Cisco IOS XR XML API Guide Cisco IOS XR Software Release 4.1 April 2011 CISCO sur FNAC.COM

 

 

Cisco IOS XR XML API Guide, Cisco IOS XR Release 4.1
 
Click the links on the left to view the individual chapters in HTML format.

Voir également d'autres Guide CISCO :

Cisco-Security-Appliance-Command-Line-ASA-5500-version-7-2

Cisco-Introduction-to-the-Security-Appliance

Cisco-ASR-9000-Series-Aggregation-Configuration-Guide-Release-4-2-x

Cisco-IOS-XR-Carrier-Grade-NAT-Configuration-Guide-for-the-Cisco-CRS-Router-Release-4-2-x

Cisco-ASR-9000-Series-Aggregation-Services-Router-Interface-and-Hardware-Component-Configuration-Guide-Release-4-2-x

Cisco-ASR-9000-Series-Aggregation-Services-Router-IP-Addresses-and-Services-Configuration-Guide-Release-4-2-x

Cisco-ASR-9000-Series-Aggregation-Services-Router-L2VPN-et-services-Ethernet-Configuration-Guide-version-4-2-x

Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Cisco IOS XR XML API Guide Cisco IOS XR Software Release 4.1 April 2011 Text Part Number: OL-24657-01THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Cisco IOS XR XML API Guide © 2011 Cisco Systems, Inc. All rights reserved.1 Cisco IOS XR XML API Guide OL-24657-01 C O N T E N T S Preface ix Changes to This Document ix Obtaining Documentation and Submitting a Service Request ix C H A P T E R 1 Cisco XML API Overview 1-1 Introduction 1-1 Definition of Terms 1-1 Cisco Management XML Interface 1-2 Cisco XML API and Router System Features 1-3 Cisco XML API Tags 1-3 Basic XML Request Content 1-4 Top-Level Structure 1-4 XML Declaration Tag 1-5 Request and Response Tags 1-5 ResultSummary Tag 1-5 Maximum Request Size 1-6 Minimum Response Content 1-6 Operation Type Tags 1-8 Native Data Operation Tags 1-8 Configuration Services Operation Tags 1-9 CLI Operation Tag 1-9 GetNext Operation Tag 1-9 Alarm Operation Tags 1-10 XML Request Batching 1-10 C H A P T E R 2 Cisco XML Router Configuration and Management 2-13 Target Configuration Overview 2-13 Configuration Operations 2-14 Additional Configuration Options Using XML 2-14 Locking the Running Configuration 2-15 Browsing the Target or Running Configuration 2-15 Getting Configuration Data 2-16 Browsing the Changed Configuration 2-17 Loading the Target Configuration 2-19Contents 2 Cisco IOS XR XML API Guide OL-24657-01 Setting the Target Configuration Explicitly 2-20 Saving the Target Configuration 2-21 Committing the Target Configuration 2-22 Commit Operation 2-22 Commit Errors 2-25 Loading a Failed Configuration 2-27 Unlocking the Running Configuration 2-28 Additional Router Configuration and Management Options Using XML 2-28 Getting Commit Changes 2-29 Loading Commit Changes 2-30 Clearing a Target Session 2-32 Rolling Back Configuration Changes to a Specified Commit Identifier 2-33 Rolling Back the Trial Configuration Changes Before the Trial Time Expires 2-33 Rolling Back Configuration Changes to a Specified Number of Commits 2-34 Getting Rollback Changes 2-35 Loading Rollback Changes 2-36 Getting Configuration History 2-38 Getting Configuration Commit List 2-41 Getting Configuration Session Information 2-43 Clear Configuration Session 2-44 Replacing the Current Running Configuration 2-45 Clear Configuration Inconsistency Alarm 2-46 C H A P T E R 3 Cisco XML Operational Requests and Fault Management 3-49 Operational Get Requests 3-49 Action Requests 3-50 Cisco XML and Fault Management 3-51 Configuration Change Notification 3-51 C H A P T E R 4 Cisco XML and Native Data Operations 4-53 Native Data Operation Content 4-53 Request Type Tag and Namespaces 4-54 Object Hierarchy 4-54 Main Hierarchy Structure 4-55 Dependencies Between Configuration Items 4-58 Null Value Representations 4-58 Operation Triggering 4-58 Native Data Operation Examples 4-59 Set Configuration Data Request: Example 4-60Contents 3 Cisco IOS XR XML API Guide OL-24657-01 Get Request: Example 4-62 Get Request of Nonexistent Data: Example 4-63 Delete Request: Example 4-65 GetDataSpaceInfo Request Example 4-66 C H A P T E R 5 Cisco XML and Native Data Access Techniques 5-67 Available Set of Native Data Access Techniques 5-67 XML Request for All Configuration Data 5-68 XML Request for All Configuration Data per Component 5-68 XML Request for All Data Within a Container 5-69 XML Request for Specific Data Items 5-71 XML Request with Combined Object Class Hierarchies 5-72 XML Request Using Wildcarding (Match Attribute) 5-75 XML Request for Specific Object Instances (Repeated Naming Information) 5-79 XML Request Using Operation Scope (Content Attribute) 5-82 Limiting the Number of Table Entries Returned (Count Attribute) 5-83 Custom Filtering (Filter Element) 5-85 XML Request Using the Mode Attribute 5-86 C H A P T E R 6 Cisco XML and Encapsulated CLI Operations 6-91 XML CLI Command Tags 6-91 CLI Command Limitations 6-92 C H A P T E R 7 Cisco XML and Large Data Retrieval 7-93 Iterators 7-93 Usage Guidelines 7-93 Examples Using Iterators to Retrieve Data 7-94 Large Response Division 7-97 Terminating an Iterator 7-97 Throttling 7-98 CPU Throttle Mechanism 7-99 Memory Throttle Mechanism 7-99 Streaming 7-99 Usage Guidelines 7-99 C H A P T E R 8 Cisco XML Security 8-101 Authentication 8-101 Authorization 8-101Contents 4 Cisco IOS XR XML API Guide OL-24657-01 Retrieving Task Permissions 8-102 Task Privileges 8-102 Task Names 8-103 Authorization Failure 8-104 Management Plane Protection 8-104 Inband Traffic 8-104 Out-of-Band Traffic 8-104 VRF 8-105 Access Control List 8-105 C H A P T E R 9 Cisco XML Schema Versioning 9-107 Major and Minor Version Numbers 9-107 Run-Time Use of Version Information 9-108 Placement of Version Information 9-109 Version Lag with the AllowVersionMisMatch Attribute Set as TRUE 9-110 Version Lag with the AllowVersionMismatch Attribute Set as FALSE 9-111 Version Creep with the AllowVersionMisMatch Attribute Set as TRUE 9-112 Version Creep with the AllowVersionMisMatch Attribute Set as FALSE 9-113 Retrieving Version Information 9-113 Retrieving Schema Detail 9-115 C H A P T E R 10 Alarms 10-117 Alarm Registration 10-117 Alarm Deregistration 10-118 Alarm Notification 10-119 C H A P T E R 11 Error Reporting in Cisco XML Responses 11-121 Types of Reported Errors 11-121 Error Attributes 11-122 Transport Errors 11-122 XML Parse Errors 11-122 XML Schema Errors 11-123 Operation Processing Errors 11-125 Error Codes and Messages 11-126Contents 5 Cisco IOS XR XML API Guide OL-24657-01 C H A P T E R 12 Summary of Cisco XML API Configuration Tags 12-127 C H A P T E R 13 XML Transport and Event Notifications 13-129 TTY-Based Transports 13-129 Enabling the TTY XML Agent 13-129 Enabling a Session from a Client 13-129 Sending XML Requests and Receiving Responses 13-130 Configuring Idle Session Timeout 13-130 Ending a Session 13-130 Errors That Result in No XML Response Being Produced 13-130 Dedicated Connection Based Transports 13-131 Enabling the Dedicated XML Agent 13-131 Enabling a Session from a Client 13-131 Sending XML Requests and Receiving Responses 13-132 Configuring Idle Session Timeout 13-132 Ending a Session 13-132 Errors That Result in No XML Response Being Produced 13-132 SSL Dedicated Connection based Transports 13-132 Enabling the SSL Dedicated XML Agent 13-133 Enabling a Session from a Client 13-133 Sending XML Requests and Receiving Responses 13-133 Configuring Idle Session Timeout 13-133 Ending a Session 13-134 Errors That Result in No XML Response Being Produced 13-134 C H A P T E R 14 Cisco XML Schemas 14-135 XML Schema Retrieval 14-135 Common XML Schemas 14-136 Component XML Schemas 14-136 Schema File Organization 14-136 Schema File Upgrades 14-137 C H A P T E R 15 Network Configuration Protocol 15-139 Starting a NETCONF Session 15-139 Ending a NETCONF Agent Session 15-140 Starting an SSH NETCONF Session 15-140 Ending an SSH NETCONF Agent Session 15-141 Configuring a NETCONF agent 15-141Contents 6 Cisco IOS XR XML API Guide OL-24657-01 Limitations of NETCONF in Cisco IOS XR 15-142 Configuration Datastores 15-142 Configuration Capabilities 15-142 Transport (RFC4741 and RFC4742) 15-142 Subtree Filtering (RFC4741) 15-142 Protocol Operations (RFC4741) 15-144 Event Notifications (RFC5277) 15-145 C H A P T E R 16 Cisco IOS XR Perl Scripting Toolkit 16-147 Cisco IOS XR Perl Scripting Toolkit Concepts 16-148 Security Implications for the Cisco IOS XR Perl Scripting Toolkit 16-148 Prerequisites for Installing the Cisco IOS XR Perl Scripting Toolkit 16-148 Installing the Cisco IOS XR Perl Scripting Toolkit 16-149 Using the Cisco IOS XR Perl XML API in a Perl Script 16-150 Handling Types of Errors for the Cisco IOS XR Perl XML API 16-150 Starting a Management Session on a Router 16-150 Closing a Management Session on a Router 16-152 Sending an XML Request to the Router 16-152 Using Response Objects 16-153 Using the Error Objects 16-154 Using the Configuration Services Methods 16-154 Using the Cisco IOS XR Perl Data Object Interface 16-157 Understanding the Perl Data Object Documentation 16-158 Generating the Perl Data Object Documentation 16-158 Creating Data Objects 16-159 Specifying the Schema Version to Use When Creating a Data Object 16-161 Using the Data Operation Methods on a Data Object 16-161 get_data Method 16-161 find_data Method 16-162 get_keys Method 16-162 get_entries Method 16-163 set_data Method 16-163 delete_data Method 16-164 Using the Batching API 16-164 batch_start Method 16-164 batch_send Method 16-165 Displaying Data and Keys Returned by the Data Operation Methods 16-165 Specifying the Session to Use for the Data Operation Methods 16-166Contents 7 Cisco IOS XR XML API Guide OL-24657-01 Cisco IOS XR Perl Notification and Alarm API 16-166 Registering for Alarms 16-166 Deregistering an Existing Alarm Registration 16-167 Deregistering All Registration on a Particular Session 16-167 Receiving an Alarm on a Management Session 16-167 Using the Debug and Logging Facilities 16-168 Debug Facility Overview 16-168 Logging Facility Overview 16-169 Examples of Using the Cisco IOS XR Perl XML API 16-170 Configuration Examples 16-171 Setting the IP Address of an Interface 16-171 Configuring a Simple BGP Neighbor 16-172 Adding a List of Neighbors to a BGP Neighbor Group 16-172 Displaying the Members of Each BGP Neighbor Group 16-173 Setting Up ISIS on an Interface 16-173 Finding the Circuit Type That is Currently Configured for an Interface for ISIS 16-173 Configuring a New Instance, Area, and Interface for OSPF 16-175 Getting a List of the Usernames That are Configured on the Router 16-175 Finding the IP Address of All Interfaces That Have IP Configured 16-175 Adding an Entry to the Access Control List 16-176 Denying Access to a Set of Interfaces from a Particular IP Address 16-176 Configuring a New Static Route Entry 16-177 Operational Examples 16-177 Retrieving the Operational Information for All Interfaces on the Router 16-178 Retrieving the Link State Database for a Particular Level for ISIS 16-178 Getting a List of All Interfaces on the System 16-179 Retrieving the Combined Interface and IP Information for Each Interface 16-179 Listing the Hostname and Interface for Each ISIS Neighbor 16-180 Recreating the Output of the show ip interfaces CLI Command 16-180 Producing a Textual Output Similar to the show bgp neighbors CLI Command 16-180 Displaying Tabular XML Data in a Generic HTML Table Using XSLT 16-181 Displaying the Interface State in a Customized HTML Table 16-182 Displaying the BGP Neighbor Operational Data in a Complex HTML Format 16-182 Performing Actions Whenever Certain Events Occur 16-183 Sample BGP Configuration 17-185 GL O S S A R Y I N D E XContents 8 Cisco IOS XR XML API Guide OL-24657-01ix Cisco IOS XR XML API Guide OL-24657-01 Preface The XML application programming interface (API) is available for use on any Cisco platform running Cisco IOS XR software. This document describes the XML API provided to developers of external management applications. The XML interface provides a mechanism for router configuration and monitoring using XML formatted request and response streams. The XML schemas referenced in this guide are used by the management application developer to integrate client applications with the router programmable interface. The preface contains these sections: • Changes to This Document, page ix • Obtaining Documentation and Submitting a Service Request, page ix Changes to This Document Table 1 lists the technical changes made to this document since it was first published. Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0. Table 1 Changes to This Document Revision Date Change Summary OL-24657-01 April 2011 Initial release of this document.x Cisco IOS XR XML API Guide OL-24657-01 PrefaceC H A P T E R 1-1 Cisco IOS XR XML API Guide OL-24657-01 1 Cisco XML API Overview This chapter contains these sections: • Introduction, page 1-1 • Cisco Management XML Interface, page 1-2 • Cisco XML API and Router System Features, page 1-3 • Cisco XML API Tags, page 1-3 Introduction This Cisco IOS XR XML API Guide explains how to use the Cisco XML API to configure routers or request information about configuration, management, or operation of the routers. The goal of this guide is to help management application developers write client applications to interact with the Cisco XML infrastructure on the router, and to use the Management XML API to build custom end-user interfaces for configuration and information retrieval and display. The XML application programming interface (API) provided by the router is an interface used for development of client applications and perl scripts to manage and monitor the router. The XML interface is specified by XML schemas. The XML API provides a mechanism, which exchanges XML formatted request and response streams, for router configuration and monitoring. Client applications can be used to configure the router or to request status information from the router, by encoding a request in XML API tags and sending it to the router. The router processes the request and sends the response to the client by again encoding the response in XML API tags. This guide describes the XML requests that can be sent by external client applications to access router management data, and also details the responses to the client by the router. Customers use a variety of vendor-specific CLI scripts to manage their routers because no alternative programmatic mechanism is available. In addition, a common framework has not been available to develop CLI scripts. In response to this need, the XML API provides the necessary common framework for development, deployment, and maintenance of router management. Note The XML API code is available for use on any Cisco platform that runs Cisco IOS XR software.1-2 Cisco IOS XR XML API Guide OL-24657-01 Chapter 1 Cisco XML API Overview Cisco Management XML Interface Definition of Terms Table 1-1 defines the words, acronyms, and actions used throughout this guide. Cisco Management XML Interface These topics, which are covered in detail in the sections that follow, outline information about the Cisco Management XML interface: • High-level structure of the XML request and response streams • Operation tag types and usage, including their XML format and content • Configuring the router using: – the two–stage “target configuration” mechanism provided by the configuration manager – features such as locking, loading, browsing, modifying, saving, and committing the configuration • Accessing the operational data of the router with XML Table 1-1 Definition of Terms Term Description AAA Authentication, authorization, and accounting. CLI Command-line interface. SSH Secure Shell. SSL Secure Sockets Layer. XML Extensible markup language. XML agent Process on the router that receives XML requests by XML clients, and is responsible to carry out the actions contained in the request and to return an XML response to the client. XML client External application that sends XML requests to the router and receives XML responses to those requests. XML operation Portion of an XML request that specifies an operation that the XML client wants the XML agent to perform. XML operation provider Code that carries out a particular XML operation including parsing the operation XML, performing the operation, and assembling the operation XML response. XML request XML document sent to the router containing a number of requested operations to be carried out. XML response Response to an XML request. XML schema XML document specifying the structure and possible contents of XML elements that can be contained in an XML document.1-3 Cisco IOS XR XML API Guide OL-24657-01 Chapter 1 Cisco XML API Overview Cisco XML API and Router System Features • Working with native management data object class hierarchies to: – represent native data objects in XML – use techniques, including the use of wildcards and filters, for structuring XML requests that access the management data of interest, • Encapsulating CLI commands in XML • Error reporting to the client application • Using iterators for large scale data retrieval • Handling event notifications with XML • Enforcing authorization of client requests • Versioning of XML schemas • Generation and packaging of XML schemas • Transporting options that enable corresponding XML agents on the router • Using the Cisco IOS XR Perl Scripting Toolkit to manage a Cisco IOS XR router Cisco XML API and Router System Features Using the XML API, an external client application sends XML encoded management requests to an XML agent running on the router. The XML API readily supports available transport layers including terminal-based protocols such as Telnet, Secure Shell (SSH), dedicated-TCP connection, and Secure Sockets Layer (SSL) dedicated TCP connection. Before an XML session is established, the XML transport and XML agent must be enabled on the router. For more information, see Chapter 13, “XML Transport and Event Notifications.” A client request sent to the router must specify the different types of operations that are to be carried out. Three general types of management operations supported through XML are: • Native data access (get, set, delete, and so on) using the native management data model. • Configuration services for advanced configuration management through the Configuration Manager. • Traditional CLI access where CLI commands and command responses are encapsulated in XML. When a client request is received by an XML agent on the router, the request is routed to the appropriate XML operation provider in the internal Cisco XML API library for processing. After all the requested operations are processed, the XML agent receives the result and sends the XML encoded response stream on to the client. Cisco XML API Tags An external client application can access management data on the router through an exchange of well-structured XML-tagged request and response streams. The XML tagged request and response streams are described in these sections: • Basic XML Request Content, page 1-4 • XML Declaration Tag, page 1-5 • Operation Type Tags, page 1-81-4 Cisco IOS XR XML API Guide OL-24657-01 Chapter 1 Cisco XML API Overview Cisco XML API Tags • XML Request Batching, page 1-10 Basic XML Request Content This section describes the specific content and format of XML data exchanged between the client and the router for the purpose of router configuration and monitoring. Top-Level Structure The top level of every request sent by a client application to the router must begin with an XML declaration tag, followed by a request tag and one or more operation type tags. Similarly, every response returned by the router begins with an XML declaration tag followed by a response tag, one or more operation type tags, and a result summary tag with an error count. Each request contains operation tags for each supported operation type; these operation type tags can be repeated. The operation type tags contained in the response corresponds to those contained in the client request. Sample XML Request from Client Application . . . Operation-specific content goes here . . . Sample XML Response from Router . . . Operation-specific response data returned here . . . Note All examples in this document are formatted with line breaks and white space to aid readability. Actual XML request and response streams that are exchanged with the router do not include such line breaks and white space characters. This is because these elements would add significantly to the size of the XML data and impact the overall performance of the XML API. 1-5 Cisco IOS XR XML API Guide OL-24657-01 Chapter 1 Cisco XML API Overview Cisco XML API Tags XML Declaration Tag Each request and response exchanged between a client application and the router must begin with an XML declaration tag indicating which version of XML and (optionally) which character set is being used: Table 1-2 defines the attributes of the XML declaration that are defined by the XML specification. Request and Response Tags Following the XML declaration tag, the client application must enclose each request stream within a pair of start and end tags. Also, the system encloses each XML response within a pair of start and end tags. Major and minor version numbers are carried on the and elements to indicate the overall XML API version in use by the client application and router respectively. The XML API presents a synchronous interface to client applications. The and tags are used by the client to correlate request and response streams. A client application issues a request after which, the router returns a response. The client then issues another request, and so on. Therefore, the XML session between a client and the router consist of a series of alternating requests and response streams. The client application optionally includes a ClientID attribute within the tag. The value of the ClientID attribute must be an unsigned 32-bit integer value. If the tag contains a ClientID attribute, the router includes the same ClientID value in the corresponding tag. The ClientID value is treated as opaque data and ignored by the router. ResultSummary Tag The system adds a tag immediately before the end tag to indicate the overall result of the operation performed. This tag contains the attribute ErrorCount to indicate the total number of errors encountered. A value of 0 indicates no errors. If applicable, the ItemNotFound or ItemNotFoundBelow attributes are also included. See Table 1-3 for explanations of these attributes. Sample XML Response with ResultsSummary Tag . . Table 1-2 Attributes for XML Declaration Name Description Version Specifies the version of XML to be used. Only Version “1.0” is supported by the router. Note The version attribute is required. Encoding Specifies the standardized character set to be used. Only “UTF-8” is supported by the router. The router includes the encoding attribute in a response only if it is specified in the corresponding request. Note The encoding attribute is optional.1-6 Cisco IOS XR XML API Guide OL-24657-01 Chapter 1 Cisco XML API Overview Cisco XML API Tags Maximum Request Size The maximum size of an XML request or response is determined by the restrictions of the underlying transports. For more information on transport-specific limitations of request and response sizes, see Chapter 13, “XML Transport and Event Notifications.” Minimum Response Content If a or request has nothing to return, the router returns the original request and an appropriate empty operation type tag. The minimum response returned by the router with a single operation or and no result data, is shown in these examples: Sample XML Request from Client Application . . . Operation-specific content goes here . . . Sample XML Minimum Response from a Router If a request has nothing to return, the router returns the original request with an ItemNotFound attribute at the level. If a request has some ‘not found’ elements to return, the router returns the original request with an ItemNotFoundBelow attribute at the level. For each requested element that is not found, the router returns a NotFound attribute at the element level. For each requested element that is present, it returns the corresponding data. Table 1-3 defines the attributes when the request does not have any elements to return. Sample XML Request from Client Application (ItemNotFound) Table 1-3 Attributes for Elements Not Found Attribute Description ItemNotFound Empty response at the level. ItemNotFoundBelow Response with some requested elements that are not found at the level. NotFound Requested element is not found at the element level.1-7 Cisco IOS XR XML API Guide OL-24657-01 Chapter 1 Cisco XML API Overview Cisco XML API Tags act Loopback1 Sample XML Minimum Response from a Router (ItemNotFound) act Loopback1 Sample XML Request from Client Application (ItemNotFoundBelow) act Loopback0 Sample XML Minimum Response from a Router (ItemNotFoundBelow) 1-8 Cisco IOS XR XML API Guide OL-24657-01 Chapter 1 Cisco XML API Overview Cisco XML API Tags act Loopback0 desc-loop0 1.1.1.1 255.255.0.0 Operation Type Tags Following the tag, the client application must specify the operations to be carried out by the router. Three general types of operations are supported along with the operation for large responses. Native Data Operation Tags Native data operations provide basic access to the native management data model. Table 1-4 describes the native data operation tags. The XML schema definitions for the native data operation type tags are contained in the schema file native_data_operations.xsd. The native data operations are described further in Chapter 5, “Cisco XML and Native Data Access Techniques.” Table 1-4 Native Data Operation Tags Native Data Tag Description Gets the value of one or more configuration, operational, or action data items. Creates or modifies one or more configuration or action data items. Deletes one or more configuration data items. Gets the major and minor version numbers of one or more components. Retrieves native data branch names.1-9 Cisco IOS XR XML API Guide OL-24657-01 Chapter 1 Cisco XML API Overview Cisco XML API Tags Configuration Services Operation Tags Configuration services operations provide more advanced configuration management functions through the Configuration Manager. Table 1-5 describes the configuration services operation tags. The XML schema definitions for the configuration services operation type tags are contained in the schema file config_services_operations.xsd (see Chapter 14, “Cisco XML Schemas”). The configuration services operations are described further in Chapter 2, “Cisco XML Router Configuration and Management.” CLI Operation Tag CLI access provides support for XML encapsulated CLI commands and responses. For CLI access, a single tag is provided. The operation tag issues the request as a CLI command. The XML schema definitions for the CLI tag are contained in the schema file cli_operations.xsd (see Chapter 14, “Cisco XML Schemas”). The CLI operations are described further in Chapter 6, “Cisco XML and Encapsulated CLI Operations.” GetNext Operation Tag The tag is used to retrieve the next portion of a large response. It can be used as required to retrieve an oversize response following a request using one of the other operation types. The operation tag gets the next portion of a response. Iterators are supported for large requests. The XML schema definition for the operation type tag is contained in the schema file xml_api_protocol.xsd (see Chapter 14, “Cisco XML Schemas”). For more information about the operation, see Chapter 7, “Cisco XML and Large Data Retrieval.” Table 1-5 Configuration Services Operation Tags Tag Description Locks the running configuration. Unlocks the running configuration. Loads the target configuration from a binary file previously saved using the tag. Saves the target configuration to a binary file. Promotes the target configuration to the running configuration. Aborts or clears the current target configuration session. Rolls back the running configuration to a previous configuration state. Gets a list of configuration events. Gets a list of the user sessions currently configuring the box. Gets a list of commits that were made to the running configuration and can be rolled back. Clears a particular configuration session. Clears a configuration inconsistency alarm.1-10 Cisco IOS XR XML API Guide OL-24657-01 Chapter 1 Cisco XML API Overview Cisco XML API Tags Alarm Operation Tags The operation tag registers, unregisters, and receives alarm notifications. Table 1-6 lists the alarm operation tags. The XML schema definitions for the alarm operation tags are contained in the schema file alarm_operations.xsd (see Chapter 14, “Cisco XML Schemas”). XML Request Batching The XML interface supports the combining of several requests or operations into a single request. When multiple operations are specified in a single request, the response contains the same operation tags and in the same order as they appeared in the request. Batched requests are performed as a “best effort.” For example, in a case where operations 1 through 3 are in the request, even if operation 2 fails, operation 3 is attempted. If you want to perform two or more operations, and if the first one might return a large amount of data that is potentially larger than the size of one iterator chunk, you must place the subsequent operations within a separate XML request. If the operations are placed in the same request within the same tags, for example, potentially sharing part of the hierarchies with the first request, an error attribute that informs you that the operations cannot be serviced is returned on the relevant tags. For more information, see Chapter 5, “Cisco XML and Native Data Access Techniques.” This example shows a simple request containing six different operations: Sample XML Client Batched Requests . . . Get operation content goes here . . . . . . Set operation content goes here . . Table 1-6 List of Alarm Operation Tags Tag Description Registers to receive alarm notifications. Cancels a previous alarm notification registration.1-11 Cisco IOS XR XML API Guide OL-24657-01 Chapter 1 Cisco XML API Overview Cisco XML API Tags . . . . Get operation content goes here . . . Sample XML Response from the Router . . . . . . . . . Get response content returned here . . . . . . . . . . . . . . . . . . Get response content returned here . . . .1-12 Cisco IOS XR XML API Guide OL-24657-01 Chapter 1 Cisco XML API Overview Cisco XML API Tags . . . . . C H A P T E R 2-13 Cisco IOS XR XML API Guide OL-24657-01 2 Cisco XML Router Configuration and Management This chapter reviews the basic XML requests and responses used to configure and manage the router. The use of XML to configure the router is essentially an abstraction of a configuration editor in which client applications can load, browse, and modify configuration data without affecting the current running (that is, active) configuration on the router. This configuration that is being modified is called the "target configuration” and is not the running configuration on the router. The router’s running configuration can never be modified directly. All changes to the running configuration must go through the target configuration. Note Each client application session has its own target configuration, which is not visible to other client sessions. This chapter contains these sections: • Target Configuration Overview, page 2-13 • Configuration Operations, page 2-14 • Additional Router Configuration and Management Options Using XML, page 2-27 Target Configuration Overview The target configuration is effectively the current running configuration overlaid with the client-entered configuration. In other words, the target configuration is the client-intended configuration if the client were to commit changes. In terms of implementation, the target configuration is an operating system buffer that contains just the changes (set and delete) that are performed within the configuration session. A “client session” is synonymous with dedicated TCP, Telnet, Secure Shell (SSH) connection, or SSL dedicated connection and authentication, authorization, and accounting (AAA) login. The target configuration is created implicitly at the beginning of a client application session and must be promoted (that is, committed) to the running configuration explicitly by the client application in order to replace or become the running configuration. If the client session breaks, the current target configuration is aborted and any outstanding locks are released.2-14 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Configuration Operations Note Only the syntax of the target configuration is checked and verified to be compatible with the installed software image on the router. The semantics of the target configuration is checked only when the target configuration is promoted to the running configuration. Configuration Operations Note Only the tasks in the “Committing the Target Configuration” section are required to change the configuration on the router (that is, modifying and committing the target configuration). Use these configuration options from the client application to configure or modify the router with XML: • Locking the Running Configuration, page 2-14 • Browsing the Target or Running Configuration, page 2-15 – Getting Configuration Data, page 2-15 • Browsing the Changed Configuration, page 2-16 • Loading the Target Configuration, page 2-19 • Setting the Target Configuration Explicitly, page 2-20 • Saving the Target Configuration, page 2-21 • Committing the Target Configuration, page 2-22 – Loading a Failed Configuration, page 2-26 • Unlocking the Running Configuration, page 2-27 Locking the Running Configuration The client application uses the operation to obtain an exclusive lock on the running configuration in order to prevent modification by other users or applications. If the lock operation is successful, the response contains only the tag. If the lock operation fails, the response also contains ErrorCode and ErrorMsg attributes that indicates the cause of the lock failure. This example shows a request to lock the running configuration. This request corresponds to the command-line interface (CLI) command configure exclusive. Sample XML Request from the Client Application Sample XML Response from the Router 2-15 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Configuration Operations These conditions apply when the running configuration is locked: • The scope of the lock is the entire configuration “namespace.” • Only one client application can hold the lock on the running configuration at a time. If a client application attempts to lock the configuration while another application holds the lock, an error is returned. • If a client application has locked the running configuration, all other client applications can only read the running configuration, but cannot modify it (that is, they cannot commit changes to it). • No mechanism is provided to allow a client application to break the lock of another user. • If a client session is terminated, any outstanding locks are automatically released. • The XML API does not support timeouts for locks. • The operation is used to identify the user session holding the lock. Browsing