nn | auto} 22. address-family {ipv4 | ipv6} unicast 23. redistribute connected [metric metric-value] [route-policy route-policy-name] 24. redistribute static [metric metric-value] [route-policy route-policy-name] 25. neighbor ip-address 26. remote-as as-number 27. ebgp-multihop ttl-value 28. address-family {ipv4 | ipv6} unicast 29. route-policy policy-name in 30. route-policy policy-name out 31. end or commitImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 91 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config)# vrf vpn1 Configures a VRF instance. Step 3 address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family { ipv4 | ipv6 } unicast Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. Step 4 import route-target [as-number:nn | ip-address:nn] Example: RP/0/RSP0/CPU0:router(config-vrf)# import route-target 2:1 Specifies a list of route target (RT) extended communities. Only prefixes that are associated with the specified import route target extended communities are imported into the VRF. Step 5 export route-target [as-number:nn | ip-address:nn] Example: RP/0/RSP0/CPU0:router(config-vrf)# export route-target 1:1 Specifies a list of route target extended communities. Export route target communities are associated with prefixes when they are advertised to remote PEs. The remote PEs import them into VRFs which have import RTs that match these exported route target communities. Step 6 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config)#interface TenGigE0/2/0/0.1 Enters interface configuration mode and configures an interface. Step 7 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-if)# vrf vpn1 Configures a VRF instance. Step 8 ipv4 address ipv4-address subnet-mask Example: RP/0/RSP0/CPU0:router(config-if)# ipv4 address 150.1.1.1 255.255.255.0 Specifies the IPv4 address and subnet mask for the interface. • ipv4-address specifies the IP address of the interface. • subnet-mask specifies the subnet mask of the interface. Step 9 dot1q native vlan vlan-id Example: RP/0/RSP0/CPU0:router(config-if)# dot1q native vlan 1 Assigns the native VLAN ID of a physical interface trunking 802.1Q VLAN traffic.Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 92 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 10 router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. Step 11 nsr Example: RP/0/RSP0/CPU0:router(config-bgp)# nsr Activates BGP NSR. Step 12 bgp router-id ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp router-id 1.1.1.1 Configures the local router with a specified router ID. Step 13 address-family {vpnv4 | vpnv6} unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast Enters address family configuration submode for the specified address family. Step 14 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 4.4.4.4 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. Step 15 remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)#remote-as 1 Creates a neighbor and assigns a remote autonomous system number to it. Step 16 update-source type interface-path-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)#update-so urce Loopback0 Allows sessions to use the primary IP address from a specific interface as the local address when forming a session with a neighbor. Step 17 address-family {vpnv4 | vpnv6} unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast Enters address family configuration submode for the specified address family. Step 18 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy pass-all in Defines a route policy and enters route policy configuration mode. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 93 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 19 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy pass-all out Defines a route policy and enters route policy configuration mode. Step 20 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config)# vrf vpn1 Configures a VRF instance. Step 21 rd {as-number:nn | ip-address:nn | auto} Example: RP/0/RSP0/CPU0:router(config-vrf)#rd 1:1 Configures the route distinguisher. Step 22 address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. Step 23 redistribute connected [metric metric-value] [route-policy route-policy-name] Example: RP/0/RSP0/CPU0:router(config-vrf-af)# redistribute connected Causes routes from the specified instance to be redistributed into BGP. Step 24 redistribute static [metric metric-value] [route-policy route-policy-name] Example: RP/0/RSP0/CPU0:router(config-vrf-af)# redistribute static Causes routes from the specified instance to be redistributed into BGP. Step 25 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 150.1.1.2 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. Step 26 remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)#remote-as 7501 Creates a neighbor and assigns a remote autonomous system number to it. Step 27 ebg-multihop ttl-value Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)#ebgp-mult ihop 10 Configures the CE neighbor to accept and attempt BGP connections to external peers residing on networks that are not directly connected. Command or Action PurposeImplementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs 94 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 28 address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. Step 29 route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy BGP_pass_all in Defines a route policy and enters route policy configuration mode. Step 30 route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy BGP_pass_all out Defines a route policy and enters route policy configuration mode. Step 31 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs 95 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuration Examples for Implementing MPLS Layer 3 VPNs This section provides these sample configurations for MPLS L3VPN features: • Configuring an MPLS VPN Using BGP: Example, page VPC-95 • Configuring the Routing Information Protocol on the PE Router: Example, page VPC-96 • Configuring the PE Router Using EIGRP: Example, page VPC-96 • Configuration Examples for MPLS VPN CSC, page VPC-97 • Configuring L3VPN over GRE: Example, page VPC-98 Configuring an MPLS VPN Using BGP: Example This example shows the configuration for an MPLS VPN using BGP on “vrf vpn1”: address-family ipv4 unicast import route-target 100:1 ! export route-target 100:1 ! ! ! route-policy pass-all pass end-policy ! interface Loopback0 ipv4 address 10.0.0.1 255.255.255.255 ! interface gigabitEthernet 0/1/0/0 vrf vpn1 ipv4 address 10.0.0.2 255.0.0.0 ! interface gigabitEthernet 0/1/0/1 ipv4 address 10.0.0.1 255.0.0.0 ! router ospf 100 area 100 interface loopback0 interface gigabitEthernet 0/1/0/1 ! ! router bgp 100 address-family vpnv4 unicast retain route-target route-policy policy1 neighbor 10.0.0.3 remote-as 100 update-source Loopback0 address-family vpnv4 unicast ! vrf vpn1 rd 100:1 address-family ipv4 unicast redistribute connected ! neighbor 10.0.0.1 remote-as 200Implementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs 96 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 address-family ipv4 unicast as-override route-policy pass-all in route-policy pass-all out ! advertisement-interval 5 ! ! ! mpls ldp route-id looback0 interface gigabitEthernet 0/1/0/1 ! Configuring the Routing Information Protocol on the PE Router: Example This example shows the configuration for the RIP on the PE router: vrf vpn1 address-family ipv4 unicast import route-target 100:1 ! export route-target 100:1 ! ! ! route-policy pass-all pass end-policy ! interface gigabitEthernet 0/1/0/0 vrf vpn1 ipv4 address 10.0.0.2 255.0.0.0 ! router rip vrf vpn1 interface GigabitEthernet0/1/0/0 ! timers basic 30 90 90 120 redistribute bgp 100 default-metric 3 route-policy pass-all in ! Configuring the PE Router Using EIGRP: Example This example shows the configuration for the Enhanced Interior Gateway Routing Protocol (EIGRP) on the PE router: Router eigrp 10 vrf VRF1 address-family ipv4 router-id 10.1.1.2 default-metric 100000 2000 255 1 1500 as 62 redistribute bgp 2000Implementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs 97 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 interface Loopback0 ! interface GigabitEthernet0/6/0/0 Configuration Examples for MPLS VPN CSC Configuration examples for the MPLS VPN CSC include: • Configuring the Backbone Carrier Core: Examples, page VPC-97 • Configuring the Links Between CSC-PE and CSC-CE Routers: Examples, page VPC-97 • Configuring a Static Route to a Peer: Example, page VPC-98 Configuring the Backbone Carrier Core: Examples Configuration examples for the backbone carrier core included in this section are as follows: • Configuring VRFs for CSC-PE Routers: Example, page VPC-97 • Configuring the Links Between CSC-PE and CSC-CE Routers: Examples, page VPC-97 Configuring VRFs for CSC-PE Routers: Example This example shows how to configure a VPN routing and forwarding instance (VRF) for a CSC-PE router: config vrf vpn1 address-family ipv4 unicast import route-target 100:1 export route-target 100:1 end Configuring the Links Between CSC-PE and CSC-CE Routers: Examples This section contains these examples: • Configuring a CSC-PE: Example, page VPC-97 • Configuring a CSC-CE: Example, page VPC-98 Configuring a CSC-PE: Example In this example, a CSC-PE router peers with a PE router, 10.1.0.2, in its own AS. It also has a labeled unicast peering with a CSC-CE router, 10.0.0.1. config router bgp 2 address-family vpnv4 unicast neighbor 10.1.0.2 remote-as 2 update-source loopback0 address-family vpnv4 unicast vrf customer-carrier rd 1:100 address-family ipv4 unicast allocate-label all redistribute static neighbor 10.0.0.1Implementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs 98 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 remote-as 1 address-family ipv4 labeled-unicast route-policy pass-all in route-policy pass-all out as-override end Configuring a CSC-CE: Example This example shows how to configure a CSC-CE router. In this example, the CSC-CE router peers CSC-PE router 10.0.0.2 in AS 2. config router bgp 1 address-family ipv4 unicast redistribute ospf 200 allocate-label all neighbor 10.0.0.2 remote-as 2 address-family ipv4 labeled-unicast route-policy pass-all in route-policy pass-all out end Configuring a Static Route to a Peer: Example This example shows how to configure a static route to an Inter-AS or CSC-CE peer: config router static address-family ipv4 unicast 10.0.0.2/32 40.1.1.1 end Configuring L3VPN over GRE: Example The following example shows how to configure L3VPN over GRE: Sample configuration to create a GRE tunnel between PE1 and PE2: RP/0/RSP0/CPU0:PE1#sh run int tunnel-ip 1 interface tunnel-ip1 ipv4 address 100.1.1.1 255.255.255.0 ipv6 address 100:1:1:1::1/64 tunnel mode gre ipv4 tunnel source TenGigE0/2/0/1 tunnel destination 145.12.5.2 ! RP/0/RSP0/CPU0:PE2#sh run int tunnel-ip 1 interface tunnel-ip1 ipv4 address 100.1.1.2 255.255.255.0 ipv6 address 100:1:1:1::2/64 tunnel mode gre ipv4 tunnel source TenGigE0/1/0/2 tunnel destination 145.12.1.1 Configure IGP between PE1 and PE2: Sample configuration for PE1 is given below. PE2 will also have a similar configuration. RP/0/RSP0/CPU0:PE1#sh run router ospf 1Implementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs 99 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 router ospf 1 nsr router-id 1.1.1.1 <=== Loopback0 mpls ldp sync mtu-ignore enable dead-interval 60 hello-interval 15 area 0 interface TenGigE0/2/0/1 ! RP/0/RSP0/CPU0:PE1#sh run router ospf 0 router ospf 0 nsr router-id 1.1.1.1 mpls ldp sync dead-interval 60 hello-interval 15 area 0 interface Loopback0 ! interface tunnel-ip1 ! * Check for OSPF neighbors RP/0/RSP0/CPU0:PE1#sh ospf neighbor Neighbors for OSPF 0 Neighbor ID Pri State Dead Time Address Interface 4.4.4.4 1 FULL/ - 00:00:47 100.1.1.2 tunnel-ip1 <== Neighbor PE2 Neighbor is up for 00:13:40 Neighbors for OSPF 1 Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 1 FULL/DR 00:00:50 145.12.1.2 TenGigE0/2/0/1 <== Neighbor P1 Neighbor is up for 00:13:43 Configure LDP/GRE on PE1 and PE2: RP/0/RSP0/CPU0:PE1#sh run mpls ldp mpls ldp router-id 1.1.1.1 <=== Loopback0 discovery hello holdtime 45 discovery hello interval 15 nsr graceful-restart graceful-restart reconnect-timeout 180 graceful-restart forwarding-state-holdtime 300 holdtime 90 log neighbor ! interface tunnel-ip1 ! *Check for mpls forwarding RP/0/RSP0/CPU0:PE1#sh mpls forwarding prefix 4.4.4.4/32 Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched Implementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs 100 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 ---- ------- -------------- -------- ----------- ---------- 16003 Pop 4.4.4.4/32 ti1 100.4.1.2 0 Configure L3VPN RP/0/RSP0/CPU0:PE1#sh run vrf vpn1 vrf vpn1 address-family ipv4 unicast import route-target 2:1 ! export route-target 1:1 ! RP/0/RSP0/CPU0:PE1#sh run int tenGigE 0/2/0/0.1 interface TenGigE0/2/0/0.1 vrf vpn1 ipv4 address 150.1.1.1 255.255.255.0 dot1q vlan 1 ! RP/0/RSP0/CPU0:PE1#sh run router bgp router bgp 1 nsr bgp router-id 1.1.1.1 <===Loopback0 address-family vpnv4 unicast ! neighbor 4.4.4.4 <===iBGP session with PE2 remote-as 1 update-source Loopback0 address-family vpnv4 unicast route-policy pass-all in route-policy pass-all out ! ! vrf vpn1 rd 1:1 address-family ipv4 unicast redistribute connected redistribute static ! neighbor 150.1.1.2 <=== VRF neighbor remote-as 7501 ebgp-multihop 10 address-family ipv4 unicast route-policy BGP_pass_all in route-policy BGP_pass_all out ! * Check vrf ping to the 150.1.1.2. RP/0/RSP0/CPU0:PE1#ping vrf vpn1 150.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 150.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms * Send traffic to vrf routes adverstised and verify that mpls counters increase in tunnel interface accounting RP/0/RSP0/CPU0:PE1#sh int tunnel-ip1 accounting tunnel-ip1 Protocol Pkts In Chars In Pkts Out Chars OutImplementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs 101 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 IPV4_MULTICAST 3 276 3 276 MPLS 697747 48842290 0 0Implementing MPLS Layer 3 VPNs Additional References 102 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Additional References For additional information, refer to these documents: Related Documents Standards MIBs Related Topic Document Title Cisco ASR 9000 Series Router L2VPN commands MPLS Virtual Private Network Commands on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference Routing (BGP, EIGRP, OSPF, and RIP) commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference Routing (BGP, EIGRP, OSPF, and RIP) configuration Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide MPLS LDP configuration: configuration concepts, task, and examples Implementing MPLS Label Distribution Protocol on Cisco ASR 9000 Series Routers module in this document. MPLS Traffic Engineering Resource Reservation Protocol configuration: configuration concepts, task, and examples Implementing RSVP for MPLS-TE on Cisco ASR 9000 Series Routers module in this document. Getting started material Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Standards Title No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. — MIBs MIBs Link — To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at this URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtmlImplementing MPLS Layer 3 VPNs Additional References 103 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 RFCs Technical Assistance RFCs Title RFC 1700 Assigned Numbers RFC 1918 Address Allocation for Private Internets RFC 1966 BGP Route Reflectors: An Alternative to Full Mesh iBGP RFC 2283 Multiprotocol Extensions for BGP-4 RFC 2547 BGP/MPLS VPNs RFC 2842 Capabilities Advertisement with BGP-4 RFC 2858 Multiprotocol Extensions for BGP-4 RFC 3107 Carrying Label Information in BGP-4 Description Link The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. http://www.cisco.com/techsupportImplementing MPLS Layer 3 VPNs Additional References 104 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02105 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Implementing IPv6 VPN Provider Edge Transport over MPLS This module describes how to implement IPv6 VPN Provider Edge Transport over MPLS on Cisco ASR 9000 Series Aggregation Services Routers. IPv6 VPN Provider Edge (6PE/VPE) uses the existing MPLS IPv4 core infrastructure for IPv6 transport. 6PE/VPE enables IPv6 sites to communicate with each other over an MPLS IPv4 core network using MPLS label switched paths (LSPs). This feature relies heavily on multiprotocol Border Gateway Protocol (BGP) extensions in the IPv4 network configuration on the provider edge (PE) router to exchange IPv6 reachability information (in addition to an MPLS label) for each IPv6 address prefix. Edge routers are configured as dual-stack, running both IPv4 and IPv6, and use the IPv4 mapped IPv6 address for IPv6 prefix reachability exchange. For detailed information about the commands used to configure L2TP functionality, see the Cisco ASR 9000 Aggregation Services Router Routing Command Reference. Feature History for Implementing 6PE on Cisco ASR 9000 Series Routers Contents • Prerequisites for Implementing 6PE/VPE, page VPC-106 • Information About 6PE/VPE, page VPC-106 • How to Implement 6PE/VPE, page VPC-109 • Configuration Examples for 6PE, page VPC-122 • Additional References, page VPC-124 Release Modification Release 3.9.1 This feature was introduced. Release 4.0.0 Support was added for the 6PE and 6VPE features for IPv6 L3VPN on A9K-SIP-700. Support was added for the BGP per VRF/CE label allocation for 6PE feature. Release 4.1.0 Support for the Open Shortest Path First version 3 (OSPFv3) IPv6 VPN Provider Edge (6VPE) feature was added.Implementing IPv6 VPN Provider Edge Transport over MPLS Prerequisites for Implementing 6PE/VPE 106 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Prerequisites for Implementing 6PE/VPE These prerequisites are required to implement 6PE: • You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. • Familiarity with MPLS and BGP4 configuration and troubleshooting. Information About 6PE/VPE To configure the 6PE feature, you should understand the concepts that are described in these sections: • Overview of 6PE/VPE, page VPC-106 • Benefits of 6PE/VPE, page VPC-107 • Deploying IPv6 over MPLS Backbones, page VPC-107 • IPv6 on the Provider Edge and Customer Edge Routers, page VPC-107 • IPv6 Provider Edge Multipath, page VPC-108 • OSPFv3 6VPE, page VPC-108 Overview of 6PE/VPE Multiple techniques are available to integrate IPv6 services over service provider core backbones: • Dedicated IPv6 network running over various data link layers • Dual-stack IPv4-IPv6 backbone • Existing MPLS backbone leverage These solutions are deployed on service providers’ backbones when the amount of IPv6 traffic and the revenue generated are in line with the necessary investments and the agreed-upon risks. Conditions are favorable for the introduction of native IPv6 services, from the edge, in a scalable way, without any IPv6 addressing restrictions and without putting a well-controlled IPv4 backbone in jeopardy. Backbone stability is essential for service providers that have recently stabilized their IPv4 infrastructure. Service providers running an MPLS/IPv4 infrastructure follow similar trends because several integration scenarios that offer IPv6 services on an MPLS network are possible. Cisco Systems has specially developed Cisco 6PE or IPv6 Provider Edge Router over MPLS, to meet all those requirements. Inter-AS support for 6PE requires support of Border Gateway Protocol (BGP) to enable address families and to allocate and distribute PE and ASBR labels.Implementing IPv6 VPN Provider Edge Transport over MPLS Information About 6PE/VPE 107 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Benefits of 6PE/VPE Service providers who currently deploy MPLS experience these benefits of Cisco 6PE: • Minimal operational cost and risk—No impact on existing IPv4 and MPLS services. • Only provider edge routers upgrade—A 6PE/VPE router can be an existing PE router or a new one dedicated to IPv6 traffic. • No impact on IPv6 customer edge routers—The ISP can connect to any customer CE running Static, IGP or EGP. • Production services ready—An ISP can delegate IPv6 prefixes. • IPv6 introduction into an existing MPLS service—6PE/VPE routers can be added at any time. Deploying IPv6 over MPLS Backbones Backbones enabled by 6PE (IPv6 over MPLS) allow IPv6 domains to communicate with each other over an MPLS IPv4 core network. This implementation requires no backbone infrastructure upgrades and no reconfiguration of core routers because forwarding is based on labels instead of the IP header itself. This provides a very cost-effective strategy for IPv6 deployment. Additionally, the inherent virtual private network (VPN) and traffic engineering (TE) services available within an MPLS environment allow IPv6 networks to be combined into VPNs or extranets over an infrastructure that supports IPv4 VPNs and MPLS-TE. IPv6 on the Provider Edge and Customer Edge Routers Service Provider Edge Routers 6PE is particularly applicable to service providers who currently run an MPLS network. One of its advantages is that there is no need to upgrade the hardware, software, or configuration of the core network, and it eliminates the impact on the operations and the revenues generated by existing IPv4 traffic. MPLS is used by many service providers to deliver services to customers. MPLS as a multiservice infrastructure technology is able to provide layer 3 VPN, QoS, traffic engineering, fast re-routing and integration of ATM and IP switching. Customer Edge Routers Using tunnels on the CE routers is the simplest way to deploy IPv6 over MPLS networks. It has no impact on the operation or infrastructure of MPLS, and requires no changes to the P routers in the core or to the PE routers. However, tunnel meshing is required as the number of CEs to connect increases, and it becomes difficult to delegate a global IPv6 prefix for an ISP. Figure 7 illustrates the network architecture using tunnels on the CE routers. Implementing IPv6 VPN Provider Edge Transport over MPLS Information About 6PE/VPE 108 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Figure 7 IPv6 Using Tunnels on the CE Routers IPv6 Provider Edge Multipath Internal and external BGP multipath for IPv6 allows the IPv6 router to balance load between several paths (for example, the same neighboring autonomous system (AS) or sub-AS, or the same metrics) to reach its destination. The 6PE multipath feature uses multiprotocol internal BGP (MP-IBGP) to distribute IPv6 routes over the MPLS IPv4 core network and to attach an MPLS label to each route. When MP-IBGP multipath is enabled on the 6PE router, all labeled paths are installed in the forwarding table with available MPLS information (label stack). This functionality enables 6PE to perform load balancing. OSPFv3 6VPE The Open Shortest Path First version 3 (OSPFv3) IPv6 VPN Provider Edge (6VPE) feature adds VPN routing and forwarding (VRF) and provider edge-to-customer edge(PE-CE) routing support to Cisco IOS XR OSPFv3 implementation. This feature allows: • Multiple VRF support per OSPFv3 routing process • OSPFV3 PE-CE extensions Multiple VRF Support OSPFv3 supports multiple VRFs in a single routing process that allows scaling to tens and hundreds of VRFs without consuming too much route processor (RP) resources. v6 IPv6 PE PE P OC-48/192 IPv6 over IPv4 tunnels v4 IPv4 v6 IPv6 v4 IPv4 v6 IPv6 IPv6 IPv4 v6 v4 P P P PE PE Dual stack IPv4-IPv6 CE routers Dual stack IPv4-IPv6 CE routers 210608Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 109 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Multiple OSPFv3 processes can be configured on a single router. In large-scale VRF deployments, this allows partition VRF processing across multiple RPs. It is also used to isolate default routing table or high impact VRFs from the regular VRFs. It is recommended to use a single process for all the VRFs. If needed, a second OSPFv3 process must be configured for IPv6 routing. Note The maximum of four OSPFv3 processes are supported. OSPFv3 PE-CE Extensions IPv6 protocol is being vastly deployed in today's customer networks. Service Providers (SPs) need to be able to offer Virtual Private Network (VPN) services to their customers for supporting IPv6 protocol, in addition to the already offered VPN services for IPv4 protocol. In order to support IPv6, routing protocols require additional extensions for operating in the VPN environment. Extensions to OSPFv3 are required in order for OSPFv3 to operate at the PE-CE links. VRF Lite VRF lite feature enables VRF deployment without BGP or MPLS based backbone. In VRF lite, the PE routers are directly connected using VRF interfaces. For OSPFv3, the following needs to operate differently in the VRF lite scenario, as opposed to the deployment with BGP or MPLS backbone: • DN bit processing—In VRF lite environment, the DN bit processing is disabled. • ABR status—In VRF context (except default VRF), OSPFv3 router is automatically set as an ABR, regardless to it’s connectivity to area 0. This automatic ABR status setting is disabled in the VRF lite environment. Note To enable VRF Lite, issue the capability vrf-lite command in the OSPFv3 VRF configuration submode. How to Implement 6PE/VPE This section includes these implementation procedures: • Configuring 6PE/VPE, page VPC-109 • Configuring PE to PE Core, page VPC-111 • Configuring PE to CE Core, page VPC-115 • Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers, page VPC-118 Configuring 6PE/VPE This task describes how to configure 6PE/VPE on PE routers to transport the IPv6 prefixes across the IPv4 cloud. Ensure that you configure 6PE/VPE on PE routers participating in both the IPv4 cloud and IPv6 clouds. Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 110 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Note For 6PE, you can use all routing protocols supported on Cisco IOS XR software such as BGP, OSPF, IS-IS, EIGRP, RIP, and Static to learn routes from both clouds. However, for 6VPE, you can use only the BGP, EIGRP and Static routing protocols to learn routes. SUMMARY STEPS 1. configure 2. router bgp as-number 3. neighbor ip-address 4. address-family ipv6 labeled-unicast 5. exit 6. exit 7. address-family ipv6 unicast 8. allocate-label [all | route-policy policy_name] 9. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 1 Enters the number that identifies the autonomous system (AS) in which the router resides. Range for 2-byte numbers is 1 to 65535. Range for 4-byte numbers is 1.0 to 65535.65535. Step 3 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 1.1.1.1 Enters neighbor configuration mode for configuring Border Gateway Protocol (BGP) routing sessions. Step 4 address-family ipv6 labeled-unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv6 labeled-unicast Specifies IPv6 labeled-unicast address prefixes. Note This option is also available in IPv6 neighbor configuration mode and VRF neighbor configuration mode. Step 5 exit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# exit Exits BGP address-family submode.Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 111 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring PE to PE Core This task describes how to configure a Provider Edge (PE) to PE Core. For information on configuring VPN Routing and Forwarding (VRF), refer to the Implementing BGP on Cisco ASR 9000 Series Router module of the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide. SUMMARY STEPS 1. configure 2. router bgp 3. address-family vpnv6 unicast Step 6 exit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# exit Exits BGP neighbor submode. Step 7 address-family ipv6 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv6 unicast Specifies IPv6 unicast address prefixes. Step 8 allocate-label [all | route-policy policy_name] Example: RP/0/RSP0/CPU0:router(config-bgp-af)# allocate-label all Allocates MPLS labels for specified IPv4 unicast routes. Note The route-policy keyword provides finer control to filter out certain routes from being advertised to the neighbor. Step 9 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end or RP/0/RSP0/CPU0:router(config-bgp-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 112 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 4. bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ] 5. bgp client-to-client reflection { cluster-id | disable } 6. neighbor ip-address 7. remote-as as-number 8. description text 9. password { clear | encrypted } password 10. shutdown 11. timers keepalive hold-time 12. update-source type interface-id 13. address-family vpnv6 unicast 14. route-policy route-policy-name { in | out } 15. exit 16. vrf vrf-name 17. rd { as-number : nn | ip-address : nn | auto } 18. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 10 Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. Step 3 address-family vpnv6 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv6 unicast Specifies the vpnv6 address family and enters address family configuration submode. Step 4 bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ] Example: RP/0/RSP0/CPU0:router(config-bgp-af)# bgp dampening 30 1500 10000 120 Configures BGP dampening for the specified address family.Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 113 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 5 bgp client-to-client reflection {cluster-id | disable } Example: RP/0/RSP0/CPU0:router(config-bgp-af)# bgp client-to-client reflection disable Configures client to client route reflection. Step 6 exit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# exit Exits the address family configuration submode. Step 7 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.1.1.1 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. Step 8 remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 100 Creates a neighbor and assigns a remote autonomous system number to it. Step 9 description text Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# description neighbor 172.16.1.1 Provides a description of the neighbor. The description is used to save comments and does not affect software function. Step 10 password { clear | encrypted } password Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# password encrypted 123abc Enables Message Digest 5 (MD5) authentication on the TCP connection between the two BGP neighbors. Step 11 shutdown Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# router bgp 1 Terminates any active sessions for the specified neighbor and removes all associated routing information. Step 12 timers keepalive hold-time Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# timers 12000 200 Set the timers for the BGP neighbor. Step 13 update-source type interface-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source gigabitEthernet 0/1/5/0 Allows iBGP sessions to use the primary IP address from a specific interface as the local address when forming an iBGP session with a neighbor. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 114 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 14 address-family vpnv6 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpvn6 unicast Enters VPN neighbor address family configuration mode. Step 15 route-policy route-policy-name { in | out } Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pe-pe-vpn-in in Specifies a routing policy for an inbound route. The policy can be used to filter routes or modify route attributes. Step 16 route-policy route-policy-name { in | out } Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pe-pe-vpn-out out Specifies a routing policy for an outbound route. The policy can be used to filter routes or modify route attributes. Step 17 exit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# exit Exits address family configuration and neighbor submode. Step 18 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf-pe Configures a VRF instance. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 115 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring PE to CE Core This task describes how to configure a PE to Customer Edge (CE) core. SUMMARY STEPS 1. configure 2. router bgp 3. vrf vrf-name 4. bgp router-id ip-address 5. label-allocation-mode { per-ce | per-vrf } 6. address-family ipv6 unicast 7. redistribute {connected | static | eigrp } 8. neighbor ip-address 9. remote-as as-number 10. ebgp-multihop { maximum hops | mpls } 11. address-family ipv6 unicast 12. site-of-origin [ as-number : nn | ip-address : nn ] Step 19 rd { as-number : nn | ip-address : nn | auto } Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# rd 345:567 Configures the route distinguisher. Use the auto keyword if you want the router to automatically assign a unique RD to the VRF. Step 20 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# end or RP/0/RSP0/CPU0:router(config-bgp-vrf)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 116 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 13. as-override 14. allowas-in [ as-occurrence-number ] 15. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 10 Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf-pe Configures a VRF instance. Step 4 bgp router-id ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)#bgp router-id 172.16.9.9 Configures a fixed router ID for a BGP-speaking router. Step 5 label-allocation-mode { per-ce | per-vrf } Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# label-allocation-mode per-ce Configures the per-CE label allocation mode to avoid an extra lookup on the PE router and conserve label space (per-prefix is the default label allocation mode). In this mode, the PE router allocates one label for every immediate next-hop (in most cases, this would be a CE router). This label is directly mapped to the next hop, so there is no VRF route lookup performed during data forwarding. However, the number of labels allocated would be one for each CE rather than one for each VRF. Because BGP knows all the next hops, it assigns a label for each next hop (not for each PE-CE interface). When the outgoing interface is a multiaccess interface and the media access control (MAC) address of the neighbor is not known, Address Resolution Protocol (ARP) is triggered during packet forwarding. The per-vrf keyword configures the same label to be used for all the routes advertised from a unique VRF.Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 117 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 6 address-family ipv6 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# address-family ipv6 unicast Specifies an IPv6 address family unicast and enters address family configuration submode. To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Step 7 redistribute {connected | static | eigrp } Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# Causes routes from the specified instance to be redistributed into BGP. Step 8 neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 10.0.0.0 Configures a CE neighbor. The ip-address argument must be a private address. Step 9 remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# remote-as 2 Configures the remote AS for the CE neighbor. Step 10 ebgp-multihop { maximum hops | mpls } Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# ebgp-multihop 55 Configures the CE neighbor to accept and attempt BGP connections to external peers residing on networks that are not directly connected. Step 11 address-family ipv6 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# address-family ipv6 unicast Specifies an IPv6 address family unicast and enters address family configuration submode. To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Step 12 site-of-origin [as-number:nn | ip-address:nn ] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# site-of-origin 234:111 Configures the site-of-origin (SoO) extended community. Routes that are learned from this CE neighbor are tagged with the SoO extended community before being advertised to the rest of the PEs. SoO is frequently used to detect loops when as-override is configured on the PE router. If the prefix is looped back to the same site, the PE detects this and does not send the update to the CE. Step 13 as-override Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# as-override Configures AS override on the PE router. This causes the PE router to replace the CE’s ASN with its own (PE) ASN. Note This loss of information could lead to routing loops; to avoid loops caused by as-override, use it in conjunction with site-of-origin. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 118 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Open Shortest Path First version 3 (OSPFv3). SUMMARY STEPS 1. configure 2. router ospfv3 process-name 3. vrf vrf-name 4. capability vrf-lite 5. router-id {router-id | type interface-path-id} 6. domain-id type {0005 | 0105 | 0205 | 8005} value domain-id 7. redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or Step 14 allowas-in [ as-occurrence-number ] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# allowas-in 5 Allows an AS path with the PE autonomous system number (ASN) a specified number of times. Hub and spoke VPN networks need the looping back of routing information to the HUB PE through the HUB CE. When this happens, due to the presence of the PE ASN, the looped-back information is dropped by the HUB PE. To avoid this, use the allowas-in command to allow prefixes even if they have the PEs ASN up to the specified number of times. Step 15 end or commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# end or RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 119 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] 8. area area-id 9. interface type interface-path-id 10. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 router ospf process-name Example: RP/0/RSP0/CPU0:router(config)# router ospf 109 Enters OSPF configuration mode allowing you to configure the OSPF routing process. Step 3 vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-ospf)# vrf vrf_1 Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for OSPF routing. Step 4 capability vrf-lite Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# capability vrf-lite Enables VRF Lite feature. Step 5 router-id {router-id | type interface-path-id} Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# router-id 172.20.10.10 Configures the router ID for the VRF. Note Router ID configuration is required for each VRF.Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 120 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 6 domain-id type {0005 | 0105 | 0205 | 8005} value domain-id Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# domain-id type 0005 value CAFE00112233 Specifies the domain ID. Step 7 redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]]}[metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# redistribute connected Causes routes to be redistributed into OSPF. The routes that can be redistributed into OSPF are: • Border Gateway Protocol (BGP) • Connected • Enhanced Interior Gateway Routing Protocol (EIGRP) • OSPF • Static • Routing Information Protocol (RIP) Step 8 area area-id Example: RP/0/RSP0/CPU0:router(config-ospf-vrf)# area 0 Configures the OSPF area as area 0. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE 121 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Step 9 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-ospf-vrf-ar)# interface GigabitEthernet 0/3/0/0 Associates interface GigabitEthernet 0/3/0/0 with area 0. Step 10 end or commit Example: RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)# end or RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS Configuration Examples for 6PE 122 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Configuration Examples for 6PE This section includes these configuration example: • Configuring 6PE on a PE Router: Example, page VPC-122 • Configuring 6VPE on a PE Router: Example, page VPC-122 • Configuring 6PE on a PE Router: Example This sample configuration shows the configuration of 6PE on a PE router: interface GigabitEthernet0/3/0/0 ipv6 address 2001::1/64 ! router isis ipv6-cloud net 49.0000.0000.0001.00 address-family ipv6 unicast single-topology interface GigabitEthernet0/3/0/0 address-family ipv6 unicast ! ! router bgp 55400 bgp router-id 54.6.1.1 address-family ipv4 unicast ! address-family ipv6 unicast network 55:5::/64 redistribute connected redistribute isis ipv6-cloud allocate-label all ! neighbor 34.4.3.3 remote-as 55400 address-family ipv4 unicast ! address-family ipv6 labeled-unicast Configuring 6VPE on a PE Router: Example This sample configuration shows the configuration of 6VPE on a PE router: vrf vpn1 address-family ipv6 unicast import route-target 200:2 ! export route-target 200:2 interface Loopback0 ipv4 address 10.0.0.1 255.255.255.255 interface GigabitEthernet0/0/0/1 vrf vpn1 ipv6 address 2001:c003:a::2/64 Implementing IPv6 VPN Provider Edge Transport over MPLS Configuration Examples for 6PE 123 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 router bgp 1 bgp router-id 10.0.0.1 bgp redistribute-internal bgp graceful-restart address-family ipv4 unicast ! address-family vpnv6 unicast ! neighbor 10.0.0.2 >>>> Remote peer loopback address. remote-as 1 update-source Loopback0 address-family ipv4 unicast ! address-family vpnv6 unicast route-policy pass-all in route-policy pass-all out ! vrf vpn1 rd 100:2 bgp router-id 140.140.140.140 address-family ipv6 unicast redistribute connected ! neighbor 2001:c003:a::1 remote-as 6502 address-family ipv6 unicast route-policy pass-all in route-policy pass-all out ! Configuring OSPFv3 between PE to CE: Example: This example shows you how to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Open Shortest Path First version 3 (OSPFv3): router ospfv3 0 vrf V1 router-id 100.0.0.2 domain-id type 0005 value CAFE00112233 domain-id secondary type 0105 value beef00000001 domain-id secondary type 0205 value beef00000002 capability vrf-lite redistribute bgp 1 area 0 interface POS0/3/0/1 vrf V2 router-id 200.0.0.2 capability vrf-lite area 1 interface POS0/3/0/2Implementing IPv6 VPN Provider Edge Transport over MPLS Additional References 124 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Additional References For additional information related to this feature, refer to these references: Related Document Standards MIBs RFCs Related Topic Document Title Getting started material Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Standards 1 1. Not all supported standards are listed. Title No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. — MIBs MIBs Link — To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at this URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml RFCs Title — —Implementing IPv6 VPN Provider Edge Transport over MPLS Additional References 125 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 Technical Assistance Description Link The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. http://www.cisco.com/techsupportImplementing IPv6 VPN Provider Edge Transport over MPLS Additional References 126 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02127 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 HC Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide IC Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide MCC Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide MNC Cisco ASR 9000 Series Aggregation Services Router System Monitoring Configuration Guide MPC Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide QC Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide RC Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide SC Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide SMC Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide LSC Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide I N D E X Numerics 6PE/VPE BGP multipath VPC-108 conditions for use VPC-106 how to configure VPC-109 how to deploy VPC-107 overview VPC-106 prerequisites VPC-106 service provider considerations VPC-106 supported protocols VPC-110 A automatic route distinguisher, MPLS Layer 3 VPN VPC-15 autonomous system VPC-16 B BGP confederations VPC-17 BGP (border gateway protocol) distributing routes VPC-21 messages and MPLS labels VPC-20 routing information VPC-20 BGP4 configuration VPC-106 BGP multipath 6PE/VPE VPC-108 C CSC (Carrier Supporting Carrier) configuration examples VPC-78 configuration options for backbone and customer carriers VPC-24 configuring a CSC-PE link VPC-71 configuring a static route to a peer VPC-78 customer carrier network options VPC-24 identifying topology VPC-70 CSC-CE link, how to configure VPC-75 CSC-PE link, how to configure VPC-71 customer edge router 6PE/VPE VPC-107 MPLS Layer 3 VPN VPC-12 customer edge router (CE) MPLS Layer 3 VPN VPC-12 E eBGP VPC-10Index 128 Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-26115-02 G Generic Routing Encapsulation (GRE over L3VPN) VPC-21 I Inter-AS configurations BGP VPC-17 interprovider VPN VPC-16 supported VPC-16 interprovider VPN, MPLS VPN VPC-17 M MPLS Layer 3 VPN automatic route distinguisher VPC-15 autonomous system VPC-16 components VPC-12 concepts VPC-11 customer edge router VPC-12 customer router VPC-12 defined VPC-11 defining VPC-11 distributed routing information VPC-13 FIB VPC-10 implementing VPC-11 major components VPC-15 MPLS forwarding VPC-14 PE router VPC-12 prerequisites VPC-10 provider router VPC-12 restrictions VPC-10 scalability VPC-12 security VPC-12 topology VPC-12 VPN routing information VPC-14 working VPC-13 MPLS VPN Inter-AS ASBRs VPC-15 major components VPC-15 P PE router MPLS Layer 3 VPN VPC-12 S service provider edge routers, 6PE VPC-107 service providers, 6PE VPC-106 static router to a peer, how to configure VPC-78 T tunnel types 6PE VPC-107 V verifying IP connectivity, CSC MPLS Layer 3 VPN VPC-71 VRF (virtual routing and forwarding) configuring backbone carrier core VPC-71 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-26056-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http:// www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. © 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S P r e f a c e Preface xiii Changes to This Document xiii Obtaining Documentation and Submitting a Service Request xiii C H A P T E R 1 Implementing MPLS Label Distribution Protocol 1 Prerequisites for Implementing Cisco MPLS LDP 2 Information About Implementing Cisco MPLS LDP 2 Overview of Label Distribution Protocol 2 Label Switched Paths 2 LDP Control Plane 3 Exchanging Label Bindings 4 LDP Forwarding 5 LDP Graceful Restart 6 Control Plane Failure 7 Phases in Graceful Restart 8 Recovery with Graceful-Restart 9 Label Advertisement Control (Outbound Filtering) 10 Label Acceptance Control (Inbound Filtering) 10 Local Label Allocation Control 11 Session Protection 11 IGP Synchronization 12 IGP Auto-configuration 13 LDP Nonstop Routing 13 IP LDP Fast Reroute Loop Free Alternate 14 Downstream on Demand 15 Explicit-Null and Implicit-Null Labels 16 How to Implement MPLS LDP 16 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 iiiConfiguring LDP Discovery Parameters 17 Configuring LDP Discovery Over a Link 19 Configuring LDP Discovery for Active Targeted Hellos 20 Configuring LDP Discovery for Passive Targeted Hellos 22 Configuring Label Advertisement Control (Outbound Filtering) 24 Setting Up LDP Neighbors 26 Setting Up LDP Forwarding 29 Setting Up LDP NSF Using Graceful Restart 31 Configuring Label Acceptance Control (Inbound Filtering) 34 Configuring Local Label Allocation Control 36 Configuring Session Protection 37 Configuring LDP IGP Synchronization: OSPF 39 Configuring LDP IGP Synchronization: ISIS 40 Enabling LDP Auto-Configuration for a Specified OSPF Instance 42 Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance 44 Disabling LDP Auto-Configuration 46 Configuring LDP Nonstop Routing 48 Configuring LDP Downstream on Demand mode 50 Redistributing MPLS LDP Routes into BGP 51 Setting Up Implicit-Null-Override Label 52 Configuration Examples for Implementing MPLS LDP 54 Configuring LDP with Graceful Restart: Example 54 Configuring LDP Discovery: Example 54 Configuring LDP Link: Example 54 Configuring LDP Discovery for Targeted Hellos: Example 55 Configuring Label Advertisement (Outbound Filtering): Example 55 Configuring LDP Neighbors: Example 56 Configuring LDP Forwarding: Example 56 Configuring LDP Nonstop Forwarding with Graceful Restart: Example 56 Configuring Label Acceptance (Inbound Filtering): Example 57 Configuring Local Label Allocation Control: Example 57 Configuring LDP Session