the Target or Running Configuration The client application browses the target or current running configuration using the operation along with the request type tags. The client application optionally uses CLI commands encoded within XML tags to browse the configuration. The tag supports the optional Source attribute, which is used to specify the source of the configuration information returned from a operation. Getting Configuration Data Table 2-1 describes the Source options. Table 2-1 Source Options Option Description ChangedConfig Reads only from the changes made to the target configuration for the current session. This option effectively gets the configuration changes made from the current session since the last configuration commit. This option corresponds to the CLI command show configuration. CurrentConfig Reads from the current active running configuration. This option corresponds to the CLI command show configuration running. MergedConfig Reads from the target configuration for this session. This option should provide a view of the resultant running configuration if the current target configuration is committed without errors. For example, in the case of the “best effort” commit, some portions of the commit could fail, while others could succeed. MergedConfig is the default when the Source attribute is not specified on the operation. This option corresponds to the CLI command show configuration merge.2-16 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Configuration Operations If the operation fails, the response contains one or more ErrorCode and ErrorMsg attributes indicating the cause of the failure. This example shows a request used to browse the current Border Gateway Protocol (BGP) configuration: Sample XML Client Request to Browse the Current BGP Configuration Sample XML Response from the Router .. . . response data goes here . . . Browsing the Changed Configuration When a client application issues a request with a Source type of ChangedConfig, the response contains the OperationType attribute to indicate whether the returned changes to the target configuration were a result of or operations. Use to browse uncommitted target configuration changes. CommitChanges Reads from the commit database for the specified commit ID. This operation corresponds to the CLI command show configuration commit changes. RollbackChanges Reads from a set of rollback changes. This operation corresponds to the CLI command show configuration rollback-changes. Table 2-1 Source Options (continued) Option Description2-17 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Configuration Operations This example shows and operations that modify the BGP configuration followed by a request to browse the uncommitted BGP configuration changes. These requests correspond to these CLI commands: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# router bgp 3 RP/0/RP0/CPU0:router(config-bgp)# default-metric 10 RP/0/RP0/CPU0:router(config-bgp)# no neighbor 10.0.101.8 RP/0/RP0/CPU0:router(config-bgp)# exit RP/0/RP0/CPU0:router# show configuration Sample XML to Modify the BGP Configuration 0 3 10 0 3 10.0.101.8 2-18 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Configuration Operations Sample XML Response from the Router Sample XML Client Request to Browse Uncommitted Target Configuration Changes Sample Secondary XML Response from the Router 0 3 true 10 0 3 2-19 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Configuration Operations 10.0.101.8 Loading the Target Configuration The client application uses the operation along with the tag to populate the target configuration with the contents of a binary configuration file previously saved on the router using the operation. Note At the current time, a configuration file saved using CLI is not loadable with XML . The configuration should have been saved using the XML operation. Using the operation is strictly optional. It can be used alone or with the and operations, as described in the section “Setting the Target Configuration Explicitly” section on page 2-20. Use the tag to name the file from which the configuration is to be loaded. When you use the tag to name the file from which the configuration is to be loaded, specify the complete path of the file to be loaded. If the load operation is successful, the response contains both the and tags. If the load operation fails, the response contains the ErrorCode and ErrorMsg attributes that indicate the cause of the load failure. This example shows a request to load the target configuration from the contents of the file my_bgp.cfg: Sample XML Client Request to Load the Target Configuration from a Named File disk0:/my_bgp.cfg Sample XML Response from the Router disk0:/my_bgp.cfg2-20 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Configuration Operations See also the “Setting the Target Configuration Explicitly” section on page 20. Setting the Target Configuration Explicitly The client application modifies the target configuration as required using the and operations. Note There are no separate “Create” and “Modify” operations, because a operation for an item can result in the creation of the item if it does not already exist in the configuration, and can result in the modification of the item if it does already exist. The client application can optionally use CLI commands encoded within XML tags to modify the target configuration. If the operation to modify the target configuration is successful, the response contains only the or tag. If the operation fails, the response includes the element or object hierarchy passed in the request along with one or more ErrorCode and ErrorMsg attributes indicating the cause of the failure. A syntax check is performed whenever the client application writes to the target configuration. A successful write to the target configuration, however, does not guarantee that the configuration change can succeed when a subsequent commit of the target configuration is attempted. For example, errors resulting from failed verifications may be returned from the commit. This example shows how to use a request to set the default metric and routing timers and disable neighbor change logging for a particular BGP autonomous system. This request corresponds to these CLI commands: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# router bgp 3 RP/0/RP0/CPU0:router(config-bgp)# default-metric 10 RP/0/RP0/CPU0:router(config-bgp)# timers bgp 60 180 RP/0/RP0/CPU0:router(config-bgp)# exit Sample XML Client Request to Set Timers and Disable Neighbor Change Logging for a BGP Configuration 3 3 10 60 1802-21 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Configuration Operations Sample XML Response from the Router To replace a portion of the configuration, the client application should use a operation to remove the unwanted portion of the configuration followed by a operation to add the new configuration. An explicit “replace” option is not supported. For more information on replacing the configuration, see the “Replacing the Current Running Configuration” section on page 2-44. Saving the Target Configuration The client application uses the operation along with the tag to save the contents of the target configuration to a binary file on the router. Use the tag to name the file to which the configuration is to be saved. You must specify the complete path of the file to be saved when you use the tag. If the file already exists on the router, then an error is returned, unless the optional Boolean attribute Overwrite is included on the tag with a value of “true”. Note No mechanism is provided by the XML interface for “browsing” through the file directory structure. If the save operation is successful, the response contains both the and tags. If the save operation fails, the response also contains the ErrorCode and ErrorMsg attributes that indicate the cause of the failure. This example shows a request to save the contents of the target configuration to the file named my_bgp.cfg on the router: Sample XML Client Request to Save the Target Configuration to a File disk0:/my_bgp.cfg Sample XML Response from the Router 2-22 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Configuration Operations disk0:/my_bgp.cfg Committing the Target Configuration In order for the configuration in the target area to become part of the running configuration, the target configuration must be explicitly committed by the client application using the operation. Commit Operation Table 2-2 describes the six optional attributes that are specified with the operation. Table 2-2 Commit Operation Attributes Attribute Description Mode Use the Mode attribute to specify whether the target configuration should be committed on an Atomic or a BestEffort basis. In the case of a commit with the Atomic option, the entire configuration in the target area is committed only if the application of all of the configuration in the target area to the running configuration succeeds. If any errors occur, the commit operation is rolled back and the errors are returned to the client application. In the case of commit with the BestEffort option, the configuration is committed even if some configuration items fail during the commit operation. In this case too, the errors are returned to the client application. By default, the commit operation is performed on an Atomic basis. KeepFailedConfig Use this Boolean attribute to specify whether any configuration that fails during the commit operation should remain in the target configuration buffer. The default value for KeepFailedConfig is false. That is, by default the target configuration buffer is cleared after each commit. If a commit operation is performed with a KeepFailedConfig value of false, the user can then use the operation to load the failed configuration back into the target configuration buffer. The use of the KeepFailedConfig attribute makes sense only for the BestEffort commit mode. In the case of an Atomic commit, if something fails, the entire target configuration is kept intact (because nothing is committed). Label Use the Label attribute instead of the commit identifier wherever a commit identifier is expected, such as in the operation. The Label attribute is a unique user-specified label that is associated with the commit in the commit database. If specified, the label must begin with an alphabetic character and cannot match any existing label in the commit database. Comment Use the Comment attribute as a user-specified comment to be associated with the commit in the router commit database.2-23 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Configuration Operations If the commit operation is successful, the response contains only the tag, along with a unique CommitID and any other attributes specified in the request. If the commit operation fails, the failed configuration is returned in the response. This example shows a request to commit the target configuration using the Atomic option. The request corresponds to the commit label BGPUpdate1 comment BGP config update CLI command. Sample XML Client Request to Commit the Target Configuration Using the Atomic Option Sample XML Response from the Router This example shows a request to commit for a 50-second period. The request corresponds to the commit confirmed 50 CLI command. Confirmed Use the Confirmed attribute as a commit request, which sends the target configuration to a trial commit. The confirmed request has a value of 30 to 300 seconds. If the user sends a commit request without the Confirmed attribute within the specified period, the changes are committed; otherwise, the changes are rolled back after the specified period is over. If the user sends a commit request again with the Confirmed attribute, the target configuration is sent to the trial commit. Replace Use this boolean attribute to specify whether the commit operation should replace the entire configuration running on the router with the contents of the target configuration buffer. The default value for Replace is false. The Replace attribute should be used with caution. Caution The new configuration must contain the necessary configuration to maintain the XML session, for example, “xml agent” or “xml agent tty” along with the configuration for the management interface. Otherwise, the XML session is terminated. IgnoreOtherSessions Use this boolean attribute to specify whether the commit operation should be allowed to go through without an error when one or more commits have occurred from other configuration sessions since the current session started or since the last commit was made from this session. The default value for IgnoreOtherSessions is false. Table 2-2 Commit Operation Attributes (continued) Attribute Description2-24 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Configuration Operations Sample XML Client Request to Commit for a 50-second Period Sample XML Response from the Router These points should be noted with regard to committing the target configuration: • After each successful commit operation, a commit record is created in the router commit database. The router maintains up to 100 entries in the commit database corresponding to the last 100 commits. Each commit is assigned a unique identifier, such as “1000000075,” which is saved with the commit information in the database. The commit identifier is used in subsequent operations such as commit changes or to a previous commit (using the tag). • Configuration changes in the target configuration are merged with the running configuration when committed. If a client application is to perform a replace of the configuration, the client must first remove the unwanted configuration using a operation and then add the new configuration using a operation. An explicit replace option is not supported. For more information on replacing the configuration, see the “Replacing the Current Running Configuration” section on page 2-44. • Applying the configuration for a trial period (“try-and-apply”) is not supported for this release. • If the client application never commits, the target configuration is automatically destroyed when the client session is terminated. No other timeouts are supported. • To confirm the commit with the Confirmed attribute, the user has to send an explicit without the Confirmed attribute or send a without the “Confirmed” attribute along with any other configurations. Commit Errors If any configuration entered into the target configuration fails to makes its way to the running configuration as the result of a operation (for example, the configuration contains a semantic error and is therefore rejected by a back-end application’s verifier function), all of the failed configuration is returned in the response along with the appropriate ErrorCode and ErrrorMsg attributes indicating the cause of each failure. The OperationType attribute is used to indicate whether the failure was a result of a requested or operation. In the case of a operation failure, the value to be set is included in the commit response. This example shows and operations to modify the BGP configuration followed by a request resulting in failures for both requested operations. This request corresponds to these CLI commands: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# router bgp 4 RP/0/RP0/CPU0:router(config-bgp)# default-metric 10 RP/0/RP0/CPU0:router(config-bgp)# exit RP/0/RP0/CPU0:router(config)# commit best-effort2-25 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Configuration Operations Sample XML Client Request to Modify the Target Configuration 0 4 10 Sample XML Response from the Router Sample Request to Commit the Target Configuration Sample XML Response from the Router Showing Failures for Both Requested Operations 4 4 2-26 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Configuration Operations 10 For more information, see the “Loading a Failed Configuration” section on page 2-26. Loading a Failed Configuration The client application uses the operation along with the tag to populate the target configuration with the failed configuration from the most recent operation. Loading the failed configuration in this way is equivalent to specifying a “true” value for the KeepFailedConfig attribute in the operation. If the load operation is successful, the response contains both the and tags. If the load fails, the response can also contain the ErrorCode and ErrorMsg attributes that indicate the cause of the load failure. This example shows a request to load and display the failed configuration from the last operation. This request corresponds to the show configuration failed CLI command. Sample XML Client Request to Load the Failed Configuration from the Last Operation Sample XML Response from the Router 0 4 true 2-27 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML 10 Unlocking the Running Configuration The client application must use the operation to release the exclusive lock on the running configuration for the current session prior to terminating the session. If the unlock operation is successful, the response contains only the tag. If the unlock operation fails, the response can also contain the ErrorCode and ErrorMsg attributes that indicate the cause of the unlock failure. This example shows a request to unlock the running configuration. This request corresponds to the exit CLI command when it is used after the configuration mode is entered through the configure exclusive CLI command. Sample XML Client Request to Unlock the Running Configuration Sample XML Response from the Router Additional Router Configuration and Management Options Using XML These sections describe the optional configuration and router management tasks available to the client application: • Getting Commit Changes, page 2-28 • Loading Commit Changes, page 2-29 • Clearing a Target Session, page 2-31 • Rolling Back Configuration Changes to a Specified Commit Identifier, page 2-32 • Rolling Back the Trial Configuration Changes Before the Trial Time Expires, page 2-32 • Rolling Back Configuration Changes to a Specified Number of Commits, page 2-332-28 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML • Getting Rollback Changes, page 2-34 • Loading Rollback Changes, page 2-35 • Getting Configuration History, page 2-37 • Getting Configuration Commit List, page 2-40 • Getting Configuration Session Information, page 2-42 • Clear Configuration Session, page 2-43 • Replacing the Current Running Configuration, page 2-44 • Clear Configuration Inconsistency Alarm, page 2-45 Getting Commit Changes When a client application successfully commits the target configuration to the running configuration, the configuration manager writes a single configuration change event to the system message logging (syslog). As a result, an event notification is written to the Alarm Channel and subsequently forwarded to any registered configuration agents. Table 2-3 describes the event notification. This example shows a configuration change notification: RP/0/1/CPU0:Jul 25 18:23:21.810 : config[65725]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed by user 'lab'. Use 'show configuration commit changes 1000000001' to view the changes Upon receiving the configuration change notification, a client application can then use the operation to load and browse the changed configuration. The client application can read a set of commit changes using the operation along with the request type tag when it includes the Source attribute option CommitChanges. One of the additional attributes, either ForCommitID or SinceCommitID, must also be used to specify the commit identifier or commit label for which the commit changes should be retrieved. This example shows the use of the ForCommitID attribute to show the commit changes for a specific commit. This request corresponds to the show configuration commit changes 1000000075 CLI command. Sample XML Request to Show Specified Commit Changes Using the ForCommitID Attribute Table 2-3 Event Notification Notification Description userid Name of the user who performed the commit operation. timestamp Date and time of the commit. commit Unique ID associated with the commit.2-29 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML Sample XML Response from the Router . . changed config returned here . . . This example shows the use of the SinceCommitID attribute to show the commit changes made since a specific commit. This request corresponds to the show configuration commit changes since 1000000072 CLI command. Sample XML Request to Show Specified Commit Changes Using the SinceCommitID Attribute Sample XML Response from the Router OperationType=”....> . . changed config returned here . . . Loading Commit Changes The client application can load a set of commit changes into the target configuration buffer using the Load operation and CommitChanges tag along with one of the additional tags ForCommitID, SinceCommitID, or Previous. After the completion of the Load operation, the client application can then modify and commit the commit changes like any other configuration. If the load succeeds, the response contains both the Load and CommitChanges tags. If the load fails, the response also contains the ErrorCode and ErrorMsg attributes indicating the cause of the load failure.2-30 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML This example shows the use of the Load operation and CommitChanges tag along with the ForCommitID tag to load the commit changes for a specific commit into the target configuration buffer. This request corresponds to the load commit changes 1000000072 CLI command. Sample XML Request to Load Commit Changes with the ForCommitID tag 1000000072 Sample XML Response from the Router 1000000072 This example shows the use of the Load operation and CommitChanges tag along with the SinceCommitID tag to load the commit changes since (and including) a specific commit into the target configuration buffer. This request corresponds to the load commit changes since 1000000072 CLI command. Sample XML Request to Load Commit Changes with the SinceCommitID tag 1000000072 Sample XML Response from the Router 1000000072 2-31 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML This example shows the use of the Load operation and CommitChanges tag along with the Previous tag to load the commit changes for the most recent four commits into the target configuration buffer. This request corresponds to the load commit changes last 4 CLI command. Sample XML Request to Load Commit Changes with the Previous tag 4 Sample XML Response from the Router 4 Clearing a Target Session Prior to committing the target configuration to the active running configuration, the client application can use the operation to clear the target configuration session. This operation has the effect of clearing the contents of the target configuration, thus removing any changes made to the target configuration since the last commit. The clear operation does not end the target configuration session, but results in the discarding of any uncommitted changes from the target configuration. If the clear operation is successful, the response contains just the tag. If the clear operation fails, the response can also contain the ErrorCode and ErrorMsg attributes that indicate the cause of the clear failure. This example shows a request to clear the current target configuration session. This request corresponds to the clear CLI command. Sample XML Request to Clear the Current Target Configuration Session Sample XML Response from a Router 2-32 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML Rolling Back Configuration Changes to a Specified Commit Identifier The client application uses the operation with the tag to roll back the configuration changes made since (and including) the commit by specifying a commit identifier or commit label. If the roll back operation is successful, the response contains both the and tags. If the roll back operation fails, the response can also contain the ErrorCode and ErrorMsg attributes that indicate the cause of the roll back failure. Table 2-4 describes the optional attributes that are specified with the operation by the client application when rolling back to a commit identifier. This example shows a request to roll back the configuration changes to a specified commit identifier. This request corresponds to the rollback configuration to 1000000072 CLI command. Sample XML Request to Roll Back the Configuration Changes to a Specified Commit Identifier 1000000072 Sample XML Response from the Router 1000000072 Note The commit identifier can also be obtained by using the operation described in the section “Getting Configuration History” section on page 2-37. Rolling Back the Trial Configuration Changes Before the Trial Time Expires When the user sends a commit request with the Confirmed attribute, a trial configuration session is created. If the user then sends a confirmed commit, the trial configuration changes are committed. If the user wants to roll back the trial configuration changes before the trial time expires, the user can use the operation. Table 2-4 Optional Attributes for Rollback Operation (Commit Identifier) Attribute Description Label Unique user-specified label to be associated with the rollback in the router commit database. If specified, the label must begin with an alphabetic character and cannot match any existing label in the router commit database. Comment User-specified comment to be associated with the rollback in the router commit database.2-33 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML Note No optional attributes can be used when is specified. This example shows a request to roll back the trial configuration changes: Sample XML Request to Roll Back the Trial Configuration Before the Trial Time Expires Sample XML Response from the Router Rolling Back Configuration Changes to a Specified Number of Commits The client application uses the operation with the tag to roll back the configuration changes made during the most recent [x] commits, where [x] is a number ranging from 0 to the number of saved commits in the commit database. If the value is specified as “0”, nothing is rolled back. The target configuration must be unlocked at the time the operation is requested. If the roll back operation is successful, the response contains both the and tags. If the roll back operation fails, the response can also contain the ErrorCode and ErrorMsg attributes that indicate the cause of the rollback failure. Table 2-5 describes the optional attributes that are specified with the operation by the client application when rolling back a specified number of commits. This example shows a request to roll back the configuration changes made during the previous three commits. This request corresponds to the rollback configuration last 3 CLI command. Table 2-5 Optional Attributes for Rollback Operation (Number of Commits) Attribute Description Label Unique user-specified label to be associated with the rollback in the router commit database. If specified, the label must begin with an alphabetic character and cannot match any existing label in the router commit database. Comment User-specified comment to be associated with the rollback in the router commit database.2-34 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML Sample XML Request to Roll Back Configuration Changes to a Specified Number of Commits 3 Sample XML Response from the Router 3 Getting Rollback Changes The client application can read a set of rollback changes using the operation along with the request type tag when it includes both the Source attribute option RollbackChanges and one of the additional attributes ToCommitID or PreviousCommits. The set of roll back changes are the changes that are applied when the operation is performed using the same parameters. It is recommended that the client application read or verify the set of roll back changes before performing the roll back. This example shows the use of the ToCommitID attribute to get the rollback changes for rolling back to a specific commit. This request corresponds to the show configuration rollback-changes to 1000000072 CLI command. Sample XML Client Request to Get Rollback Changes Using the ToCommitID Attribute Sample XML Response from the Router OperationType=”....> . . rollback changes returned here . . . 2-35 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML This example shows the use of the PreviousCommits attribute to get the roll back changes for rolling back a specified number of commits. This request corresponds to the show configuration rollback-changes last 4 CLI command. Sample XML Client Request to Get Roll Back Changes Using the PreviousCommits Attribute Sample XML Response from the Router OperationType=”....> . . rollback changes returned here . . . < ResultSummary ErrorCount="0"/> Loading Rollback Changes The client application can load a set of rollback changes into the target configuration buffer using the Load operation and RollbackChanges tag along with one of the additional tags ForCommitID, ToCommidID, or Previous. After the completion of the Load operation, the client application can then modify and commit the rollback changes like with any other configuration. If the load succeeds, the response contains both the Load and RollbackChanges tags. If the load fails, the response also contains the ErrorCode and ErrorMsg attributes indicating the cause of the load failure. This example shows the use of the Load operation and RollbackChanges tag along with the ForCommitID tag to load the rollback changes for a specific commit into the target configuration buffer. This request corresponds to the load rollback changes 1000000072 CLI command. Sample XML Client to Load Rollback Changes with the ForCommitID tag 1000000072 2-36 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML Sample XML Response from the Router 1000000072 This example shows the use of the Load operation and RollbackChanges tag along with the ToCommitID tag to load the rollback changes up to (and including) a specific commit into the target configuration buffer. This request corresponds to the load rollback changes to 1000000072 CLI command. Sample XML Client to Load Rollback Changes with the ToCommitID tag 1000000072 Sample XML Response from the Router 1000000072 This example shows the use of the Load operation and RollbackChanges tag along with the Previous tag to load the rollback changes for the most recent four commits into the target configuration buffer. This request corresponds to the load rollback changes last 4 CLI command. Sample XML Client to Load Rollback Changes with the Previous tag 4 2-37 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML Sample XML Response from the Router 4 Getting Configuration History The client application uses the operation to get information regarding these configuration events: • Commit • Online insertion and removal (OIR) events, also known as remove and replace • Router shutdown synchronization • cfs check rebuild of persistent configuration from running configuration • Startup application of admin and SDR configuration, noting alternate configuration fallback specification • Configuration inconsistency including failed configuration or other similar reasons Table 2-6 describes the optional attributes available with the operation. The operation corresponds to the show configuration history CLI command. This example shows a request to list the information associated with the previous three commits. This request corresponds to the show configuration commit history first 6 detail CLI command. Table 2-6 Optional Attributes to Get Configuration History Attribute Description Maximum Maximum number of entries to be returned from the commit history file. The range of entries that can be returned are from 0 to 1500. If the Maximum attribute is not included in the request, or if the value of the Maximum attribute is greater than the actual number of entries in the commit history file, all entries in the commit history files are returned. The commit entries are returned with the most recent commit history information appearing first in the list. EventType Type of event records to be displayed from the configuration history file. If this attribute is not included in the request, all types of event records are returned. The EventType attribute expects one of these values: All, Alarm, CFS-Check, Commit, OIR, Shutdown, or Startup. Reverse Reverse attribute has a value of true. If it is specified, the most recent records are displayed first; otherwise, the oldest records are displayed first. Details Used to display detailed information. The Detail attribute has a value of either true or false and the default is false.2-38 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML Sample XML Request to List Configuration History Information for the Previous Three Commits Sample XML Response from the Router CFS-Check 1300262221 lab vty2 Commit 1300262224 1000000627 lab vty2 CLI Commit 1300262231 2-39 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML 1000000628 lab vty0 CLI Commit 1300262239 1000000629 lab vty0 CLI Commit 1300262246 1000000630 lab vty0 CLI 2-40 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML Commit 1300262255 1000000631 lab vty0 CLI Getting Configuration Commit List The client application can use the operation to get information regarding the most recent commits to the running configuration. Table 2-7 describes the information that is returned for each configuration commit session. Table 2-7 Returned Session Information Name Description Unique ID associated with the commit. <2-42 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML Getting Configuration Session Information The client application uses the operation to get the list of all users configuring the router. In the case where the configuration is locked, the list identifies the user holding the lock. Table 2-8 describes the information that is returned for each configuration session. The Detail attribute can be specified with . This attribute specifies whether the detailed information is required. False is the default value. Table 2-9 describes the additional information that is returned when the Detail attribute is used. This example shows a request to get the list of users currently configuring the router. This request corresponds to the show configuration sessions detail CLI command. Sample XML Request to Get List of Users Configuring the Router Sample XML Response from the Router 00000000-0005f109-00000000 Table 2-8 Returned Session Information Returned Session Information Session Information Description Unique autogenerated ID for the configuration session. Name of the user who created the configuration session. Line used to connect to the router. User-friendly name of the client application that created the configuration session. Date and time of the creation of the configuration session. Boolean operation indicating whether the session has an exclusive lock on the running configuration. Table 2-9 Returned Session Information with the Detail Attribute Returned Session Information Session Information Description Process name Process ID Node ID Session time elapsed, in seconds.2-43 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML lab con0_0_CPU0 1303317929 false false CLI 389385 config 0 0 CPU0 2183 Clear Configuration Session The client application can use the operation to clear a particular configuration session. The SessionID attribute specifies the session to be cleared. This example shows a request to clear a configuration session. This request corresponds to the clear configuration sessions 00000000-000a00c9-00000000 CLI command.2-44 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML Sample XML Request to Get List of Users Configuring the Router Sample XML Response from the Router Replacing the Current Running Configuration A client application replaces the current running configuration on the router with a users configuration file. Performg these operations in sequence: 1. Lock the configuration. 2. Load the desired off-the-box configuration into the target configuration using one or more operations (assuming that the entire desired configuration is available in XML format, perhaps from a previous of the entire configuration). As an alternative, use an appropriate copy command enclosed within tags. 3. Commit the target configuration specifying the Replace attribute with a value of true. These examples illustrate these steps: Sample XML Request to Lock the Current Running Configuration Sample XML Response from the Router 2-45 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML Sample XML Request to Set the Current Running Configuration . . . configuration data goes here . . . Sample XML Response from the Router Sample XML Request to Commit the Target Configuration Sample XML Response from the Router Clear Configuration Inconsistency Alarm The client application uses the operation to clear a bi-state configuration inconsistency alarm. If the clear operation is successful, the response contains only the tag. If the clear operation fails, the response also contains the ErrorCode and ErrorMsg attributes, indicating the cause of the clear failure. This example shows a request to clear the configuration inconsistency alarm in user mode. This request corresponds to the clear configuration inconsistency CLI command. Sample XML Request to Clear the Configuration Inconsistency Alarm 2-46 Cisco IOS XR XML API Guide OL-24657-01 Chapter 2 Cisco XML Router Configuration and Management Additional Router Configuration and Management Options Using XML Sample XML Response from the Router C H A P T E R 3-49 Cisco IOS XR XML API Guide OL-24657-01 3 Cisco XML Operational Requests and Fault Management A client application can send an XML request to get router operational information using either a native data request along with the tag, or the equivalent CLI command. Although the CLI is more familiar to users, the advantage of using the request is that the response data is encoded in XML format instead of being only uninterpreted text enclosed within tags. This chapter contains these sections: • Operational Get Requests, page 3-49 • Action Requests, page 3-50 Operational Get Requests The content and format of operational requests are described in additional detail in Chapter 4, “Cisco XML and Native Data Operations.” This example shows a request to retrieve the global Border Gateway Protocol (BGP) process information. This request returns BGP process information similar to that displayed by the show ip bgp process detail CLI command. Sample XML Client Request to Get BGP Information Sample XML Response from the Router 3-50 Cisco IOS XR XML API Guide OL-24657-01 Chapter 3 Cisco XML Operational Requests and Fault Management Action Requests 0 0 .... more response content here ... Action Requests A client application can send a request along with the tag to trigger unique actions on the router. For example, an object may be set with an action request to inform the router to clear a particular counter or reset some functionality. Most often this operation involves setting the value of a Boolean object to “true”. This example shows an action request to clear the BGP performance statistics information. This request is equivalent to the clear bgp performance-statistics CLI command. Sample XML Request to Clear BGP Performance Statistics Information true 3-51 Cisco IOS XR XML API Guide OL-24657-01 Chapter 3 Cisco XML Operational Requests and Fault Management Action Requests Sample XML Response from the Router In addition, this example shows an action request to clear the peer drop information for all BGP neighbors. This request is equivalent to the clear bgp peer-drops * CLI command. Sample XML Request to Clear Peer Drop Information for All BGP Neighbors true Sample XML Response from the Router Cisco XML and Fault Management When a client application successfully commits the target configuration to the router’s running configuration, the configuration manager writes a single configuration change event to system message logging (syslog). As a result, a fault management event notification is written to the Alarm Channel and subsequently forwarded to any registered configuration agents. Configuration Change Notification Table 3-1 provides event notification for configuration changes information. Table 3-1 Event Notifications for Configuration Changes Event Notification Description userid Name of the user who performed the commit operation.3-52 Cisco IOS XR XML API Guide OL-24657-01 Chapter 3 Cisco XML Operational Requests and Fault Management Action Requests This example shows a configuration change notification: RP/0/RP0/CPU0:Sep 18 09:43:42.747 : %CLIENTLIBCFGMGR-6-CONFIG_CHANGE : A configuration commit by user root occurred at ’Wed Sep 18 09:43:42 2004 ’. The configuration changes are saved on the router in file: 010208180943.0 Upon receiving the configuration change notification, a client application can then use the and operations to load and browse the changed configuration. timestamp Date and time of the commit. commit Unique ID associated with the commit. Table 3-1 Event Notifications for Configuration Changes (continued) Event Notification DescriptionC H A P T E R 4-53 Cisco IOS XR XML API Guide OL-24657-01 4 Cisco XML and Native Data Operations Native data operations , , and provide basic access to configuration and operational data residing on the router. This chapter describes the content of native data operations and provides an example of each operation type. Native Data Operation Content The content of native data operations includes the request type and relevant object class hierarchy as described in these sections: • Request Type Tag and Namespaces, page 4-54 • Object Hierarchy, page 4-54 • Dependencies Between Configuration Items, page 4-58 • Null Value Representations, page 4-58 • Operation Triggering, page 4-58 • Native Data Operation Examples, page 4-59 This example shows a native data operation request: Sample XML Client Native Data Operation Request . . . object hierarchy goes here . . . 4-54 Cisco IOS XR XML API Guide OL-24657-01 Chapter 4 Cisco XML and Native Data Operations Native Data Operation Content Sample XML Response from the Router . . . response content returned here . . . Request Type Tag and Namespaces The request type tag must follow the operation type tag within a native data operation request. Table 4-1 describes the type of request that must be specified as applying to one of the namespaces. Object Hierarchy A hierarchy of elements is included to specify the items to get, set, or delete, and so on, after the request type tag is specified. The precise hierarchy is defined by the XML component schemas. Note You should use only the supported XML schema objects; therefore, do not attempt to write a request for other objects. The XML schema information is mapped to the XML instance. Table 4-1 Namespace Descriptions Namespace Description Provides access to the router configuration data analogous to CLI configuration commands. The allowed operations on configuration data are , , and . Provides access to the router operational data and is analogous to CLI show commands. The only operation allowed on operational data is . Provides access to the action data, for example, the clear commands. The only allowed operation on action data is . Provides access to the router administration operational data. The only operation allowed on administration operational data is . Provides access to the router administration action data; for example, the clear commands. The only allowed operation on administration action data is .4-55 Cisco IOS XR XML API Guide OL-24657-01 Chapter 4 Cisco XML and Native Data Operations Native Data Operation Content Main Hierarchy Structure The main structure of the hierarchy consists of the native data model organized as a tree of nodes, where related data items appear in the same branch of the tree. At each level of the tree, a node is a container of further, more specific, sets of related data, or a leaf that holds an actual value. For example, the first element in the configuration data model is , which contains all possible configuration items. The children of this element are more specific groups of configuration, such as for Border Gateway Protocol (BGP) configuration and for Intermediate System-to-Intermediate System (ISIS) configuration. Beneath the element, data is further compartmentalized with the element for global BGP configuration and element for per-entity BGP configuration. This compartmentalization continues down to the elements that hold the values, the values being the character data of the element. This example shows the main hierarchy structure: . . . . . . 10 . . . . . . . . . . . . Data can be retrieved at any level in the hierarchy. One particular data item can be examined, or all of the data items in a branch of the tree can be returned in one request. Similarly, configuration data can be deleted at any granularity—one item can be deleted, or a whole branch of related configuration can be deleted. So, for example, all BGP configuration can be deleted in one request, or just the value of the default metric. Hierarchy Tables One special type of container element is a table. Tables can hold any number of keyed entries, and are used when there can be multiple instances of an entity. For example, BGP has a table of multiple neighbors, each of which has a unique IP address "key" to identify it. In this case, the table element is 4-56 Cisco IOS XR XML API Guide OL-24657-01 Chapter 4 Cisco XML and Native Data Operations Native Data Operation Content , and its child element signifying a particular neighbor is . To specify the key, an extension to the basic parent-child hierarchy is used, where a element appears under the child element, containing the key to the table entry. This example shows hierarchy tables: . . . 10.0.101.6 0 6 10.0.101.7 0 6 . . . . . . Use tables to access a specific data item for an entry (for example, getting the remote autonomous system number for neighbor 10.0.101.6), or all data for an entry, or even all data for all entries. Tables also provide the extra feature of allowing the list of entries in the table to be returned. Returned entries from tables can be used to show all neighbors configured; for example, without showing all their data.4-57 Cisco IOS XR XML API Guide OL-24657-01 Chapter 4 Cisco XML and Native Data Operations Native Data Operation Content Tables in the operational data model often have a further feature when retrieving their entries. The tables can be filtered on particular criteria to return just the set of entries that fulfill those criteria. For instance, the table of BGP neighbors can be filtered on address family or autonomous system number or update group, or all three. To apply a filter to a table, use another extension to the basic parent-child hierarchy, where a element appears under the table element, containing the criteria to filter on. This example shows table filtering: one IPv4Unicast Leaf Nodes The leaf nodes hold values and are generally simple one-value items where the element representing the leaf node uses character data to specify the value (as in 10 in the example in the “Main Hierarchy Structure” section on page 4-55. In some cases there may be more than one value to specify—for example, when you configure the administrative distance for an address family (the element), three values must be given together. Specifying more than one value is achieved by adding further child elements to the leaf, each of which indicates the particular value being configured. This example shows leaf nodes: . . . 20 250 200 . . . 4-58 Cisco IOS XR XML API Guide OL-24657-01 Chapter 4 Cisco XML and Native Data Operations Native Data Operation Content Sometimes there may be even more structure to the values (with additional levels in the hierarchy beneath the tag as a means for grouping the related parts of the data together), although they are still only “setable” or “getable” as one entity. The extreme example of this is that in some of the information returned from the operational data model, all the values pertaining to the status of a particular object may be grouped as one leaf. For example, a request to retrieve a particular BGP path status returns all the values associated with that path. Dependencies Between Configuration Items Dependencies between configuration items are not articulated in the XML schema nor are they enforced by the XML infrastructure; for example, if item A is this value, then item B must be one of these values, and so forth. The back-end for the Cisco IOS XR applications is responsible for preventing inconsistent configuration from being set. In addition, the management agents are responsible for carrying out the appropriate operations on dependent configuration items through the XML interface. Null Value Representations The standard attribute “xsi:nil” is used with a value of “true” when a null value is specified for an element in an XML request or response document. This example shows how to specify a null value for the element : 60 Any element that can be set to “nil” in an XML instance has the attribute “nillable” set to “true” in the XML schema definition for that element. For example: Any XML instance document that uses the nil mechanism must declare the “XML Schema for Instance Documents” namespace, which contains the “xsi:nil” definition. Responses to native data operations returned from the router declares the namespace in the operation tag. For example: Operation Triggering When structuring an XML request, the user should remember the general rule regarding what to specify in the XML for an operation to take place: As a client XML request is parsed by the router, the specified operation takes place whenever a closing tag is encountered after a series of one or more opening tags (but only when the closing tag is not the tag). This example shows a request to get the confederation peer information for a particular BGP autonomous system. In this example, the operation is triggered when the tag is encountered. Sample XML Client Request to Trigger a Operation for BGP Timer Values 4-59 Cisco IOS XR XML API Guide OL-24657-01 Chapter 4 Cisco XML and Native Data Operations Native Data Operation Content 0 3 Sample XML Response from the Router 0 3 0 10 true 4-60 Cisco IOS XR XML API Guide OL-24657-01 Chapter 4 Cisco XML and Native Data Operations Native Data Operation Content Native Data Operation Examples These sections provide examples of the basic , , and operations: • Set Configuration Data Request: Example, page 4-60 • Get Request: Example, page 4-62 • Get Request of Nonexistent Data: Example, page 4-63 • Delete Request: Example, page 4-65 • GetDataSpaceInfo Request Example, page 4-66 Set Configuration Data Request: Example This example shows a native data request to set several configuration values for a particular BGP neighbor. Because the operation in this example is successful, the response contains only the operation and request type tags. This request is equivalent to these CLI commands: router bgp 3 address-family ipv4 unicast! address-family ipv4 multicast! neighbor 10.0.101.6 remote-as 6 ebgp-multihop 255 address-family ipv4 unicast orf route-policy BGP_pass all capability orf prefix both ! address-family ipv4 multicast orf route-policy BGP_pass all ! ! ! Sample XML Client Request to Configuration Values for a BGP Neighbor 0 3 true IPv4Unicast true 4-61 Cisco IOS XR XML API Guide OL-24657-01 Chapter 4 Cisco XML and Native Data Operations Native Data Operation Content IPv4Multicast true 10.0.101.6 0 6 255 false IPv4Unicast true BGP_pass_all Both IPv4Multicast true BGP_pass_all Sample XML Response from the Router 4-62 Cisco IOS XR XML API Guide OL-24657-01 Chapter 4 Cisco XML and Native Data Operations Native Data Operation Content Get Request: Example This example shows a native data request to get the address independent configuration values for a specified BGP neighbor (using the same values set in the previous example). Sample XML Client Request to Configuration Values for a BGP Neighbor 0 3 10.0.101.6 Sample XML Response from the Router 0 3 10.0.101.6 4-63 Cisco IOS XR XML API Guide OL-24657-01 Chapter 4 Cisco XML and Native Data Operations Native Data Operation Content 0 6 255 false IPv4Unicast true BGP_pass_all Both IPv4Multicast true BGP_pass_all Get Request of Nonexistent Data: Example This example shows a native data request to get the configuration values for a particular BGP neighbor; this is similar to the previous example. However, in this example the client application is requesting the configuration for a nonexistent neighbor. Instead of returning an error, the router returns the requested object class hierarchy, but without any data. Note Whenever an application attempts to get nonexistent data, the router does not treat this as an error and returns the empty object hierarchy in the response. Sample XML Client Request to Configuration Data for a Nonexistent BGP Neighbor 0 4-64 Cisco IOS XR XML API Guide OL-24657-01 Chapter 4 Cisco XML and Native Data Operations Native Data Operation Content 3 10.0.101.99 Sample XML Response from the Router 0 3 10.0.101.99 4-65 Cisco IOS XR XML API Guide OL-24657-01 Chapter 4 Cisco XML and Native Data Operations Native Data Operation Content Delete Request: Example This example shows a native data request to delete the address-independent configuration for a particular BGP neighbor. Note that if a request is made to delete an item that does not exist in the current configuration, an error is not returned to the client application. So in this example, the returned result is the same as in the previous example: the empty tag, whether or not the specified BGP neighbor exists. This request is equivalent to these CLI commands: router bgp 3 no neighbor 10.0.101.9 exit Sample XML Client Request to the Address-Independent Configuration Data for a BGP Neighbor 0 3 10.0.101.6 Sample XML Response from the Router 4-66 Cisco IOS XR XML API Guide OL-24657-01 Chapter 4 Cisco XML and Native Data Operations Native Data Operation Content GetDataSpaceInfo Request Example This example shows a operation used to retrieve the native data branch names dynamically. This is useful, for example, for writing a client application that can issue a operation without having to hardcode the branch names. The operation can be invoked instead to retrieve the branch names. The returned branch names can then be included in a subsequent request. Sample XML Client Request to Retrieve Native Data Sample XML Response from the Router C H A P T E R 5-67 Cisco IOS XR XML API Guide OL-24657-01 5 Cisco XML and Native Data Access Techniques This chapter describes the various techniques or strategies you can use to structure native data operation requests to access the information needed within the XML schema object class hierarchy. Available Set of Native Data Access Techniques The available native data access techniques are: • Request all data in the configuration hierarchy. See the “XML Request for All Configuration Data” section on page 5-68. • Request all configuration data for a component. See the “XML Request for All Configuration Data per Component” section on page 5-68. • Request all data within a container. See the “XML Request for Specific Data Items” section on page 5-71. • Combine object class hierarchies within a request. See the “XML Request with Combined Object Class Hierarchies” section on page 5-72. • Use wildcards in order to apply an operation to a set of entries within a table (Match attribute). See the “XML Request Using Wildcarding (Match Attribute)” section on page 5-75. • Repeat naming information in order to apply an operation to multiple instances of an object. See the “XML Request for Specific Object Instances (Repeated Naming Information)” section on page 5-80. • Perform a one-level in order to “list” the naming information for each entry within a table (Content attribute). See the “XML Request Using Operation Scope (Content Attribute)” section on page 5-82. • Specify the maximum number of table entries to be returned in a response (Count attribute). See the “Limiting the Number of Table Entries Returned (Count Attribute)” section on page 5-83. • Use custom filters to filter table entries (Filter element). See the “Custom Filtering (Filter Element)” section on page 5-85. • Use the Mode attribute. See the “XML Request Using the Mode Attribute” section on page 5-86 The actual data returned in a request depends on the value of the Source attribute. Note The term “container” is used in this document as a general reference to any grouping of related data, for example, all of the configuration data for a particular Border Gateway Protocol (BGP) neighbor. The term “table” is used more specifically to denote a type of container that holds a list of named 5-68 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques homogeneous objects. For example, the BGP neighbor address table contains a list of neighbor addresses, each of which is identified by its IP address. All table entries in the XML API are identified by the unique value of their element. XML Request for All Configuration Data Use the empty tag to retrieve the entire configuration object class hierarchy. This example shows how to get the entire configuration hierarchy by specifying the empty tag: Sample XML Client Request to the Entire Configuration Object Class Hierarchy Sample XML Response from the Router . . . response data goes here . . . XML Request for All Configuration Data per Component All the configuration data for a component is retrieved by specifying the highest level tag for the component. In this example, all the configuration data for BGP is retrieved by specifying the empty tag: Sample XML Client Request for All BGP Configuration Data 5-69 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques Sample XML Response from the Router . . . response data goes here . . . XML Request for All Data Within a Container All data within a container is retrieved by specifying the configuration or operational object class hierarchy down to the containers of interest, including any naming information as appropriate. This example shows how to retrieve the configuration for the BGP neighbor with address 10.0.101.6: Sample XML Client Request to Get All Address Family-Independent Configuration Data Within a BGP Neighbor Container 0 3 5-70 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques 10.0.101.6 Sample XML Response from the Router 0 3 10.0.101.6 0 6 255 false IPv4Unicast true oBGP_pass_all Both IPv4Multicast true BGP_pass_all 5-71 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques XML Request for Specific Data Items The value of a specific data item (leaf object) can be retrieved by specifying the configuration or operational object class hierarchy down to the item of interest, including any naming information as appropriate. This example shows how to retrieve the values of the two data items and for the BGP neighbor with address 10.0.101.6: Sample XML Client Request for Two Specific Data Items: RemoteAS and EBGPMultihop 0 3 10.0.101.6 Sample XML Response from the Router 5-72 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques 0 3 10.0.101.6 255 XML Request with Combined Object Class Hierarchies Multiple object class hierarchies can be specified in a request. For example, a portion of the hierarchy can be repeated, and multiple instances of a child object class can be included under a parent. The object class hierarchy may also be compressed into the most “efficient” XML. In other words, it is not necessary to repeat hierarchies within a request. Before combining multiple operations inside one tag, these limitations should be noted for Release 3.0. Any operations that request multiple items of data must be sent in a separate XML request. They include: • An operation to retrieve all data beneath a container. For more information, See the“XML Request for All Data Within a Container” section on page 5-69. • An operation to retrieve the list of entries in a table. For more information, See the “XML Request Using Operation Scope (Content Attribute)” section on page 5-82. • An operation which includes a wildcard. For more information, See the “XML Request Using Wildcarding (Match Attribute)” section on page 5-75. If an attempt is made to make such an operation followed by another operation within the same request, this error is returned: XML Service Library detected the ‘fatal’ condition. The XML document which led to this response contained a request for a potentially large amount of data, which could return a set of iterators. The document also contained further requests for data, but these must be sent in a separate XML document, in order to ensure that they are serviced. The error indicates that the operations must be separated out into separate XML requests.5-73 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques These two examples illustrate two different object class hierarchies that retrieve the same data: the value of the leaf object and for the BGP neighbor with the address 10.0.101.6 and all of the configuration data for the BGP neighbor with the address 10.0.101.7: Example 1: Verbose Form of a Request Using Duplicated Object Class Hierarchies Sample XML Client Request for Specific Configuration Data Values 0 3 10.0.101.6 0 AS>3 10.0.101.7 5-74 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques Sample XML Response from the Router . . . response data returned here for neighbor 10.0.101.6 . . . . . . response data returned here neighbor 10.0.101.7 . . . Example 2: Compact Form of a Request Using Compressed Object Class Hierarchies Sample XML Client Request 0 3 10.0.101.6 5-75 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques 10.0.101.7 Sample XML Response from the Router . . . response data returned here for both neighbors . . . XML Request Using Wildcarding (Match Attribute) Wildcarding of naming information is provided by means of the Match attribute. Match=“*” can be used on any Naming attribute within a or operation to effectively specify a wildcarded value for that attribute. The operation applies to all instances of the requested objects. If no match is found, the response message contains MatchFoundBelow=”false” in the class, and MatchFound=”false” in the class that specified Match=”*” and no match found. These attributes are not added (with a value of true) in the response if a match is found. Note Although partial wildcarding of NodeIDs is not available in XML, each element of the NodeID has to be wildcarded, similar to the support on the CLI of */*/* as the only wildcards supported for locations. This example shows how to use the Match attribute to get the value for all configured BGP neighbors: Sample XML Client Request Using the Match Attribute Wildcarding 5-76 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques 0 3 Sample XML Response from the Router 0 3 10.0.101.1 1 10.0.101.2 2 10.0.101.3 3 ... data for more neighbors returned here ...5-77 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques This example shows the response message when there is no match found for the request with wildcarding: Sample XML Client Request for No Match Found with Wildcarding 3 3 Sample XML Response from the Router 3 3 5-78 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques
Regular expression matching of naming information is provided by means of the Match attribute. Match=“” can be used on any Naming attribute within a operation to specify a filtering criteria to filter table entries. These rules apply to the filtering criteria: • The character, ‘*’ , is treated same as the ‘.*’ character. (matches everything) • Meta character ‘^’ (beginning of line) and ‘$’ (end of line) are always attached to the regular expression string specified by ‘Match’ attribute. • A regular expression string without any meta characters is treated as an exact match. Sample Request of the Configured ACL Entries That End With ‘SAA’: ACL entries that match this request: TCLSAA, 100SAA, SAA ACL entries that do NOT match this request: TCLSAA1 Sample Request That Returns all of the Configured GigabitEthernet Ports in Slot 5: act 5-79 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques Interface names that match this request: GigabitEthernet0/5/0/0, GigabitEthernet0/5/0/1, and so forth. Interface names that do not match this request: GigabitEthernet0/4/0/0 Sample Request That Returns the Configured Loopback Interfaces Between Loopback100 and Loopback199: act Interface names that match this request: Loopback100,…,Loopback199 Interface names that do not match this request: Loopback1000, Loopback1990 Sample Request That Returns Only Loopback1 (if it is configured): act Interface names that match this request: Loopback1 Interface names that do not match this request: Loopback10, Loopback100, and so forth The request above, thus, is equivalent to this request: act Loopback1 5-80 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques Limitation: Regular expression matching can only be specified in the first table of an XML request. XML Request for Specific Object Instances (Repeated Naming Information) Wildcarding allows the client application to effectively specify all instances of a particular object. Similarly, the client application might have a need to specify only a limited set of instances of an object. Specifying object instances can be done by simply repeating the naming information in the request. This example shows how to retrieve the address independent configuration for three different BGP neighbors; that is, the neighbors with addresses 10.0.101.1, 10.0.101.6, and 10.0.101.8, by repeating the naming information, once for each desired instance: Sample XML Client Request Using Repeated Naming Information for BGP Instances 0 3 10.0.101.1 10.0.101.6 10.0.101.8 5-81 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques Sample XML Response from the Router 0 3 10.0.101.1 ... data returned for 1st neighbor ... 10.0.101.6 ... data returned for 2nd neighbor ... 10.0.101.6 ... data returned for 3rd neighbor ... 5-82 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques XML Request Using Operation Scope (Content Attribute) The Content attribute is used on any table element in order to specify the scope of a operation. Table 5-1 describes the content attribute values are supported. If the Content attribute is specified on a nontable element, it is ignored. Also, note that the Content and Count attributes can be used together on the same table element. This example displays the Content attribute that is used to list all configured BGP neighbors: Sample XML Client Request Using the All Content Attribute 0 3 Sample XML Response from the Router 0 Table 5-1 Content Attributes Content Attribute Description All Used to get all leaf items and their values. All is the default when the Content attribute is not specified on a table element. Entries Used to get the Naming information for each entry within a specified table object class. Entries provides a one-level get capability.5-83 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques 3 10.0.101.1 10.0.101.2 10.0.101.3 10.0.101.4 ... more neighbors returned here ... Limiting the Number of Table Entries Returned (Count Attribute) The Count attribute is used on any table element within a operation to specify the maximum number of table entries to be returned in a response. When the Count attribute is specified, the naming information within the request is used to identify the starting point within the table, that is, the first table entry of interest. If no naming information is specified, the response starts at the beginning of the table. For a table whose entries are containers, the Count attribute can be used only if the Content attribute is also specified with a value of Entries. This restriction does not apply to a table whose children are leaf nodes. As an alternative to the use of the Count attribute, the XML interface supports the retrieval of large XML responses in blocks through iterators. 