Protection: Example 58 Configuring LDP IGP Synchronization—OSPF: Example 58 Configuring LDP IGP Synchronization—ISIS: Example 58 Configuring LDP Auto-Configuration: Example 59 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x iv OL-26056-02 ContentsConfigure IP LDP Fast Reroute Loop Free Alternate: Example 59 Verify IP LDP Fast Reroute Loop Free Alternate: Example 61 Additional References 63 C H A P T E R 2 Implementing RSVP for MPLS-TE 65 Prerequisites for Implementing RSVP for MPLS-TE 66 Information About Implementing RSVP for MPLS-TE 66 Overview of RSVP for MPLS-TE 66 LSP Setup 67 High Availability 67 Graceful Restart 67 Graceful Restart: Standard and Interface-Based 68 Graceful Restart: Figure 69 ACL-based Prefix Filtering 70 RSVP MIB 70 Information About Implementing RSVP Authentication 71 RSVP Authentication Functions 71 RSVP Authentication Design 71 Global, Interface, and Neighbor Authentication Modes 72 Security Association 73 Key-source Key-chain 74 Guidelines for Window-Size and Out-of-Sequence Messages 75 Caveats for Out-of-Sequence 75 How to Implement RSVP 75 Configuring Traffic Engineering Tunnel Bandwidth 76 Confirming DiffServ-TE Bandwidth 76 Enabling Graceful Restart 78 Configuring ACL-based Prefix Filtering 80 Configuring ACLs for Prefix Filtering 80 Configuring RSVP Packet Dropping 81 Verifying RSVP Configuration 83 Enabling RSVP Traps 86 How to Implement RSVP Authentication 88 Configuring Global Configuration Mode RSVP Authentication 88 Enabling RSVP Authentication Using the Keychain in Global Configuration Mode 88 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 v ContentsConfiguring a Lifetime for RSVP Authentication in Global Configuration Mode 90 Configuring the Window Size for RSVP Authentication in Global Configuration Mode 91 Configuring an Interface for RSVP Authentication 93 Specifying the RSVP Authentication Keychain in Interface Mode 93 Configuring a Lifetime for an Interface for RSVP Authentication 95 Configuring the Window Size for an Interface for RSVP Authentication 96 Configuring RSVP Neighbor Authentication 98 Specifying the Keychain for RSVP Neighbor Authentication 98 Configuring a Lifetime for RSVP Neighbor Authentication 100 Configuring the Window Size for RSVP Neighbor Authentication 102 Verifying the Details of the RSVP Authentication 104 Eliminating Security Associations for RSVP Authentication 104 Configuration Examples for RSVP 104 Bandwidth Configuration (Prestandard): Example 104 Bandwidth Configuration (MAM): Example 104 Bandwidth Configuration (RDM): Example 105 Refresh Reduction and Reliable Messaging Configuration: Examples 105 Refresh Interval and the Number of Refresh Messages Configuration: Example 105 Retransmit Time Used in Reliable Messaging Configuration: Example 105 Acknowledgement Times Configuration: Example 105 Summary Refresh Message Size Configuration: Example 106 Disable Refresh Reduction: Example 106 Configure Graceful Restart: Examples 106 Enable Graceful Restart: Example 106 Enable Interface-Based Graceful Restart: Example 106 Change the Restart-Time: Example 107 Change the Hello Interval: Example 107 Configure ACL-based Prefix Filtering: Example 107 Set DSCP for RSVP Packets: Example 107 Enable RSVP Traps: Example 108 Configuration Examples for RSVP Authentication 108 RSVP Authentication Global Configuration Mode: Example 108 RSVP Authentication for an Interface: Example 109 RSVP Neighbor Authentication: Example 109 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x vi OL-26056-02 ContentsRSVP Authentication by Using All the Modes: Example 110 Additional References 110 C H A P T E R 3 Implementing MPLS Forwarding 113 Prerequisites for Implementing Cisco MPLS Forwarding 113 Restrictions for Implementing Cisco MPLS Forwarding 113 Information About Implementing MPLS Forwarding 114 MPLS Forwarding Overview 114 Label Switching Functions 114 Distribution of Label Bindings 115 MFI Control-Plane Services 115 MFI Data-Plane Services 115 MPLS Maximum Transmission Unit 116 Additional References 116 C H A P T E R 4 Implementing MPLS Traffic Engineering 119 Prerequisites for Implementing Cisco MPLS Traffic Engineering 120 Restrictions for Implementing Cisco MPLS Traffic Engineering 120 Information About Implementing MPLS Traffic Engineering 121 Overview of MPLS Traffic Engineering 121 Benefits of MPLS Traffic Engineering 121 How MPLS-TE Works 121 MPLS Traffic Engineering 123 Backup AutoTunnels 123 AutoTunnel Attribute-set 123 Link Protection 124 Node Protection 124 Backup AutoTunnel Assignment 125 Explicit Paths 126 Periodic Backup Promotion 126 Protocol-Based CLI 126 Differentiated Services Traffic Engineering 127 Prestandard DS-TE Mode 127 IETF DS-TE Mode 127 Bandwidth Constraint Models 128 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 vii ContentsMaximum Allocation Bandwidth Constraint Model 128 Russian Doll Bandwidth Constraint Model 128 TE Class Mapping 129 Flooding 129 Flooding Triggers 129 Flooding Thresholds 130 Fast Reroute 130 MPLS-TE and Fast Reroute over Link Bundles 131 Ignore Intermediate System-to-Intermediate System Overload Bit Setting in MPLS-TE 131 Flexible Name-based Tunnel Constraints 132 MPLS Traffic Engineering Interarea Tunneling 133 Interarea Support 133 Multiarea Support 134 Loose Hop Expansion 134 Loose Hop Reoptimization 135 ABR Node Protection 135 Fast Reroute Node Protection 135 MPLS-TE Forwarding Adjacency 135 MPLS-TE Forwarding Adjacency Benefits 136 MPLS-TE Forwarding Adjacency Restrictions 136 MPLS-TE Forwarding Adjacency Prerequisites 136 Path Computation Element 136 Path Protection 138 Prerequisites for Path Protection 138 Restrictions for Path Protection 139 MPLS-TE Automatic Bandwidth 139 MPLS-TE Automatic Bandwidth Overview 139 Adjustment Threshold 141 Overflow Detection 141 Restrictions for MPLS-TE Automatic Bandwidth 141 Point-to-Multipoint Traffic-Engineering 142 Point-to-Multipoint Traffic-Engineering Overview 142 Point-to-Multipoint RSVP-TE 144 Point-to-Multipoint Fast Reroute 144 Point-to-Multipoint Label Switch Path 144 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x viii OL-26056-02 ContentsPath Option for Point-to-Multipoint RSVP-TE 145 MPLS Traffic Engineering Shared Risk Link Groups 146 Explicit Path 147 Fast ReRoute with SRLG Constraints 148 Importance of Protection 149 Delivery of Packets During a Failure 150 Multiple Backup Tunnels Protecting the Same Interface 150 SRLG Limitations 150 Soft-Preemption 151 Path Option Attributes 151 Configuration Hierarchy of Path Option Attributes 152 Traffic Engineering Bandwidth and Bandwidth Pools 152 Path Option Switchover 153 Path Option and Path Protection 153 Auto-Tunnel Mesh 154 Destination List (Prefix-List) 154 How to Implement Traffic Engineering 155 Building MPLS-TE Topology 155 Creating an MPLS-TE Tunnel 158 Configuring Forwarding over the MPLS-TE Tunnel 161 Protecting MPLS Tunnels with Fast Reroute 164 Enabling an AutoTunnel Backup 169 Removing an AutoTunnel Backup 170 Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPs 172 Establishing Next-Hop Tunnels with Link Protection 174 Configuring a Prestandard DS-TE Tunnel 176 Configuring an IETF DS-TE Tunnel Using RDM 178 Configuring an IETF DS-TE Tunnel Using MAM 181 Configuring MPLS -TE and Fast-Reroute on OSPF 184 Configuring the Ignore Integrated IS-IS Overload Bit Setting in MPLS-TE 187 Configuring Flexible Name-based Tunnel Constraints 188 Assigning Color Names to Numeric Values 188 Associating Affinity-Names with TE Links 190 Associating Affinity Constraints for TE Tunnels 192 Configuring IS-IS to Flood MPLS-TE Link Information 193 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 ix ContentsConfiguring an OSPF Area of MPLS-TE 195 Configuring Explicit Paths with ABRs Configured as Loose Addresses 197 Configuring MPLS-TE Forwarding Adjacency 199 Configuring a Path Computation Client and Element 200 Configuring a Path Computation Client 200 Configuring a Path Computation Element Address 202 Configuring PCE Parameters 203 Configuring Path Protection on MPLS-TE 206 Enabling Path Protection for an Interface 206 Assigning a Dynamic Path Option to a Tunnel 208 Forcing a Manual Switchover on a Path-Protected Tunnel 210 Configuring the Delay the Tunnel Takes Before Reoptimization 210 Configuring the Automatic Bandwidth 212 Configuring the Collection Frequency 212 Forcing the Current Application Period to Expire Immediately 214 Configuring the Automatic Bandwidth Functions 215 Configuring the Shared Risk Link Groups 218 Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link 218 Creating an Explicit Path With Exclude SRLG 220 Using Explicit Path With Exclude SRLG 222 Creating a Link Protection on Backup Tunnel with SRLG Constraint 226 Creating a Node Protection on Backup Tunnel with SRLG Constraint 229 Configuring Point-to-Multipoint TE 232 Enabling Multicast Routing on the Router 232 Configuring the Static Group for the Point-to-Multipoint Interface 235 Configuring Destinations for the Tunnel Interface 237 Disabling Destinations 241 Logging Per Destinations for Point-to-Multipoint 243 Enabling Soft-Preemption on a Node 245 Enabling Soft-Preemption on a Tunnel 247 Configuring Attributes within a Path-Option Attribute 249 Configuring Auto-Tunnel Mesh Tunnel ID 251 Configuring Auto-tunnel Mesh Unused Timeout 252 Configuring Auto-Tunnel Mesh Group 254 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x x OL-26056-02 ContentsConfiguring Tunnel Attribute-Set Templates 256 Enabling LDP on Auto-Tunnel Mesh 258 Configuration Examples for Cisco MPLS-TE 260 Build MPLS-TE Topology and Tunnels: Example 260 Configure IETF DS-TE Tunnels: Example 261 Configure MPLS-TE and Fast-Reroute on OSPF: Example 262 Configure the Ignore IS-IS Overload Bit Setting in MPLS-TE: Example 262 Configure Flexible Name-based Tunnel Constraints: Example 263 Configure an Interarea Tunnel: Example 264 Configure Forwarding Adjacency: Example 265 Configure PCE: Example 265 Configure Tunnels for Path Protection: Example 266 Configure Automatic Bandwidth: Example 267 Configure the MPLS-TE Shared Risk Link Groups: Example 267 Configure the MPLS-TE Auto-Tunnel Backup: Example 269 Configure Point-to-Multipoint TE: Examples 276 P2MP Topology Scenario: Example 276 Configure Point-to-Multipoint for the Source: Example 278 Configure the Point-to-Multipoint Tunnel: Example 278 Disable a Destination: Example 279 Configure the Point-to-Multipoint Solution: Example 279 Additional References 283 C H A P T E R 5 Implementing MPLS OAM 285 Prerequisites for MPLS LSP Ping and Traceroute for P2MP 285 MPLS Network Management with MPLS LSP Ping and MPLS LSP Traceroute 286 Roles of Various Routers 286 P2MP Ping 287 P2MP Traceroute 288 Configure the Ping and Traceroute: Example 288 C H A P T E R 6 Implementing MPLS Transport Profile 295 Restrictions for MPLS-TP 295 Information About Implementing MPLS Transport Profile 296 MPLS Transport Profile 296 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 xi ContentsBidirectional LSPs 297 MPLS-TP Path Protection 297 Fault OAM Support 297 MPLS-TP Links and Physical Interfaces 299 Tunnel LSPs 299 MPLS-TP IP-less support 300 How to Implement MPLS Transport Profile 300 Configuring the Node ID and Global ID 300 Configuring Pseudowire OAM Attributes 301 Configuring the Pseudowire Class 302 Configuring the Pseudowire 303 Configuring the MPLS TP Tunnel 304 Configuring MPLS-TP LSPs at Midpoint 307 Configuring MPLS-TP Links and Physical Interfaces 309 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x xii OL-26056-02 ContentsPreface The Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide preface contains these sections: • Changes to This Document, page xiii • Obtaining Documentation and Submitting a Service Request, page xiii Changes to This Document This table lists the technical changes made to this document since it was first printed. Table 1: Changes to This Document Revision Date Change Summary Republished with documentation updates for Cisco IOS XR Release 4.2.1. OL-26056-02 June 2012 OL-26056-01 December 2011 Initial release of this document. Obtaining Documentation and Submitting a Service Request For information on obtaining documentation,submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 xiii Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x xiv OL-26056-02 Preface Obtaining Documentation and Submitting a Service RequestC H A P T E R 1 Implementing MPLS Label Distribution Protocol This module describes how to implement MPLS Label Distribution Protocol on Cisco ASR 9000 Series Aggregation Services Routers. The Multiprotocol Label Switching (MPLS) is a standards-based solution driven by the Internet Engineering Task Force (IETF) that was devised to convert the Internet and IP backbones from best-effort networks into business-class transport mediums. MPLS, with its label switching capabilities, eliminates the need for an IP route look-up and creates a virtual circuit (VC)switching function, allowing enterprisesthe same performance on their IP-based network services as with those delivered over traditional networks such as Frame Relay or ATM. Label Distribution Protocol (LDP) performs label distribution in MPLS environments. LDP provides the following capabilities: • LDP performs hop-by-hop or dynamic path setup; it does not provide end-to-end switching services. • LDP assigns labels to routes using the underlying Interior Gateway Protocols (IGP) routing protocols. • LDP provides constraint-based routing using LDP extensions for traffic engineering. Finally, LDP is deployed in the core of the network and is one of the key protocols used in MPLS-based Layer 2 and Layer 3 virtual private networks (VPNs). Feature History for Implementing MPLS LDP Release Modification Release 3.7.2 This feature was introduced. Support was added for these features: • IP LDP Fast Reroute Loop Free Alternate • Downstream on Demand Release 4.0.1 Release 4.2.1 Support was added for LDP Implicit Null for IGP Routes. • Prerequisites for Implementing Cisco MPLS LDP, page 2 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 1• Information About Implementing Cisco MPLS LDP, page 2 • How to Implement MPLS LDP , page 16 • Configuration Examples for Implementing MPLS LDP, page 54 • Additional References, page 63 Prerequisites for Implementing Cisco MPLS LDP These prerequisites are required to implement MPLS LDP: • You must be in a user group associated with a task group that includesthe proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. • You must be running Cisco IOS XR software. • You must install a composite mini-image and the MPLS package. • You must activate IGP. • We recommend to use a lower session holdtime bandwidth such as neighbors so that a session down occurs before an adjacency-down on a neighbor. Therefore, the following default values for the hello times are listed: • Holdtime is 15 seconds. • Interval is 5 seconds. For example, the LDP session holdtime can be configured as 30 seconds by using the holdtime command. Information About Implementing Cisco MPLS LDP To implement MPLS LDP, you should understand these concepts: Overview of Label Distribution Protocol LDP performs label distribution in MPLS environments. LDP uses hop-by-hop or dynamic path setup, but does not provide end-to-end switching services. Labels are assigned to routesthat are chosen by the underlying IGP routing protocols. The Label Switched Paths (LSPs) that result from the routes, forward labeled traffic across the MPLS backbone to adjacent nodes. Label Switched Paths LSPs are created in the network through MPLS. They can be created statically, by RSVP traffic engineering (TE), or by LDP. LSPs created by LDP perform hop-by-hop path setup instead of an end-to-end path. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 2 OL-26056-02 Implementing MPLS Label Distribution Protocol Prerequisites for Implementing Cisco MPLS LDPLDP Control Plane The control plane enableslabelswitched routers(LSRs) to discover their potential peer routers and to establish LDP sessions with those peers to exchange label binding information. This figure shows the control messages exchanged between LDP peers. Figure 1: LDP Control Protocol LDP uses the hello discovery mechanism to discover its neighbor or peer on the network. When LDP is enabled on an interface, it sends hello messages to a link-local multicast address, and joins a specific multicast group to receive hellos from other LSRs present on the given link. When LSRs on a given link receive hellos, their neighbors are discovered and the LDP session (using TCP) is established. Hellos are not only used to discover and trigger LDP sessions; they are also required to maintain LDP sessions. If a certain number of hellos from a given peer are missed in sequence, LDP sessions are brought down until the peer is discovered again. Note LDP also supports non-link neighbors that could be multiple hops away on the network, using the targeted hello mechanism. In these cases, hellos are sent on a directed, unicast address. The first message in the session establishment phase is the initialization message, which is used to negotiate session parameters. After session establishment, LDP sends a list of all its interface addresses to its peers in an address message.Whenever a new address becomes available or unavailable, the peers are notified regarding such changes via ADDRESS or ADDRESS_WITHDRAW messages respectively. When MPLS LDP learns an IGP prefix it allocates a label locally as the inbound label. The local binding between the prefix label is conveyed to its peers via LABEL_MAPPING message. If the binding breaks and becomes unavailable, a LABEL_WITHDRAW message is sent to all its peers, which responds with LABEL_RELEASE messages. The local label binding and remote label binding received from its peer(s) is used to setup forwarding entries. Using routing information from the IGP protocol and the forwarding information base (FIB), the next active hop isselected. Label binding islearned from the next hop peer, and is used asthe outbound label while setting up the forwarding plane. The LDP session is also kept alive using the LDP keepalive mechanism, where an LSR sends a keepalive message periodically to its peers. If no messages are received and a certain number of keepalive messages are missed from a peer, the session is declared dead, and brought down immediately. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 3 Implementing MPLS Label Distribution Protocol Overview of Label Distribution ProtocolRelated Topics Configuring LDP Discovery Parameters, on page 17 Configuring LDP Discovery Over a Link, on page 19 Configuring LDP Link: Example, on page 54 Configuring LDP Discovery for Active Targeted Hellos, on page 20 Configuring LDP Discovery for Passive Targeted Hellos, on page 22 Configuring LDP Discovery for Targeted Hellos: Example, on page 55 Exchanging Label Bindings LDP creates LSPs to perform the hop-by-hop path setup so that MPLS packets can be transferred between the nodes on the MPLS network. This figure illustrates the process of label binding exchange for setting up LSPs. Figure 2: Setting Up Label Switched Paths For a given network (10.0.0.0), hop-by-hop LSPs are set up between each of the adjacent routers (or, nodes) and each node allocates a local label and passes it to its neighbor as a binding: 1 R4 allocates local label L4 for prefix 10.0.0.0 and advertises it to its neighbors (R3). 2 R3 allocates local label L3 for prefix 10.0.0.0 and advertises it to its neighbors (R1, R2, R4). 3 R1 allocates local label L1 for prefix 10.0.0.0 and advertises it to its neighbors (R2, R3). 4 R2 allocates local label L2 for prefix 10.0.0.0 and advertises it to its neighbors (R1, R3). 5 R1’s label information base (LIB) keeps local and remote labels bindings from its neighbors. 6 R2’s LIB keeps local and remote labels bindings from its neighbors. 7 R3’s LIB keeps local and remote labels bindings from its neighbors. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 4 OL-26056-02 Implementing MPLS Label Distribution Protocol Overview of Label Distribution Protocol8 R4’s LIB keeps local and remote labels bindings from its neighbors. Related Topics Setting Up LDP Neighbors, on page 26 Configuring LDP Neighbors: Example, on page 56 LDP Forwarding Once label bindings are learned, the LDP control plane is ready to setup the MPLS forwarding plane as shown in the following figure. Once label bindings are learned, the LDP control plane is ready to setup the MPLS forwarding plane as shown in this figure. Figure 3: Forwarding Setup 1 Because R3 is next hop for 10.0.0.0 as notified by the FIB, R1 selects label binding from R3 and installs forwarding entry (Layer 1, Layer 3). 2 Because R3 is next hop for 10.0.0.0 (as notified by FIB), R2 selects label binding from R3 and installs forwarding entry (Layer 2, Layer 3). 3 Because R4 is next hop for 10.0.0.0 (as notified by FIB), R3 selects label binding from R4 and installs forwarding entry (Layer 3, Layer 4). 4 Because next hop for 10.0.0.0 (as notified by FIB) is beyond R4, R4 uses NO-LABEL as the outbound and installs the forwarding entry (Layer 4); the outbound packet is forwarded IP-only. 5 Incoming IP traffic on ingress LSR R1 gets label-imposed and is forwarded as an MPLS packet with label L3. 6 Incoming IP traffic on ingress LSR R2 gets label-imposed and is forwarded as an MPLS packet with label L3. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 5 Implementing MPLS Label Distribution Protocol Overview of Label Distribution Protocol7 R3 receives an MPLS packet with label L3, looks up in the MPLS label forwarding table and switches this packet as an MPLS packet with label L4. 8 R4 receives an MPLS packet with label L4, looks up in the MPLS label forwarding table and finds that it should be Unlabeled, pops the top label, and passes it to the IP forwarding plane. 9 IP forwarding takes over and forwards the packet onward. Related Topics Setting Up LDP Forwarding, on page 29 Configuring LDP Forwarding: Example, on page 56 LDP Graceful Restart LDP (Label Distribution Protocol) graceful restart provides a control plane mechanism to ensure high availability and allows detection and recovery from failure conditions while preserving Nonstop Forwarding (NSF)services. Graceful restart is a way to recover from signaling and control plane failures without impacting forwarding. Without LDP graceful restart, when an established session fails, the corresponding forwarding states are cleaned immediately from the restarting and peer nodes. In this case LDP forwarding restarts from the beginning, causing a potential loss of data and connectivity. The LDP graceful restart capability is negotiated between two peers during session initialization time, in FT SESSION TLV. In this typed length value (TLV), each peer advertises the following information to its peers: Reconnect time Advertises the maximum time that other peer will wait for this LSR to reconnect after control channel failure. Recovery time Advertises the maximum time that the other peer has on its side to reinstate or refresh its states with this LSR. This time is used only during session reestablishment after earlier session failure. FT flag Specifies whether a restart could restore the preserved (local) node state for this flag. Once the graceful restart session parameters are conveyed and the session is up and running, graceful restart procedures are activated. When configuring the LDP graceful restart process in a network with multiple links, targeted LDP hello adjacencies with the same neighbor, or both, make sure that graceful restart is activated on the session before any hello adjacency times out in case of neighbor control plane failures. One way of achieving this is by configuring a lower session hold time between neighbors such that session timeout occurs before hello adjacency timeout. It is recommended to set LDP session hold time using the following formula: Session Holdtime <= (Hello holdtime - Hello interval) * 3 This meansthat for default values of 15 seconds and 5 secondsfor link Hello holdtime and interval respectively, session hold time should be set to 30 seconds at most. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 6 OL-26056-02 Implementing MPLS Label Distribution Protocol LDP Graceful RestartFor more information about LDP commands,see the Implementing MPLS Label Distribution Protocol module of the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide. Related Topics Setting Up LDP NSF Using Graceful Restart, on page 31 Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56 Control Plane Failure When a control plane failure occurs, connectivity can be affected. The forwarding statesinstalled by the router control planes are lost, and the in-transit packets could be dropped, thus breaking NSF. Thisfigure illustrates a control plane failure and showsthe process and results of a control plane failure leading to loss of connectivity. Figure 4: Control Plane Failure 1 The R4 LSR control plane restarts. 2 LIB is lost when the control plane restarts. 3 The forwarding states installed by the R4 LDP control plane are immediately deleted. 4 Any in-transit packets flowing from R3 to R4 (still labeled with L4) arrive at R4. 5 The MPLS forwarding plane at R4 performs a lookup on local label L4 which fails. Because of thisfailure, the packet is dropped and NSF is not met. 6 The R3 LDP peer detects the failure of the control plane channel and deletes its label bindings from R4. 7 The R3 control plane stops using outgoing labels from R4 and deletes the corresponding forwarding state (rewrites), which in turn causes forwarding disruption. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 7 Implementing MPLS Label Distribution Protocol LDP Graceful Restart8 The established LSPs connected to R4 are terminated at R3, resulting in broken end-to-end LSPs from R1 to R4. 9 The established LSPs connected to R4 are terminated at R3, resulting in broken LSPs end-to-end from R2 to R4. Phases in Graceful Restart The graceful restart mechanism is divided into different phases: Control communication failure detection Control communication failure is detected when the system detects either: • Missed LDP hello discovery messages • Missed LDP keepalive protocol messages • Detection of Transmission Control Protocol (TCP) disconnection a with a peer Forwarding state maintenance during failure Persistent forwarding states at each LSR are achieved through persistent storage (checkpoint) by the LDP control plane. While the control plane is in the process of recovering, the forwarding plane keeps the forwarding states, but marks them as stale. Similarly, the peer control plane also keeps (and marks as stale) the installed forwarding rewrites associated with the node that is restarting. The combination of local node forwarding and remote node forwarding plane states ensures NSF and no disruption in the traffic. Control state recovery Recovery occurs when the session isreestablished and label bindings are exchanged again. This process allows the peer nodes to synchronize and to refresh stale forwarding states. Related Topics Setting Up LDP NSF Using Graceful Restart, on page 31 Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 8 OL-26056-02 Implementing MPLS Label Distribution Protocol LDP Graceful RestartRecovery with Graceful-Restart This figure illustrates the process of failure recovery using graceful restart. Figure 5: Recovering with Graceful Restart 1 The router R4 LSR control plane restarts. 2 With the control plane restart, LIB is gone but forwarding states installed by R4’s LDP control plane are not immediately deleted but are marked as stale. 3 Any in-transit packets from R3 to R4 (still labeled with L4) arrive at R4. 4 The MPLS forwarding plane at R4 performs a successful lookup for the local label L4 as forwarding is still intact. The packet is forwarded accordingly. 5 The router R3 LDP peer detects the failure of the control plane and channel and deletes the label bindings from R4. The peer, however, does not delete the corresponding forwarding states but marks them as stale. 6 At this point there are no forwarding disruptions. 7 The peer also starts the neighbor reconnect timer using the reconnect time value. 8 The established LSPs going toward the router R4 are still intact, and there are no broken LSPs. When the LDP control plane recovers, the restarting LSR starts its forwarding state hold timer and restores its forwarding state from the checkpointed data. This action reinstates the forwarding state and entries and marks them as old. The restarting LSR reconnects to its peer, indicated in the FT Session TLV, that it either was or was not able to restore its state successfully. If it was able to restore the state, the bindings are resynchronized. The peer LSR stops the neighbor reconnect timer (started by the restarting LSR), when the restarting peer connects and starts the neighbor recovery timer. The peer LSR checks the FT Session TLV if the restarting Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 9 Implementing MPLS Label Distribution Protocol LDP Graceful Restartpeer was able to restore its state successfully. It reinstates the corresponding forwarding state entries and receives binding from the restarting peer. When the recovery timer expires, any forwarding state that is still marked as stale is deleted. If the restarting LSR fails to recover (restart), the restarting LSR forwarding state and entries will eventually timeout and is deleted, while neighbor-related forwarding states or entries are removed by the Peer LSR on expiration of the reconnect or recovery timers. Related Topics Setting Up LDP NSF Using Graceful Restart, on page 31 Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56 Label Advertisement Control (Outbound Filtering) By default, LDP advertises labels for all the prefixes to all its neighbors. When this is not desirable (for scalability and security reasons), you can configure LDP to perform outbound filtering for local label advertisement for one or more prefixes to one more peers. This feature is known as LDP outbound label filtering, or local label advertisement control. Related Topics Configuring Label Advertisement Control (Outbound Filtering), on page 24 Configuring Label Advertisement (Outbound Filtering): Example, on page 55 Label Acceptance Control (Inbound Filtering) By default, LDP accepts labels (as remote bindings) for all prefixes from all peers. LDP operates in liberal label retention mode, which instructs LDP to keep remote bindings from all peers for a given prefix. For security reasons, or to conserve memory, you can override this behavior by configuring label binding acceptance for set of prefixes from a given peer. The ability to filter remote bindings for a defined set of prefixes is also referred to as LDP inbound label filtering. Inbound filtering can also be implemented using an outbound filtering policy; however, you may not be able to implement this system if an LDP peer resides under a different administration domain. When both inbound and outbound filtering options are available, we recommend that you use outbound label filtering. Note Related Topics Configuring Label Acceptance Control (Inbound Filtering), on page 34 Configuring Label Acceptance (Inbound Filtering): Example, on page 57 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 10 OL-26056-02 Implementing MPLS Label Distribution Protocol Label Advertisement Control (Outbound Filtering)Local Label Allocation Control By default, LDP allocates local labels for all prefixes that are not Border Gateway Protocol (BGP) prefixes 1 . This is acceptable when LDP is used for applications other than Layer 3 virtual private networks (L3VPN) core transport. When LDP is used to set up transport LSPs for L3VPN traffic in the core, it is not efficient or even necessary to allocate and advertise local labels for, potentially, thousands of IGP prefixes. In such a case, LDP is typically required to allocate and advertise local label for loopback /32 addresses for PE routers. This is accomplished using LDP local label allocation control, where an access list can be used to limit allocation of local labels to a set of prefixes. Limiting local label allocation provides several benefits, including reduced memory usage requirements, fewer local forwarding updates, and fewer network and peer updates. You can configure label allocation using an IP access list to specify a set of prefixes that local labels can allocate and advertise. Tip Related Topics Configuring Local Label Allocation Control, on page 36 Configuring Local Label Allocation Control: Example, on page 57 Session Protection When a link comes up, IP converges earlier and much faster than MPLS LDP and may result in MPLS traffic loss until MPLS convergence. If a link flaps, the LDP session will also flap due to loss of link discovery. LDP session protection minimizestraffic loss, providesfaster convergence, and protects existing LDP (link)sessions by means of “parallel” source of targeted discovery hello. An LDP session is kept alive and neighbor label bindings are maintained when links are down. Upon reestablishment of primary link adjacencies, MPLS convergence is expedited as LDP need not relearn the neighbor label bindings. LDP session protection lets you configure LDP to automatically protect sessions with all or a given set of peers (as specified by peer-acl). When configured, LDP initiates backup targeted hellos automatically for neighbors for which primary link adjacencies already exist. These backup targeted hellos maintain LDP sessions when primary link adjacencies go down. The Session Protection figure illustrates LDP session protection between neighbors R1 and R3. The primary link adjacency between R1 and R3 is directly connected link and the backup; targeted adjacency is maintained between R1 and R3. If the direct link fails, LDP link adjacency is destroyed, but the session is kept up and 1 For L3VPN Inter-AS option C, LDP may also be required to assign local labels for some BGP prefixes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 11 Implementing MPLS Label Distribution Protocol Local Label Allocation Controlrunning using targeted hello adjacency (through R2). When the direct link comes back up, there is no change in the LDP session state and LDP can converge quickly and begin forwarding MPLS traffic. Figure 6: Session Protection When LDP session protection is activated (upon link failure), protection is maintained for an unlimited period time. Note Related Topics Configuring Session Protection, on page 37 Configuring LDP Session Protection: Example, on page 58 IGP Synchronization Lack of synchronization between LDP and IGP can cause MPLS traffic loss. Upon link up, for example, IGP can advertise and use a link before LDP convergence has occurred; or, a link may continue to be used in IGP after an LDP session goes down. LDP IGP synchronization synchronizes LDP and IGP so that IGP advertises links with regular metrics only when MPLS LDP is converged on that link. LDP considers a link converged when at least one LDP session is up and running on the link for which LDP has sent its applicable label bindings and received at least one label binding from the peer. LDP communicates this information to IGP upon link up or session down events and IGP acts accordingly, depending on sync state. In the event of an LDP graceful restart session disconnect, a session is treated as converged as long as the graceful restart neighbor is timed out. Additionally, upon local LDP restart, a checkpointed recovered LDP graceful restart session is used and treated as converged and is given an opportunity to connect and resynchronize. Under certain circumstances, it might be required to delay declaration of resynchronization to a configurable interval. LDP provides a configuration option to delay declaring synchronization up for up to 60 seconds. LDP communicates this information to IGP upon linkup or session down events. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 12 OL-26056-02 Implementing MPLS Label Distribution Protocol IGP SynchronizationThe configuration for LDP IGP synchronization resides in respective IGPs (OSPF and IS-IS) and there is no LDP-specific configuration for enabling of thisfeature. However, there is a specific LDP configuration for IGP sync delay timer. Note Related Topics Configuring LDP IGP Synchronization: OSPF, on page 39 Configuring LDP IGP Synchronization—OSPF: Example, on page 58 Configuring LDP IGP Synchronization: ISIS, on page 40 Configuring LDP IGP Synchronization—ISIS: Example, on page 58 IGP Auto-configuration To enable LDP on a large number of interfaces, IGP auto-configuration lets you automatically configure LDP on all interfaces associated with a specified IGP interface; for example, when LDP is used for transport in the core network. However, there needs to be one IGP set up to enable LDP auto-configuration. Typically, LDP assigns and advertises labels for IGP routes and must often be enabled on all active interfaces by an IGP. Without IGP auto-configuration, you must define the set of interfaces under LDP, a procedure that is time-intensive and error-prone. LDP auto-configuration is supported for IPv4 unicast family in the default VRF. The IGP is responsible for verifying and applying the configuration. Note You can also disable auto-configuration on a per-interface basis. This permits LDP to enable all IGP interfaces except those that are explicitly disabled and prevents LDP from enabling an interface when LDP auto-configuration is configured under IGP. Related Topics Enabling LDP Auto-Configuration for a Specified OSPF Instance, on page 42 Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance, on page 44 Disabling LDP Auto-Configuration, on page 46 Configuring LDP Auto-Configuration: Example, on page 59 LDP Nonstop Routing LDP nonstop routing (NSR) functionality makes failures, such as Route Processor (RP) or Distributed Route Processor (DRP) failover, invisible to routing peers with minimal to no disruption of convergence performance. By default, NSR is globally enabled on all LDP sessions except AToM. A disruption in service may include any of these events: • Route processor (RP) or distributed route processor (DRP) failover • LDP process restart • In-service system upgrade (ISSU) Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 13 Implementing MPLS Label Distribution Protocol IGP Auto-configuration• Minimum disruption restart (MDR) Unlike graceful restart functionality, LDP NSR does not require protocol extensions and does not force software upgrades on other routers in the network, nor does LDP NSR require peer routers to support NSR. L2VPN configuration is not supported on NSR. Note Process failures of active TCP or LDP results in session loss and, as a result, NSR cannot be provided unless RP switchover is configured as a recovery action. For more information about how to configure switchover as a recovery action for NSR, see the Configuring Transports module in Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide . Related Topics Configuring LDP Nonstop Routing, on page 48 IP LDP Fast Reroute Loop Free Alternate The IP Fast Reroute is a mechanism that enables a router to rapidly switch traffic, after an adjacent link failure, node failure, or both, towards a pre-programmed loop-free alternative (LFA) path. This LFA path is used to switch traffic until the router installs a new primary next hop again, as computed for the changed network topology. The goal of LFA FRR is to reduce failure reaction time to 50 milliseconds by using a pre-computed alternate next hop, in the event that the currently selected primary next hop fails, so that the alternate can be rapidly used when the failure is detected. This feature targets to address the fast convergence ability by detecting, computing, updating or enabling prefix independent pre-computed alternate loop-free paths at the time of failure. IGP pre-computes a backup path per IGP prefix. IGP selects one and only one backup path per primary path. RIB installs the best path and download path protection information to FIB by providing correct annotation for protected and protecting paths. FIB pre-installsthe backup path in dataplane. Upon the link or node failure, the routing protocol detects the failure, all the backup paths of the impacted prefixes are enabled in a prefix-independent manner. Prerequisites The Label Distribution Protocol (LDP) can use the loop-free alternates as long as these prerequisites are met: The Label Switching Router (LSR) running LDP must distribute its labels for the Forwarding Equivalence Classes (FECs) it can provide to all its neighbors, regardless of whether they are upstream, or not. There are two approaches in computing LFAs: • Link-based (per-link)--In link-based LFAs, all prefixes reachable through the primary (protected) link share the same backup information. This means that the whole set of prefixes, sharing the same primary, also share the repair or fast reroute (FRR) ability. The per-link approach protects only the next hop address. The per-link approach is suboptimal and not the best for capacity planning. This is because all traffic is redirected to the next hop instead of being spread over multiple paths, which may lead to potential congestion on link to the next hop. The per-link approach does not provide support for node protection. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 14 OL-26056-02 Implementing MPLS Label Distribution Protocol IP LDP Fast Reroute Loop Free Alternate• Prefix-based (per-prefix)--Prefix-based LFAs allow computing backup information per prefix. It protects the destination address. The per-prefix approach is the preferred approach due to its greater applicability, and the greater protection and better bandwidth utilization that it offers. The repair or backup information computed for a given prefix using prefix-based LFA may be different from the computed by link-based LFA. Note The per-prefix LFA approach is preferred for LDP IP Fast Reroute LFA for these reasons: • Better node failure resistance • Better capacity planning and coverage Features Not Supported These interfaces and features are not supported for the IP LDP Fast Reroute Loop Free Alternate feature: • BVI interface (IRB) is not supported either as primary or backup path. • GRE tunnel is not supported either as primary or backup path. • Cisco ASR 9000 Series SPA Interface Processor-700 POS line card on Cisco ASR 9000 Series Router is not supported as primary link. It can be used as LFA backup only on main interface. • In a multi-topology scenerio, the route in topology T can only use LFA within topology T. Hence, the availability of a backup path depends on the topology. For more information about configuring the IP Fast Reroute Loop-free alternate , see Implementing IS-IS on Cisco IOS XR Software module of the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide. Related Topics Configure IP LDP Fast Reroute Loop Free Alternate: Example, on page 59 Verify IP LDP Fast Reroute Loop Free Alternate: Example, on page 61 Downstream on Demand This Downstream on demand feature adds support for downstream-on-demand mode, where the label is not advertised to a peer, unlessthe peer explicitly requestsit. At the same time,since the peer does not automatically advertise labels, the label request is sent whenever the next-hop points out to a peer that no remote label has been assigned. In order to enable downstream-on-demand mode, this configuration must be applied at mplsldp configuration mode: mpls ldp downstream-on-demand with ACL The ACL contains a list of peer IDs that are configured for downstream-on-demand mode. When the ACL is changed or configured, the list of established neighbors is traversed. If a session's downstream-on-demand Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 15 Implementing MPLS Label Distribution Protocol Downstream on Demandconfiguration has changed, the session is reset in order that the new down-stream-on-demand mode can be configured. The reason for resetting the session is to ensure that the labels are properly advertised between the peers. When a new session is established, the ACL is verified to determine whether the session should negotiate for downstream-on-demand mode. If the ACL does not exist or is empty, downstream-on-demand mode is not configured for any neighbor. For it to be enabled, the Downstream on demand feature has to be configured on both peers of the session. If only one peer in the session has downstream-on-demand feature configured, then the session does not use downstream-on-demand mode. If, after, a label request is sent, and no remote label is received from the peer, the router will periodically resend the label request. After the peer advertises a label after receiving the label request, it will automatically readvertise the label if any label attribute changes subsequently. Related Topics Configuring LDP Downstream on Demand mode, on page 50 Explicit-Null and Implicit-Null Labels Cisco MPLS LDP uses null label, implicit or explicit, as local label for routes or prefixes that terminate on the given LSR. These routes include all local, connected, and attached networks. By default, the null label is implicit-null that allows LDP control plane to implement penultimate hop popping (PHOP) mechanism. When thisis not desirable, you can configure explicit-null that allows LDP control plane to implement ultimate hop popping (UHOP) mechanism. You can configure this explicit-null feature on the ultimate hop LSR. This configuration knob includes an access-list to specify the IP prefixes for which PHOP is desired. This new enhancement allows you to configure implicit-null local label for non-egress (ultimate hop LSR) prefixes by using the implicit-null-override command. This enforces implicit-null local label for a specific prefix even if the prefix requires a non-null label to be allocated by default. For example, by default, an LSR allocates and advertises a non-null label for an IGP route. If you wish to terminate LSP for this route on penultimate hop of the LSR, you can enforce implicit-null label allocation and advertisement for this prefix using implicit-null-override feature. If a given prefix is permitted in both explicit-null and implicit-null-override feature, then implicit-null-override supercedes and an implicit-null label is allocated and advertised for the prefix. Note In order to enable implicit-null-override mode, this configuration must be applied at MPLS LDP label configuration mode: mpls ldp label implicit-null-override for ! This feature works with any prefix including static, IGP, and BGP, when specified in the ACL. How to Implement MPLS LDP A typical MPLS LDP deployment requires coordination among several global neighbor routers. Various configuration tasks are required to implement MPLS LDP : Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 16 OL-26056-02 Implementing MPLS Label Distribution Protocol Explicit-Null and Implicit-Null LabelsConfiguring LDP Discovery Parameters Perform this task to configure LDP discovery parameters (which may be crucial for LDP operations). Note The LDP discovery mechanism is used to discover or locate neighbor nodes. SUMMARY STEPS 1. configure 2. mpls ldp 3. router-id { type number | ip-address } 4. discovery { hello | targeted-hello } holdtime seconds 5. discovery { hello | targeted-hello } interval seconds 6. Use one of the following commands: • end • commit 7. (Optional) show mpls ldp parameters DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Step 3 router-id { type number | ip-address } Specifies the router ID of the local node. Example: RP/0/RSP0/CPU0:router(config-ldp)# router-id loopback 1 • In Cisco IOS XR software, the router ID is specified as an interface name or IP address. By default, LDP uses the global router ID (configured by the global router ID process). Specifies the time that a discovered neighbor is kept without receipt of any subsequent hello messages. The default value for the seconds discovery { hello | targeted-hello } holdtime seconds Step 4 argument is 15 seconds for link hello and 90 seconds for targeted hello messages. Example: RP/0/RSP0/CPU0:router(config-ldp)# Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 17 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery ParametersCommand or Action Purpose discovery hello holdtime 30 RP/0/RSP0/CPU0:router(config-ldp)# discovery targeted-hello holdtime 180 Selects the period of time between the transmission of consecutive hello messages. The default value for the seconds argument is 5 discovery { hello | targeted-hello } interval seconds Step 5 seconds for link hello messages and 10 seconds for targeted hello messages. Example: RP/0/RSP0/CPU0:router(config-ldp)# discovery hello interval 15 RP/0/RSP0/CPU0:router(config-ldp)# discovery targeted-hello interval 20 Step 6 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. RP/0/RSP0/CPU0:router (config-ldp)# end or ? Entering no exits the configuration session and returns the router to EXEC mode without committing the RP/0/RSP0/CPU0:router configuration changes. (config-ldp)# commit ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays all the current MPLS LDP parameters. show mpls ldp parameters Example: Step 7 RP/0/RSP0/CPU0:router # show mpls ldp parameters Related Topics LDP Control Plane, on page 3 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 18 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery ParametersConfiguring LDP Discovery Over a Link Perform this task to configure LDP discovery over a link. Note There is no need to enable LDP globally. Before You Begin A stable router ID is required at either end of the link to ensure the link discovery (and session setup) is successful. If you do not assign a router ID to the routers, the system will default to the global router ID. Default router IDs are subject to change and may cause an unstable discovery. SUMMARY STEPS 1. configure 2. mpls ldp 3. router-id ip-address 4. interface type interface-path-id 5. Use one of the following commands: • end • commit 6. (Optional) show mpls ldp discovery DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Step 3 router-id ip-address Specifies the router ID of the local node. Example: RP/0/RSP0/CPU0:router(config-ldp)# router-id loopback 1 • In Cisco IOS XR software, the router ID is specified as an interface name or IP address. By default, LDP uses the global router ID (configured by the global router ID process). Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 19 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery Over a LinkCommand or Action Purpose Enters interface configuration mode for the LDP protocol. Interface type must be Tunnel-TE. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-ldp)# Step 4 interface tunnel-te 12001 RP/0/RSP0/CPU0:router(config-ldp-if)# Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns or the router to EXEC mode. RP/0/RSP0/CPU0:router(config-ldp-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays the status of the LDP discovery process. This command, without an interface filter, generates a list of interfaces over which the LDP show mpls ldp discovery Example: RP/0/RSP0/CPU0:router# show mpls ldp discovery Step 6 discovery process is running. The output information contains the state of the link (xmt/rcv hellos), local LDP identifier, the discovered peer’s LDP identifier, and holdtime values. Related Topics LDP Control Plane, on page 3 Configuring LDP Link: Example, on page 54 Configuring LDP Discovery for Active Targeted Hellos Perform this task to configure LDP discovery for active targeted hellos. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 20 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery for Active Targeted HellosNote The active side for targeted hellos initiates the unicast hello toward a specific destination. Before You Begin These prerequisites are required to configure LDP discovery for active targeted hellos: • Stable router ID is required at either end of the targeted session. If you do not assign a router ID to the routers, the system will default to the global router ID. Please note that default router IDs are subject to change and may cause an unstable discovery. • One or more MPLS Traffic Engineering tunnels are established between non-directly connected LSRs. SUMMARY STEPS 1. configure 2. mpls ldp 3. router-id ip-address 4. interface type interface-path-id 5. Use one of the following commands: • end • commit 6. (Optional) show mpls ldp discovery DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Step 3 router-id ip-address Specifies the router ID of the local node. Example: RP/0/RSP0/CPU0:router(config-ldp)# router-id loopback 1 In Cisco IOS XR software, the router ID is specified as an interface name or IP address. By default, LDP uses the global router ID (configured by global router ID process). Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 21 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery for Active Targeted HellosCommand or Action Purpose interface type interface-path-id Enters interface configuration mode for the LDP protocol. Example: RP/0/RSP0/CPU0:router(config-ldp)# interface tunnel-te 12001 Step 4 Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays the status of the LDP discovery process. This command, without an interface filter, generates a list of interfaces over which the LDP show mpls ldp discovery Example: RP/0/RSP0/CPU0:router# show mpls ldp discovery Step 6 discovery process is running. The output information contains the state of the link (xmt/rcv hellos), local LDP identifier, the discovered peer’s LDP identifier, and holdtime values. Related Topics LDP Control Plane, on page 3 Configuring LDP Discovery for Targeted Hellos: Example, on page 55 Configuring LDP Discovery for Passive Targeted Hellos Perform this task to configure LDP discovery for passive targeted hellos. A passive side for targeted hello is the destination router (tunnel tail), which passively waits for an incoming hello message. Because targeted hellos are unicast, the passive side waits for an incoming hello message to respond with hello toward its discovered neighbor. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 22 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery for Passive Targeted HellosBefore You Begin Stable router ID is required at either end of the link to ensure that the link discovery (and session setup) is successful. If you do not assign a router ID to the routers, the system defaults to the global router ID. Default router IDs are subject to change and may cause an unstable discovery. SUMMARY STEPS 1. configure 2. mpls ldp 3. router-id ip-address 4. discovery targeted-hello accept 5. Use one of the following commands: • end • commit 6. (Optional) show mpls ldp discovery DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Step 3 router-id ip-address Specifies the router ID of the local node. Example: RP/0/RSP0/CPU0:router(config-ldp)# router-id loopback 1 • In Cisco IOS XR software, the router ID is specified as an interface name or IP address. By default, LDP uses the global router ID (configured by global router ID process). Directs the system to accept targeted hello messages from any source and activates passive mode on the LSR for targeted hello acceptance. discovery targeted-hello accept Example: RP/0/RSP0/CPU0:router(config-ldp)# discovery targeted-hello accept Step 4 • This command is executed on the receiver node (with respect to a given MPLS TE tunnel). • You can control the targeted-hello acceptance using the discovery targeted-hello accept command. Step 5 Use one of the following commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 23 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery for Passive Targeted HellosCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays the status of the LDP discovery process. This command, without an interface filter, generates a list of interfaces over which the LDP discovery show mpls ldp discovery Example: RP/0/RSP0/CPU0:router# show mpls ldp discovery Step 6 process is running. The output information contains the state of the link (xmt/rcv hellos), local LDP identifier, the discovered peer’s LDP identifier, and holdtime values. Related Topics LDP Control Plane, on page 3 Configuring LDP Discovery for Targeted Hellos: Example, on page 55 Configuring Label Advertisement Control (Outbound Filtering) Perform this task to configure label advertisement (outbound filtering). By default, a label switched router (LSR) advertises all incoming label prefixes to each neighboring router. You can control the exchange of label binding information using the mpls ldp label advertise command. Using the optional keywords, you can advertise selective prefixesto all neighbors, advertise selective prefixes to defined neighbors, or disable label advertisement to all peers for all prefixes. Note Prefixes and peers advertised selectively are defined in the access list. Before You Begin Before configuring label advertisement, enable LDP and configure an access list. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 24 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring Label Advertisement Control (Outbound Filtering)SUMMARY STEPS 1. configure 2. mpls ldp 3. label advertise { disable | for prefix-acl [ to peer-acl ] | interface type interface-path-id } 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 label advertise { disable | for prefix-acl [ Configureslabel advertisement by specifying one of the following options: to peer-acl ] | interface type interface-path-id } Step 3 disable Disables label advertisement to all peers for all prefixes (if there Example: are no other conflicting rules). RP/0/RSP0/CPU0:router(config-ldp)# label interface advertise interface POS 0/1/0/0 RP/0/RSP0/CPU0:router(config-ldp)# for pfx_acl1 to peer_acl1 Specifies an interface for label advertisement of an interface address. for prefix-acl to peer-acl Specifies neighbors to advertise and receive label advertisements. Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 25 Implementing MPLS Label Distribution Protocol Configuring Label Advertisement Control (Outbound Filtering)Command or Action Purpose Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Label Advertisement Control (Outbound Filtering), on page 10 Configuring Label Advertisement (Outbound Filtering): Example, on page 55 Setting Up LDP Neighbors Perform this task to set up LDP neighbors. Before You Begin Stable router ID isrequired at either end of the link to ensure the link discovery (and session setup) issuccessful. If you do not assign a router ID to the routers, the system will default to the global router ID. Default router IDs are subject to change and may cause an unstable discovery. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 26 OL-26056-02 Implementing MPLS Label Distribution Protocol Setting Up LDP NeighborsSUMMARY STEPS 1. configure 2. mpls ldp 3. interface type interface-path-id 4. discovery transport-address [ ip-address | interface ] 5. exit 6. holdtime seconds 7. neighbor ip-address password [ encryption ] password 8. backoff initial maximum 9. Use one of the following commands: • end • commit 10. (Optional) show mpls ldp neighbor DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 interface type interface-path-id Enters interface configuration mode for the LDP protocol. Example: RP/0/RSP0/CPU0:router(config-ldp)# interface POS 0/1/0/0 Step 3 discovery transport-address [ ip-address | Provides an alternative transport address for a TCP connection. interface ] Step 4 • Default transport address advertised by an LSR (for TCP connections) to its peer is the router ID. Example: RP/0/RSP0/CPU0:router(config-ldp-if)# discovery transport-address 192.168.1.42 • Transport address configuration is applied for a given LDP-enabled interface. or RP/0/RSP0/CPU0:router(config-ldp)# discovery transport-address interface • If the interface version of the command is used, the configured IP address of the interface is passed to its neighbors as the transport address. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 27 Implementing MPLS Label Distribution Protocol Setting Up LDP NeighborsCommand or Action Purpose exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-ldp-if)# exit Step 5 Changes the time for which an LDP session is maintained in the absence of LDP messages from the peer. holdtime seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# holdtime 30 Step 6 • Outgoing keepalive interval is adjusted accordingly (to make three keepalives in a given holdtime) with a change in session holdtime value. • Session holdtime is also exchanged when the session is established. • In this example holdtime is set to 30 seconds, which causes the peer session to timeout in 30 seconds, as well as transmitting outgoing keepalive messages toward the peer every 10 seconds. Configures password authentication (using the TCP MD5 option) for a given neighbor. neighbor ip-address password [ encryption ] password Example: RP/0/RSP0/CPU0:router(config-ldp)# neighbor 192.168.2.44 password secretpasswd Step 7 Configures the parameters for the LDP backoff mechanism. The LDP backoff mechanism preventstwo incompatibly configured LSRsfrom backoff initial maximum Example: RP/0/RSP0/CPU0:router(config-ldp)# backoff 10 20 Step 8 engaging in an unthrottled sequence of session setup failures. If a session setup attempt fails due to such incompatibility, each LSR delays its next attempt (backs off), increasing the delay exponentially with each successive failure until the maximum backoff delay is reached. Step 9 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 28 OL-26056-02 Implementing MPLS Label Distribution Protocol Setting Up LDP NeighborsCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays the status of the LDP session with its neighbors. This command can be run with various filters as well as with the brief option. show mpls ldp neighbor Example: RP/0/RSP0/CPU0:router# show mpls ldp neighbor Step 10 Related Topics Configuring LDP Neighbors: Example, on page 56 Setting Up LDP Forwarding Perform this task to set up LDP forwarding. By default, the LDP control plane implements the penultimate hop popping (PHOP) mechanism. The PHOP mechanism requires that label switched routers use the implicit-null label as a local label for the given Forwarding Equivalence Class (FEC) for which LSR is the penultimate hop. Although PHOP has certain advantages, it may be required to extend LSP up to the ultimate hop under certain circumstances(for example, to propagate MPL QoS). This is done using a special local label (explicit-null) advertised to the peers after which the peers use this label when forwarding traffic toward the ultimate hop (egress LSR). Before You Begin Stable router ID isrequired at either end of the link to ensure the link discovery (and session setup) issuccessful. If you do not assign a router ID to the routers, the system will default to the global router ID. Default router IDs are subject to change and may cause an unstable discovery. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 29 Implementing MPLS Label Distribution Protocol Setting Up LDP ForwardingSUMMARY STEPS 1. configure 2. mpls ldp 3. explicit-null 4. Use one of the following commands: • end • commit 5. (Optional) show mpls ldp forwarding 6. (Optional) show mpls forwarding 7. (Optional) ping ip-address DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Causes a router to advertise an explicit null label in situations where it normally advertises an implicit null label (for example, to enable an ultimate-hop disposition instead of PHOP). explicit-null Example: RP/0/RSP0/CPU0:router(config-ldp)# explicit-null Step 3 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. RP/0/RSP0/CPU0:router(config-ldp)# commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 30 OL-26056-02 Implementing MPLS Label Distribution Protocol Setting Up LDP ForwardingCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays the MPLS LDP view of installed forwarding states (rewrites). show mpls ldp forwarding Example: RP/0/RSP0/CPU0:router# show mpls ldp forwarding Step 5 (Optional) Displays a global view of all MPLS installed forwarding states (rewrites) by various applications (LDP, TE, and static). show mpls forwarding Example: RP/0/RSP0/CPU0:router# show mpls forwarding Step 6 (Optional) Checks for connectivity to a particular IP address (going through MPLS LSP as shown in the show mpls forwarding command). ping ip-address Example: RP/0/RSP0/CPU0:router# ping 192.168.2.55 Step 7 Related Topics LDP Forwarding, on page 5 Configuring LDP Forwarding: Example, on page 56 Setting Up LDP NSF Using Graceful Restart Perform this task to set up NSF using LDP graceful restart. LDP graceful restart is a way to enable NSF for LDP. The correct way to set up NSF using LDP graceful restart is to bring up LDP neighbors (link or targeted) with additional configuration related to graceful restart. Before You Begin Stable router ID isrequired at either end of the link to ensure the link discovery (and session setup) issuccessful. If you do not assign a router ID to the routers, the system will default to the global router ID. Default router IDs are subject to change and may cause an unstable discovery. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 31 Implementing MPLS Label Distribution Protocol Setting Up LDP NSF Using Graceful RestartSUMMARY STEPS 1. configure 2. mpls ldp 3. interface type interface-path-id 4. exit 5. graceful-restart 6. graceful-restart forwarding-state-holdtime seconds 7. graceful-restart reconnect-timeout seconds 8. Use one of the following commands: • end • commit 9. (Optional) show mpls ldp parameters 10. (Optional) show mpls ldp neighbor 11. (Optional) show mpls ldp graceful-restart DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 interface type interface-path-id Enters interface configuration mode for the LDP protocol. Example: RP/0/RSP0/CPU0:router(config-ldp)# Step 3 interface POS 0/1/0/0 RP/0/RSP0/CPU0:router(config-ldp-if)# exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-ldp-if)# exit Step 4 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 32 OL-26056-02 Implementing MPLS Label Distribution Protocol Setting Up LDP NSF Using Graceful RestartCommand or Action Purpose graceful-restart Enables the LDP graceful restart feature. Example: RP/0/RSP0/CPU0:router(config-ldp)# graceful-restart Step 5 Specifies the length of time that forwarding can keep LDP-installed forwarding states and rewrites, and specifies wh en the LDP control plane restarts. graceful-restart forwarding-state-holdtime seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# Step 6 • After restart of the control plane, when the forwarding state holdtime expires, any previously installed LDP forwarding state or rewrite that is not yet refreshed is deleted from the forwarding. graceful-restart forwarding-state-holdtime 180 • Recovery time sent after restart is computed as the current remaining value of the forwarding state hold timer. Specifies the length of time a neighbor waits before restarting the node to reconnect before declaring an earlier graceful restart session graceful-restart reconnect-timeout seconds Example: RP/0/RSP0/CPU0:router(config-ldp)# graceful-restart reconnect-timeout 169 Step 7 as down. This command is used to start a timer on the peer (upon a neighbor restart). Thistimer isreferred to as Neighbor Livenesstimer. Step 8 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 33 Implementing MPLS Label Distribution Protocol Setting Up LDP NSF Using Graceful RestartCommand or Action Purpose (Optional) Displays all the current MPLS LDP parameters. show mpls ldp parameters Example: RP/0/RSP0/CPU0:router# show mpls ldp parameters Step 9 (Optional) Displays the status of the LDP session with its neighbors. This command can be run with various filters as well as with the brief option. show mpls ldp neighbor Example: RP/0/RSP0/CPU0:router# show mpls ldp neighbor Step 10 (Optional) Displays the status of the LDP graceful restart feature. The output of this command not only shows states of different graceful restart show mpls ldp graceful-restart Example: RP/0/RSP0/CPU0:router# show mpls ldp graceful-restart Step 11 timers, but also a list of graceful restart neighbors, their state, and reconnect count. Related Topics LDP Graceful Restart, on page 6 Phases in Graceful Restart, on page 8 Recovery with Graceful-Restart, on page 9 Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56 Configuring Label Acceptance Control (Inbound Filtering) Perform this task to configure LDP inbound label filtering. By default, there is no inbound label filtering performed by LDP and thus an LSR accepts (and retains) all remote label bindings from all peers. Note SUMMARY STEPS 1. configure 2. mpls ldp 3. label accept for prefix-acl from ip-address 4. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 34 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring Label Acceptance Control (Inbound Filtering)DETAILED STEPS Command or Action Purpose configure Enters the configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters the MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Configuresinbound label acceptance for prefixesspecified by prefix-acl from neighbor (as specified by its IP address). label accept for prefix-acl from ip-address Example: RP/0/RSP0/CPU0:router(config-ldp)# label Step 3 accept for pfx_acl_1 from 192.168.1.1 RP/0/RSP0/CPU0:router(config-ldp)# label accept for pfx_acl_2 from 192.168.2.2 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Label Acceptance Control (Inbound Filtering), on page 10 Configuring Label Acceptance (Inbound Filtering): Example, on page 57 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 35 Implementing MPLS Label Distribution Protocol Configuring Label Acceptance Control (Inbound Filtering)Configuring Local Label Allocation Control Perform this task to configure label allocation control. Note By default, local label allocation control is disabled and all non-BGP prefixes are assigned local labels. SUMMARY STEPS 1. configure 2. mpls ldp 3. label allocate for prefix-acl 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters the configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters the MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 label allocate for prefix-acl Configures label allocation control for prefixes as specified by prefix-acl. Example: RP/0/RSP0/CPU0:router(config-ldp)# label allocate for pfx_acl_1 Step 3 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 36 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring Local Label Allocation ControlCommand or Action Purpose ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Local Label Allocation Control, on page 11 Configuring Local Label Allocation Control: Example, on page 57 Configuring Session Protection Perform this task to configure LDP session protection. By default, there is no protection is done for link sessions by means of targeted hellos. SUMMARY STEPS 1. configure 2. mpls ldp 3. session protection [ for peer-acl ] [ duration seconds ] 4. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 37 Implementing MPLS Label Distribution Protocol Configuring Session ProtectionDETAILED STEPS Command or Action Purpose configure Enters the configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters the MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Configures LDP session protection for peers specified by peer-acl with a maximum duration, in seconds. session protection [ for peer-acl ] [ duration seconds ] Example: RP/0/RSP0/CPU0:router(config-ldp)# Step 3 session protection for peer_acl_1 duration 60 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Session Protection, on page 11 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 38 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring Session ProtectionConfiguring LDP Session Protection: Example, on page 58 Configuring LDP IGP Synchronization: OSPF Perform this task to configure LDP IGP Synchronization under OSPF. Note By default, there is no synchronization between LDP and IGPs. SUMMARY STEPS 1. configure 2. router ospf process-name 3. Use one of the following commands: • mpls ldp sync • area area-id mpls ldp sync • area area-id interface name mpls ldp sync 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Identifies the OSPF routing process and enters OSPF configuration mode. router ospf process-name Example: RP/0/RSP0/CPU0:router(config)# router ospf 100 Step 2 Step 3 Use one of the following commands: Enables LDP IGP synchronization on an interface. • mpls ldp sync • area area-id mpls ldp sync • area area-id interface name mpls ldp sync Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 39 Implementing MPLS Label Distribution Protocol Configuring LDP IGP Synchronization: OSPFCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-ospf)# mpls ldp sync Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ospf)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ospf)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics IGP Synchronization, on page 12 Configuring LDP IGP Synchronization—OSPF: Example, on page 58 Configuring LDP IGP Synchronization: ISIS Perform this task to configure LDP IGP Synchronization under ISIS. Note By default, there is no synchronization between LDP and ISIS. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 40 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP IGP Synchronization: ISISSUMMARY STEPS 1. configure 2. router isis instance-id 3. interface type interface-path-id 4. address-family ipv4 unicast 5. mpls ldp sync 6. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enables the Intermediate System-to-Intermediate System (IS-IS) routing protocol and defines an IS-IS instance. router isis instance-id Example: RP/0/RSP0/CPU0:router(config)# router isis Step 2 100 RP/0/RSP0/CPU0:router(config-isis)# Configures the IS-IS protocol on an interface and enters ISIS interface configuration mode. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-isis)# Step 3 interface POS 0/2/0/0 RP/0/RSP0/CPU0:router(config-isis-if)# Enters address family configuration mode for configuring IS-IS routing for a standard IP Version 4 (IPv4) address prefix. address-family ipv4 unicast Example: RP/0/RSP0/CPU0:router(config-isis-if)# Step 4 address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-isis-if-af)# mpls ldp sync Enables LDP IGP synchronization. Example: RP/0/RSP0/CPU0:router(config-isis-if-af)# mpls ldp sync Step 5 Step 6 Use one of the following commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 41 Implementing MPLS Label Distribution Protocol Configuring LDP IGP Synchronization: ISISCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-isis-if-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-isis-if-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics IGP Synchronization, on page 12 Configuring LDP IGP Synchronization—ISIS: Example, on page 58 Enabling LDP Auto-Configuration for a Specified OSPF Instance Perform this task to enable IGP auto-configuration globally for a specified OSPF process name. You can disable auto-configuration on a per-interface basis. This lets LDP enable all IGP interfaces except those that are explicitly disabled. Note This feature is supported for IPv4 unicast family in default VRF only. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 42 OL-26056-02 Implementing MPLS Label Distribution Protocol Enabling LDP Auto-Configuration for a Specified OSPF InstanceSUMMARY STEPS 1. configure 2. router ospf process-name 3. mpls ldp auto-config 4. area area-id 5. interface type interface-path-id 6. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters a uniquely identifiable OSPF routing process. The process name is any alphanumeric string no longer than 40 characters withoutspaces. router ospf process-name Example: RP/0/RSP0/CPU0:router(config)# router ospf Step 2 190 RP/0/RSP0/CPU0:router(config-ospf)# mpls ldp auto-config Enables LDP auto-configuration. Example: RP/0/RSP0/CPU0:router(config-ospf)# mpls ldp auto-config Step 3 Step 4 area area-id Configures an OSPF area and identifier. Example: RP/0/RSP0/CPU0:router(config-ospf)# area 8 area-id Either a decimal value or an IP address. Step 5 interface type interface-path-id Enables LDP auto-configuration on the specified interface. Example: RP/0/RSP0/CPU0:router(config-ospf-ar)# interface pos 0/6/0/0 LDP configurable limit for maximum number of interfaces does not apply to IGP auto-configuration interfaces. Note Step 6 Use one of the following commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 43 Implementing MPLS Label Distribution Protocol Enabling LDP Auto-Configuration for a Specified OSPF InstanceCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-ospf-ar-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ospf-ar-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics IGP Auto-configuration, on page 13 Configuring LDP Auto-Configuration: Example, on page 59 Disabling LDP Auto-Configuration, on page 46 Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance Perform this task to enable IGP auto-configuration in a defined area with a specified OSPF process name. You can disable auto-configuration on a per-interface basis. This lets LDP enable all IGP interfaces except those that are explicitly disabled. Note This feature is supported for IPv4 unicast family in default VRF only. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 44 OL-26056-02 Implementing MPLS Label Distribution Protocol Enabling LDP Auto-Configuration in an Area for a Specified OSPF InstanceSUMMARY STEPS 1. configure 2. router ospf process-name 3. area area-id 4. mpls ldp auto-config 5. interface type interface-path-id 6. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters a uniquely identifiable OSPF routing process. The process name is any alphanumeric string no longer than 40 characters without spaces. router ospf process-name Example: RP/0/RSP0/CPU0:router(config)# router ospf Step 2 100 RP/0/RSP0/CPU0:router(config-ospf)# Step 3 area area-id Configures an OSPF area and identifier. Example: RP/0/RSP0/CPU0:router(config-ospf)# area area-id Either a decimal value or an IP address. 8 RP/0/RSP0/CPU0:router(config-ospf-ar)# mpls ldp auto-config Enables LDP auto-configuration. Example: RP/0/RSP0/CPU0:router(config-ospf-ar)# mpls ldp auto-config Step 4 Enables LDP auto-configuration on the specified interface. The LDP configurable limit for maximum number of interfaces does not apply to IGP auto-config interfaces. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-ospf-ar)# Step 5 interface pos 0/6/0/0 RP/0/RSP0/CPU0:router(config-ospf-ar-if) Step 6 Use one of the following commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 45 Implementing MPLS Label Distribution Protocol Enabling LDP Auto-Configuration in an Area for a Specified OSPF InstanceCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-ospf-ar-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ospf-ar-if)# commit ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics IGP Auto-configuration, on page 13 Configuring LDP Auto-Configuration: Example, on page 59 Disabling LDP Auto-Configuration, on page 46 Disabling LDP Auto-Configuration Perform this task to disable IGP auto-configuration. You can disable auto-configuration on a per-interface basis. This lets LDP enable all IGP interfaces except those that are explicitly disabled. SUMMARY STEPS 1. configure 2. mpls ldp 3. interface type interface-path-id 4. igp auto-config disable 5. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 46 OL-26056-02 Implementing MPLS Label Distribution Protocol Disabling LDP Auto-ConfigurationDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters the MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp RP/0/RSP0/CPU0:router(config-ldp)# Step 2 interface type interface-path-id Enters interface configuration mode and configures an interface. Example: RP/0/RSP0/CPU0:router(config-ldp)# interface pos 0/6/0/0 Step 3 igp auto-config disable Disables auto-configuration on the specified interface. Example: RP/0/RSP0/CPU0:router(config-ldp-if)# igp auto-config disable Step 4 Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp-if)# commit ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 47 Implementing MPLS Label Distribution Protocol Disabling LDP Auto-ConfigurationRelated Topics IGP Auto-configuration, on page 13 Configuring LDP Auto-Configuration: Example, on page 59 Configuring LDP Nonstop Routing Perform this task to configure LDP NSR. Note By default, NSR is globally-enabled on all LDP sessions except AToM. SUMMARY STEPS 1. configure 2. mpls ldp 3. nsr 4. Use one of the following commands: • end • commit 5. show mpls ldp nsr statistics 6. show mpls ldp nsr summary 7. show mpls ldp nsr pending DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters the MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 48 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP Nonstop RoutingCommand or Action Purpose nsr Enables LDP nonstop routing. Example: RP/0/RSP0/CPU0:router(config-ldp)# nsr Step 3 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show mpls ldp nsr statistics Displays MPLS LDP NSR statistics. Example: RP/0/RSP0/CPU0:router# show mpls ldp nsr statistics Step 5 show mpls ldp nsr summary Displays MPLS LDP NSR summarized information. Example: RP/0/RSP0/CPU0:router# show mpls ldp nsr summary Step 6 show mpls ldp nsr pending Displays MPLS LDP NSR pending information. Example: RP/0/RSP0/CPU0:router# show mpls ldp nsr pending Step 7 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 49 Implementing MPLS Label Distribution Protocol Configuring LDP Nonstop RoutingRelated Topics LDP Nonstop Routing, on page 13 Configuring LDP Downstream on Demand mode SUMMARY STEPS 1. configure 2. mpls ldp 3. downstream-on-demand 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 Enters downstream on demand label advertisement mode. The ACL contains the list of peer IDs that are configured for downstream-on-demand mode. downstream-on-demand Example: RP/0/RSP0/CPU0:router(config-ldp)# Step 3 When the ACL is changed or configured, the list of established neighbor is traversed. downstream-on-demand with access-list Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 50 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP Downstream on Demand modeCommand or Action Purpose ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Downstream on Demand, on page 15 Redistributing MPLS LDP Routes into BGP Perform this task to redistribute Border Gateway Protocol (BGP) autonomous system into an MPLS LDP. SUMMARY STEPS 1. configure 2. mpls ldp 3. redistribute bgp 4. Use one of these commands: • end • commit 5. show run mpls ldp DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 51 Implementing MPLS Label Distribution Protocol Redistributing MPLS LDP Routes into BGPCommand or Action Purpose mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(conf)# mpls Step 2 ldp Step 3 redistribute bgp Allows the redistribution of BGP routes into an MPLS LDP processes. Example: RP/0/RSP0/CPU0:router(config-ldp)# Autonomoussystem numbers(ASNs) are globally unique identifiers used to identify autonomous systems (ASs) and enable ASs to exchange exterior routing information between neighboring ASs. A unique ASN is allocated to each AS for use in BGP routing. ASNs are encoded as 2-byte numbers and 4-byte numbers in BGP. Note redistribute bgp {advertise-to access-list | as} Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show run mpls ldp Displays information about the redistributed route information. Example: RP/0/RSP0/CPU0:router# show run mpls Step 5 ldp Setting Up Implicit-Null-Override Label Perform this task to configure implicit-null label for non-egress prefixes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 52 OL-26056-02 Implementing MPLS Label Distribution Protocol Setting Up Implicit-Null-Override LabelSUMMARY STEPS 1. configure 2. mpls ldp 3. label 4. implicit-null-override for access-list 5. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 mpls ldp Enters MPLS LDP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# mpls ldp Step 2 label Configures the allocation, advertisement ,and acceptance of labels. Example: RP/0/RSP0/CPU0:router(config-ldp)# label Step 3 Step 4 implicit-null-override for access-list Configures implicit-null local label for non-egress prefixes. Example: RP/0/RSP0/CPU0:router(config-ldp-lbl)# implicit-null-override for 70 This feature works with any prefix including static, IGP, and BGP, when specified in the ACL. Note Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-ldp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 53 Implementing MPLS Label Distribution Protocol Setting Up Implicit-Null-Override LabelCommand or Action Purpose or ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. RP/0/RSP0/CPU0:router(config-ldp)# commit ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuration Examples for Implementing MPLS LDP These configuration examples are provided to implement LDP: Configuring LDP with Graceful Restart: Example The example shows how to enable LDP with graceful restart on the POS interface 0/2/0/0. mpls ldp graceful-restart interface pos0/2/0/0 ! Configuring LDP Discovery: Example The example shows how to configure LDP discovery parameters. mpls ldp router-id loopback0 discovery hello holdtime 15 discovery hello interval 5 ! show mpls ldp parameters show mpls ldp discovery Configuring LDP Link: Example The example shows how to configure LDP link parameters. mpls ldp Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 54 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuration Examples for Implementing MPLS LDPinterface pos 0/1/0/0 ! ! show mpls ldp discovery Related Topics Configuring LDP Discovery Over a Link, on page 19 LDP Control Plane, on page 3 Configuring LDP Discovery for Targeted Hellos: Example The examples show how to configure LDP Discovery to accept targeted hello messages. Active (tunnel head) mpls ldp router-id loopback0 interface tunnel-te 12001 ! ! Passive (tunnel tail) mpls ldp router-id loopback0 discovery targeted-hello accept ! Related Topics Configuring LDP Discovery for Active Targeted Hellos, on page 20 Configuring LDP Discovery for Passive Targeted Hellos, on page 22 LDP Control Plane, on page 3 Configuring Label Advertisement (Outbound Filtering): Example The example shows how to configure LDP label advertisement control. mpls ldp label advertise disable for pfx_acl_1 to peer_acl_1 for pfx_acl_2 to peer_acl_2 for pfx_acl_3 interface POS 0/1/0/0 interface POS 0/2/0/0 ! ! ! ipv4 access-list pfx_acl_1 10 permit ip host 1.0.0.0 any ! Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 55 Implementing MPLS Label Distribution Protocol Configuring LDP Discovery for Targeted Hellos: Exampleipv4 access-list pfx_acl_2 10 permit ip host 2.0.0.0 any ! ipv4 access-list peer_acl_1 10 permit ip host 1.1.1.1 any 20 permit ip host 1.1.1.2 any ! ipv4 access-list peer_acl_2 10 permit ip host 2.2.2.2 any ! show mpls ldp binding Related Topics Configuring Label Advertisement Control (Outbound Filtering), on page 24 Label Advertisement Control (Outbound Filtering), on page 10 Configuring LDP Neighbors: Example The example shows how to disable label advertisement. mpls ldp router-id Loopback0 neighbor 1.1.1.1 password encrypted 110A1016141E neighbor 2.2.2.2 implicit-withdraw ! Related Topics Setting Up LDP Neighbors, on page 26 Configuring LDP Forwarding: Example The example shows how to configure LDP forwarding. mpls ldp explicit-null ! show mpls ldp forwarding show mpls forwarding Related Topics Setting Up LDP Forwarding, on page 29 LDP Forwarding, on page 5 Configuring LDP Nonstop Forwarding with Graceful Restart: Example The example shows how to configure LDP nonstop forwarding with graceful restart. mpls ldp log graceful-restart Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 56 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP Neighbors: Example! graceful-restart graceful-restart forwarding state-holdtime 180 graceful-restart reconnect-timeout 15 interface pos0/1/0/0 ! show mpls ldp graceful-restart show mpls ldp neighbor gr show mpls ldp forwarding show mpls forwarding Related Topics Setting Up LDP NSF Using Graceful Restart, on page 31 LDP Graceful Restart, on page 6 Phases in Graceful Restart, on page 8 Recovery with Graceful-Restart, on page 9 Configuring Label Acceptance (Inbound Filtering): Example The example shows how to configure inbound label filtering. mpls ldp label accept for pfx_acl_2 from 192.168.2.2 ! ! ! Related Topics Configuring Label Acceptance Control (Inbound Filtering), on page 34 Label Acceptance Control (Inbound Filtering), on page 10 Configuring Local Label Allocation Control: Example The example shows how to configure local label allocation control. mpls ldp label allocate for pfx_acl_1 ! ! Related Topics Configuring Local Label Allocation Control, on page 36 Local Label Allocation Control, on page 11 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 57 Implementing MPLS Label Distribution Protocol Configuring Label Acceptance (Inbound Filtering): ExampleConfiguring LDP Session Protection: Example The example shows how to configure session protection. mpls ldp session protection duration 60 for peer_acl_1 ! Related Topics Configuring Session Protection, on page 37 Session Protection, on page 11 Configuring LDP IGP Synchronization—OSPF: Example The example shows how to configure LDP IGP synchronization for OSPF. router ospf 100 mpls ldp sync ! mpls ldp igp sync delay 30 ! Related Topics Configuring LDP IGP Synchronization: OSPF, on page 39 IGP Synchronization, on page 12 Configuring LDP IGP Synchronization—ISIS: Example The example shows how to configure LDP IGP synchronization. router isis 100 interface POS 0/2/0/0 address-family ipv4 unicast mpls ldp sync ! ! ! mpls ldp igp sync delay 30 ! Related Topics Configuring LDP IGP Synchronization: ISIS, on page 40 IGP Synchronization, on page 12 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 58 OL-26056-02 Implementing MPLS Label Distribution Protocol Configuring LDP Session Protection: ExampleConfiguring LDP Auto-Configuration: Example The example shows how to configure the IGP auto-configuration feature globally for a specific OSPF interface ID. router ospf 100 mpls ldp auto-config area 0 interface pos 1/1/1/1 The example shows how to configure the IGP auto-configuration feature on a given area for a given OSPF interface ID. router ospf 100 area 0 mpls ldp auto-config interface pos 1/1/1/1 Related Topics Enabling LDP Auto-Configuration for a Specified OSPF Instance, on page 42 Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance, on page 44 Disabling LDP Auto-Configuration, on page 46 IGP Auto-configuration, on page 13 Configure IP LDP Fast Reroute Loop Free Alternate: Example The following examples show how to configure the IP LDP FRR LFA on the router. The following example shows how to configure LFA FRR with default tie-break configuration: router isis TEST net 49.0001.0000.0000.0001.00 address-family ipv4 unicast metric-style wide interface GigabitEthernet0/6/0/13 point-to-point address-family ipv4 unicast fast-reroute per-prefix # primary path GigabitEthernet0/6/0/13 will exclude the interface # GigabitEthernet0/6/0/33 in LFA backup path computation. fast-reroute per-prefix exclude interface GigabitEthernet0/6/0/33 ! interface GigabitEthernet0/6/0/23 point-to-point address-family ipv4 unicast ! interface GigabitEthernet0/6/0/24 point-to-point address-family ipv4 unicast ! interface GigabitEthernet0/6/0/33 point-to-point address-family ipv4 unicast ! Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 59 Implementing MPLS Label Distribution Protocol Configuring LDP Auto-Configuration: ExampleThe following example shows how to configure TE tunnel as LFA backup: router isis TEST net 49.0001.0000.0000.0001.00 address-family ipv4 unicast metric-style wide interface GigabitEthernet0/6/0/13 point-to-point address-family ipv4 unicast fast-reroute per-prefix # primary path GigabitEthernet0/6/0/13 will exclude the interface # GigabitEthernet0/6/0/33 in LFA backup path computation. TE tunnel 1001 # is using the link GigabitEthernet0/6/0/33. fast-reroute per-prefix exclude interface GigabitEthernet0/6/0/33 fast-reroute per-prefix lfa-candidate interface tunnel-te1001 ! interface GigabitEthernet0/6/0/33 point-to-point address-family ipv4 unicast ! The following example shows how to configure LFA FRR with configurable tie-break configuration: router isis TEST net 49.0001.0000.0000.0001.00 address-family ipv4 unicast metric-style wide fast-reroute per-prefix tiebreaker ? downstream Prefer backup path via downstream node lc-disjoint Prefer line card disjoint backup path lowest-backup-metric Prefer backup path with lowest total metric node-protecting Prefer node protecting backup path primary-path Prefer backup path from ECMP set secondary-path Prefer non-ECMP backup path fast-reroute per-prefix tiebreaker lc-disjoint index ? <1-255> Index fast-reroute per-prefix tiebreaker lc-disjoint index 10 Sample configuration: router isis TEST net 49.0001.0000.0000.0001.00 address-family ipv4 unicast metric-style wide fast-reroute per-prefix tiebreaker downstream index 60 fast-reroute per-prefix tiebreaker lc-disjoint index 10 fast-reroute per-prefix tiebreaker lowest-backup-metric index 40 fast-reroute per-prefix tiebreaker node-protecting index 30 fast-reroute per-prefix tiebreaker primary-path index 20 fast-reroute per-prefix tiebreaker secondary-path index 50 ! interface GigabitEthernet0/6/0/13 point-to-point address-family ipv4 unicast fast-reroute per-prefix ! interface GigabitEthernet0/1/0/13 point-to-point address-family ipv4 unicast fast-reroute per-prefix ! interface GigabitEthernet0/3/0/0.1 point-to-point address-family ipv4 unicast ! interface GigabitEthernet0/3/0/0.2 point-to-point address-family ipv4 unicast Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 60 OL-26056-02 Implementing MPLS Label Distribution Protocol Configure IP LDP Fast Reroute Loop Free Alternate: ExampleRelated Topics IP LDP Fast Reroute Loop Free Alternate, on page 14 Verify IP LDP Fast Reroute Loop Free Alternate: Example The following examples show how to verify the IP LDP FRR LFA feature on the router. The following example shows how to verify ISIS FRR output: RP/0/RSP0/CPU0:router#show isis fast-reroute summary IS-IS 1 IPv4 Unicast FRR summary Critical High Medium Low Total Priority Priority Priority Priority Prefixes reachable in L1 All paths protected 0 0 4 1008 1012 Some paths protected 0 0 0 0 0 Unprotected 0 0 0 0 0 Protection coverage 0.00% 0.00% 100.00% 100.00% 100.00% Prefixes reachable in L2 All paths protected 0 0 1 0 1 Some paths protected 0 0 0 0 0 Unprotected 0 0 0 0 0 Protection coverage 0.00% 0.00% 100.00% 0.00% 100.00% The following example shows how to verify the IGP route 211.1.1.1/24 in ISIS Fast Reroute output: RP/0/RSP0/CPU0:router#show isis fast-reroute 211.1.1.1/24 L1 211.1.1.1/24 [40/115] via 12.0.0.2, GigabitEthernet0/6/0/13, NORTH FRR backup via 14.0.2.2, GigabitEthernet0/6/0/0.3, SOUTH RP/0/RSP0/CPU0:router#show isis fast-reroute 211.1.1.1/24 detail L1 211.1.1.1/24 [40/115] low priority via 12.0.0.2, GigabitEthernet0/6/0/13, NORTH FRR backup via 14.0.2.2, GigabitEthernet0/6/0/0.3, SOUTH P: No, TM: 130, LC: No, NP: Yes, D: Yes src sr1.00-00, 173.1.1.2 L2 adv [40] native, propagated The following example shows how to verify the IGP route 211.1.1.1/24 in RIB output: RP/0/RSP0/CPU0:router#show route 211.1.1.1/24 Routing entry for 211.1.1.0/24 Known via "isis 1", distance 115, metric 40, type level-1 Installed Nov 27 10:22:20.311 for 1d08h Routing Descriptor Blocks 12.0.0.2, from 173.1.1.2, via GigabitEthernet0/6/0/13, Protected Route metric is 40 14.0.2.2, from 173.1.1.2, via GigabitEthernet0/6/0/0.3, Backup Route metric is 0 No advertising protos. The following example shows how to verify the IGP route 211.1.1.1/24 in FIB output: RP/0/RSP0/CPU0:router#show cef 211.1.1.1/24 211.1.1.0/24, version 0, internal 0x40040001 (ptr 0x9d9e1a68) [1], 0x0 \ (0x9ce0ec40), 0x4500 (0x9e2c69e4) Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 61 Implementing MPLS Label Distribution Protocol Verify IP LDP Fast Reroute Loop Free Alternate: ExampleUpdated Nov 27 10:22:29.825 remote adjacency to GigabitEthernet0/6/0/13 Prefix Len 24, traffic index 0, precedence routine (0) via 12.0.0.2, GigabitEthernet0/6/0/13, 0 dependencies, weight 0, class 0, \ protected [flags 0x400] path-idx 0, bkup-idx 1 [0x9e5b71b4 0x0] next hop 12.0.0.2 local label 16080 labels imposed {16082} via 14.0.2.2, GigabitEthernet0/6/0/0.3, 3 dependencies, weight 0, class 0, \ backup [flags 0x300] path-idx 1 next hop 14.0.2.2 remote adjacency local label 16080 labels imposed {16079} RP/0/RSP0/CPU0:router#show cef 211.1.1.1/24 detail 211.1.1.0/24, version 0, internal 0x40040001 (ptr 0x9d9e1a68) [1], 0x0 \ (0x9ce0ec40), 0x4500 (0x9e2c69e4) Updated Nov 27 10:22:29.825 remote adjacency to GigabitEthernet0/6/0/13 Prefix Len 24, traffic index 0, precedence routine (0) gateway array (0x9cc622f0) reference count 1158, flags 0x28000d00, source lsd \ (2), [387 type 5 flags 0x101001 (0x9df32398) ext 0x0 (0x0)] LW-LDI[type=5, refc=3, ptr=0x9ce0ec40, sh-ldi=0x9df32398] via 12.0.0.2, GigabitEthernet0/6/0/13, 0 dependencies, weight 0, class 0, \ protected [flags 0x400] path-idx 0, bkup-idx 1 [0x9e5b71b4 0x0] next hop 12.0.0.2 local label 16080 labels imposed {16082} via 14.0.2.2, GigabitEthernet0/6/0/0.3, 3 dependencies, weight 0, class 0, \ backup [flags 0x300] path-idx 1 next hop 14.0.2.2 remote adjacency local label 16080 labels imposed {16079} Load distribution: 0 (refcount 387) Hash OK Interface Address 0 Y GigabitEthernet0/6/0/13 remote The following example shows how to verify the IGP route 211.1.1.1/24 in MPLS LDP output: RP/0/RSP0/CPU0:router#show mpls ldp forwarding 211.1.1.1/24 Prefix Label Label Outgoing Next Hop GR Stale In Out Interface ---------------- ------- ---------- ------------ ------------------- -- ----- 211.1.1.0/24 16080 16082 Gi0/6/0/13 12.0.0.2 Y N 16079 Gi0/6/0/0.3 14.0.2.2 (!) Y N RP/0/RSP0/CPU0:router#show mpls ldp forwarding 211.1.1.1/24 detail Prefix Label Label Outgoing Next Hop GR Stale In Out Interface ---------------- ------- ---------- ------------ ------------------- -- ----- 211.1.1.0/24 16080 16082 Gi0/6/0/13 12.0.0.2 Y N [ Protected; path-id 1 backup-path-id 33; peer 20.20.20.20:0 ] 16079 Gi0/6/0/0.3 14.0.2.2 (!) Y N [ Backup; path-id 33; peer 40.40.40.40:0 ] Routing update : Nov 27 10:22:19.560 (1d08h ago) Forwarding update: Nov 27 10:22:29.060 (1d08h ago) Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 62 OL-26056-02 Implementing MPLS Label Distribution Protocol Verify IP LDP Fast Reroute Loop Free Alternate: ExampleRelated Topics IP LDP Fast Reroute Loop Free Alternate, on page 14 Additional References For additional information related to Implementing MPLS Label Distribution Protocol, refer to the following references: Related Documents Related Topic Document Title MPLS Label Distribution Protocol Commands on Cisco ASR 9000 Series Router module in the Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference LDP commands on Cisco ASR 9000 Series Router Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Getting started material Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — RFCs RFCs Title RFC 3031 Multiprotocol Label Switching Architecture RFC 3036 LDP Specification Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 63 Implementing MPLS Label Distribution Protocol Additional ReferencesRFCs Title RFC 3037 LDP Applicability Graceful Restart Mechanism for Label Distribution Protocol RFC 3478 RFC 3815 Definitions of Managed Objects for MPLS LDP Label Distribution and Management Downstream on Demand Label Advertisement RFC 5036 Basic Specification for IP Fast Reroute: Loop-Free Alternates RFC 5286 Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 64 OL-26056-02 Implementing MPLS Label Distribution Protocol Additional ReferencesC H A P T E R 2 Implementing RSVP for MPLS-TE This module describes how to implement Resource Reservation Protocol (RSVP) for MPLS Traffic Engineering (MPLS-TE) on Cisco ASR 9000 Series Aggregation Services Routers. The Multiprotocol Label Switching (MPLS) is a standards-based solution, driven by the Internet Engineering Task Force (IETF), devised to convert the Internet and IP backbones from best-effort networks into business-class transport media. Resource Reservation Protocol (RSVP) is a signaling protocol that enables systems to request resource reservations from the network. RSVP processes protocol messages from other systems, processes resource requests from local clients, and generates protocol messages. As a result, resources are reserved for data flows on behalf of local and remote clients. RSVP creates, maintains, and deletes these resource reservations. RSVP provides a secure method to control quality-of-service (QoS) access to a network. MPLS Traffic Engineering (MPLS-TE) uses RSVP to signal label switched paths (LSPs). Feature History for Implementing RSVP for MPLS-TE Release Modification Release 3.7.2 This feature was introduced. Release 3.9.0 The RSVP MIB feature was added. • Prerequisites for Implementing RSVP for MPLS-TE , page 66 • Information About Implementing RSVP for MPLS-TE , page 66 • Information About Implementing RSVP Authentication, page 71 • How to Implement RSVP, page 75 • How to Implement RSVP Authentication, page 88 • Configuration Examples for RSVP, page 104 • Configuration Examples for RSVP Authentication, page 108 • Additional References, page 110 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 65Prerequisites for Implementing RSVP for MPLS-TE These prerequisites are required to implement RSVP for MPLS-TE : • You must be in a user group associated with a task group that includesthe proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. • Either a composite mini-image plus an MPLS package, or a full image, must be installed. Information About Implementing RSVP for MPLS-TE To implement MPLS RSVP, you must understand the these concepts: Related Topics How to Implement RSVP Authentication, on page 88 Overview of RSVP for MPLS-TE RSVP is a network control protocol that enables Internet applications to signal LSPs for MPLS-TE . The RSVP implementation is compliant with the IETF RFC 2205, and RFC 3209. RSVP is automatically enabled on interfaces on which MPLS-TE is configured. For MPLS-TE LSPs with nonzero bandwidth, the RSVP bandwidth has to be configured on the interfaces. There is no need to configure RSVP, if all MPLS-TE LSPs have zero bandwidth . RSVP Refresh Reduction, defined in RFC 2961, includes support for reliable messages and summary refresh messages. Reliable messages are retransmitted rapidly if the message is lost. Because each summary refresh message contains information to refresh multiple states, this greatly reduces the amount of messaging needed to refresh states. For refresh reduction to be used between two routers, it must be enabled on both routers. Refresh Reduction is enabled by default. Message rate limiting for RSVP allows you to set a maximum threshold on the rate at which RSVP messages are sent on an interface. Message rate limiting is disabled by default. The process that implements RSVP is restartable. A software upgrade, process placement or process failure of RSVP or any of its collaborators, has been designed to ensure Nonstop Forwarding (NSF) of the data plane. RSVP supports graceful restart, which is compliant with RFC 3473. It follows the procedures that apply when the node reestablishes communication with the neighbor’s control plane within a configured restart time. It is important to note that RSVP is not a routing protocol. RSVP works in conjunction with routing protocols and installs the equivalent of dynamic access lists along the routes that routing protocols calculate. Because of this, implementing RSVP in an existing network does not require migration to a new routing protocol. Related Topics Configuring RSVP Packet Dropping, on page 81 Set DSCP for RSVP Packets: Example, on page 107 Verifying RSVP Configuration, on page 83 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 66 OL-26056-02 Implementing RSVP for MPLS-TE Prerequisites for Implementing RSVP for MPLS-TELSP Setup LSP setup is initiated when the LSP head node sends path messages to the tail node (see the RSVP Operation figure ). Figure 7: RSVP Operation The Path messagesreserve resources along the path to each node, creating Path softstates on each node.When the tail node receives a path message, it sends a reservation (RESV) message with a label back to the previous node. When the reservation message arrives at the previous node, it causes the reserved resources to be locked and forwarding entries are programmed with the MPLS label sent from the tail-end node. A new MPLS label is allocated and sent to the next node upstream. When the reservation message reaches the head node, the label is programmed and the MPLS data starts to flow along the path. High Availability RSVP is designed to ensure nonstop forwarding under the following constraints: • Ability to tolerate the failure of one RP of a 1:1 redundant pair. • Hitless software upgrade. The RSVP high availability (HA) design followsthe constraints of the underlying architecture where processes can fail without affecting the operation of other processes. A processfailure of RSVP or any of its collaborators does not cause any traffic loss or cause established LSPs to go down. When RSVP restarts, it recovers its signaling states from its neighbors. No special configuration or manual intervention are required. You may configure RSVP graceful restart, which offers a standard mechanism to recover RSVP state information from neighbors after a failure. Graceful Restart RSVP graceful restart provides a control plane mechanism to ensure high availability (HA), which allows detection and recovery from failure conditions while preserving nonstop forwarding services on the systems running Cisco IOS XR software. RSVP graceful restart provides a mechanism that minimizes the negative effects on MPLS traffic caused by these types of faults: • Disruption of communication channels between two nodes when the communication channels are separate from the data channels. This is called control channel failure. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 67 Implementing RSVP for MPLS-TE LSP Setup• Control plane of a node fails but the node preservesits data forwarding states. Thisis called node failure. The procedure for RSVP graceful restart is described in the “Fault Handling” section of RFC 3473, Generalized MPLS Signaling, RSVP-TE Extensions. One of the main advantages of using RSVP graceful restart isrecovery of the control plane while preserving nonstop forwarding and existing labels. Graceful Restart: Standard and Interface-Based When you configure RSVP graceful restart, Cisco IOS XR software sends and expects node-id address based Hello messages (that is, Hello Request and Hello Ack messages). The RSVP graceful restart Hello session is not established if the neighbor router does not respond with a node-id based Hello Ack message. You can also configure graceful restart to respond (send Hello Ack messages) to interface-address based Hello messages sent from a neighbor router in order to establish a graceful restart Hello session on the neighbor router. If the neighbor router does not respond with node-id based Hello Ack message, however, the RSVP graceful restart Hello session is not established. Cisco IOS XR software provides two commands to configure graceful restart: • signalling hello graceful-restart • signalling hello graceful-restart interface-based By default, graceful restart is disabled. To enable interface-based graceful restart, you must first enable standard graceful restart. You cannot enable interface-based graceful restart independently. Note Related Topics Enabling Graceful Restart, on page 78 Enable Graceful Restart: Example, on page 106 Enable Interface-Based Graceful Restart: Example, on page 106 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 68 OL-26056-02 Implementing RSVP for MPLS-TE Graceful RestartGraceful Restart: Figure This figure illustrates how RSVP graceful restart handles a node failure condition. Figure 8: Node Failure with RSVP RSVP graceful restart requires the use of RSVP hello messages. Hello messages are used between RSVP neighbors. Each neighbor can autonomously issue a hello message containing a hello request object. A receiver that supports the hello extension replies with a hello message containing a hello acknowledgment (ACK) object. This means that a hello message contains either a hello Request or a hello ACK object. These two objects have the same format. The restart cap object indicates a node’s restart capabilities. It is carried in hello messages if the sending node supports state recovery. The restart cap object has the following two fields: Restart Time Time after a lossin Hello messages within which RSVP hello session can be reestablished. It is possible for a user to manually configure the Restart Time. Recovery Time Time that the sender waits for the recipient to re-synchronize states after the re-establishment of hello messages. This value is computed and advertised based on number of states that existed before the fault occurred. For graceful restart, the hello messages are sent with an IP Time to Live (TTL) of 64. This is because the destination of the hello messages can be multiple hops away. If graceful restart is enabled, hello messages (containing the restart cap object) are send to an RSVP neighbor when RSVP states are shared with that neighbor. Restart cap objects are sent to an RSVP neighbor when RSVP states are shared with that neighbor. If the neighbor replies with hello messages containing the restart cap object, the neighbor is considered to be graceful restart capable. If the neighbor does not reply with hello messages or replies with hello messages that do not Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 69 Implementing RSVP for MPLS-TE Graceful Restartcontain the restart cap object, RSVP backs off sending hellos to that neighbor. If graceful restart is disabled, no hello messages (Requests or ACKs) are sent. If a hello Request message is received from an unknown neighbor, no hello ACK is sent back. ACL-based Prefix Filtering RSVP provides for the configuration of extended access lists (ACLs) to forward, drop, or perform normal processing on RSVP router-alert (RA) packets. Prefix filtering is designed for use at core access routers in order that RA packets (identified by a source/destination address) can be seamlessly forwarded across the core from one access point to another (or, conversely to be dropped at this node). RSVP applies prefix filtering rules only to RA packets because RA packets contain source and destination addresses of the RSVP flow. RA packets forwarded due to prefix filtering must not be sent as RSVP bundle messages, because bundle messages are hop-by-hop and do not contain RA. Forwarding a Bundle message does not work, because the node receiving the messages is expected to apply prefix filtering rules only to RA packets. Note For each incoming RSVP RA packet, RSVP inspectsthe IP header and attemptsto match the source/destination IP addresses with a prefix configured in an extended ACL. The results are as follows: • If an ACL does not exist, the packet is processed like a normal RSVP packet. • If the ACL match yields an explicit permit (and if the packet is not locally destined), the packet is forwarded. The IP TTL is decremented on all forwarded packets. • If the ACL match yields an explicit deny, the packet is dropped. If there is no explicit permit or explicit deny, the ACL infrastructure returns an implicit (default) deny. RSVP can be configured to drop the packet. By default, RSVP processes the packet if the ACL match yields an implicit (default) deny. Related Topics Configuring ACLs for Prefix Filtering, on page 80 Configure ACL-based Prefix Filtering: Example, on page 107 RSVP MIB RFC 2206, RSVP Management Information Base Using SMIv2 defines all the SNMP MIB objects that are relevant to RSVP. By implementing the RSVP MIB, you can perform these functions: • Specifies two traps (NetFlow and LostFlow) which are triggered when a new flow is created or deleted. • Lets you use SNMP to access objects belonging to RSVP. Related Topics Enabling RSVP Traps, on page 86 Enable RSVP Traps: Example, on page 108 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 70 OL-26056-02 Implementing RSVP for MPLS-TE ACL-based Prefix FilteringInformation About Implementing RSVP Authentication Before implementing RSVP authentication, you must configure a keychain first. The name of the keychain must be the same as the one used in the keychain configuration. For more information about configuring keychains, see Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide . Note RSVP authentication supports only keyed-hash message authentication code (HMAC) type algorithms. To implement RSVP authentication on Cisco IOS XR software, you must understand the following concepts: RSVP Authentication Functions You can carry out these tasks with RSVP authentication: • Set up a secure relationship with a neighbor by using secret keys that are known only to you and the neighbor. • Configure RSVP authentication in global, interface, or neighbor configuration modes. • Authenticate incoming messages by checking if there is a valid security relationship that is associated based on key identifier, incoming interface, sender address, and destination address. • Add an integrity object with message digest to the outgoing message. • Use sequence numbers in an integrity object to detect replay attacks. RSVP Authentication Design Network administrators need the ability to establish a security domain to control the set ofsystemsthat initiates RSVP requests. The RSVP authentication feature permits neighborsin an RSVP network to use a secure hash to sign all RSVP signaling messages digitally, thus allowing the receiver of an RSVP message to verify the sender of the message without relying solely on the sender's IP address. The signature is accomplished on a per-RSVP-hop basis with an RSVP integrity object in the RSVP message as defined in RFC 2747. This method provides protection against forgery or message modification. However, the receiver must know the security key used by the sender to validate the digital signature in the received RSVP message. Network administrators manually configure a common key for each RSVP neighbor on the shared network. The following reasons explain how to choose between global, interface, or neighbor configuration modes: • Global configuration mode is optimal when a router belongs to a single security domain (for example, part of a set of provider core routers). A single common key set is expected to be used to authenticate all RSVP messages. • Interface, or neighbor configuration mode, is optimal when a router belongs to more than one security domain. For example, a provider router is adjacent to the provider edge (PE), or a PE is adjacent to an edge device. Different keys can be used but not shared. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 71 Implementing RSVP for MPLS-TE Information About Implementing RSVP AuthenticationGlobal configuration mode configures the defaults for interface and neighbor interface modes. These modes, unless explicitly configured, inherit the parameters from global configuration mode, as follows: • Window-size is set to 1. • Lifetime is set to 1800. • key-source key-chain command is set to none or disabled. Related Topics Configuring a Lifetime for an Interface for RSVP Authentication, on page 95 RSVP Authentication by Using All the Modes: Example, on page 110 Global, Interface, and Neighbor Authentication Modes You can configure global defaults for all authentication parameters including key, window size, and lifetime. These defaults are inherited when you configure authentication for each neighbor or interface. However, you can also configure these parameters individually on a neighbor or interface basis, in which case the global values (configured or default) are no longer inherited. RSVP uses the following rules when choosing which authentication parameter to use when that parameter is configured at multiple levels (interface, neighbor, or global). RSVP goes from the most specific to least specific; that is, neighbor, interface, and global. Note Global keys simplify the configuration and eliminate the chances of a key mismatch when receiving messages from multiple neighbors and multiple interfaces. However, global keys do not provide the best security. Interface keys are used to secure specific interfaces between two RSVP neighbors. Because many of the RSVP messages are IP routed, there are many scenarios in which using interface keys are not recommended. If all keys on the interfaces are not the same, there is a risk of a key mismatch for the following reasons: • When the RSVP graceful restart is enabled, RSVP hello messages are sent with a source IP address of the local router ID and a destination IP address of the neighbor router ID. Because multiple routes can exist between the two neighbors, the RSVP hello message can traverse to different interfaces. • When the RSVP fast reroute (FRR) is active, the RSVP Path and Resv messages can traverse multiple interfaces. • When Generalized Multiprotocol Label Switching (GMPLS) optical tunnels are configured, RSVP messages are exchanged with router IDs as the source and destination IP addresses. Since multiple control channels can exist between the two neighbors, the RSVP messages can traverse different interfaces. Neighbor-based keys are particularly useful in a network in which some neighborssupport RSVP authentication procedures and others do not. When the neighbor-based keys are configured for a particular neighbor, you are advised to configure all the neighbor’s addresses and router IDs for RSVP authentication. Related Topics Configuring a Lifetime for RSVP Authentication in Global Configuration Mode, on page 90 RSVP Authentication Global Configuration Mode: Example, on page 108 Specifying the RSVP Authentication Keychain in Interface Mode, on page 93 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 72 OL-26056-02 Implementing RSVP for MPLS-TE Global, Interface, and Neighbor Authentication ModesRSVP Authentication by Using All the Modes: Example, on page 110 Security Association A security association (SA) is defined as a collection of information that is required to maintain secure communications with a peer to counter replay attacks, spoofing, and packet corruption. This table lists the main parameters that define a security association. Table 2: Security Association Main Parameters Parameter Description src IP address of the sender. dst IP address of the final destination. interface Interface of the SA. direction Send or receive type of the SA. Expiration timer value that is used to collect unused security association data. Lifetime Lastsequence number that was eithersent or accepted (dependent of the direction type). Sequence Number key-source Source of keys for the configurable parameter. Key number (returned form the key-source) that was last used. keyID digest Algorithm last used (returned from the key-source). Specifiesthe tolerance for the configurable parameter. The parameter is applicable when the direction parameter is the receive type. Window Size Specifiesthe last window size value sequence number that is received or accepted. The parameter is applicable when the direction parameter isthe receive type. Window An SA is created dynamically when sending and receiving messagesthat require authentication. The neighbor, source, and destination addresses are obtained either from the IP header or from an RSVP object, such as a HOP object, and whether the message is incoming or outgoing. When the SA is created, an expiration timer is created. When the SA authenticates a message, it is marked as recently used. The lifetime timer periodically checks if the SA is being used. If so, the flag is cleared and is cleaned up for the next period unless it is marked again. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 73 Implementing RSVP for MPLS-TE Security AssociationThis table shows how to locate the source and destination address keys for an SA that is based on the message type. Table 3: Source and Destination Address Locations for Different Message Types Message Type Source Address Location Destination Address Location Path HOP object SESSION object PathTear HOP object SESSION object PathError HOP object IP header Resv HOP object IP header ResvTear HOP object IP header ResvError HOP object IP header ResvConfirm IP header CONFIRM object Ack IP header IP header Srefresh IP header IP header Hello IP header IP header Bundle — — Related Topics Specifying the Keychain for RSVP Neighbor Authentication, on page 98 RSVP Neighbor Authentication: Example, on page 109 Configuring a Lifetime for RSVP Neighbor Authentication, on page 100 RSVP Authentication Global Configuration Mode: Example, on page 108 Key-source Key-chain The key-source key-chain is used to specify which keys to use. You configure a list of keys with specific IDs and have different lifetimes so that keys are changed at predetermined intervals automatically, without any disruption of service. Rollover enhances network security by minimizing the problems that could result if an untrusted source obtained, deduced, or guessed the current key. RSVP handles rollover by using the following key ID types: • On TX, use the youngest eligible key ID. • On RX, use the key ID that is received in an integrity object. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 74 OL-26056-02 Implementing RSVP for MPLS-TE Key-source Key-chainFor more information about implementing keychain management,see Cisco ASR 9000 Series Router System Security Configuration Guide Cisco ASR 9000 Series Router . Related Topics Enabling RSVP Authentication Using the Keychain in Global Configuration Mode, on page 88 RSVP Authentication Global Configuration Mode: Example, on page 108 Specifying the Keychain for RSVP Neighbor Authentication, on page 98 RSVP Neighbor Authentication: Example, on page 109 Guidelines for Window-Size and Out-of-Sequence Messages These guidelines are required for window-size and out-of-sequence messages: • Default window-size is set to 1. If a single message is received out-of-sequence, RSVP rejects it and displays a message. • When RSVP messages are sent in burst mode (for example, tunnel optimization), some messages can become out-of-sequence for a short amount of time. • Window size can be increased by using the window-size command. When the window size is increased, replay attacks can be detected with duplicate sequence numbers. Related Topics Configuring the Window Size for RSVP Authentication in Global Configuration Mode, on page 91 Configuring the Window Size for an Interface for RSVP Authentication, on page 96 Configuring the Window Size for RSVP Neighbor Authentication, on page 102 RSVP Authentication by Using All the Modes: Example, on page 110 RSVP Authentication for an Interface: Example, on page 109 Caveats for Out-of-Sequence These caveats are listed for out-of-sequence: • When RSVP messages traverse multiple interface types with different maximum transmission unit (MTU) values, some messages can become out-of-sequence if they are fragmented. • Packets with some IP options may be reordered. • Change in QoS configurations may lead to a transient reorder of packets. • QoS policies can cause a reorder of packets in a steady state. Because all out-of-sequence messages are dropped, the sender must retransmit them. Because RSVP state timeouts are generally long, out-of-sequence messages during a transient state do not lead to a state timeout. How to Implement RSVP RSVP requires coordination among several routers, establishing exchange of RSVP messages to set up LSPs. Depending on the client application, RSVP requires some basic configuration, as described in these topics: Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 75 Implementing RSVP for MPLS-TE Guidelines for Window-Size and Out-of-Sequence MessagesConfiguring Traffic Engineering Tunnel Bandwidth To configure traffic engineering tunnel bandwidth, you must firstset up TE tunnels and configure the reserved bandwidth per interface (there is no need to configure bandwidth for the data channel or the control channel). Cisco IOS XR software supports two MPLS DS-TE modes: Prestandard and IETF. For prestandard DS-TE you do not need to configure bandwidth for the data channel or the control channel. There is no other specific RSVP configuration required for this application. When no RSVP bandwidth is specified for a particular interface, you can specify zero bandwidth in the LSP setup if it is configured under RSVP interface configuration mode or MPLS-TE configuration mode. Note Related Topics Configuring a Prestandard DS-TE Tunnel, on page 176 Configuring an IETF DS-TE Tunnel Using RDM, on page 178 Configuring an IETF DS-TE Tunnel Using MAM, on page 181 Confirming DiffServ-TE Bandwidth Perform this task to confirm DiffServ-TE bandwidth. In RSVP global and subpools, reservable bandwidths are configured per interface to accommodate TE tunnels on the node. Available bandwidth from all configured bandwidth pools is advertised using IGP. RSVP signals the TE tunnel with appropriate bandwidth pool requirements. SUMMARY STEPS 1. configure 2. rsvp 3. interface type interface-path-id 4. bandwidth total-bandwidth max-flow sub-pool sub-pool-bw 5. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 76 OL-26056-02 Implementing RSVP for MPLS-TE Configuring Traffic Engineering Tunnel BandwidthDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp Enters RSVP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 interface type interface-path-id Enters interface configuration mode for the RSVP protocol. Example: RP/0/RSP0/CPU0:router(config-rsvp)# Step 3 interface pos 0/2/0/0 Sets the reservable bandwidth, the maximum RSVP bandwidth available for a flow and the sub-pool bandwidth on this interface. bandwidth total-bandwidth max-flow sub-pool sub-pool-bw Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# Step 4 bandwidth 1000 100 sub-pool 150 Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and or returns the router to EXEC mode. RP/0/RSP0/CPU0:router(config-rsvp-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 77 Implementing RSVP for MPLS-TE Confirming DiffServ-TE BandwidthCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Differentiated Services Traffic Engineering, on page 127 Bandwidth Configuration (MAM): Example, on page 104 Bandwidth Configuration (RDM): Example, on page 105 Enabling Graceful Restart Perform this task to enable graceful restart for implementations using both node-id and interface-based hellos. RSVP graceful restart provides a control plane mechanism to ensure high availability, which allows detection and recovery from failure conditions while preserving nonstop forwarding services. SUMMARY STEPS 1. configure 2. rsvp 3. signalling graceful-restart 4. signalling graceful-restart interface-based 5. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 78 OL-26056-02 Implementing RSVP for MPLS-TE Enabling Graceful RestartCommand or Action Purpose rsvp Enters the RSVP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 signalling graceful-restart Enables the graceful restart process on the node. Example: RP/0/RSP0/CPU0:router(config-rsvp)# Step 3 signalling graceful-restart signalling graceful-restart interface-based Enables interface-based graceful restart process on the node. Example: RP/0/RSP0/CPU0:router(config-rsvp)# Step 4 signalling graceful-restart interface-based Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-rsvp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Graceful Restart: Standard and Interface-Based, on page 68 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 79 Implementing RSVP for MPLS-TE Enabling Graceful RestartEnable Graceful Restart: Example, on page 106 Enable Interface-Based Graceful Restart: Example, on page 106 Configuring ACL-based Prefix Filtering Two procedures are provided to show how RSVP Prefix Filtering is associated: • Configuring ACLs for Prefix Filtering, on page 80 • Configuring RSVP Packet Dropping, on page 81 Configuring ACLs for Prefix Filtering Perform this task to configure an extended access list ACL that identifies the source and destination prefixes used for packet filtering. Note The extended ACL needs to be configured separately using extended ACL configuration commands. SUMMARY STEPS 1. configure 2. rsvp 3. signalling prefix-filtering access-list 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp Enters the RSVP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 80 OL-26056-02 Implementing RSVP for MPLS-TE Configuring ACL-based Prefix FilteringCommand or Action Purpose signalling prefix-filtering access-list Enter an extended access list name as a string. Example: RP/0/RSP0/CPU0:router(config-rsvp)# Step 3 signalling prefix-filtering access-list banks Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-rsvp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics ACL-based Prefix Filtering, on page 70 Configure ACL-based Prefix Filtering: Example, on page 107 Configuring RSVP Packet Dropping Perform this task to configure RSVP to drop RA packets when the ACL match returns an implicit (default) deny. The default behavior performs normal RSVP processing on RA packets when the ACL match returns an implicit (default) deny. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 81 Implementing RSVP for MPLS-TE Configuring ACL-based Prefix FilteringSUMMARY STEPS 1. configure 2. rsvp 3. signalling prefix-filtering default-deny-action 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp Enters the RSVP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 signalling prefix-filtering default-deny-action Drops RA messages. Example: RP/0/RSP0/CPU0:router(config-rsvp)# Step 3 signalling prefix-filtering default-deny-action Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-rsvp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 82 OL-26056-02 Implementing RSVP for MPLS-TE Configuring ACL-based Prefix FilteringCommand or Action Purpose ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Overview of RSVP for MPLS-TE , on page 66 Set DSCP for RSVP Packets: Example, on page 107 Verifying RSVP Configuration This figure illustrates the topology. Figure 9: Sample Topology Perform the following steps to verify RSVP configuration. SUMMARY STEPS 1. show rsvp session 2. show rsvp counters messages summary 3. show rsvp counters events 4. show rsvp interface type interface-path-id [detail] 5. show rsvp graceful-restart 6. show rsvp graceful-restart [neighbors ip-address | detail] 7. show rsvp interface 8. show rsvp neighbor DETAILED STEPS Step 1 show rsvp session Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 83 Implementing RSVP for MPLS-TE Verifying RSVP ConfigurationVerifiesthat all routers on the path of the LSP are configured with at least one Path State Block (PSB) and one Reservation State Block (RSB) per session. Example: RP/0/RSP0/CPU0:router# show rsvp session Type Destination Add DPort Proto/ExtTunID PSBs RSBs Reqs ---- --------------- ----- --------------- ----- ----- ----- LSP4 172.16.70.70 6 10.51.51.51 1 1 0 In the example , the output represents an LSP from ingress (head) router 10.51.51.51 to egress (tail) router 172.16.70.70. The tunnel ID (also called the destination port) is 6. Example: If no states can be found for a session that should be up, verify the application (for example, MPLS-TE ) to see if everything is in order. If a session has one PSB but no RSB, this indicates that either the Path message is not making it to the egress (tail) router or the reservation message is not making it back to the router R1 in question. Go to the downstream router R2 and display the session information: Example: If R2 has no PSB, either the path message is not making it to the router or the path message is being rejected (for example, due to lack of resources). If R2 has a PSB but no RSB, go to the next downstream router R3 to investigate. If R2 has a PSB and an RSB, this means the reservation is not making it from R2 to R1 or is being rejected. Step 2 show rsvp counters messages summary Verifies whether the RSVP message is being transmitted and received. Example: RP/0/RSP0/CPU0:router# show rsvp counters messages summary All RSVP Interfaces Recv Xmit Recv Xmit Path 0 25 Resv 30 0 PathError 0 0 ResvError 0 1 PathTear 0 30 ResvTear 12 0 ResvConfirm 0 0 Ack 24 37 Bundle 0 Hello 0 5099 SRefresh 8974 9012 OutOfOrder 0 Retransmit 20 Rate Limited 0 Step 3 show rsvp counters events Verifies how many RSVP states have expired. Because RSVP uses a soft-state mechanism, some failures will lead to RSVP states to expire due to lack of refresh from the neighbor. Example: RP/0/RSP0/CPU0:router# show rsvp counters events mgmtEthernet0/0/0/0 tunnel6 Expired Path states 0 Expired Path states 0 Expired Resv states 0 Expired Resv states 0 NACKs received 0 NACKs received 0 POS0/3/0/0 POS0/3/0/1 Expired Path states 0 Expired Path states 0 Expired Resv states 0 Expired Resv states 0 NACKs received 0 NACKs received 0 POS0/3/0/2 POS0/3/0/3 Expired Path states 0 Expired Path Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 84 OL-26056-02 Implementing RSVP for MPLS-TE Verifying RSVP Configurationstates 0 Expired Resv states 0 Expired Resv states 1 NACKs received 0 NACKs received 1 Step 4 show rsvp interface type interface-path-id [detail] Verifies that refresh reduction is working on a particular interface. Example: RP/0/RSP0/CPU0:router# show rsvp interface pos0/3/0/3 detail INTERFACE: POS0/3/0/3 (ifh=0x4000D00). BW (bits/sec): Max=1000M. MaxFlow=1000M. Allocated=1K (0%). MaxSub=0. Signalling: No DSCP marking. No rate limiting. States in: 1. Max missed msgs: 4. Expiry timer: Running (every 30s). Refresh interval: 45s. Normal Refresh timer: Not running. Summary refresh timer: Running. Refresh reduction local: Enabled. Summary Refresh: Enabled (4096 bytes max). Reliable summary refresh: Disabled. Ack hold: 400 ms, Ack max size: 4096 bytes. Retransmit: 900ms. Neighbor information: Neighbor-IP Nbor-MsgIds States-out Refresh-Reduction Expiry(min::sec) -------------- -------------- ---------- ------------------ ---------------- 64.64.64.65 1 1 Enabled 14::45 Step 5 show rsvp graceful-restart Verifies that graceful restart is enabled locally. Example: RP/0/RSP0/CPU0:router# show rsvp graceful-restart Graceful restart: enabled Number of global neighbors: 1 Local MPLS router id: 10.51.51.51 Restart time: 60 seconds Recovery time: 0 seconds Recovery timer: Not running Hello interval: 5000 milliseconds Maximum Hello miss-count: 3 Step 6 show rsvp graceful-restart [neighbors ip-address | detail] Verifies that graceful restart is enabled on the neighbor(s). These examples show that neighbor 192.168.60.60 is not responding to hello messages. Example: RP/0/RSP0/CPU0:router# show rsvp graceful-restart neighbors 192.168.60.60 Neighbor App State Recovery Reason Since LostCnt --------------- ----- ------ -------- ------------ -------------------- -------- 192.168.60.60 MPLS INIT DONE N/A 12/06/2003 19:01:49 0 RP/0/RSP0/CPU0:router# show rsvp graceful-restart neighbors detail Neighbor: 192.168.60.60 Source: 10.51.51.51 (MPLS) Hello instance for application MPLS Hello State: INIT (for 3d23h) Number of times communications with neighbor lost: 0 Reason: N/A Recovery State: DONE Number of Interface neighbors: 1 address: 10.64.64.65 Restart time: 0 seconds Recovery time: 0 seconds Restart timer: Not running Recovery timer: Not running Hello interval: 5000 milliseconds Maximum allowed missed Hello messages: 3 Step 7 show rsvp interface Verifies the available RSVP bandwidth. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 85 Implementing RSVP for MPLS-TE Verifying RSVP ConfigurationExample: RP/0/RSP0/CPU0:router# show rsvp interface Interface MaxBW MaxFlow Allocated MaxSub ----------- -------- -------- --------------- -------- Et0/0/0/0 0 0 0 ( 0%) 0 PO0/3/0/0 1000M 1000M 0 ( 0%) 0 PO0/3/0/1 1000M 1000M 0 ( 0%) 0 PO0/3/0/2 1000M 1000M 0 ( 0%) 0 PO0/3/0/3 1000M 1000M 1K ( 0%) 0 Step 8 show rsvp neighbor Verifies the RSVP neighbors. Example: RP/0/RSP0/CPU0:router# show rsvp neighbor detail Global Neighbor: 40.40.40.40 Interface Neighbor: 1.1.1.1 Interface: POS0/0/0/0 Refresh Reduction: "Enabled" or "Disabled". Remote epoch: 0xXXXXXXXX Out of order messages: 0 Retransmitted messages: 0 Interface Neighbor: 2.2.2.2 Interface: POS0/1/0/0 Refresh Reduction: "Enabled" or "Disabled". Remote epoch: 0xXXXXXXXX Out of order messages: 0 Retransmitted messages: 0 Related Topics Overview of RSVP for MPLS-TE , on page 66 Enabling RSVP Traps With the exception of the RSVP MIB traps, no action is required to activate the MIBs. This MIB feature is automatically enabled when RSVP is turned on; however, RSVP traps must be enabled. Perform this task to enable all RSVP MIB traps, NewFlow traps, and LostFlow traps. SUMMARY STEPS 1. configure 2. snmp-server traps rsvp lost-flow 3. snmp-server traps rsvp new-flow 4. snmp-server traps rsvp all 5. Use one of these commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 86 OL-26056-02 Implementing RSVP for MPLS-TE Enabling RSVP TrapsDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 snmp-server traps rsvp lost-flow Sends RSVP notifications to enable RSVP LostFlow traps. Example: RP/0/RSP0/CPU0:router(config)# snmp-server Step 2 traps rsvp lost-flow snmp-server traps rsvp new-flow Sends RSVP notifications to enable RSVP NewFlow traps. Example: RP/0/RSP0/CPU0:router(config)# snmp-server Step 3 traps rsvp new-flow snmp-server traps rsvp all Sends RSVP notifications to enable all RSVP MIB traps. Example: RP/0/RSP0/CPU0:router(config)# snmp-server Step 4 traps rsvp all Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 87 Implementing RSVP for MPLS-TE Enabling RSVP TrapsCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics RSVP MIB, on page 70 Enable RSVP Traps: Example, on page 108 How to Implement RSVP Authentication There are three types of RSVP authentication modes—global, interface, and neighbor. These topics describe how to implement RSVP authentication for each mode: Configuring Global Configuration Mode RSVP Authentication These tasks describe how to configure RSVP authentication in global configuration mode: Enabling RSVP Authentication Using the Keychain in Global Configuration Mode Perform this task to enable RSVP authentication for cryptographic authentication by specifying the keychain in global configuration mode. You must configure a keychain before completing this task (see Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide ). Note SUMMARY STEPS 1. configure 2. rsvp authentication 3. key-source key-chain key-chain-name 4. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 88 OL-26056-02 Implementing RSVP for MPLS-TE How to Implement RSVP AuthenticationDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp authentication Enters RSVP authentication configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 authentication RP/0/RSP0/CPU0:router(config-rsvp-auth)# Specifies the source of the key information to authenticate RSVP signaling messages. key-source key-chain key-chain-name Example: RP/0/RSP0/CPU0:router(config-rsvp-auth)# Step 3 key-chain-name Name of the keychain. The maximum number of charactersis 32. key-source key-chain mpls-keys Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp-auth)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns or the router to EXEC mode. RP/0/RSP0/CPU0:router(config-rsvp-auth)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 89 Implementing RSVP for MPLS-TE Configuring Global Configuration Mode RSVP AuthenticationRelated Topics Key-source Key-chain, on page 74 RSVP Authentication Global Configuration Mode: Example, on page 108 Configuring a Lifetime for RSVP Authentication in Global Configuration Mode Perform this task to configure a lifetime value for RSVP authentication in global configuration mode. SUMMARY STEPS 1. configure 2. rsvp authentication 3. life-time seconds 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp authentication Enters RSVP authentication configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 authentication RP/0/RSP0/CPU0:router(config-rsvp-auth)# Controls how long RSVP maintains security associations with other trusted RSVP neighbors. life-time seconds Example: RP/0/RSP0/CPU0:router(config-rsvp-auth)# Step 3 seconds Length of time (in seconds) that RSVP maintains idle security associations with other trusted RSVP neighbors. Range is from 30 to 86400. The default value is 1800. life-time 2000 Step 4 Use one of the following commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 90 OL-26056-02 Implementing RSVP for MPLS-TE Configuring Global Configuration Mode RSVP AuthenticationCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-rsvp-auth)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-rsvp-auth)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Global, Interface, and Neighbor Authentication Modes, on page 72 RSVP Authentication Global Configuration Mode: Example, on page 108 Configuring the Window Size for RSVP Authentication in Global Configuration Mode Perform this task to configure the window size for RSVP authentication in global configuration mode. SUMMARY STEPS 1. configure 2. rsvp authentication 3. window-size N 4. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 91 Implementing RSVP for MPLS-TE Configuring Global Configuration Mode RSVP AuthenticationDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp authentication Enters RSVP authentication configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 authentication RP/0/RSP0/CPU0:router(config-rsvp-auth)# Specifies the maximum number of RSVP authenticated messages that can be received out-of-sequence. window-size N Example: RP/0/RSP0/CPU0:router(config-rsvp-auth)# Step 3 N Size of the window to restrict out-of-sequence messages. The range is from 1 to 64. The default value is 1, in which case all out-of-sequence messages are dropped. window-size 33 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp-auth)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns or the router to EXEC mode. RP/0/RSP0/CPU0:router(config-rsvp-auth)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 92 OL-26056-02 Implementing RSVP for MPLS-TE Configuring Global Configuration Mode RSVP AuthenticationRelated Topics Guidelines for Window-Size and Out-of-Sequence Messages, on page 75 RSVP Authentication by Using All the Modes: Example, on page 110 RSVP Authentication for an Interface: Example, on page 109 Configuring an Interface for RSVP Authentication These tasks describe how to configure an interface for RSVP authentication: Specifying the RSVP Authentication Keychain in Interface Mode Perform this task to specify RSVP authentication keychain in interface mode. You must configure a keychain first (see Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide ). SUMMARY STEPS 1. configure 2. rsvp interface type interface-path-id 3. authentication 4. key-source key-chain key-chain-name 5. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp interface type interface-path-id Enters RSVP interface configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 interface POS 0/2/1/0 RP/0/RSP0/CPU0:router(config-rsvp-if)# Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x OL-26056-02 93 Implementing RSVP for MPLS-TE Configuring an Interface for RSVP AuthenticationCommand or Action Purpose authentication Enters RSVP authentication configuration mode. Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# Step 3 authentication RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# Specifies the source of the key information to authenticate RSVP signaling messages. key-source key-chain key-chain-name Example: RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# Step 4 key-chain-name Name of the keychain. The maximum number of characters is 32. key-source key-chain mpls-keys Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and or returns the router to EXEC mode. RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Related Topics Global, Interface, and Neighbor Authentication Modes, on page 72 RSVP Authentication by Using All the Modes: Example, on page 110 Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x 94 OL-26056-02 Implementing RSVP for MPLS-TE Configuring an Interface for RSVP AuthenticationConfiguring a Lifetime for an Interface for RSVP Authentication Perform this task to configure a lifetime for the security association for an interface. SUMMARY STEPS 1. configure 2. rsvp interface type interface-path-id 3. authentication 4. life-time seconds 5. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 rsvp interface type interface-path-id Enters RSVP interface configuration mode. Example: RP/0/RSP0/CPU0:router(config)# rsvp Step 2 interface POS 0/2/1/0 RP/0/RSP0/CPU0:router(config-rsvp-if)# authentication Enters RSVP authentication configuration mode. Example: RP/0/RSP0/CPU0:router(config-rsvp-if)# Step 3 authentication RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# Controls how long RSVP maintains security associations with other trusted RSVP neighbors. life-time seconds Example: RP/0/RSP0/CPU0:router(config-rsvp-if-auth)# Step 4 seconds Length of time (in seconds) that RSVP maintainsidle security associations with other trusted RSVP neighbors. Range isfrom 30 to 86400. The default value is 1800. Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x