5-84 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques This example shows how to use the Count attribute to retrieve the configuration information for the first five BGP neighbors starting with the address 10.0.101.1: Sample XML Client Request Using the Count Attribute 0 3 10.0.101.1 Sample XML Response from the Router 0 3 10.0.101.1 5-85 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques 10.0.101.2 ... data returned for remaining neighbors here ... Custom Filtering (Filter Element) Some of the tables from the operational namespace support the selection of rows of interest based on predefined filtering criteria. Filters can be applied to such tables in order to reduce the number of table entries retrieved in a request. Client applications specify filtering criteria for such tables by using the tag and including the filter specific parameters as defined in the XML schema definition for that table. If no table entries match the specified filter criteria, the response contains the object class hierarchy down to the specified table, but does not include any table entries. The Content attribute can be used with a filter to specify the scope of a request. In this example, the filter is used to retrieve operational information for all neighbors in autonomous system 6: Sample XML Client Request Using Filtering one 6 5-86 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques Sample Filtered XML Response from the Router one 6 ... data for 1st neighbor returned here ... ... data for 2nd neighbor returned here returned here ... ... data for remaining neighbors returned here ... XML Request Using the Mode Attribute The client application modifies the target configuration as needed using the and operations. The XML interface supports the combining of several operations into a single request. When multiple configuring operations are specified in a single request, they are performed on a “best effort” basis by default. For example, in a case where configuring operations 1 through 3 are in the request and even if operation 2 fails, operation 3 is attempted and operation 1 result remains in the target configuration. To perform the request on an atomic basis, use the Mode attribute with the value Atomic in the . If any errors occur, the target configuration is cleared and the errors are returned to the client application.5-87 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques Sample XML Client Request with the Attribute Mode=”Atomic” 20 Sample XML Response from the Router Sample XML Client Request with an Invalid Set Operation (Best-Effort) 20 <--- This is an invalid XML set operation Sample XML Response from the Router 5-88 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques Note This request is performed on a best effort basis. The SNMP timeout configuration has no error and is committed. Sample XML Request and Response of Commit Change for ForCommitID="1000000443" 20 Sample XML Client Request with the Attribute Mode=”Atomic” and with an Invalid Set Operation 20 5-89 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access Techniques <--- This is an invalid XML set operation Sample XML Response from the Router Note The target configuration buffer is cleared and no configuration is committed.5-90 Cisco IOS XR XML API Guide OL-24657-01 Chapter 5 Cisco XML and Native Data Access Techniques Available Set of Native Data Access TechniquesC H A P T E R 6-91 Cisco IOS XR XML API Guide OL-24657-01 6 Cisco XML and Encapsulated CLI Operations XML interface for the router provides support for XML encapsulated CLI commands and responses. This chapter provides information on XML CLI command tags. XML CLI Command Tags A client application can request a CLI command by encoding the text for the command within a pair of start and end tags, tags, and tags. The router responds with the uninterpreted CLI text result. Note XML encapsulated CLI commands use the same target configuration as the corresponding XML operations , , and . When used for CLI operations, the tag supports the optional Operation attribute, which can take one of the values listed in Table 6-1. This example uses the operation tag: Sample XML Client Request for CLI Command Using CLI Tags router bgp 3 Table 6-1 Operational Attribute Values Operational Attribute Value Operational Attribute Value Description Apply Specifies that the commands should be executed or applied (default). Help Gets help on the last command in the list of commands sent in the request. There should not be any empty lines after the last command (because the last command is considered to be the one on the last line). CommandCompletion Completes the last keyword of the last command. Apart from not allowing empty lines at the end of the list of commands sent in the request, when this option is used, there should not be any white spaces after the partial keyword to be completed.6-92 Cisco IOS XR XML API Guide OL-24657-01 Chapter 6 Cisco XML and Encapsulated CLI Operations XML CLI Command Tags default-metric 10 timers bgp 80 160 exit commit sh config commit changes last 1 Sample XML Response from the Router Building configuration... router bgp 3 timers bgp 80 160 default-metric 10 end CLI Command Limitations The CLI commands, which are supported through XML, are limited to CLI configuration commands and EXEC mode show commands (and responses) that are wrapped in tags. These commands and conditions are not supported: • The do configuration mode command. • EXEC mode commands other than show commands except for these items: – show history – show user – show users – show terminal • Administration EXEC mode commands • Iterators for responses to commands issued through XML. For example, iterators are not supported for the output of the show run and show configuration commands. • Sending a request in format and getting back an XML encoded response. • Sending an XML encoded request and getting back a response in format. • Only one XML request can be issued at a time across all client sessions on the router.C H A P T E R 7-93 Cisco IOS XR XML API Guide OL-24657-01 7 Cisco XML and Large Data Retrieval XML for the router supports the retrieval of large XML responses in blocks (for example, chunks or sections). These sections provide information about large data retrieval: • Iterators, page 7-93 • Throttling, page 7-98 • Streaming, page 7-99 Iterators When a client application makes a request, the resulting response data size is checked to determine whether it is larger than a predetermined block size. If the response data is not larger than the predetermined block size, the complete data is returned in a normal response. If the response data is larger than the block size, the first set of data is returned according to the block size along with a decremented iterator ID included as the value of the IteratorID attribute. The client must then send requests including the iterator ID until all data is retrieved. The client application knows that all data is retrieved when it receives a response that does not contain an IteratorID attribute. Usage Guidelines These points should be noted by the client application when iterators are used: • The block size is a configurable value specific to each transport mechanism on the router; that is, the XML agent for the dedicated TCP connection and Secure Shell (SSH), Telnet, or Secure Sockets Layer (SSL) dedicated TCP connection. Use this command to configure the iteration size: xml agent [tty | ssl] iteration on size <1-100000> Specify the iteration size in KB. The default is 48 KB.7-94 Cisco IOS XR XML API Guide OL-24657-01 Chapter 7 Cisco XML and Large Data Retrieval Iterators Note The iteration command includes the option to turn off the XML response iterator. However, we do not recommend turning off the iterator because of the large memory usage that occurs temporarily. • The block size refers to the entire XML response, not just the payload portion of the response. • Large responses are divided based on the requested block size, not the contents. However, each response is always a complete XML document. • Requests containing multiple operations are treated as a single entity when the block size and IteratorID are applied. As a result, the IteratorID is an attribute of the tag, never of an individual operation. • If the client application sends a request that includes an operation resulting in the need for an iterator to return all the response data, any further operations contained within that request are rejected. The rejected operations are resent in another request. • The IteratorID is an unsigned 32-bit value that should be treated as opaque data by the client application. Furthermore, the client application should not assume that the IteratorID is constant between operations. To reduce memory overhead and avoid memory starvation of the router, these limitations are placed on the number of allowed iterators: • The maximum number of iterators allowed at any one time on a given client session is 10. • The maximum number of iterators allowed at any one time for all client sessions is 100. If a request is issued that results in an iterated response, it is counted as one iterator, regardless of the number of operations required to retrieve all of the response data. For example, a request may require 10, 100, or more operations to retrieve all the associated data, but during this process only one iterator is being used. Also, an iterator is considered to be in use until all of the response data associated with that iterator (the original request) is retrieved or the iterator is terminated with the Abort attribute. Examples Using Iterators to Retrieve Data This example shows a client request that utilizes an iterator to retrieve all global Border Gateway Protocol (BGP) configuration data for a specified autonomous system: Sample XML Client Request to Retrieve All BGP Configuration Data 0 3 7-95 Cisco IOS XR XML API Guide OL-24657-01 Chapter 7 Cisco XML and Large Data Retrieval Iterators Sample XML Response from the Router Containing the First Block of Retrieved Data 0 3 ... 1st block of data returned here ... Second XML Client Request Using the Iterator to Retrieve the Next Block of BGP Configuration Data Sample XML Response from the Router Containing the Second Block of Retrieved Data 0 3 7-96 Cisco IOS XR XML API Guide OL-24657-01 Chapter 7 Cisco XML and Large Data Retrieval Iterators Third XML Client Request Using the Iterator to Retrieve the Next Block of BGP Configuration Data Sample XML Response from the Router Containing Third Block of Retrieved Data 0 3 ... 3rd block of data returned here ... Final XML Client Request Using the Iterator to Retrieve the Last Block of BGP Configuration Data Final XML Response from the Router Containing the Final Block of Retrieved Data 0 3 ... Final block of data returned here ... 7-97 Cisco IOS XR XML API Guide OL-24657-01 Chapter 7 Cisco XML and Large Data Retrieval Iterators Large Response Division The default behavior for large response division is that large responses are divided based on the requested block size. To specify a different basis for the division, use the IterateAtFirstTableGet attribute in the tag. Sample XML Request with attribute IterateAtFirstTable Terminating an Iterator A client application may terminate an iterator without retrieving all of the response data by including an Abort attribute with a value of “true” on the operation. A client application that does not complete or terminate its requests risks running out of iterators. This example shows a client request using the Abort attribute to terminate an iterator: Sample XML Request 0 7-98 Cisco IOS XR XML API Guide OL-24657-01 Chapter 7 Cisco XML and Large Data Retrieval Throttling 3 Sample XML Response from the Router 0 3 ... 1st block of data returned here ... Sample XML Request Using the Abort Attribute to Terminate an Iterator Sample XML Response from the Router Throttling XML response data could be large resulting in high CPU utilization or high memory usage when constructing the XML response. Throttling mechanisms in the XML agent provide a means for external users or an NMS to control the impact to the system.7-99 Cisco IOS XR XML API Guide OL-24657-01 Chapter 7 Cisco XML and Large Data Retrieval Streaming CPU Throttle Mechanism The CPU throttle mechanism in the XML agent controls the number of tags to process per second. The higher the number of tags that are specified, the higher the CPU utilization and faster response. The lower number of tags means less CPU utilization and slower response. To configure the number of tags, use this command: xml agent [tty | ssl] throttle process-rate <1000-30000> Memory Throttle Mechanism The memory throttle mechanism in the XML agent controls the maximum XML response size in MB. If this size is exceeded, this error message is returned in the XML response. > XML> > To configure the size of the memory usage per session, use this command: xml agent [tty | ssl] throttle memory <100-600> The default is 300 MB. Streaming As the XML agent retrieves the data from the source, the output of a response is streamed. This process is similar to iterators, but the XML client does not run the GetNext IteratorID to handle large response data size. Usage Guidelines Use these guidelines when streaming is used by the client application: • Iteration must be off. xml agent [tty | ssl] iteration off • The sub-response block size is a configurable value specific to each transport mechanisms on the router: the XML agent for the dedicated TCP connection and Secure Shell (SSH), Telnet, or Secure Sockets Layer (SSL) dedicated TCP connection. Use this command to configure the streaming size. Specify the streaming size in KB. The default is 48 KB. xml agent [tty | ssl] streaming on size <1-100000>7-100 Cisco IOS XR XML API Guide OL-24657-01 Chapter 7 Cisco XML and Large Data Retrieval StreamingC H A P T E R 8-101 Cisco IOS XR XML API Guide OL-24657-01 8 Cisco XML Security Specific security privileges are required for a client application requesting information from the router. This chapter contains these sections: • Authentication, page 8-101 • Authorization, page 8-101 • Retrieving Task Permissions, page 8-102 • Task Privileges, page 8-102 • Task Names, page 8-103 • Authorization Failure, page 8-104 • Management Plane Protection, page 8-104 • VRF, page 8-105 • Access Control List, page 8-105 Authentication User authentication through authentication, authorization, and accounting (AAA) is handled on the router by the transport-specific XML agent and is not exposed through the XML interface. Authorization Every operation request by a client application is authorized. If the client is not authorized to perform an operation, the operation is not performed by the router and an error is returned. Authorization of client requests is handled through the standard AAA “task permissions” mechanism. The XML agent caches the AAA user credentials obtained from the user authentication process, and then each client provides these to the XML infrastructure on the router. As a result, no AAA information needs to be passed in the XML request from the client application. Each object class in the schema has a task ID associated with it. A client application’s capabilities and privileges in terms of task IDs are exposed by AAA through a show command. A client application can use the XML interface to retrieve the capabilities prior to sending configuration requests to the router. A client application requesting an operation through the XML interface must have the appropriate task privileges enabled or assigned for any objects accessed in the operation:8-102 Cisco IOS XR XML API Guide OL-24657-01 Chapter 8 Cisco XML Security Retrieving Task Permissions • operations require AAA “read” privileges. • and operations require AAA “write” privileges. The “configuration services” operations through configuration manager can also require the appropriate predefined task privileges. If an operation requested by a client application fails authorization, an appropriate element is returned in the response sent to the client. For “native data” operations, the element is associated with the specific element or object classes where the authorization error occurred. Retrieving Task Permissions A client application’s capabilities and privileges in terms of task permissions are exposed by AAA through CLI show commands. A client application can also use the XML interface to programatically retrieve the current AAA capabilities from the router. This retrieval can be done by issuing the appropriate request to the component. This example shows a request to retrieve all of the AAA configuration from the router: Sample XLM Request to Retrieve AAA Configuration Information Sample XML Response from the Router . . . AAA configuration returned here . . . Task Privileges A client application requesting a native data operation through the XML interface must have the appropriate task privileges enabled or assigned for any items accessed in the operation: • , , and operations require AAA “read” privileges. • and operations require AAA “write” privileges.8-103 Cisco IOS XR XML API Guide OL-24657-01 Chapter 8 Cisco XML Security Task Names The “configuration services” operations through the configuration manager can also require the appropriate predefined task privileges. Task Names Each object (that is, data item or table) exposed through the XML interface and accessible to the client application has one or more task names associated with it. The task names are published in the XML schema documents as annotations. For example, the complex type definition for the top-level element in the Border Gateway Protocol (BGP) configuration schema contains this annotation: Container 18 0 bgp native_data_operations Configuration Here is another example from a different component schema. This annotation includes a list of task names. 1 0 ouni mpls-te Task names indicate what permissions are required to access the data below the object. In the example, the task names ouni and mpls-te are specified for the object. The task names apply to the object and are inherited by all the descendants of the object in the schema. In other words, the task names that apply to a particular object are the task names specified for the object and the task names of all ancestors for which there is a task name specified in the schema. The TaskGrouping attribute specifies the logical relationship among the task names when multiple task names are specified for a particular object. For example, for a client application to issue a request for the object containing the preceding annotation, the corresponding AAA user credentials must have read permissions set for both the ouni and mpls-te tasks (and any tasks inherited by the object). The possible values for the TaskGrouping attribute are And, Or, and Single. The value Single is used when there is only a single task name specified for the object.8-104 Cisco IOS XR XML API Guide OL-24657-01 Chapter 8 Cisco XML Security Authorization Failure Authorization Failure If an operation requested by a client application fails authorization, an appropriate element is returned in the response sent to the client. For “native data” operations, the element is associated with the specific element or object where the authorization error occurred. If a client application issues a request to retrieve all data below a container object, and if any subsections of that data require permissions that the user does not have, then an error is not returned. Instead, the subsection of data is not included in the response. Management Plane Protection Management Plane Protection (MPP) provides a mechanism for securing management traffic on the router. Without MPP, a management service’s traffic can come through any interface with a network address, which could be a security risk. MPP is effective when XML is configured. Inband Traffic To configure the MPP for inband traffic, use the command in this example: RP/0/0/CPU0:router(config)#control-plane management-plane inband interface [interface type] allow [protocol|all] where the protocol is XML. RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$Ethernet 0/0/0/0 allow XML ? peer Configure peer address on this interface RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$Ethernet 0/0/0/0 allow XML peer ? address Configure peer address on this interface RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$Ethernet 0/0/0/0 allow XML peer address ? ipv4 Configure peer IPv4 address on this interface ipv6 Configure peer IPv6 address on this interface RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$Ethernet 0/0/0/0 allow XML peer address Out-of-Band Traffic To configure the MPP for out-of-band traffic, use the command in this example: RP/0/0/CPU0:router(config)#control-plane management-plane out-of-band interface [interface type] allow [protocol|all] where the protocol is XML. RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$gabitEthernet 0/0/0/1 allow XML ? peer Configure peer address on this interface RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$gabitEthernet 0/0/0/1 allow XML peer ? address Configure peer address on this interface 8-105 Cisco IOS XR XML API Guide OL-24657-01 Chapter 8 Cisco XML Security VRF RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$ XML peer address ? ipv4 Configure peer IPv4 address on this interface ipv6 Configure peer IPv6 address on this interface RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$ XML peer address VRF XML agents can be configured to virtual route forwarding (VRF) aware. • To configure the dedicated agent [ssl] to receive or send messages through VRF, use this command: RP/0/0/CPU0:router(config)#xml agent [ssl] vrf • To configure the dedicated [ssl] agent NOT to receive or send messages through the default VRF, use this command: RP/0/0/CPU0:Router(config)#xml agent [ssl] vrf default shutdown Access Control List To configure an access control list (ACL) for XML agents, use this command: RP/0/0/CPU0:router(config)#xml agent [ssl] vrf access-list IPv6 Access List Example xml agent [ssl] vrf ipv6 access-list IPv4 and IPv6 Access Lists Example xml agent [ssl] vrf ipv4 access-list ipv6 access-list ! ! Note This method to configure an IPv4 access-list is still supported (for backward compatibility) but hidden from CLI help. xml agent [ssl] vrf access-list ! !8-106 Cisco IOS XR XML API Guide OL-24657-01 Chapter 8 Cisco XML Security Access Control ListC H A P T E R 9-107 Cisco IOS XR XML API Guide OL-24657-01 9 Cisco XML Schema Versioning Before the router can carry out a client application request, it must verify version compatibility between the client request and router component versions. Major and minor version numbers are included on the and elements to indicate the overall XML application programming interface (API) version in use by the client application and router. In addition, each component XML schema exposed through the XML API has a major and minor version number associated with it. This chapter describes the format of the version information exchanged between the client application and the router, and how the router uses this information at run time to check version compatibility. This chapter contains these sections: • Major and Minor Version Numbers, page 9-107 • Run-Time Use of Version Information, page 9-108 • Retrieving Version Information, page 9-113 • Retrieving Schema Detail, page 9-115 Major and Minor Version Numbers The top-level or root object (that is, element) in each component XML schema carries the major and minor version numbers for that schema. A minor version change is defined as an addition to the XML schema. All other changes, including deletions and semantic changes, are considered major version changes. The version numbers are documented in the header comment contained in the XML schema file. They are also available as annotations included as part of the complex type definition for the top-level schema element. This enables you to programmatically extract the version numbers from the XML schema file to include in XML request instances sent to the router. The version numbers are carried in the XML instances using the MajorVersion and MinorVersion attributes. This example shows the relevant portion of the complex type definition for an element that carries version information: BGP Configuration Commands Container 24 0 9-108 Cisco IOS XR XML API Guide OL-24657-01 Chapter 9 Cisco XML Schema Versioning Run-Time Use of Version Information bgp native_data_operations Configuration . . . . . .. The attribute group VersionAttributeGroup is defined as: Common version information attributes Run-Time Use of Version Information Each XML request must contain the major and minor version numbers of the client at the appropriate locations in the XML. These version numbers are compared to the version numbers running on the router. The behavior of the router, whether the request is accepted or rejected, depends on the value set for the AllowVersion MisMatch attribute. All requests are accepted when the AllowVersionMismatch attribute is set as TRUE. The request is then accepted or rejected based on these rules when the AllowVersionMismatch attribute is set as FALSE: • If there is a major version discrepancy, then the request fails. • If there is a minor version lag, that is, the client minor version is behind that of the router, then the request is attempted. • If there is a minor version creep, that is, the client minor version is ahead of that of the router, then the request fails. • If the version information has not been included in the request, then the request fails. • The default value is used when the request does not specify the AllowVersionMismatch attribute. The default value is currently set as TRUE. Each XML response can also contain the version numbers at the appropriate locations in the XML.9-109 Cisco IOS XR XML API Guide OL-24657-01 Chapter 9 Cisco XML Schema Versioning Run-Time Use of Version Information Note If the client minor version is behind that of the router, then the response may contain elements that are not recognized by the client application. The client application must be able to handle these additional elements. Placement of Version Information This example shows the placement of the MajorVersion and MinorVersion attributes within a client request to retrieve the global BGP configuration data for a specified autonomous system: Sample Client Request Showing Placement of Version Information 0 3 Sample XML Response from the Router 0 3 ... data returned here ... 9-110 Cisco IOS XR XML API Guide OL-24657-01 Chapter 9 Cisco XML Schema Versioning Run-Time Use of Version Information Version Lag with the AllowVersionMisMatch Attribute Set as TRUE The example shows a request and response with a version mismatch. In this case, because the AllowVersionMismatch attribute is set as TRUE, the request is attempted. This is also the default behavior when AllowVersionMismatch attribute is not specified in the request. The router attempts the request and if the request is successful returns a VersionMismatchExists attribute at the appropriate point within the response along with a VersionMismatchExistsBelow attribute on the operation tag. Note The version number, which is returned in the response, is the version running on the router. The versions in this example are hypothetical. Sample XML Client Request with a Version Mismatch 0 3 Sample XML Response from the Router VersionMismatchExists=”true”> 0 3 ... data returned here ... 9-111 Cisco IOS XR XML API Guide OL-24657-01 Chapter 9 Cisco XML Schema Versioning Run-Time Use of Version Information Version Lag with the AllowVersionMismatch Attribute Set as FALSE The example shows a request and response with a version mismatch, but the request specifies the AllowVersionMisMatch attribute as FALSE. In this case, the client minor version is behind the router, so the request is still attempted, but VersionMismatchExists and VersionMismatchExistsBelow attributes are not returned in the response. Note The version number returned is the response is the version number running on the router. The versions in this example are hypothetical. Sample XML Client Request with the AllowVersionMismatch Attribute Set as False 0 3 Sample XML Response from the Router 0 3 ... data returned here ... 9-112 Cisco IOS XR XML API Guide OL-24657-01 Chapter 9 Cisco XML Schema Versioning Run-Time Use of Version Information Version Creep with the AllowVersionMisMatch Attribute Set as TRUE The example shows a request and response with a version mismatch. In this case, the client is the AllowVersionMismatch attribute and is set as TRUE. The request is attempted. Note The version number returned is the response is the version number running on the router. The versions in this example are hypothetical. Sample XML Request with an AllowVersion Mismatch Attribute Set as TRUE 0 3 Sample XML Response from the Router VersionMismatchExists=”true”> 0 3 ... data returned here ... 9-113 Cisco IOS XR XML API Guide OL-24657-01 Chapter 9 Cisco XML Schema Versioning Retrieving Version Information Version Creep with the AllowVersionMisMatch Attribute Set as FALSE The example shows a request and response with a version mismatch. In this case, the client minor version is ahead of the router minor version, which results in an error response. Sample XML Request with an AllowVersion Mismatch Attribute Set as FALSE Sample XML Response from the Router ErrorMsg="'XML Service Library' detected the 'warning' condition 'An error was encountered in the XML beneath this operation tag'" > Retrieving Version Information The version of the XML schemas running on the router can be retrieved using the tag followed by the appropriate tags identifying the names of the desired components. In this example, the tag is used to retrieve the major and minor version numbers for the BGP component configuration schema: Sample XML Request to Retrieve Major and Minor Version Numbers Sample XML Response from the Router 9-114 Cisco IOS XR XML API Guide OL-24657-01 Chapter 9 Cisco XML Schema Versioning Retrieving Version Information This example shows how to retrieve the version information for all configuration schemas available on the router: Sample XML Request to Retrieve Version Information for All Configuration Schemas Sample XML Response from the Router .... .... ... 9-115 Cisco IOS XR XML API Guide OL-24657-01 Chapter 9 Cisco XML Schema Versioning Retrieving Schema Detail Retrieving Schema Detail The SchemaDetail boolean attribute can now be specified on the operation to instruct the router to return additional schema detail in the response. If the SchemaDetail attribute is specified in the request, each schema entity in the response contains three additional boolean attributes listed in Table 9-1. This example shows a request and response with the SchemaDetail attribute: Sample XML Client Request for Schema Detail Sample XML Response from the Router ... . .. Table 9-1 Content Attributes Content Attribute Description ContainsNaming Indicates whether or not the schema entity contains naming information. Getable Indicates whether or not operations are supported for this schema. Setable Indicates whether or not operations are supported for this schema.9-116 Cisco IOS XR XML API Guide OL-24657-01 Chapter 9 Cisco XML Schema Versioning Retrieving Schema Detail C H A P T E R 10-117 Cisco IOS XR XML API Guide OL-24657-01 10 Alarms The Cisco IOS XR XML API supports the registration and receipt of notifications; for example, asynchronous responses such as alarms, over any transport. The system supports alarms and event notifications over XML/SSH. An asynchronous registration request is followed by a synchronous response and any number of asynchronous responses. If a client wants to stop receiving a particular set of asynchronous responses at a later stage, the client sends a deregistration request. One type of notification that is supported by the Cisco IOS XR XML API is alarms; for example, syslog messages. The alarms that are received are restricted by a filter, which is specified in the registration request. An alarm registration request is followed by a synchronous response. If successful, the synchronous response contains a RegistrationID, which is used by the client to uniquely identify the applicable registration. A client can make many alarm registrations. If a client wants to stop receiving a particular set of alarms at a later stage, the client can send a deregistration request for the relevant RegistrationID or all Registration IDs for the session. When an asynchronous response is received that contains an alarm, the registration that resulted in the alarm is determined from the RegistrationID. These sections describe the XML used for every operation: • Alarm Registration, page 10-117 • Alarm Deregistration, page 10-118 • Alarm Notification, page 10-119 Alarm Registration Alarm registration and deregistration requests and responses and alarm notifications use the operation tag to distinguish them from other types of XML operations. A registration request contains the tag, which is followed by several tags that specify the filter requirement. If registration for all alarms is required, no filter is specified. These filter criteria are listed: • SourceID • Category • Group • Context • Code10-118 Cisco IOS XR XML API Guide OL-24657-01 Chapter 10 Alarms Alarm Deregistration • Severity • BiStateOnly If it succeeds, the response contains a tag with a RegistrationID attribute. If it fails, the filter tag that caused the error appears with an error message attribute. This example shows a registration request to receive all alarms for configuration change; for example, commit notifications: Sample XML Request from the Client Application CONFIG DB_COMMIT Sample XML Response from the Router Response MajorVersion="1" MinorVersion="0"> Note If a second registration is made with the same filter, or if the filters with two registrations overlap, these alarms that match both registrations are received twice. In general, each alarm is received once for each registration that it matches. If a session ends (for example, the connection is dropped), all registrations are automatically canceled. Alarm Deregistration An alarm deregistration request consists of the operation tag followed by the tag, with the optional attribute RegistrationID. If RegistrationID is specified, the value must be that returned from a previous registration request. The registration with that ID must not have already been deregistered or an error is returned. If it is not specified, the request results in all alarm registrations for that session being deregistered. This example shows a deregistration request for the RegistrationID returned from the registration request example: Sample XML Request from the Client Application 10-119 Cisco IOS XR XML API Guide OL-24657-01 Chapter 10 Alarms Alarm Notification Sample XML Response from the Router Alarm Notification Alarm notifications are contained within a pair of tags to distinguish them from normal responses. Each notification contains one or more alarms, each of which is contained within a pair of tags. The tags have an attribute RegistrationID, where the value is the RegistrationID returned in the registration that resulted in the alarm. The tags contain these fields for the alarm: • SourceID • EventID • Timestamp • Category • Group • Code • Severity • State • CorrelationID • AdditionalText This example shows the configuration commit alarm notification: RP/0/0/CPU0 84 1077270612 MGBL CONFIG DB_COMMIT Informational NotAvailable 0 config[65704]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed by user 'admin'. Use 'show commit changes 1000000490' to view the changes. 10-120 Cisco IOS XR XML API Guide OL-24657-01 Chapter 10 Alarms Alarm NotificationC H A P T E R 11-121 Cisco IOS XR XML API Guide OL-24657-01 11 Error Reporting in Cisco XML Responses The XML responses returned by the router contains error information as appropriate, including the operation, object, and cause of the error when possible. The error codes and messages returned from the router may originate in the XML agent or in one of the other infrastructure layers; for example, the XML Service Library, XML Parser Library, or Configuration Manager. Types of Reported Errors Table 11-1 lists the types of potential errors in XML Responses. These error categories are described in these sections: • Error Attributes, page 11-122 • Transport Errors, page 11-122 • XML Parse Errors, page 11-122 • XML Schema Errors, page 11-123 Table 11-1 Reported Error Types Error Type Description Transport errors Transport-specific errors are detected within the XML agent (and include failed authentication attempts). XML parse errors XML format or syntax errors are detected by the XML Parser Library (and include errors resulting from malformed XML, mismatched XML tags, and so on). XML schema errors XML schema errors are detected by the XML operation provider within the infrastructure (and include errors resulting from invalid operation types, invalid object hierarchies, values out of range, and so on). Operation processing errors Operation processing errors are errors encountered during the processing of an operation, typically as a result of committing the target configuration (and include errors returned from Configuration Manager and the infrastructure such as failed authorization attempts, and “invalid configuration errors” returned from the back-end Cisco IOS XR applications). 11-122 Cisco IOS XR XML API Guide OL-24657-01 Chapter 11 Error Reporting in Cisco XML Responses Types of Reported Errors • Operation Processing Errors, page 11-125 • Error Codes and Messages, page 11-126 Error Attributes If one or more errors occur during the processing of a requested operation, the corresponding XML response includes error information for each element or object class in error. The error information is included in the form of ErrorCode and ErrorMsg attributes providing a relevant error code and error message respectively. If one or more errors occur during the processing of an operation, error information is included for each error at the appropriate point in the response. In addition, error attributes are added at the operation element level. As a result, the client application does not have to search through the entire response to determine if an error has occurred. However, the client can still search through the response to identify each of the specific error conditions. Transport Errors Transport-specific errors, including failed authentication attempts, are handled by the appropriate XML agent. XML Parse Errors This general category of errors includes those resulting from malformed XML and mismatched XML tags. The router checks each XML request, but does not validate the request against an XML schema. If the XML contains invalid syntax and thus fails the well-formedness check, the error indication is returned in the form of error attributes placed at the appropriate point in the response. In such cases, the response may not contain the same XML as was received in the request, but just the portions to the point where the syntax error was encountered. In this example, the client application sends a request to the router that contains mismatched tags, that is, the opening tag is not paired with a closing tag. This example illustrates the format and placement of the error attributes. Note The actual error codes and messages might be different than what is shown in this example. Also, the actual error attributes does not contain new line characters. Sample XML Client Request Containing Mismatched Tags 0 311-123 Cisco IOS XR XML API Guide OL-24657-01 Chapter 11 Error Reporting in Cisco XML Responses Types of Reported Errors Sample XML Response from the Router XML Schema Errors XML schema errors are detected by the XML operation providers. This general category of errors includes those resulting from invalid operation types, invalid object hierarchies, and invalid naming or value elements. However, some schema errors may go undetected because, as previously noted, the router does not validate the request against an XML schema. In this example, the client application has requested a operation specifying an object that does not exist at this location in the Border Gateway Protocol (BGP) component hierarchy. This example illustrates the format and placement of the error attributes. Note The actual error codes and messages may be different than those shown in the example. Sample XML Client Request Specifying an Invalid Object Hierarchy 0 3 10 11-124 Cisco IOS XR XML API Guide OL-24657-01 Chapter 11 Error Reporting in Cisco XML Responses Types of Reported Errors Sample XML Response from the Router 0 3 This example also illustrates a schema error. In this case, the client application has requested a operation specifying a value for the object that is not within the range of valid values for this item. Sample XML Request Specifying an Invalid Object Value Range 0 3 6000 11-125 Cisco IOS XR XML API Guide OL-24657-01 Chapter 11 Error Reporting in Cisco XML Responses Types of Reported Errors Sample XML Response from the Router 0 3 Operation Processing Errors Operation processing errors include errors encountered during the processing of an operation, typically as a result of committing the target configuration after previous or operations. While processing an operation, errors are returned from Configuration Manager and the infrastructure, failed authorization attempts occur, and “invalid configuration errors” are returned from the back-end Cisco IOS XR applications. This example illustrates an operation processing error resulting from a request specifying an unrecognized iterator ID: Sample XML Client Request and Processing Error Sample XML Response from the Router 11-126 Cisco IOS XR XML API Guide OL-24657-01 Chapter 11 Error Reporting in Cisco XML Responses Types of Reported Errors Error Codes and Messages The error codes and messages returned from the router may originate in any one of several components. The error codes (cerrnos) returned from these layers are 32-bit integer values. In general, for a given error condition, the error message returned in the XML is the same as the error message displayed on the CLI.C H A P T E R 12-127 Cisco IOS XR XML API Guide OL-24657-01 12 Summary of Cisco XML API Configuration Tags Table 12-1 provides the CLI to XML application programming interface (API) tag mapping for the router target configuration. Table 12-1 CLI Command or Operation to XML Tag Mapping CLI Command or Operation XML Tag To end, abort, or exit 1 (from top config mode) 2 clear show config with show config running with show config merge with show config failed with followed by with configure exclusive 3 4 To change the selected config with To delete the selected config with commit best-effort commit show config failed with show commit changes commitid with show commit changes since commitid with rollback configuration to commitid with rollback configuration last number with show rollback changes to commitid with show rollback changes last number with 12-128 Cisco IOS XR XML API Guide OL-24657-01 Chapter 12 Summary of Cisco XML API Configuration Tags show rollback points show configuration sessions 1. These CLI operations end the configuration session and unlock the running configuration session if it is locked. 2. This XML tag releases the lock on a running configuration but does not end the configuration session. 3. This CLI command starts a new configuration session and locks the running configuration. 4. This XML tag locks the running configuration from a configuration session that is already in progress. Table 12-1 CLI Command or Operation to XML Tag Mapping (continued) CLI Command or Operation XML TagC H A P T E R 13-129 Cisco IOS XR XML API Guide OL-24657-01 13 XML Transport and Event Notifications This chapter contains these sections: • TTY-Based Transports, page 13-129 • Dedicated Connection Based Transports, page 13-131 • SSL Dedicated Connection based Transports, page 13-133 TTY-Based Transports These sections describe how to use the TTY-based transports: • Enabling the TTY XML Agent, page 13-129 • Enabling a Session from a Client, page 13-130 • Sending XML Requests and Receiving Responses, page 13-130 • Configuring Idle Session Timeout, page 13-132 • Ending a Session, page 13-130 • Errors That Result in No XML Response Being Produced, page 13-131 Enabling the TTY XML Agent To enable the TTY agent on the router, which is ready to handle incoming XML sessions over Telnet and Secured Shell (SSH), enter the xml agent tty command, as shown in this example: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# xml agent tty RP/0/RP0/CPU0:router(config)# commit RP/0/RP0/CPU0:router(config)# exit For more information about the xml agent tty command, see Cisco IOS XR System Management Configuration Guide. TTY (SSH) agent is telnet based, so IPv6 addressing is supported.13-130 Cisco IOS XR XML API Guide OL-24657-01 Chapter 13 XML Transport and Event Notifications TTY-Based Transports Enabling a Session from a Client To enable a session from a remote client, invoke SSH or Telnet to establish a connection with the management port on the router. When prompted by the transport protocol, enter a valid username and password. After you have successfully logged on, enter xml at the router prompt to be in XML mode. A maximum of 50 XML sessions total can be started over a dedicated port, TTY, SSH, and Secure Sockets Layer (SSL) dedicated port. Note You should use, if configured, either the management port or any of the external interfaces rather than a connection to the console or auxiliary port. The management port can have a significantly higher bandwidth and offer better performance. Sending XML Requests and Receiving Responses To send an XML request, write the request to the Telnet/SSH session. The session can be used interactively; for example, typing or pasting the XML at the XML> prompt from a window. Note The XML request must be followed by a new-line character; for example, press Return, before the request is processed. Any responses, either synchronous or asynchronous, are also displayed in the session window. The end of a synchronous response is always represented with and asynchronous responses (for example), notifications, end with . The client application is single threaded in the context of one session and sends requests synchronously; for example, requests must not be sent until the response to the previous request is received. Configuring Idle Session Timeout When a session times out, the resource from that session is reclaimed. By default, XML agents do not have an idle session timeout. To configure the idle session timeout in minutes for the XML agents, use this command: xml agent [tty | ssl] session timeout <1-1440> Ending a Session If you are using a session interactively from a terminal window, you can close the window. To manually exit the session, at the prompt: 1. Enter the exit command to end XML mode. 2. Enter the exit command to end the Telnet/SSH session.13-131 Cisco IOS XR XML API Guide OL-24657-01 Chapter 13 XML Transport and Event Notifications Dedicated Connection Based Transports Errors That Result in No XML Response Being Produced If the XML infrastructure is unable to return an XML response, the TTY agent returns an error code and message in the this format: ERROR: 0x%x %s\n Dedicated Connection Based Transports These sections describe how to use the dedicated connection-based transports: • Enabling the Dedicated XML Agent, page 13-131 • Enabling a Session from a Client, page 13-132 • Sending XML Requests and Receiving Responses, page 13-132 • Configuring Idle Session Timeout, page 13-132 • Ending a Session, page 13-132 • Errors That Result in No XML Response Being Produced, page 13-132 Enabling the Dedicated XML Agent To enable the dedicated agent on the router, which is ready to handle incoming XML sessions over a dedicated TCP port (38751), enter the xml agent command, as shown in the following example: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# xml agent RP/0/RP0/CPU0:router(config)# aaa authorization exec default local RP/0/RP0/CPU0:router(config)# commit RP/0/RP0/CPU0:router(config)# exit For more information about the xml agent command, see Cisco IOS XR System Management Configuration Guide. The default addressing protocol for the XML dedicated agent is • IPv4 enabled • IPv6 disabled To configure a dedicated agent to receive and send messages through IPv6 protocol: xml agent ipv6 enable To configure dedicated agent to disable IPv4 protocol xml agent ipv4 disable To receive and send messages only through IPv6 protocol: xml agent ipv4 disable xml agent ipv6 enable13-132 Cisco IOS XR XML API Guide OL-24657-01 Chapter 13 XML Transport and Event Notifications Dedicated Connection Based Transports Enabling a Session from a Client To enable a session from a remote client, establish a TCP connection with the dedicated port (38751) on the router. When prompted, enter a valid username and password. After you have successfully logged on, the session is in XML mode and is ready to receive XML requests. A maximum of 50 XML sessions total can be started over dedicated port, TTY, SSH, and SSL dedicated port. Sending XML Requests and Receiving Responses To send an XML request, write the request to the established session. The session can be used interactively; for example, typing or pasting the XML at the XML> prompt from a window. Note The XML request must be followed by a new-line character; for example, press Return, before the request is processed. Any responses, either synchronous or asynchronous, are also displayed in the session window. The end of a synchronous response is always represented with and asynchronous responses (for example), notifications, end with . The client application is single threaded in the context of one session and sends requests synchronously; for example, requests must not be sent until the response to the previous request is received. Configuring Idle Session Timeout When a session times out, the resource from that session is reclaimed. By default, XML agents do not have an idle session timeout. To configure the idle session timeout in minutes for the XML agents, use this command: xml agent [tty | ssl] session timeout <1-1440> Ending a Session If you are using a session interactively from a terminal window, you can close the window. To manually exit the session, at the prompt: 1. Enter the exit command to end XML mode. 2. Enter the exit command to end the Telnet/SSH session. Errors That Result in No XML Response Being Produced If the XML infrastructure is unable to return an XML response, the TTY agent returns an error code and message in this format: ERROR: 0x%x %s\n13-133 Cisco IOS XR XML API Guide OL-24657-01 Chapter 13 XML Transport and Event Notifications SSL Dedicated Connection based Transports SSL Dedicated Connection based Transports These sections describe how to use the dedicated connection based transports: • Enabling the SSL Dedicated XML Agent, page 13-133 • Enabling a Session from a Client, page 13-133 • Sending XML Requests and Receiving Responses, page 13-133 • Configuring Idle Session Timeout, page 13-134 • Ending a Session, page 13-134 • Errors That Result in No XML Response Being Produced, page 13-134 Enabling the SSL Dedicated XML Agent To enable the SSL dedicated agent on the router, which is ready to handle incoming XML sessions over dedicated TCP port (38752), enter the xml agent command, as shown in this example: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# xml agent ssl RP/0/RP0/CPU0:router(config)# aaa authorization exec default local RP/0/RP0/CPU0:router(config)# commit RP/0/RP0/CPU0:router(config)# exit Note The k9sec package is required to use the SSL agent. The configuration is rejected during a commit when the k9sec package is not active on the system. When the k9sec package is deactivated after configuring the SSL agent, the agent is not available. The SSL dedicated agent uses IPSec, so IPv6 addressing is supported. Enabling a Session from a Client To enable a session from a remote client, establish a TCP connection with the dedicated port (38752) on the router. When prompted, enter a valid username and password. After you have successfully logged on, the session is in XML mode and is ready to receive XML requests. A maximum of 50 XML sessions can be started over a dedicated port, TTY, SSH, and a SSL dedicated port. Sending XML Requests and Receiving Responses To send an XML request, write the request to the established session. The session can be used interactively; for example, typing or pasting the XML at the XML> prompt from a window. The XML request must be followed by a new-line character. For example, press Return before the request is processed. Any responses, either synchronous or asynchronous, are also displayed in the session window. The end of a synchronous response is always represented with . Asynchronous responses end with . 13-134 Cisco IOS XR XML API Guide OL-24657-01 Chapter 13 XML Transport and Event Notifications SSL Dedicated Connection based Transports The client application is single threaded in the context of one session and sends requests synchronously. Requests must not be sent until the response to the previous request is received. Configuring Idle Session Timeout When a session times out, the resource from that session is reclaimed. By default, XML agents do not have an idle session timeout. To configure the idle session timeout in minutes for the XML agents, use this command: xml agent [tty | ssl] session timeout <1-1440> Ending a Session If you are using a session interactively from a terminal window, you can close the window. To manually exit the session, at the prompt: 1. Enter the exit command to end XML mode. 2. Enter the exit command to end the Telnet/SSH session. Errors That Result in No XML Response Being Produced If the XML infrastructure is unable to return an XML response, the SSL dedicated agent returns an error code and message in this format: ERROR: 0x%x %s\n C H A P T E R 14-135 Cisco IOS XR XML API Guide OL-24657-01 14 Cisco XML Schemas This chapter contains information about common XML schemas. The structure and allowable content of the XML request and response instances supported by the Cisco IOS XR XML application programming interface (API) are documented by means of XML schemas (.xsd files). The XML schemas are documented using the standard World Wide Web Consortium (W3C) XML schema language, which provides a much more powerful and flexible mechanism for describing schemas than can be achieved using Document Type Definitions (DTDs). The set of XML schemas consists of a small set of common high-level schemas and a larger number of component-specific schemas as described in this chapter. For more information on the W3C XML Schema standard, see this URL: http://www.w3.org/XML/Schema This chapter contains these sections: • XML Schema Retrieval, page 14-135 • Common XML Schemas, page 14-136 • Component XML Schemas, page 14-136 XML Schema Retrieval The XML schemas that belong to the features in a particular package are obtained as a .tar file from cisco.com. To retrieve the XML schemas, you must: 1. Click this URL to display the Downloads page: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=268437899 Note Select Downloads. Only customer or partner viewers can access the Download Software page. Guest users will get an error. 2. Select Cisco IOS XR Software. 3. Select IOS XR XML Schemas. 4. Select the XML schema for your platform. Once untarred, all the XML schema files appear as a flat directory of .xsd files and can be opened with any XML schema viewing application, such as XMLSpy.14-136 Cisco IOS XR XML API Guide OL-24657-01 Chapter 14 Cisco XML Schemas Common XML Schemas Common XML Schemas Among the .xsd files that belong to a BASE package are the common Cisco IOS XR XML schemas that include definitions of the high-level XML request and response instances, operations, and common datatypes. These common XML schemas are listed: • alarm_operations.xsd • config_services_operations.xsd • cli_operations.xsd • common_datatypes.xsd • xml_api_common.xsd • xml_api_protocol.xsd • native_data_common.xsd • native_data_operations.xsd Component XML Schemas In addition to the common XML schemas, component XML schemas (such as native data) are provided and contain the data model for each feature. There is typically one component XML schema for each major type of data supported by the component—configuration, operational, action, administration operational, and administration action data—plus any complex data type definitions in the operational space. Note Sometimes common schema files exist for a component that contain resources used by the component’s other schema files (for example, the data types to be used by both configuration data and operational data). You should use only the XML objects that are defined in the XML schema files. You should not use any unpublished objects that may be shown in the XML returned from the router. Schema File Organization There is no hard link from the high-level XML request schemas (namespace_types.xsd) and the component schemas. Instead, links appear in the component schemas in the form of include elements that specify the file in which the parent element exists. The name of the component .xsd file also indicates where in the hierarchy the file’s contents reside. If the file ends with _cfg.xsd, it appears as a child of “Configuration”; if it ends with _if_cfg.xsd, it appears as a child of “InterfaceConfiguration”, and so on. In addition, the comment header in each .xsd file names the parent object of each top level object in the schema.14-137 Cisco IOS XR XML API Guide OL-24657-01 Chapter 14 Cisco XML Schemas Component XML Schemas Schema File Upgrades If a new version of a schema file becomes available (or has to be uploaded to the router as part of an upgrade), the new version of the file can replace the old version of the file in a straight swap. All other files are unaffected. Therefore, if a component is replaced, only the .xsd files pertaining to that component is replaced.14-138 Cisco IOS XR XML API Guide OL-24657-01 Chapter 14 Cisco XML Schemas Component XML SchemasC H A P T E R 15-139 Cisco IOS XR XML API Guide OL-24657-01 15 Network Configuration Protocol Network Configuration Protocol (NETCONF) defines an XML-based interface between a network device and a network management system to provide a mechanism to manage, configure, and monitor a network device. In Cisco IOS-XR, NMS applications use defined XML schemas to manage network devices from multiple vendors. These capabilities are supported from a Cisco IOS XR agent to a client: • TTY NETCONF session—Logon through telnet and then enter the netconf command. • SSH NETCONF session—Logon through SSH and then enter the netconf command. This example shows a message that the agent sends to a client: urn:ietf:params:netconf:base:1.0 urn:ietf:params:netconf:capability:candidate:1.0 4 These sections about NETCONF are covered: • Starting a NETCONF Session, page 15-139 • Ending a NETCONF Agent Session, page 15-140 • Starting an SSH NETCONF Session, page 15-140 • Ending an SSH NETCONF Agent Session, page 15-141 • Configuring a NETCONF agent, page 15-141 • Limitations of NETCONF in Cisco IOS XR, page 15-142 Starting a NETCONF Session To start a NETCONF session, enter the netconf command from the exec prompt (through telnet or SSH). This example shows how to start a TTY NETCONF agent session: client(/users/ore)> telnet 1.66.32.82 Trying 1.66.32.82... Connected to 1.66.32.82.15-140 Cisco IOS XR XML API Guide OL-24657-01 Chapter 15 Network Configuration Protocol Ending a NETCONF Agent Session Escape character is '^]'. User Access Verification Username: Password: RP/0/1/CPU0:Router# netconf echo format urn:ietf:params:netconf:base:1.0 urn:ietf:params:netconf:capability:candidate:1.0 4 ]]>]]> When a new session is created, the NETCONF agent immediately sends out a message with capabilities. At the end of each message transmission, the NETCONF agent sends the EOD marker ‘]]>]]>’ The NETCONF agent does not display a prompt like the XML agent does (XML>). The NETCONF TTY agent does not echo back the received messages and does not format returning messages by default. These capabilities can be added by using the ‘echo’ and ‘format’ options. The client is also required to send a message with capabilities. Ending a NETCONF Agent Session Unlike the XML agent, the client ends the session by sending a request. ]]>]]> The agent replies with an tag and then closes the session. ]]>]]> Starting an SSH NETCONF Session This example shows how to start an SSH NETCONF agent session: client(/users/ore)> ssh lab@1.66.32.82 lab@1.66.32.82's password: RP/0/1/CPU0:gsrb#netconf echo format 15-141 Cisco IOS XR XML API Guide OL-24657-01 Chapter 15 Network Configuration Protocol Ending an SSH NETCONF Agent Session urn:ietf:params:netconf:base:1.0 urn:ietf:params:netconf:capability:candidate:1.0 4 ]]>]]> The client can also directly start a NETCONF session by specifying the netconf command on the ssh command line: client(/users/ore)> ssh lab@1.66.32.82 netconf echo format lab@1.66.32.82's password: urn:ietf:params:netconf:base:1.0 urn:ietf:params:netconf:capability:candidate:1.0 4 ]]>]]> Ending an SSH NETCONF Agent Session This example shows how to end an SSH NETCONF agent session: ]]>]]> The agent replies with an tag and then closes the session. ]]>]]> Configuring a NETCONF agent To configure a NETCONF TTY agent, use the netconf agent tty command. Use the throttle and session timeout parameters as you would with the XML TTY agent. netconf agent tty throttle (memory | process-rate) session timeout To enable the NETCONF SSH agent, use this command: ssh server v2 netconf agent tty15-142 Cisco IOS XR XML API Guide OL-24657-01 Chapter 15 Network Configuration Protocol Limitations of NETCONF in Cisco IOS XR Limitations of NETCONF in Cisco IOS XR This sections identifies the limitations of NETCONF in Cisco IOS XR Software. Configuration Datastores Cisco IOS XR supports these configuration datastores: • Cisco IOS XR does not support the configuration datastore. Configuration Capabilities Cisco IOS XR supports these configuration capabilities: • Candidate Configuration Capability urn:ietf:params:netconf:capability:candidate:1.0 Cisco IOS XR does not support these configuration capabilities: • Writable-Running Capability urn:ietf:params:netconf:capability:writable-running:1.0 • Confirmed Commit Capability urn:ietf:params:netconf:capability:confirmed-commit:1.0 Transport (RFC4741 and RFC4742) These transport operations are supported: • Connection-oriented operation • Authentication • SSH Transport—Shell based SSH. IANA-assigned TCP port <830> for NETCONF SSH is not supported. • Other transport Subtree Filtering (RFC4741) NETCONF has these subtree filtering limitations in Cisco IOS XR: • Namespace Selection—Filtering based on specified namespace. This is not supported because Cisco IOS XR does not publish schema name spaces. • Attribute Match Expressions—Filtering is done by matching a specified attribute value. This filtering with the “Match” attribute can be specified only in Table classes. See this example: 15-143 Cisco IOS XR XML API Guide OL-24657-01 Chapter 15 Network Configuration Protocol Limitations of NETCONF in Cisco IOS XR act • Containment Nodes—Filtering is done by specifying nodes (classes) that have child nodes (classes). This filtering is by specifying container classes. See this example: • Selection Nodes—Filtering is done by specifying leaf nodes. This filtering specifies leaf classes. See this example: act GigabitEthernet0/3/0/1 • Content Match Nodes—Filtering is done by exactly matching the content of a leaf node. This filtering is done by specifying naming the class value for table classes. See this example: 15-144 Cisco IOS XR XML API Guide OL-24657-01 Chapter 15 Network Configuration Protocol Limitations of NETCONF in Cisco IOS XR act Loopback0 According to the RFC, a request using an empty content match node should return all elements of all entries of the table. For example, for this request, the response should return elements of all the entries of : In Cisco IOS XR, this request is not supported and is errored out. Protocol Operations (RFC4741) These protocol operations are supported in Cisco IOS XR: • get—Root level query that returns both the entire configuration and state data is not supported • get-config • edit-config • lock • unlock • close-session • commit (by the Candidate Configuration Capability) • discard-change (by the Candidate Configuration Capability) 15-145 Cisco IOS XR XML API Guide OL-24657-01 Chapter 15 Network Configuration Protocol Limitations of NETCONF in Cisco IOS XR Event Notifications (RFC5277) Event notifications are not supported in Cisco IOS XR.15-146 Cisco IOS XR XML API Guide OL-24657-01 Chapter 15 Network Configuration Protocol Limitations of NETCONF in Cisco IOS XRC H A P T E R 16-147 Cisco IOS XR XML API Guide OL-24657-01 16 Cisco IOS XR Perl Scripting Toolkit This chapter describes the Cisco IOS XR Perl Scripting Toolkit as an alternative method to existing router management methods. This method enables the router to be managed by a Perl script running on a separate machine. Management commands and data are sent to, and from, the router in the form of XML over either a Telnet or an SSH connection. The well-defined and consistent structure of XML, which is used for both commands and data, makes it easy to write scripts that can interactively manage the router, display information returned from the router in the format required, or manage multiple routers at once. These sections describe how to use the Cisco IOS XR Perl Scripting Toolkit: • Cisco IOS XR Perl Scripting Toolkit Concepts, page 16-148 • Security Implications for the Cisco IOS XR Perl Scripting Toolkit, page 16-148 • Prerequisites for Installing the Cisco IOS XR Perl Scripting Toolkit, page 16-148 • Installing the Cisco IOS XR Perl Scripting Toolkit, page 16-149 • Using the Cisco IOS XR Perl XML API in a Perl Script, page 16-150 • Handling Types of Errors for the Cisco IOS XR Perl XML API, page 16-150 • Starting a Management Session on a Router, page 16-150 • Closing a Management Session on a Router, page 16-152 • Sending an XML Request to the Router, page 16-152 • Using Response Objects, page 16-153 • Using the Error Objects, page 16-154 • Using the Configuration Services Methods, page 16-154 • Using the Cisco IOS XR Perl Data Object Interface, page 16-157 • Cisco IOS XR Perl Notification and Alarm API, page 16-166 • Examples of Using the Cisco IOS XR Perl XML API, page 16-17016-148 Cisco IOS XR XML API Guide OL-24657-01 Chapter 16 Cisco IOS XR Perl Scripting Toolkit Cisco IOS XR Perl Scripting Toolkit Concepts Cisco IOS XR Perl Scripting Toolkit Concepts Table 16-1 describes the toolkit concepts. Some sample scripts are modified and show how to use the API in your own scripts. Security Implications for the Cisco IOS XR Perl Scripting Toolkit Similar to using the CLI over a Telnet or Secured Shell (SSH) connection, all authentication and authorization are handled by authentication, authorization, and accounting (AAA) on the router. A script prompts you to enter a password at run time, which ensures that passwords never get stored on the client machine. Therefore, the security implications for using the toolkit are identical to the CLI over the same transport. Prerequisites for Installing the Cisco IOS XR Perl Scripting Toolkit To use the toolkit, you must have installed Perl version 5.6 on the client machine that runs UNIX and Linux. To use the SSH transport option, you must have the SSH client executable installed on the machine and in your path. You need to install these specific standard Perl modules to use various functions: • XML::LibXML—This module is essential for using the Perl XML API and requires that the libxml2 library be installed on the system first. This must be the version that is compatible with the version of XML::LibXML. The toolkit is tested to work with XML::LibXML version 1.58 and libxml2 version 2.6.6. If you are installing libxml2 from a source, you must apply the included patch file before compiling. • Term::ReadKey (optional but recommended)—This module reads passwords without displaying them on the screen. • Net::Telnet—This module is needed if you are using the Telnet or SSH transport modules. If one of the modules is not available in the current version, you are warned during the installation process. Before installing the toolkit, you should install the current versions of the modules. You can obtain all modules from this location: http://www.cpan.org/ Table 16-1 List of Concepts for the IOS XR Perl Scripting Toolkit Concept Definition Cisco IOS XR Perl XML API Consists of the core of the toolkit and provides the ability to create management sessions, send management requests, and receive responses by using Perl objects and methods. Cisco IOS XR Perl Data Object API Allows management requests to be sent and responses received entirely using Perl objects and data structures without any knowledge of the underlying XML. Cisco IOS XR Perl Notification/Alarm API Allows a script to register for notifications (for example, alarms), on a management session and receive the notifications asynchronously as Perl objects.16-149 Cisco IOS XR XML API Guide OL-24657-01 Chapter 16 Cisco IOS XR Perl Scripting Toolkit Installing the Cisco IOS XR Perl Scripting Toolkit These modules are not necessary for using the API, but are required to run some sample scripts: • XML::LibXSLT—This module is needed for the sample scripts that use XSLT to produce HTML pages. The module also requires that the libxslt library be installed on the system first. The toolkit is tested to work with XML::LibXSLT version 1.57 and libxslt version 1.1.3. • Mail::Send—This module is needed only for the notifications sample script. Installing the Cisco IOS XR Perl Scripting Toolkit The Cisco IOS XR Perl Scripting Toolkit is distributed in a file named: Cisco-IOS_XR-Perl-Scripting-Toolkit-.tar.gz. To install the Cisco IOS XR Perl Scripting Toolkit, perform these steps: Step 1 Extract the contents from the directory in which the file resides by entering this command: tar -f Cisco-IOS_XR-Perl-Scripting-Toolkit-.tar.gz -xzC Table 16-2 defines the parameters. Step 2 Use the cd command to change to the toolkit installation directory and enter this command: perl Makefile.PL If the command gives a warning that one of the prerequisite modules is not found, download and install the applicable module from the Comprehensive Perl Archive Network (CPAN) before using the API. Step 3 Use the make command to maintain a set of programs, as shown in this example: make Step 4 Use the make install command, as shown in this example: make install Ensure that you have the applicable permission requirements for the installation. You may need to have root privileges. If you do not encounter any errors, the toolkit is installed successfully. The Perl modules are copied into the appropriate directory, and you can use your own Perl scripts. Table 16-2 Toolkit Installation Directory Parameters Parameter Description Defines the version of the toolkit to install, for example, version 1.0. Specifies the existing directory in which to create the toolkit installation directory. A directory called Cisco-IOS_XR-Perl-Scripting-Toolkit- is created within the directory along with the extracted contents.16-150 Cisco IOS XR XML API Guide OL-24657-01 Chapter 16 Cisco IOS XR Perl Scripting Toolkit Using the Cisco IOS XR Perl XML API in a Perl Script Using the Cisco IOS XR Perl XML API in a Perl Script To use the Cisco IOS XR Perl XML API in a Perl application, import the module by including this statement at the top of the script: use Cisco::IOS_XR; If you are using the Data Object interface, you can specify extra import options in the statement. For more information about the objects, see the “Creating Data Objects” section on page 16-159. Handling Types of Errors for the Cisco IOS XR Perl XML API These types of errors can occur when using the Cisco IOS XR Perl XML API: • Errors returned from the router—Specify that the errors are produced during the processing of an XML request and are returned to you in an XML response document. For more information about how these errors are handled, see the “Using the Error Objects” section on page 16-154. • Errors produced within the Perl XML API modules—Specify that the script cannot continue. The module causes the script to be terminated with the appropriate error message. If the script writer wants the script to handle these error types, the writer must write the die handlers (for example, enclose the call to the API function within an eval{} block). Starting a Management Session on a Router Before any requests are sent, a management session must be started on the router, which is done by creating a new object of type named Cisco::IOS_XR. The new object is used for all further requests during the session, and the session is ended when the object is destroyed. A Cisco::IOS_XR object is created by calling Cisco::IOS_XR::new. Table 16-3 lists the optional parameters specified as arguments. Table 16-3 Argument Definitions Name Description use_command_line Controls whether or not the new() method parses the command-line options given when the script was invoked. If the value of the argument is true, which is the default, the command-line options specify or override any of the subsequent arguments and control debug and logging options. The value of 0 defines the value as false. interactive If the value of the argument is true, the script prompts you for the username and password if they have not been specified either in the script or on the command line. The Term::ReadKey module must be installed. The most secure way of using the toolkit is not to have the input echoed to the screen, which avoids hard coding or any record of passwords being used. The default value is false, which means that the script does not ask for user input. As a command-line option, the interactive argument does not take any arguments. You can specify -interactive to turn on the interactive mode.16-151 Cisco IOS XR XML API Guide OL-24657-01 Chapter 16 Cisco IOS XR Perl Scripting Toolkit Starting a Management Session on a Router This example shows the arguments given using the standard Perl hash notation: use Cisco::IOS_XR; my $session = new Cisco::IOS_XR(transport => 'telnet', host => 'router1', port => 7000, username => 'john', password => 'smith', connection_timeout => 3); Alternatively, the arguments can be specified in a file. For example: The contents of ‘/usrs/trice/perlxml.cfg’: [myrouter] transport = telnet host = router1 username = john password = smith connection_timeout = 3 In the script, the file and profile name are specified: use Cisco : : IOS_XR; my $session = new Cisco: :IOS_XR(config_file => ‘/usrs/trice/perlxml.cfg’, profile => ‘myrouter’); transport Means by which the Perl application should connect to the router, which defaults to Telnet. If a different value is specified, the new() method searches for a package called Cisco::IOS_XR::Transport::. If found, the Perl application uses that package to connect to the router. ssh_version If the chosen transport option is SSH and the SSH executable on your system supports SSH v2, specifies which version of SSH you want to use for the connection. The valid values are 1 and 2. If the SSH executable supports only version 1, an error is caused by specifying the ssh_version argument. host Specifies the name or IP address of the router to connect. The router console or auxiliary ports should not be used because they are likely to cause problems for the script when logging in and offer significantly lower performance than a management port. port Specifies the TCP port for the connection. The default value depends on the transport being used. username Specifies the username to log in to the router. password Specifies the corresponding password. connection_timeout Specifies the timeout value that is used to connect and log in to the session. If not specified, the default value is 5 seconds. response_timeout Specifies the timeout value that is used when waiting for a response to an XML request. If not specified, the default value is 10 seconds. prompt Specifies the prompt that is displayed on the router after a successful log in. The default is #. Table 16-3 Argument Definitions (continued) Name Description16-152 Cisco IOS XR XML API Guide OL-24657-01 Chapter 16 Cisco IOS XR Perl Scripting Toolkit Closing a Management Session on a Router Table 16-4 describes the additional command-line options that can be specified. To use the command-line options when invoking a script, use the -option value (assuming the option has a value). The option name does not need to be given in full, but must be long enough to be distinguished from other options. This is displayed: perl my_script.pl -host my_router -user john -interactive -debug xml Closing a Management Session on a Router When an object of type Cisco::IOS_XR is created, the transport connection to the router and any associated resources on the router are maintained until the object is destroyed and automatically cleaned. For most scripts, the process should occur automatically when the script ends. To close a particular session during the course of the script, use the close() method. You can perform an operation on a large set of routers sequentially, and not keep all sessions open for the duration of the script, as displayed in this example: my $session1 = new Cisco::IOS_XR(host => ‘router1’, ...); #do some stuff $session1->close; my $session2 = new Cisco::IOS_XR(host => ‘router2’, ...); # do some stuff ... Sending an XML Request to the Router Requests and responses pass between the client and router in the form of XML. Depending on whether the XML is stored in a string or file, you can construct an XML request that is sent to the router using either the send_req or send_req_file method. Some requests are sent without specifying any XML by using the configuration services methods; for example, commit and lock or the Data Object interface. This example shows how to send an XML request in the form of a string: my $xml_req_string = ‘...’; my $response = $session->send_req($xml_req_string); This example shows how to send a request stored in a file: my $response = $session->send_req_file('request.xml'); Table 16-4 Command-Line Options Name Description debug Turns on the specified debug type and can be repeated to turn on more than one type. logging Turns on the specified logging type and can be repeated to turn on more than one type. log_file Specifies the name of the log file to use. telnet_input_log Specifies the file used for the Telnet input log, if you are using Telnet. telnet_dump_log Specifies the file used for the Telnet dump log, if you are using Telnet.16-153 Cisco IOS XR XML API Guide OL-24657-01 Chapter 16 Cisco IOS XR Perl Scripting Toolkit Using Response Objects Using Response Objects Both of the send_req and send_req_file methods return a Cisco::IOS_XR::Response object, which contains the XML response returned by the router. Note Both send methods handle iterators in the background; so if a response consists of many parts, the response object returned is the result of merging them back together. Retrieving the Response XML as a String This example shows how to use the to_string method: $xml_response_string = $response->to_string; Writing the Response XML Directly to a File This example shows how to use the write_file method by specifying the name of the file to be written: $response->write_file('response.xml'); Retrieving the Data Object Model Tree Representation of the Response This example shows how to retrieve a Data Object Model (DOM) tree representation for the response: my $document = $response->get_dom_tree; You should be familiar with the DOM, which an XML document is represented in an object tree structure. For more information, see this URL: http://www.w3.org/DOM/ Note The returned DOM tree type will be of type XML::LibXML::Document, because this is the form in which the response is held internally. The method is quick, because it does not perform extra parsing and should be used in preference to retrieving the string form of the XML and parsing it again (unless a different DOM library is used). Determining if an Error Occurred While Processing a Request This example shows how to determine whether an error has occurred while processing a request: my $error = $response->get_error; if (defined($error)) { die $error; } Use the get_error method to return one error from the response. This returns an error object that represents the first error found or is undefined if none are found. Retrieving a List of All Errors Found in the Response XML This example shows how to list all errors that occur, rather than just one, by using the get_errors method: my @errors = $response->get_errors; The get_errors method returns an array of error objects that represents all errors that were found in the response XML. For more information, see the “Using the Error Objects” section on page 16-154.16-154 Cisco IOS XR XML API Guide OL-24657-01 Chapter 16 Cisco IOS XR Perl Scripting Toolkit Using the Error Objects Using the Error Objects Error objects are returned when calling the get_error and get_errors methods on a response object, and are used to represent an error encountered in an XML response. Table 16-5 lists the methods for the object. Using the Configuration Services Methods Methods are provided to enable the standard configuration services operations to be performed without knowledge of the underlying XML. These are the operations that are usually performed at the start or end of a configuration session, such as locking the running configuration or saving the configuration to a file. Committing the Target Configuration The config_commit() function takes these optional arguments: • mode • label • comment • Replace • KeepFailedConfig • IgnoreOtherSessions • Confirmed This example shows how to use the config_commit function: $response = $session->config_commit(Label => 'Example1', Comment => 'Just an example'); A response object is returned from which any errors can be extracted, if desired. To retrieve the commit ID that was assigned to the commit upon success, you can call the get_commit_id() method on the response object, as shown in this example: $commit_id = $response->get_commit_id(); Table 16-5 List of Methods for the Object Method Description get_message Returns the error message string that was found in the XML. get_code Returns the corresponding error code. get_element Returns the tag name of the XML element in which the error was found. get_dom_node Returns a reference to the element node in the response DOM1 tree. 1. DOM = Data Object Model. to_string Returns a string that contains the error message, code, and element name. If the error object is used in a scalar context, the method is used automatically to convert it to a string. This example displays all information in an error: Error encountered in object ConfederationPeerASTable: 'XMLMDA' detected the 'warning' condition 'The XML request does not conform to the schema. A child element of the element on which this error appears includes a non-existent naming, filter, or value element. Please check the request against the schema.' Error code: 0x4368a00016-155 Cisco IOS XR XML API Guide OL-24657-01 Chapter 16 Cisco IOS XR Perl Scripting Toolkit Using the Configuration Services Methods Locking and Unlocking the Running Configuration This example shows how to use the config_lock and config_unlock functions, which takes no arguments: $error = $session->config_lock; $error = $session->config_unlock; Loading a Configuration from a File This example shows how to contain a filename as an argument: $error = $session->config_load(Filename => 'test_config.cfg'); Loading a Failed Configuration This example shows how to use the config_load_failed function, which takes no arguments: $error = $session->config_load_failed; Saving a Configuration to a File This example shows how to use two arguments for the config_save() function: $error = $session->config_save(Filename => 'disk0:/my_config.cfg’, Overwrite => 'true'); The first argument shows how to use the filename to which to write and the Boolean overwrite setting. The filename must be given with a full path. The second argument is optional. Clearing the Target Configuration This example shows how to use the config_clear function, which takes no arguments: $error = $session->config_clear; Getting a List of Recent Configuration Events This example shows how to use the config_get_history function that uses the optional arguments Maximum, EventType, Reverse, and Detail: $response = $session->config_get_history(EventType => ‘All’, Maximum =>10, Detail => ‘true’); It returns a Response object, on which the method get entries can be called. Getting a List of Recent Configuration Commits That Can Be Rolled Back This example shows how to use the config_get_commitlist function that uses the optional arguments Maximum and Detail: $response = $session->config_get_commitlist (Maximum => 10, Detail => ‘true’); It returns a Response object, on which the method get entries can be called. This returns an array of Entry objects, on which the method get key can be called to retrieve the CommitID, and get data to retrieve the rest of the fields.16-156 Cisco IOS XR XML API Guide OL-24657-01 Chapter 16 Cisco IOS XR Perl Scripting Toolkit Using the Configuration Services Methods Loading Changes Associated with a Set of Commits This example shows how to use the config_load_commit_changes function to load into the target configuration the changes that were made during one or more commits, and it uses one of three possible arguments: ForCommitID, SinceCommitID, or Previous: $error = $session ->config_load_commit_changes (ForCommitID => 1000000072); #Loads the changes that were made in commit 1000000072 $error = $session ->config_load_commit_changes (SinceCommitID => 1000000072); #Loads the changes made in commits 1000000072, 1000000073...up to latest $error = $session ->config_load_commit_changes (Previous => 4); #Loads the changes made in the last 4 commits Rolling Back to a Previous Configuration This example shows how to use the config_rollback() function that uses the optional arguments Label and Comment, and exactly one of the two arguments CommitID or Previous or takes only TrialConfiguration: $error = $session->config_rollback(Label => ‘Rollback test’, CommitID => 1000000072); Loading Changes Associated with Rolling Back Configuration This example shows how to use the config_load_rollback_changes function to load into the target configuration the changes that would be made if you were to roll back one or more commits. The function uses one of three arguments: ForCommitID, ToCommitID and Previous. For example: $error = $session->config_load_rollback_changes (ForCommitID => 1000000072) # Loads the changes that would be made to rollback commit 1000000072 $error = $session->config_load_rollback_changes (ToCommitID => 1000000072); # Loads the changes that would be made to rollback all commits up to and including commit 1000000072 Getting a List of Current Configuration Sessions This example shows how to use the config_get_sessions function that uses the optional argument Detail to return detailed information about configuration sessions. For example: $response = $session->config_get_sessions (Detail => ‘true’); It returns a response object in which the method get_entries can be called. This returns an array of entry objects in which the method get_key can be called to retrieve the session ID, and get_data method to retrieve the rest of the fields. Clearing Configuration Session This example shows how to use config_clear_session function that accepts a configuration session ID SessionID as argument and clears that configuration session: $error=$session->config_clear_sessions (SessionID => ‘00000000-000a00c9-00000000’);Sending a Command-Line Interface Configuration Command This example shows how to use the config_cli() function, which takes a string argument containing the CLI format configuration that you want to apply to the router: $response = $session->config_cli($cli_command); To retrieve the textual CLI response from the response object returned, use the get_cli_response() method, as shown in this example: $response_text = $response->get_cli_response();16-157 Cisco IOS XR XML API Guide OL-24657-01 Chapter 16 Cisco IOS XR Perl Scripting Toolkit Using the Cisco IOS XR Perl Data Object Interface Note Apart from the config_commit, config_get_history, config_get_commitlist, config_get_sessions and config_cli methods, each of the other methods return a reference to an error object if an error occurs or is undefined. For more information, see the “Using the Error Objects” section on page 16-154. Using the Cisco IOS XR Perl Data Object Interface Instead of having to specify the XML requests explicitly, the interface allows access to management data using a Perl notation. The Data Object interface is a Perl representation of the management data hierarchy stored on the router. It consists of objects of type Cisco::IOS_XR::Data, which corresponds to items in the IOS_XR management data hierarchy, and a set of methods for performing data operations on them. To use the Data Object interface, knowledge of the underlying management data hierarchy is required. The management data on an Cisco IOS XR router are under one of six root objects, namely Configuration, Operational, Action, AdminConfiguration, AdminOperational, and AdminAction. The objects that lie below these objects in the hierarchy, along with definitions of any datatypes or filters that are used by them, are documented in the Perl Data Object Documentation. A hash structure is defined to be a scalar (that is, basic) type; for example, string or number, a reference to a hash whose values are hash structures, or a reference to an array whose values are hash structures. This standard Perl data structure corresponds naturally to the structure of management data on an Cisco IOS XR router. This example shows how to use a hash structure: # basic type my $struct1 = ‘john’; # reference to a hash of basic types my $struct2 = {Forename => $struct1, Surname => ‘smith’}; # reference to an array of basic types my $struct3 = (‘dog’, ‘budgie’, ‘cat’); # reference to a hash of references and basic types my $struct4 = {Name => $struct2, Age => ‘30’, Pets => $struct3}; These sections describe how to use the Perl Data Object Documentation: • Understanding the Perl Data Object Documentation, page 16-158 • Generating the Perl Data Object Documentation, page 16-158 • Creating Data Objects, page 16-159 • Specifying the Schema Version to Use When Creating a Data Object, page 16-161 • Using Data Operation Methods on a Data Object, page 16-161 • Using the Batching API, page 16-164 • Displaying Data and Keys Returned by the Data Operation Methods, page 16-165 • Specifying the Session to Use for the Data Operation Methods, page 16-16616-158 Cisco IOS XR XML API Guide OL-24657-01 Chapter 16 Cisco IOS XR Perl Scripting Toolkit Using the Cisco IOS XR Perl Data Object Interface Understanding the Perl Data Object Documentation The Perl Data Object Documentation consists of many files, each containing a subtree of the total management data hierarchy. The main part of each filename tells you the area of management data to which that file refers, and the suffix usually tells you below which root object that file’s data lies. For example, a file containing configuration data usually ends in _cfg.html. Some files may not contain any object definitions, but just some datatypes or filter definitions and usually end in _common.html. For leaf objects, the object definition describes the data that the object contains. For nonleaf objects, the definition provides a list of the object’s children within the tree. More precisely, the object definition consists of these items: • Name of the object. • Brief description of what data is contained in the object or in the subtree below. • List of the required task IDs that are required to access the data in the object and subtree. • List of parent objects and the files in which they are defined, if the object is the top-level object in that file. • If the object is a leaf object (for example, data is contained without child objects), and its name is not unique within that file, parent objects are listed. • If the object is a table entry, a list of the keys that are needed to identify a particular item in that table. For each key, a name, description, and datatype are given. • If the object is a table, a list of the filters that can be applied to that table. • If the object is a leaf object, a list of the value items that are contained. For each value item, a name, description, and datatype are given. • If the object is a leaf object, its default value (for example, the values for each of its value items that would be assumed if the object did not exist), if there is one. • List of the data operation methods, get_data, set_data, and so forth that are applicable to the object. For more information, see the “Specifying the Schema Version to Use When Creating a Data Object” section on page 16-161 Generating the Perl Data Object Documentation The Perl Data Object Documentation must be generated from the schema distribution tar file “All-schemas-CRS-1-”release”.tar.gz”, where “release” is the release of the Cisco IOS XR software that you have installed on the router. To generate the Perl Data Object Documentation: Step 1 From the perl subdirectory under the extracted contents of the previously mentioned Schema tarball, copy all *.dat files into the toolkit installation directory Cisco-IOS_XR-Perl-Scripting-Toolkit-”version”/dat (default) or a selected directory for the .dat files. These .dat files are the XML files that are used to generate the HTML documentation. Step 2 From the perl subdirectory under the extracted contents of the previously mentioned Schema tarball, copy all the *.html files into the toolkit installation directory Cisco-IOS_XR-Perl-Scripting-Toolkit-”version”/html(default) or a selected directory for the .html. (The default .html subdirectory already contains two files that were extracted with the toolkit distribution: root_objects.html and common_datatypes.html. These files are automatically copied to the selected .html directory, if a non-default directory is selected, upon performing this step).16-159 Cisco IOS XR XML API Guide OL-24657-01 Chapter 16 Cisco IOS XR Perl Scripting Toolkit Using the Cisco IOS XR Perl Data Object Interface Step 3 Run the script generate_html_documentation.pl, which is available in the distribution Cisco-IOS_XR-Perl-Scripting-Toolkit-”version”/scripts directory, giving the appropriate directories for the .dat and .html files, when prompted. Step 4 If the script fails, indicating any error .dat files, evaluate the .dat file to confirm that it is not of “0” size and that it has a header as in this example: NLRI length = 2 bytes exit-address-family MAC Address-related Parameters The MAC address table contains a list of the known MAC addresses and their forwarding information. In the current VPLS design, the MAC address table and its management are distributed. In other words, a copy of the MAC address table is maintained on the route processor (RP) card and the line cards. These topics provide information about the MAC address-related parameters: • MAC Address Flooding, page LSC-194 • MAC Address-based Forwarding, page LSC-194 249879 Length (2 octets) Route Distinguisher (8 octets) L2VPN Router ID (4 octets) VPLS-ID (8 octets) Ext Comms: NLRI: Route Target (8 octets)Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services LSC-194 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 • MAC Address Source-based Learning, page LSC-194 • MAC Address Aging, page LSC-195 • MAC Address Limit, page LSC-195 • MAC Address Withdrawal, page LSC-196 • MAC Address Security, page LSC-196 Note After you modify the MAC limit or action at the bridge domain level, ensure that you shut and unshut the bridge domain for the action to take effect. If you modify the MAC limit or action on an attachment circuit (through which traffic is passing), the attachment circuit must be shut and unshut for the action to take effect. MAC Address Flooding Ethernet services require that frames that are sent to broadcast addresses and to unknown destination addresses be flooded to all ports. To obtain flooding within VPLS broadcast models, all unknown unicast, broadcast, and multicast frames are flooded over the corresponding pseudowires and to all attachment circuits. Therefore, a PE must replicate packets across both attachment circuits and pseudowires. MAC Address-based Forwarding To forward a frame, a PE must associate a destination MAC address with a pseudowire or attachment circuit. This type of association is provided through a static configuration on each PE or through dynamic learning, which is flooded to all bridge ports. Note Split horizon forwarding applies in this case, for example, frames that are coming in on an attachment circuit or pseudowire are sent out of the same pseudowire. The pseudowire frames, which are received on one pseudowire, are not replicated on other pseudowires in the same virtual forwarding instance (VFI). MAC Address Source-based Learning When a frame arrives on a bridge port (for example, pseudowire or attachment circuit) and the source MAC address is unknown to the receiving PE router, the source MAC address is associated with the pseudowire or attachment circuit. Outbound frames to the MAC address are forwarded to the appropriate pseudowire or attachment circuit. MAC address source-based learning uses the MAC address information that is learned in the hardware forwarding path. The updated MAC tables are sent to all line cards (LCs) and program the hardware for the router. The number of learned MAC addresses is limited through configurable per-port and per-bridge domain MAC address limits.Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services LSC-195 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 MAC Address Aging A MAC address in the MAC table is considered valid only for the duration of the MAC address aging time. When the time expires, the relevant MAC entries are repopulated. When the MAC aging time is configured only under a bridge domain, all the pseudowires and attachment circuits in the bridge domain use that configured MAC aging time. A bridge forwards, floods, or drops packets based on the bridge table. The bridge table maintains both static entries and dynamic entries. Static entries are entered by the network manager or by the bridge itself. Dynamic entries are entered by the bridge learning process. A dynamic entry is automatically removed after a specified length of time, known as aging time, from the time the entry was created or last updated. If hosts on a bridged network are likely to move, decrease the aging-time to enable the bridge to adapt to the change quickly. If hosts do not transmit continuously, increase the aging time to record the dynamic entries for a longer time, thus reducing the possibility of flooding when the hosts transmit again. MAC Address Limit The MAC address limit is used to limit the number of learned MAC addresses. The limit is set at the bridge domain level and at the port level. The bridge domain level limit is always configured and cannot be disabled. The default value of the bridge domain level limit is 4000 and can be changed in the range of 5-512000. Note Cisco ASR 9000 Series Routers support MAC limits on bridge port only when they are set on all the ports in a bridge domain. In this case, the bridge domain limit must be set to the value higher than the sum of limits on all ports in the bridge domain. When the MAC address limit is violated, the system is configured to take one of the actions that are listed in Table 1. When a limit is exceeded, the system is configured to perform these notifications: • Syslog (default) • Simple Network Management Protocol (SNMP) trap • Syslog and SNMP trap • None (no notification) To clear the MAC limit condition, the number of MACs must go below 75 percent of the configured limit. Table 1 MAC Address Limit Actions Action Description Limit flood Discards the new MAC addresses. Limit no-flood Discards the new MAC addresses. Flooding of unknown unicast packets is disabled. Limit shutdown Disables forwarding MAC addresses.Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services LSC-196 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 MAC Address Withdrawal For faster VPLS convergence, you can remove or unlearn the MAC addresses that are learned dynamically. The Label Distribution Protocol (LDP) Address Withdrawal message is sent with the list of MAC addresses, which need to be withdrawn to all other PEs that are participating in the corresponding VPLS service. For the Cisco IOS XR VPLS implementation, a portion of the dynamically learned MAC addresses are cleared by using the MAC addresses aging mechanism by default. The MAC address withdrawal feature is added through the LDP Address Withdrawal message. To enable the MAC address withdrawal feature, use the withdrawal command in l2vpn bridge group bridge domain MAC configuration mode. To verify that the MAC address withdrawal is enabled, use the show l2vpn bridge-domain command with the detail keyword. Note By default, the LDP MAC Withdrawal feature is enabled on Cisco IOS XR. The LDP MAC Withdrawal feature is generated due to these events: • Attachment circuit goes down. You can remove or add the attachment circuit through the CLI. • MAC withdrawal messages are received over a VFI pseudowire and are not propagated over access pseudowires. RFC 4762 specifies that both wildcards (by means of an empty Type, Length and Value [TLV]) and a specific MAC address withdrawal. Cisco IOS XR software supports only a wildcard MAC address withdrawal. MAC Address Security You can configure MAC address security at the interfaces and at the bridge access ports (subinterfaces) levels. However, MAC security configured under an interface takes precedence to MAC security configured at the bridge domain level. When a MAC address is first learned, on an EFP that is configured with MAC security and then, the same MAC address is learned on another EFP, these events occur: • the packet is dropped • the second EFP is shutdown • the packet is learned and the MAC from the original EFP is flushed LSP Ping over VPWS and VPLS For Cisco IOS XR software, the existing support for the Label Switched Path (LSP) ping and traceroute verification mechanisms for point-to-point pseudowires (signaled using LDP FEC128) is extended to cover the pseudowires that are associated with the VFI (VPLS). Currently, the support for the LSP ping and traceroute is limited to manually configured VPLS pseudowires (signaled using LDP FEC128). For information about Virtual Circuit Connection Verification (VCCV) support and the ping mpls pseudowire command, see the Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference.Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services LSC-197 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Split Horizon Groups An IOS XR bridge domain aggregates attachment circuits (ACs) and pseudowires (PWs) in one of three groups called Split Horizon Groups. When applied to bridge domains, Split Horizon refers to the flooding and forwarding behavior between members of a Split Horizon group. In general, frames received on one member of a split horizon group are not flooded out to the other members of the same group. Bridge Domain traffic is either unicast or multicast. Flooding traffic consists of unknown unicast destination MAC address frames; frames sent to Ethernet multicast addresses (Spanning Tree BPDUs, etc.); Ethernet broadcast frames (MAC address FF-FF-FF-FF-FF-FF). Known Unicast traffic consists of frames sent to bridge ports that were learned from that port using MAC learning. Traffic flooding is performed for broadcast, multicast and unknown unicast destination address. Unicast traffic consists of frames sent to bridge ports that were learned using MAC learning. . Important notes on Split Horizon Groups: • All bridge ports or PWs that are members of a bridge domain must belong to one of the three groups. • By default, all bridge ports or PWs are members of group 0. • The VFI configuration submode under a bridge domain configuration indicates that members under this domain are included in group 1. • A PW that is configured in group 0 is called an Access Pseudowire. • The split-horizon group command is used to designate bridge ports or PWs as members of group 2. • The ASR9000 only supports one VFI group. Layer 2 Security These topics describe the Layer 2 VPN extensions to support Layer 2 security: • Port Security, page LSC-198 • Dynamic Host Configuration Protocol Snooping, page LSC-199 Table 2 Split Horizon Groups Supported in Cisco IOS-XR Split Horizon Group Who belongs to this Group? Multicast within Group Unicast within Group 0 Default—any member not covered by groups 1 or 2. Yes Yes 1 Any PW configured under VFI. No No 2 Any AC or PW configured with split-horizon keyword. No YesImplementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services LSC-198 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Port Security Use port security with dynamically learned and static MAC addresses to restrict a port’s ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. When secure MAC addresses are assigned to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If the number of secure MAC addresses is limited to one and assigned a single secure MAC address, the device attached to that port has the full bandwidth of the port. These port security features are supported: • Limits the MAC table size on a bridge or a port. • Facilitates actions and notifications for a MAC address. • Enables the MAC aging time and mode for a bridge or a port. • Filters static MAC addresses on a bridge or a port. • Marks ports as either secure or nonsecure. • Enables or disables flooding on a bridge or a port.Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services LSC-199 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 After you have set the maximum number of secure MAC addresses on a port, you can configure port security to include the secure addresses in the address table in one of these ways: • Statically configure all secure MAC addresses by using the static-address command. • Allow the port to dynamically configure secure MAC addresses with the MAC addresses of connected devices. • Statically configure a number of addresses and allow the rest to be dynamically configured. Dynamic Host Configuration Protocol Snooping Dynamic Host Configuration Protocol (DHCP) snooping is a security feature that acts like a firewall between untrusted hosts and trusted DHCP servers. The DHCP snooping feature performs these activities: • Validates DHCP messages received from untrusted sources and filters out invalid messages. • Rate-limits DHCP traffic from trusted and untrusted sources. • Builds and maintains the binding database of DHCP snooping, which contains information about untrusted hosts with leased IP addresses. • Utilizes the binding database of DHCP snooping to validate subsequent requests from untrusted hosts. For additional information regarding DHCP, see the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide. G.8032 Ethernet Ring Protection Ethernet Ring Protection (ERP) protocol, defined in ITU-T G.8032, provides protection for Ethernet traffic in a ring topology, while ensuring that there are no loops within the ring at the Ethernet layer. The loops are prevented by blocking either a pre-determined link or a failed link. Overview Each Ethernet ring node is connected to adjacent Ethernet ring nodes participating in the Ethernet ring using two independent links. A ring link never allows formation of loops that affect the network. The Ethernet ring uses a specific link to protect the entire Ethernet ring. This specific link is called the ring protection link (RPL). A ring link is bound by two adjacent Ethernet ring nodes and a port for a ring link (also known as a ring port). Note The minimum number of Ethernet ring nodes in an Ethernet ring is two. The fundamentals of ring protection switching are: • the principle of loop avoidance • the utilization of learning, forwarding, and Filtering Database (FDB) mechanisms Loop avoidance in an Ethernet ring is achieved by ensuring that, at any time, traffic flows on all but one of the ring links which is the RPL. Multiple nodes are used to form a ring: • RPL owner—It is responsible for blocking traffic over the RPL so that no loops are formed in the Ethernet traffic. There can be only one RPL owner in a ring.Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services LSC-200 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 • RPL neighbor node—The RPL neighbor node is an Ethernet ring node adjacent to the RPL. It is responsible for blocking its end of the RPL under normal conditions. This node type is optional and prevents RPL usage when protected. • RPL next-neighbor node—The RPL next-neighbor node is an Ethernet ring node adjacent to RPL owner node or RPL neighbor node. It is mainly used for FDB flush optimization on the ring. This node is also optional. Figure 15 illustrates the G.8032 Ethernet ring. Figure 15 G.8032 Ethernet Ring Nodes on the ring use control messages called RAPS to coordinate the activities of switching on or off the RPL link. Any failure along the ring triggers a RAPS signal fail (RAPS SF) message along both directions, from the nodes adjacent to the failed link, after the nodes have blocked the port facing the failed link. On obtaining this message, the RPL owner unblocks the RPL port. Note A single link failure in the ring ensures a loop-free topology. Line status and Connectivity Fault Management protocols are used to detect ring link and node failure. During the recovery phase, when the failed link is restored, the nodes adjacent to the restored link send RAPS no request (RAPS NR) messages. On obtaining this message, the RPL owner blocks the RPL port and sends RAPS no request, root blocked (RAPS NR, RB) messages. This causes all other nodes, other than the RPL owner in the ring, to unblock all blocked ports. The ERP protocol is robust enough to work for both unidirectional failure and multiple link failure scenarios in a ring topology. A G.8032 ring supports these basic operator administrative commands: • Force switch (FS)—Allows operator to forcefully block a particular ring-port. – Effective even if there is an existing SF condition – Multiple FS commands for ring supported – May be used to allow immediate maintenance operations • Manual switch (MS)—Allows operator to manually block a particular ring-port. – Ineffective in an existing FS or SF condition – Overridden by new FS or SF conditions – Multiple MS commands cancel all MS commands Ring Protection link RPL Owner node RPL node RPL Nextneighbor node RPL Neighbor node RPL node RPL Nextneighbor node 282133Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services LSC-201 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 • Clear—Cancels an existing FS or MS command on the ring-port – Used (at RPL Owner) to clear non-revertive mode A G.8032 ring can support multiple instances. An instance is a logical ring running over a physical ring. Such instances are used for various reasons, such as load balancing VLANs over a ring. For example, odd VLANs may go in one direction of the ring, and even VLANs may go in the other direction. Specific VLANs can be configured under only one instance. They cannot overlap multiple instances. Otherwise, data traffic or RAPS packet can cross logical rings, and that is not desirable. G.8032 ERP provides a new technology that relies on line status and Connectivity Fault Management (CFM) to detect link failure. By running CFM Continuity Check Messages (CCM) messages at an interval of 3.3ms, it is possible to achieve SONET-like switching time performance and loop free traffic. For more information about Ethernet Connectivity Fault Management (CFM) and Ethernet Fault Detection (EFD) configuration, refer to the Configuring Ethernet OAM on the Cisco ASR 9000 Series Router module in the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide. Timers G.8032 ERP specifies the use of different timers to avoid race conditions and unnecessary switching operations: • Delay Timers—used by the RPL Owner to verify that the network has stabilized before blocking the RPL – After SF condition, Wait-to-Restore (WTR) timer is used to verify that SF is not intermittent. The WTR timer can be configured by the operator, and the default time interval is 5 minutes. The time interval ranges from 1 to 12 minutes. – After FS/MS command, Wait-to-Block timer is used to verify that no background condition exists. Note Wait-to-Block timer may be shorter than the Wait-to-Restore timer. • Guard Timer—used by all nodes when changing state; it blocks latent outdated messages from causing unnecessary state changes. The Guard timer can be configured and the default time interval is 500 ms. The time interval ranges from 10 to 2000 ms. • Hold-off timers—used by underlying Ethernet layer to filter out intermittent link faults. The hold-off timer can be configured and the default time interval is 0 seconds. The time interval ranges from 0 to 10 seconds. – Faults are reported to the ring protection mechanism, only if this timer expires.Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services LSC-202 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Single Link Failure Figure 16 represents protection switching in case of a single link failure. Figure 16 G.8032 Single Link Failure Figure 16 represents an Ethernet ring composed of seven Ethernet ring nodes. The RPL is the ring link between Ethernet ring nodes A and G. In these scenarios, both ends of the RPL are blocked. Ethernet ring node G is the RPL owner node, and Ethernet ring node A is the RPL neighbor node. These symbols are used: This sequence describes the steps in the single link failure, represented in Figure 16: 1. Link operates in the normal condition. 2. A failure occurs. 3. Ethernet ring nodes C and D detect a local Signal Failure condition and after the holdoff time interval, block the failed ring port and perform the FDB flush. 4. Ethernet ring nodes C and D start sending RAPS (SF) messages periodically along with the (Node ID, BPR) pair on both ring ports, while the SF condition persists. 5. All Ethernet ring nodes receiving an RAPS (SF) message perform FDB flush. When the RPL owner node G and RPL neighbor node A receive an RAPS (SF) message, the Ethernet ring node unblocks it’s end of the RPL and performs the FDB flush. 6. All Ethernet ring nodes receiving a second RAPS (SF) message perform the FDB flush again; this is because of the Node ID and BPR-based mechanism. 62,0 89, 1 62,0 89, 1 62,0 89, 1 89, 1 62,0 89, 1 62,0 89, 1 62,0 89, 1 75, 1 75, 1 75, 1 89, 1 89, 1 62,0 75 1 62,0 75 1 62,0 62,0 Pending State Protection State Idle State 282136 A 81 B 26 75, 1 75, 1 75, 1 75, 1 75, 1 C 89 D 62 E 71 F 31 G 75 A B C D E F G 1 0 1 0 1 0 1 0 1 0 1 0 0 RPL 1 RPL Neighbor Node RPL Owner Node SF (62, 0) SF (89, 1) SF (89, 1) NR, RB (75, 1) NR, RB (75, 1) SF (62, 0) failure Flush Flush Flush Flush Flush Flush Flush Flush Flush SF (89, 1) SF (89, 1) SF (62, 0) SF (89, 1) SF (62, 0) SF (62, 0) NR, RB (75, 1) Flush Flush Flush Flush Flush Message source R-APS channel blocking Client channel blocking n Node ID 282135Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services LSC-203 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 7. Stable SF condition—RAPS (SF) messages on the Ethernet Ring. Further RAPS (SF) messages trigger no further action. Figure 17 represents reversion in case of a single link failure. Figure 17 Single link failure Recovery (Revertive operation) This sequence describes the steps in the single link failure recovery, as represented in Figure 17: 1. Link operates in the stable SF condition. 2. Recovery of link failure occurs. 3. Ethernet ring nodes C and D detect clearing of signal failure (SF) condition, start the guard timer and initiate periodical transmission of RAPS (NR) messages on both ring ports. (The guard timer prevents the reception of RAPS messages). 4. When the Ethernet ring nodes receive an RAPS (NR) message, the Node ID and BPR pair of a receiving ring port is deleted and the RPL owner node starts the WTR timer. 5. When the guard timer expires on Ethernet ring nodes C and D, they may accept the new RAPS messages that they receive. Ethernet ring node D receives an RAPS (NR) message with higher Node ID from Ethernet ring node C, and unblocks its non-failed ring port. 6. When WTR timer expires, the RPL owner node blocks its end of the RPL, sends RAPS (NR, RB) message with the (Node ID, BPR) pair, and performs the FDB flush. 7. When Ethernet ring node C receives an RAPS (NR, RB) message, it removes the block on its blocked ring ports, and stops sending RAPS (NR) messages. On the other hand, when the RPL neighbor node A receives an RAPS (NR, RB) message, it blocks its end of the RPL. In addition to this, Ethernet ring nodes A to F perform the FDB flush when receiving an RAPS (NR, RB) message, due to the existence of the Node ID and BPR based mechanism. 62,0 89, 1 75, 1 75, 1 75, 1 75, 1 75, 1 75, 1 75, 1 75, 1 75, 1 75, 1 75, 1 75, 1 75, 1 75, 1 75, 1 75, 1 62,0 89, 1 62,0 89, 1 62,0 89, 1 62,0 89, 1 62,0 89, 1 Protection State Pending State Idle State 282134 A 81 B 26 C 89 D 62 E 71 F 31 G 75 A B C D E F G H 1 0 1 0 1 0 1 0 1 0 1 0 0 RPL 1 RPL Neighbor Node RPL Owner Node recovery SF (62, 0) NR (62, 0) NR, RB (75, 1) NR, RB (75, 1) NR, RB (75, 1) NR, RB (75, 1) NR (62, 0) NR (89, 1) NR (89, 1) SF (89, 1) SF (62, 0) SF (89, 1) failure Flush Flush Flush Flush Flush Flush Flush NR (89, 1) NR (89, 1) NR, RB (75, 1) NR, RB (75, 1)Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services LSC-204 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Flow Aware Transport Pseudowire (FAT PW) Overview Routers typically loadbalance traffic based on the lower most label in the label stack which is the same label for all flows on a given pseudowire. This can lead to asymmetric loadbalancing. The flow, in this context, refers to a sequence of packets that have the same source and destination pair. The packets are transported from a source provider edge (PE) to a destination PE. Flow-Aware Transport Pseudowires (FAT PW) provide the capability to identify individual flows within a pseudowire and provide routers the ability to use these flows to loadbalance traffic. FAT PWs are used to loadbalance traffic in the core when equal cost multipaths (ECMP) are used. A flow label is created based on indivisible packet flows entering a pseudowire; and is inserted as the lower most label in the packet. Routers can use the flow label for loadbalancing which provides a better traffic distribution across ECMP paths or link-bundled paths in the core. Figure 18 shows a FAT PW with two flows distributing over ECMPs and bundle links. Figure 18 FAT PW with two flows distributing over ECMPs and Bundle-Links An additional label is added to the stack, called the flow label, which contains the flow information of a virtual circuit (VC). A flow label is a unique identifier that distinguishes a flow within the PW, and is derived from source and destination MAC addresses, and source and destination IP addresses. The flow label contains the end of label stack (EOS) bit set and inserted after the VC label and before the control word (if any). The ingress PE calculates and forwards the flow label. The FAT PW configuration enables the flow label. The egress PE discards the flow label such that no decisions are made. All core routers perform load balancing based on the flow-label in the FAT PW. Therefore, it is possible to distribute flows over ECMPs and link bundles. PE1 CE2 P1 MPLS Cloud P2 Flow1 Flow2 Flow1 Flow2 CE1 PE2 AC AC Bundle Flow-2 Flow-1 PW between PE1 & PE2 carrying Flows 1 & 2 Based on the Flow label does the hash on it’s ECMPs or Bundle link Ingress PE calculates Flow-label based on IP header in the packet and pushes the Flow label to load balance on ECMPs or bundles Egress PE removes Flow-label from a packet and can use it for bundle AC load-balance 283002Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-205 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 How to Implement Multipoint Layer 2 Services This section describes the tasks that are required to implement VPLS: • Configuring a Bridge Domain, page LSC-205 • Configuring Layer 2 Security, page LSC-221 • Configuring a Layer 2 Virtual Forwarding Instance, page LSC-225 • Configuring the MAC Address-related Parameters, page LSC-237 • Configuring an Attachment Circuit to the AC Split Horizon Group, page LSC-252 • Adding an Access Pseudowire to the AC Split Horizon Group, page LSC-254 • Configuring VPLS with BGP Autodiscovery and Signaling, page LSC-255 • Configuring VPLS with BGP Autodiscovery and LDP Signaling, page LSC-258 • Configuring G.8032 Ethernet Ring Protection, page LSC-261 • Configuring Flow Aware Transport Pseudowire, page LSC-270 Configuring a Bridge Domain These topics describe how to configure a bridge domain: • Creating a Bridge Domain, page LSC-205 • Configuring a Pseudowire, page LSC-207 • Associating Members with a Bridge Domain, page LSC-210 • Configuring Bridge Domain Parameters, page LSC-212 • Disabling a Bridge Domain, page LSC-215 • Blocking Unknown Unicast Flooding, page LSC-217 • Changing the Flood Optimization Mode, page LSC-218 Creating a Bridge Domain Perform this task to create a bridge domain . SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. end or commitImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-206 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group that can contain bridge domains, and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode. Step 5 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-207 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring a Pseudowire Perform this task to configure a pseudowire under a bridge domain. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. vfi {vfi-name} 6. exit 7. neighbor {A.B.C.D} {pw-id value} 8. dhcp ipv4 snoop profile {dhcp_snoop_profile_name} 9. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-208 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 5 vfi {vfi-name} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# Configures the virtual forwarding interface (VFI) parameters and enters L2VPN bridge group bridge domain VFI configuration mode. • Use the vfi-name argument to configure the name of the specified virtual forwarding interface. Step 6 exit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# exit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Exits the current configuration mode. Step 7 neighbor {A.B.C.D} {pw-id value} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# neighbor 10.1.1.2 pw-id 1000 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# Adds an access pseudowire port to a bridge domain or a pseudowire to a bridge virtual forwarding interface (VFI). • Use the A.B.C.D argument to specify the IP address of the cross-connect peer. Note A.B.C.D can be a recursive or non-recursive prefix. • Use the pw-id keyword to configure the pseudowire ID and ID value. The range is 1 to 4294967295. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-209 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 8 dhcp ipv4 snoop profile {dhcp_snoop_profile_name} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# dhcp ipv4 snoop profile profile1 Enables DHCP snooping on the bridge, and attaches a DHCP snooping profile. Step 9 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-210 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Associating Members with a Bridge Domain After a bridge domain is created, perform this task to assign interfaces to the bridge domain. These types of bridge ports are associated with a bridge domain: • Ethernet and VLAN • VFI SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. interface type interface-path-id 6. static-mac-address {MAC-address} 7. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-211 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 5 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface GigabitEthernet 0/4/0/0 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# Enters interface configuration mode and adds an interface to a bridge domain that allows packets to be forwarded and received from other interfaces that are part of the same bridge domain. Step 6 static-mac-address {MAC-address} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# static-mac-address 1.1.1 Configures the static MAC address to associate a remote MAC address with a pseudowire or any other bridge interface. Step 7 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-212 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring Bridge Domain Parameters To configure bridge domain parameters, associate these parameters with a bridge domain: • Maximum transmission unit (MTU)—Specifies that all members of a bridge domain have the same MTU. The bridge domain member with a different MTU size is not used by the bridge domain even though it is still associated with a bridge domain. • Flooding—Enables or disables flooding on the bridge domain. By default, flooding is enabled. • Dynamic ARP Inspection (DAI)—Ensures only valid ARP requests and responses are relayed. • IP SourceGuard (IPSG)—Enables source IP address filtering on a Layer 2 port. Note To verify if the DAI and IPSG features are working correctly, look up the packets dropped statistics for DAI and IPSG violation. The packet drops statistics can be viewed in the output of the show l2vpn bridge-domain bd-name <> detail command. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. flooding disable 6. mtu bytes 7. dynamic-arp-inspection {address-validation | disable | logging} 8. ip-source-guard logging 9. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-213 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode. Step 5 flooding disable Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# flooding disable Configures flooding for traffic at the bridge domain level or at the bridge port level. Step 6 mtu bytes Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# mtu 1000 Adjusts the maximum packet size or maximum transmission unit (MTU) size for the bridge domain. • Use the bytes argument to specify the MTU size, in bytes. The range is from 64 to 65535. Step 7 dynamic-arp-inspection {address-validation | disable | logging} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# dynamic-arp-inspection Enters the dynamic ARP inspection configuration submode. Ensures only valid ARP requests and responses are relayed. Note You can configure dynamic ARP inspection under the bridge domain or the bridge port. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-214 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 8 ip-source-guard logging Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# ip-source-guard logging Enters the IP source guard configuration submode and enables source IP address filtering on a Layer 2 port. You can enable IP source guard under the bridge domain or the bridge port. By default, bridge ports under a bridge inherit the IP source guard configuration from the parent bridge. By default, IP source guard is disabled on the bridges. Step 9 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-215 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Disabling a Bridge Domain Perform this task to disable a bridge domain. When a bridge domain is disabled, all VFIs that are associated with the bridge domain are disabled. You are still able to attach or detach members to the bridge domain and the VFIs that are associated with the bridge domain. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. shutdown 6. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters l2vpn bridge group bridge domain configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-216 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 5 shutdown Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Shuts down a bridge domain to bring the bridge and all attachment circuits and pseudowires under it to admin down state. Step 6 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-217 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Blocking Unknown Unicast Flooding Perform this task to disable flooding of unknown unicast traffic at the bridge domain level. You can disable flooding of unknown unicast traffic at the bridge domain, bridge port or access pseudowire levels. By default, unknown unicast traffic is flooded to all ports in the bridge domain. Note If you disable flooding of unknown unicast traffic on the bridge domain, all ports within the bridge domain inherit this configuration. You can configure the bridge ports to override the bridge domain configuration. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group name 4. bridge-domain bridge-domain name 5. flooding unknown-unicast disable 6. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters l2vpn bridge group bridge domain configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-218 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Changing the Flood Optimization Mode Perform this task to change the flood optimization mode under the bridge domain: SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group name 4. bridge-domain bridge-domain name 5. flood mode convergence-optimized 6. end or commit Step 5 flooding unknown-unicast disable Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# flooding unknown-unicast disable Disables flooding of unknown unicast traffic at the bridge domain level. Step 6 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-219 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters l2vpn bridge group bridge domain configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-220 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 5 flood mode convergence-optimized Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# flood mode convergence-optimized Changes the default flood optimization mode from Bandwidth Optimization Mode to Convergence Mode. Step 6 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-221 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring Layer 2 Security These topics describe how to configure Layer 2 security: • Enabling Layer 2 Security, page LSC-221 • Attaching a Dynamic Host Configuration Protocol Profile, page LSC-222 Enabling Layer 2 Security Perform this task to enable Layer 2 port security on a bridge. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. security 6. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Assigns each network interface to a bridge group and enters L2VPN bridge group configuration mode. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-222 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Attaching a Dynamic Host Configuration Protocol Profile Perform this task to enable DHCP snooping on a bridge and to attach a DHCP snooping profile to a bridge. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. dhcp ipv4 snoop {profile profile-name} 6. end or commit Step 5 security Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# security Enables Layer 2 port security on a bridge. Step 6 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-223 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 DETAILED STEPS Command or Action Purpose Step1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN mode. Step3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Assigns each network interface to a bridge group and enters L2VPN bridge group configuration mode. Step4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-224 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step5 dhcp ipv4 snoop {profile profile-name} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# dhcp ipv4 snoop profile attach Enables DHCP snooping on a bridge and attaches DHCP snooping profile to the bridge. • Use the profile keyword to attach a DHCP profile. The profile-name argument is the profile name for DHCPv4 snooping. Step6 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-225 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring a Layer 2 Virtual Forwarding Instance These topics describe how to configure a Layer 2 virtual forwarding instance (VFI): • Adding the Virtual Forwarding Instance Under the Bridge Domain, page LSC-225 • Associating Pseudowires with the Virtual Forwarding Instance, page LSC-227 • Associating a Virtual Forwarding Instance to a Bridge Domain, page LSC-229 • Attaching Pseudowire Classes to Pseudowires, page LSC-231 • Configuring Any Transport over Multiprotocol Pseudowires By Using Static Labels, page LSC-233 • Disabling a Virtual Forwarding Instance, page LSC-235 Adding the Virtual Forwarding Instance Under the Bridge Domain Perform this task to create a Layer 2 Virtual Forwarding Instance (VFI) on all provider edge devices under the bridge domain. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. vfi {vfi-name} 6. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-226 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode. Step 5 vfi {vfi-name} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# Configures virtual forwarding interface (VFI) parameters and enters L2VPN bridge group bridge domain VFI configuration mode. Step 6 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-227 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Associating Pseudowires with the Virtual Forwarding Instance After a VFI is created, perform this task to associate one or more pseudowires with the VFI. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. vfi {vfi-name} 6. neighbor {A.B.C.D} {pw-id value} 7. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode. Step 5 vfi {vfi-name} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# Configures virtual forwarding interface (VFI) parameters and enters L2VPN bridge group bridge domain VFI configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-228 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 6 neighbor {A.B.C.D} {pw-id value} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# neighbor 10.1.1.2 pw-id 1000 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# Adds an access pseudowire port to a bridge domain or a pseudowire to a bridge virtual forwarding interface (VFI). • Use the A.B.C.D argument to specify the IP address of the cross-connect peer. • Use the pw-id keyword to configure the pseudowire ID and ID value. The range is 1 to 4294967295. Step 7 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-229 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Associating a Virtual Forwarding Instance to a Bridge Domain Perform this task to associate a VFI to be a member of a bridge domain. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. vfi {vfi-name} 6. neighbor {A.B.C.D} {pw-id value} 7. static-mac-address {MAC-address} 8. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode. Step 5 vfi {vfi-name} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# Configures virtual forwarding interface (VFI) parameters and enters L2VPN bridge group bridge domain VFI configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-230 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 6 neighbor {A.B.C.D} {pw-id value} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# neighbor 10.1.1.2 pw-id 1000 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# Adds an access pseudowire port to a bridge domain or a pseudowire to a bridge virtual forwarding interface (VFI). • Use the A.B.C.D argument to specify the IP address of the cross-connect peer. • Use the pw-id keyword to configure the pseudowire ID and ID value. The range is 1 to 4294967295. Step 7 static-mac-address {MAC-address} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# static-mac-address 1.1.1 Configures the static MAC address to associate a remote MAC address with a pseudowire or any other bridge interface. Step 8 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-231 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Attaching Pseudowire Classes to Pseudowires Perform this task to attach a pseudowire class to a pseudowire. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. vfi {vfi-name} 6. neighbor {A.B.C.D} {pw-id value} 7. pw-class {class-name} 8. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode. Step 5 vfi {vfi-name} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# Configures virtual forwarding interface (VFI) parameters and enters L2VPN bridge group bridge domain VFI configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-232 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 6 neighbor {A.B.C.D} {pw-id value} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# neighbor 10.1.1.2 pw-id 1000 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# Adds an access pseudowire port to a bridge domain or a pseudowire to a bridge virtual forwarding interface (VFI). • Use the A.B.C.D argument to specify the IP address of the cross-connect peer. • Use the pw-id keyword to configure the pseudowire ID and ID value. The range is 1 to 4294967295. Step 7 pw-class {class-name} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# pw-class canada Configures the pseudowire class template name to use for the pseudowire. Step 8 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-233 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring Any Transport over Multiprotocol Pseudowires By Using Static Labels Perform this task to configure the Any Transport over Multiprotocol (AToM) pseudowires by using the static labels. A pseudowire becomes a static AToM pseudowire by setting the MPLS static labels to local and remote. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. vfi {vfi-name} 6. neighbor {A.B.C.D} {pw-id value} 7. mpls static label {local value} {remote value} 8. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-234 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 5 vfi {vfi-name} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# Configures virtual forwarding interface (VFI) parameters and enters L2VPN bridge group bridge domain VFI configuration mode. Step 6 neighbor {A.B.C.D} {pw-id value} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# neighbor 10.1.1.2 pw-id 1000 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# Adds an access pseudowire port to a bridge domain or a pseudowire to a bridge virtual forwarding interface (VFI). • Use the A.B.C.D argument to specify the IP address of the cross-connect peer. • Use the pw-id keyword to configure the pseudowire ID and ID value. The range is 1 to 4294967295. Step 7 mpls static label {local value} {remote value} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# mpls static label local 800 remote 500 Configures the MPLS static labels and the static labels for the access pseudowire configuration. You can set the local and remote pseudowire labels. Step 8 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-235 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Disabling a Virtual Forwarding Instance Perform this task to disable a VFI. When a VFI is disabled, all the previously established pseudowires that are associated with the VFI are disconnected. LDP advertisements are sent to withdraw the MAC addresses that are associated with the VFI. However, you can still attach or detach attachment circuits with a VFI after a shutdown. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. vfi {vfi-name} 6. shutdown 7. end or commit 8. show l2vpn bridge-domain [detail] DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-236 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 5 vfi {vfi-name} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# Configures virtual forwarding interface (VFI) parameters and enters L2VPN bridge group bridge domain VFI configuration mode. Step 6 shutdown Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# shutdown Disables the virtual forwarding interface (VFI). Step 7 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Step 8 show l2vpn bridge-domain [detail] Example: RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail Displays the state of the VFI. For example, if you shut down the VFI, the VFI is shown as shut down under the bridge domain. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-237 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring the MAC Address-related Parameters These topics describe how to configure the MAC address-related parameters: • Configuring the MAC Address Source-based Learning, page LSC-237 • Enabling the MAC Address Withdrawal, page LSC-240 • Configuring the MAC Address Limit, page LSC-242 • Configuring the MAC Address Aging, page LSC-245 • Disabling MAC Flush at the Bridge Port Level, page LSC-248 • Configuring MAC Address Security, page LSC-250 The MAC table attributes are set for the bridge domains. Configuring the MAC Address Source-based Learning Perform this task to configure the MAC address source-based learning. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. mac 6. learning disable 7. end or commit 8. show l2vpn bridge-domain [detail] DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-238 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode. Step 5 mac Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# mac RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# Enters L2VPN bridge group bridge domain MAC configuration mode. Step 6 learning disable Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# learning disable Disables MAC learning at the bridge domain level. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-239 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 7 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Step 8 show l2vpn bridge-domain [detail] Example: RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail Displays the details that the MAC address source-based learning is disabled on the bridge. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-240 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Enabling the MAC Address Withdrawal Perform this task to enable the MAC address withdrawal for a specified bridge domain. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. mac 6. withdrawal 7. end or commit 8. show l2vpn bridge-domain [detail] DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode. Step 5 mac Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# mac RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# Enters L2VPN bridge group bridge domain MAC configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-241 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 6 withdrawal Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# withdrawal Enables the MAC address withdrawal for a specified bridge domain. Step 7 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Step 8 show l2vpn bridge-domain [detail] Example: P/0/RSP0/CPU0:router# show l2vpn bridge-domain detail Displays detailed sample output to specify that the MAC address withdrawal is enabled. In addition, the sample output displays the number of MAC withdrawal messages that are sent over or received from the pseudowire. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-242 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring the MAC Address Limit Perform this task to configure the parameters for the MAC address limit. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. mac 6. limit 7. maximum {value} 8. action {flood | no-flood | shutdown} 9. notification {both | none | trap} 10. end or commit 11. show l2vpn bridge-domain [detail] DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-243 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 5 mac Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# mac RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# Enters L2VPN bridge group bridge domain MAC configuration mode. Step 6 limit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# limit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-limit)# Sets the MAC address limit for action, maximum, and notification and enters L2VPN bridge group bridge domain MAC limit configuration mode. Step 7 maximum {value} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-limit)# maximum 5000 Configures the specified action when the number of MAC addresses learned on a bridge is reached. Step 8 action {flood | no-flood | shutdown} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-limit)# action flood Configures the bridge behavior when the number of learned MAC addresses exceed the MAC limit configured. Step 9 notification {both | none | trap} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-limit)# notification both Specifies the type of notification that is sent when the number of learned MAC addresses exceeds the configured limit. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-244 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 10 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-limit)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-limit)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Step 11 show l2vpn bridge-domain [detail] Example: RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail Displays the details about the MAC address limit. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-245 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring the MAC Address Aging Perform this task to configure the parameters for MAC address aging. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. mac 6. aging 7. time {seconds} 8. type {absolute | inactivity} 9. end or commit 10. show l2vpn bridge-domain [detail] DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-246 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 5 mac Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# mac RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# Enters L2VPN bridge group bridge domain MAC configuration mode. Step 6 aging Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# aging RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-aging)# Enters the MAC aging configuration submode to set the aging parameters such as time and type. Step 7 time {seconds} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-aging)# time 300 Configures the maximum aging time. • Use the seconds argument to specify the maximum age of the MAC address table entry. The range is from 120 to 1000000 seconds. Aging time is counted from the last time that the switch saw the MAC address. The default value is 300 seconds. Step 8 type {absolute | inactivity} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-aging)# type absolute Configures the type for MAC address aging. • Use the absolute keyword to configure the absolute aging type. • Use the inactivity keyword to configure the inactivity aging type. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-247 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 9 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-aging)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-aging)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Step 10 show l2vpn bridge-domain [detail] Example: RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail Displays the details about the aging fields. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-248 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Disabling MAC Flush at the Bridge Port Level Perform this task to disable the MAC flush at the bridge domain level. You can disable the MAC flush at the bridge domain, bridge port or access pseudowire levels. By default, the MACs learned on a specific port are immediately flushed, when that port becomes nonfunctional. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group name 4. bridge-domain bridge-domain name 5. mac 6. port-down flush disable 7. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters l2vpn bridge group bridge domain configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-249 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 5 mac Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# mac RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# Enters l2vpn bridge group bridge domain MAC configuration mode. Step 6 port-down flush disable Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# port-down flush disable Disables MAC flush when the bridge port becomes nonfunctional. Step 7 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-250 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring MAC Address Security Perform this task to configure MAC address security. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group name 4. bridge-domain bridge-domain name 5. neighbor {A.B.C.D} {pw-id value} 6. mac 7. secure 8. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)# Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain and enters l2vpn bridge group bridge domain configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-251 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 5 neighbor {A.B.C.D} {pw-id value} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# neighbor 10.1.1.2 pw-id 1000 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# Adds an access pseudowire port to a bridge domain, or a pseudowire to a bridge virtual forwarding interface (VFI). • Use the A.B.C.D argument to specify the IP address of the cross-connect peer. • Use the pw-id keyword to configure the pseudowire ID and ID value. The range is 1 to 4294967295. Step 6 mac Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# mac RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw-mac)# Enters l2vpn bridge group bridge domain MAC configuration mode. Step 7 secure [action | disable | logging] Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw-mac)# secure RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw-macsecure)# Enters MAC secure configuration mode. By default, bridge ports (interfaces and access pseudowires) under a bridge inherit the security configuration from the parent bridge. Note Once a bridge port goes down, a clear command must be issued to bring the bridge port up. Step 8 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw-macsecure)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw-macsecure)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-252 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring an Attachment Circuit to the AC Split Horizon Group These steps show how to add an interface to the split horizon group for attachment circuits (ACs) under a bridge domain. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. interface type instance 6. split-horizon group 7. commit 8. end 9. show l2vpn bridge-domain detail DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group metroA Enters configuration mode for the named bridge group. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain east Enters configuration mode for the named bridge domain. Step 5 interface type instance Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface GigabitEthernet0/1/0/6 Enters configuration mode for the named interface. Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-253 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 6 split-horizon group Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# split-horizon group Adds this interface to the split horizon group for ACs. Only one split horizon group for ACs for a bridge domain is supported. Step 7 commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# commit Saves configuration changes. Step 8 end Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# end Returns to EXEC mode. Step 9 show l2vpn bridge-domain detail Example: RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail Displays information about bridges, including whether each AC is in the AC split horizon group or not. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-254 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Adding an Access Pseudowire to the AC Split Horizon Group These steps show how to add an access pseudowire as a member to the split horizon group for attachment circuits (ACs) under a bridge domain. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. neighbor A.B.C.D pw-id pseudowire-id 6. split-horizon group 7. commit 8. end 9. show l2vpn bridge-domain detail DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group metroA Enters configuration mode for the named bridge group. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain east Enters configuration mode for the named bridge domain. Step 5 neighbor A.B.C.D pw-id pseudowire-id Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# neighbor 10.2.2.2 pw-id 2000 Configures the pseudowire segment.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-255 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring VPLS with BGP Autodiscovery and Signaling Perform this task to configure BGP-based autodiscovery and signaling. To locate documentation for the commands used in this configuration, refer to the Multipoint Layer 2 Services Commands module in the Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Command Reference. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain bridge-domain-name 5. vfi {vfi-name} 6. vpn-id vpn-id 7. autodiscovery bgp 8. rd {as-number:nn | ip-address:nn | auto} 9. route-target {as-number:nn | ip-address:nn | export | import} 10. route-target import {as-number:nn | ip-address:nn} 11. route-target export {as-number:nn | ip-address:nn} 12. signaling-protocol bgp 13. ve-id {number} Step 6 split-horizon group Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# split-horizon group Adds this access pseudowire to the split horizon group for ACs. Note Only one split horizon group for ACs and access pseudowires per bridge domain is supported. Step 7 commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# commit Saves configuration changes. Step 8 end Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# end Returns to EXEC mode. Step 9 show l2vpn bridge-domain detail Example: RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail Displays information about bridges, including whether each access pseudowire is in the AC split horizon group or not. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-256 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 14. ve-range {number} 15. commit or end DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group metroA Enters configuration mode for the named bridge group. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain east Enters configuration mode for the named bridge domain. Step 5 vfi {vfi-name} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi vfi-east Enters virtual forwarding instance (VFI) configuration mode. Step 6 vpn-id vpn-id Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# vpn-id 100 Specifies the identifier for the VPLS service. The VPN ID has to be globally unique within a PE router. i.e., the same VPN ID cannot exist in multiple VFIs on the same PE router. In addition, a VFI can have only one VPN ID. Step 7 autodiscovery bgp Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# autodiscovery bgp Enters BGP autodiscovery configuration mode where all BGP autodiscovery parameters are configured. This command is not provisioned to BGP until at least the VPN ID and the signaling protocol is configured.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-257 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 8 rd {as-number:nn|ip-address:nn|auto} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# rd auto Specifies the route distinguisher (RD) under the VFI. The RD is used in the BGP NLRI to identify VFI. Only one RD can be configured per VFI, and except for rd auto the same RD cannot be configured in multiple VFIs on the same PE. When rd auto is configured, the RD value is as follows: {BGP Router ID}:{16 bits auto-generated unique index}. Step 9 route-target {as-number:nn|ip-address:nn} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# route-target 500:99 Specifies the route target (RT) for the VFI. At least one import and one export route targets (or just one route target with both roles) need to be configured in each PE in order to establish BGP autodiscovery between PEs. If no export or import keyword is specified, it means that the RT is both import and export. A VFI can have multiple export or import RTs. However, the same RT is not allowed in multiple VFIs in the same PE. Step 10 route-target import {as-number:nn|ip-address:nn} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# route-target import 200:20 Specifies the import route target for the VFI. Import route target is what the PE compares with the RT in the received NLRI: the RT in the received NLRI must match the import RT to determine that the RTs belong to the same VPLS service. Step 11 route-target export {as-number:nn|ip-address:nn} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# route-target export 100:10 Specifies the export route target for the VFI. Export route target is the RT that is going to be in the NLRI advertised to other PEs. Step 12 signaling-protocol bgp Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# signaling-protocol bgp Enables BGP signaling, and enters the BGP signaling configuration submode where BGP signaling parameters are configured. This command is not provisioned to BGP until VE ID and VE ID range is configured. Step 13 ve-id {number} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-adsig)# ve-id 10 Specifies the local PE identifier for the VFI for VPLS configuration. The VE ID identifies a VFI within a VPLS service. This means that VFIs in the same VPLS service cannot share the same VE ID. The scope of the VE ID is only within a bridge domain. Therefore, VFIs in different bridge domains within a PE can use the same VE ID. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-258 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring VPLS with BGP Autodiscovery and LDP Signaling Perform this task to configure BGP-based Autodiscovery and signaling: SUMMARY STEPS 1. configure 2. l2vpn 3. route-id 4. bridge group bridge-group-name 5. bridge-domain bridge-domain-name 6. vfi {vfi-name} 7. autodiscovery bgp 8. vpn-id vpn-id 9. rd {as-number:nn | ip-address:nn | auto} 10. route-target {as-number:nn | ip-address:nn | export | import} 11. route-target import {as-number:nn | ip-address:nn} Step 14 ve-range {number} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad-s ig)# ve-range 40 Overrides the minimum size of VPLS edge (VE) blocks. The default minimum size is 10. Any configured VE range must be higher than 10. Step 15 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-adsig)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-adsig)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-259 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 12. route-target export {as-number:nn | ip-address:nn} 13. signaling-protocol ldp 14. vpls-id {as-number:nn | ip-address:nn} 15. commit or end DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 router-id ip-address Example: RP/0/RSP0/CPU0:router(config-l2vpn)# router-id 1.1.1.1 Specifies a unique Layer 2 (L2) router ID for the provider edge (PE) router. The router ID must be configured for LDP signaling, and is used as the L2 router ID in the BGP NLRI, SAII (local L2 Router ID) and TAII (remote L2 Router ID). Any arbitrary value in the IPv4 address format is acceptable. Note Each PE must have a unique L2 router ID. This CLI is optional, as a PE automatically generates a L2 router ID using the LDP router ID. Step 4 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group metroA Enters configuration mode for the named bridge group. Step 5 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain east Enters configuration mode for the named bridge domain. Step 6 vfi {vfi-name} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi vfi-east Enters virtual forwarding instance (VFI) configuration mode. Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-260 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 7 vpn-id vpn-id Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# vpn-id 100 Specifies the identifier for the VPLS service. The VPN ID has to be globally unique within a PE router. i.e., the same VPN ID cannot exist in multiple VFIs on the same PE router. In addition, a VFI can have only one VPN ID. Step 8 autodiscovery bgp Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# autodiscovery bgp Enters BGP autodiscovery configuration mode where all BGP autodiscovery parameters are configured. This command is not provisioned to BGP until at least the VPN ID and the signaling protocol is configured. Step 9 rd {as-number:nn|ip-address:nn|auto} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# rd auto Specifies the route distinguisher (RD) under the VFI. The RD is used in the BGP NLRI to identify VFI. Only one RD can be configured per VFI, and except for rd auto the same RD cannot be configured in multiple VFIs on the same PE. When rd auto is configured, the RD value is as follows: {BGP Router ID}:{16 bits auto-generated unique index}. Step 10 route-target {as-number:nn|ip-address:nn} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# route-target 500:99 Specifies the route target (RT) for the VFI. At least one import and one export route targets (or just one route target with both roles) need to be configured in each PE in order to establish BGP autodiscovery between PEs. If no export or import keyword is specified, it means that the RT is both import and export. A VFI can have multiple export or import RTs. However, the same RT is not allowed in multiple VFIs in the same PE. Step 11 route-target import {as-number:nn|ip-address:nn} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# route-target import 200:20 Specifies the import route target for the VFI. Import route target is what the PE compares with the RT in the received NLRI: the RT in the received NLRI must match the import RT to determine that the RTs belong to the same VPLS service. Step 12 route-target export {as-number:nn|ip-address:nn} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# route-target export 100:10 Specifies the export route target for the VFI. Export route target is the RT that is going to be in the NLRI advertised to other PEs. Step 13 signaling-protocol bgp Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# signaling-protocol bgp Enables BGP signaling, and enters the BGP signaling configuration submode where BGP signaling parameters are configured. This command is not provisioned to BGP until VE ID and VE ID range is configured. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-261 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring G.8032 Ethernet Ring Protection To configure the G.8032 operation, separately configure: • An ERP instance to indicate: – which (sub)interface is used as the APS channel – which (sub)interface is monitored by CFM – whether the interface is an RPL link, and, if it is, the RPL node type • CFM with EFD to monitor the ring links Note MEP for each monitor link needs to be configured with different Maintenance Association. Step 14 vpls-id {as-number:nn|ip-address:nn} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-adsig)# vpls-id 10:20 Specifies VPLS ID which identifies the VPLS domain during signaling. This command is optional in all PEs that are in the same Autonomous System (share the same ASN) because a default VPLS ID is automatically generated using BGP's ASN and the configured VPN ID (i.e., the default VPLS ID equals ASN:VPN-ID). If an ASN of 4 bytes is used, the lower two bytes of the ASN are used to build the VPLS ID. In case of InterAS, the VPLS ID must be explicitly configured. Only one VPLS ID can be configured per VFI, and the same VPLS ID cannot be used for multiple VFIs. Step 15 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-adsig)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-adsig)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-262 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 • The bridge domains to create the Layer 2 topology. The RAPS channel is configured in a dedicated management bridge domain separated from the data bridge domains. • Behavior characteristics, that apply to ERP instance, if different from default values. This is optional. This section provides information on: • Configuring ERP Profile, page LSC-262 • Configuring CFM MEP, page LSC-263 • Configuring an ERP Instance, page LSC-263 • Configuring ERP Parameters, page LSC-267 • Configuring TCN Propagation, page LSC-269 Configuring ERP Profile Perform this task to configure Ethernet ring protection (ERP) profile. SUMMARY STEPS 1. configure 2. ethernet ring g8032 profile profile-name 3. timer {wtr | guard | holdoff} seconds 4. non-revertive 5. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 Ethernet ring g8032 profile profile-name Example: RP/0/RSP0/CPU0:router(config)# Ethernet ring g8032 profile p1 Enables G.8032 ring mode, and enters G.8032 configuration submode. Step 3 timer {wtr | guard | hold-off} seconds Example: RP/0/RSP0/CPU0:router(config-g8032-ring-profile )# timer hold-off 5 Specifies time interval (in seconds) for the guard, hold-off and wait-to-restore timers.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-263 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring CFM MEP For more information about Ethernet Connectivity Fault Management (CFM), refer to the Configuring Ethernet OAM on the Cisco ASR 9000 Series Router module in the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide. Configuring an ERP Instance Perform this task to configure an ERP instance. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group bridge-group-name 4. bridge-domain aps-bridge-domain-name 5. interface type port0-interface-path-id.subinterface 6. interface type port1-interface-path-id.subinterface 7. bridge-domain data-bridge-domain-name 8. interface type interface-path-id.subinterface Step 4 non-revertive Example: RP/0/RSP0/CPU0:router(config-g8032-ring-profile )# non-revertive Specifies a non-revertive ring instance. Step 5 end or commit Example: RP/0/RSP0/CPU0:router(config-g8032-ring-profile )# end or RP/0/RSP0/CPU0:router(config-g8032-ring-profile )# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-264 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 9. ethernet ring g8032 ring-name 10. instance number 11. description string 12. profile profile-name 13. rpl {port0 | port1} {owner | neighbor | next-neighbor} 14. inclusion-list vlan-ids vlan-id 15. aps-channel 16. level number 17. port0 interface type interface-path-id 18. port1 {interface type interface-path-id | bridge-domain bridge-domain-name | xconnect xconnect-name | none} 19. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)# Creates a bridge group that can contain bridge domains, and then assigns network interfaces to the bridge domain. Step 4 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain bd1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain for R-APS channels, and enters L2VPN bridge group bridge domain configuration mode. Step 5 interface type port0-interface-path-id.subinterface Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface GigabitEthernet 0/0/0/0.1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# Enters interface configuration mode and adds an interface to a bridge domain that allows packets to be forwarded and received from other interfaces that are part of the same bridge domain.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-265 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 6 interface type port1-interface-path-id.subinterface Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface GigabitEthernet 0/0/0/1.1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# Enters interface configuration mode and adds an interface to a bridge domain that allows packets to be forwarded and received from other interfaces that are part of the same bridge domain. Step 7 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain bd2 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# Establishes a bridge domain for data traffic, and enters L2VPN bridge group bridge domain configuration mode. Step 8 interface type interface-path-id.subinterface Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface GigabitEthernet 0/0/0/0.10 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# Enters interface configuration mode and adds an interface to a bridge domain that allows packets to be forwarded and received from other interfaces that are part of the same bridge domain. Step 9 ethernet ring g8032 ring-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# ethernet ring g8032 r1 Enables G.8032 ring mode, and enters G.8032 configuration submode. Step 10 instance number Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp)# instance 1 Enters the Ethernet ring G.8032 instance configuration submode. Step 11 description string Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp-instance )# description test Specifies a string that serves as description for that instance. Step 12 profile profile-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp-instance )#profile p1 Specifies associated Ethernet ring G.8032 profile. Step 13 rpl {port0 | port1} {owner | neighbor | next-neighbor} Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp-instance )#rpl port0 neighbor Specifies one ring port on local node as RPL owner, neighbor or next-neighbor. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-266 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 14 inclusion-list vlan-ids vlan-id Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp-instance )# inclusion-list vlan-ids e-g Associates a set of VLAN IDs with the current instance. Step 15 aps-channel Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp-instance )# aps-channel Enters the Ethernet ring G.8032 instance aps-channel configuration submode. Step 16 level number Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp-instance -aps)# level 5 Specifies the APS message level. The range is from 0 to 7. Step 17 port0 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(configl2vpn-erp-instanceaps)# port0 interface GigabitEthernet 0/0/0/0.1 Associates G.8032 APS channel interface to port0. Step 18 port1 {interface type interface-path-id | bridge-domain bridge-domain-name | xconnect xconnect-name | none} Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp-instance -aps)# port1 interface GigabitEthernet 0/0/0/1.1 Associates G.8032 APS channel interface to port1. Step 19 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp-instance -aps)# end or RP/0/RSP0/CPU0:router(config-l2vpn-erp-instance -aps)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-267 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring ERP Parameters Perform this task to configure ERP parameters. SUMMARY STEPS 1. configure 2. l2vpn 3. ethernet ring g8032 ring-name 4. port0 interface type interface-path-id 5. monitor port0 interface type interface-path-id 6. exit 7. port1 {interface type interface-path-id | virtual | none} 8. monitor port1 interface type interface-path-id 9. exit 10. exclusion-list vlan-ids vlan-id 11. open-ring 12. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 ethernet ring g8032 ring-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# ethernet ring g8032 r1 Enables G.8032 ring mode, and enters G.8032 configuration submode. Step 4 port0 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp)# port0 interface GigabitEthernet 0/1/0/6 Enables G.8032 ERP for the specified port (ring port).Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-268 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 5 monitor port0 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp-port0)# monitor port0 interface 0/1/0/2 Specifies the port that is monitored to detect ring link failure per ring port. The monitored interface must be a sub-interface of the main interface. Step 6 exit Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp-port0)# exit Exits port0 configuration submode. Step 7 port1 {interface type interface-path-id | virtual | none} Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp)# port1 interface GigabitEthernet 0/1/0/8 Enables G.8032 ERP for the specified port (ring port). Step 8 monitor port1 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp-port1)# monitor port1 interface 0/1/0/3 Specifies the port that is monitored to detect ring link failure per ring port. The monitored interface must be a sub-interface of the main interface. Step 9 exit Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp-port1)# exit Exits port1 configuration submode. Step 10 exclusion-list vlan-ids vlan-id Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp)# exclusion-list vlan-ids a-d Specifies a set of VLAN IDs that is not protected by Ethernet ring protection mechanism. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-269 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring TCN Propagation Perform this task to configure topology change notification (TCN) propagation. SUMMARY STEPS 1. configure 2. l2vpn 3. tcn-propagation 4. end or commit Step 11 open-ring Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp)# open-ring Specifies Ethernet ring G.8032 as open ring. Step 12 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-erp)# end or RP/0/RSP0/CPU0:router(config-l2vpn-erp)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-270 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 DETAILED STEPS Configuring Flow Aware Transport Pseudowire This section provides information on • Enabling Load Balancing with ECMP and FAT PW for VPWS • Enabling Load Balancing with ECMP and FAT PW for VPLS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 tcn-propagation Example: RP/0/RSP0/CPU0:router(config-l2vpn)# tcn-propagation Allows TCN propagation from minor ring to major ring and from MSTP to G.8032. Step 4 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn)# end or RP/0/RSP0/CPU0:router(config-l2vpn)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-271 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Enabling Load Balancing with ECMP and FAT PW for VPWS Perform this task to enable load balancing with ECMP and FAT PW for VPWS. SUMMARY STEPS 1. configure 2. l2vpn 3. load-balancing flow {src-dst-mac | src-dst-ip} 4. pw-class {name} 5. encapsulation mpls 6. load-balancing flow-label {both | receive | transmit} [static] 7. exit 8. xconnect group group-name 9. p2p xconnect-name 10. interface type interface-path-id 11. neighbor A.B.C.D pw-id pseudowire-id 12. pw-class {name} 13. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters the configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 load-balancing flow {src-dst-mac | src-dst-ip} Example: RP/0/RSP0/CPU0:router(config)# load-balancing flow src-dst-ip Enables flow based load balancing. • src-dst-mac—Uses source and destination MAC addresses for hashing. • src-dst-ip—Uses source and destination IP addresses for hashing. Note It is recommended to use the load-balancing flow command with the src-dst-ip keyword.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-272 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 4 pw-class {name} Example: RP/0/RSP0/CPU0:router(config-l2vpn)# pw-class path1 Configures the pseudowire class template name to use for the pseudowire. Step 5 encapsulation mpls Example: RP/0/RSP0/CPU0:router(config-l2vpn-pwc)# encapsulation mpls Configures the pseudowire encapsulation to MPLS. Step 6 load-balancing flow-label {both | receive | transmit} [static] Example: RP/0/RSP0/CPU0:router(config-l2vpn-pwc-encapmpls)# load-balancing flow-label both Enables load-balancing on ECMPs. Also, enables the imposition and disposition of flow labels for the pseudowire. Note If the static keyword is not specified, end to end negotiation of the FAT PW is enabled. Step 7 exit Example: RP/0/RSP0/CPU0:router(config-l2vpn-pwc-encapmpls)#exit Exits the pseudowire encapsulation submode and returns the router to the parent configuration mode. Step 8 xconnect group group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# xconnect group grp1 Specifies the name of the cross-connect group. Step 9 p2p xconnect-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-xc)# p2p vlan1 Specifies the name of the point-to-point cross-connect Step 10 interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# interface GigabitEthernet0/0/0/0.1 Specifies the interface type and instance. Step 11 neighbor A.B.C.D pw-id pseudowire-id Example: RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# neighbor 10.2.2.2 pw-id 2000 Configures the pseudowire segment for the cross-connect. Use the A.B.C.D argument to specify the IP address of the cross-connect peer. Note A.B.C.D can be a recursive or non-recursive prefix. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-273 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Enabling Load Balancing with ECMP and FAT PW for VPLS Perform this task to enable load balancing with ECMP and FAT PW for VPLS. SUMMARY STEPS 1. configure 2. l2vpn 3. load-balancing flow {src-dst-mac | src-dst-ip} 4. pw-class {class-name} 5. encapsulation mpls 6. load-balancing flow-label {both | receive | transmit} [static] 7. exit 8. bridge group bridge-group-name 9. bridge-domain bridge-domain-name 10. vfi {vfi-name} 11. autodiscovery bgp 12. signaling-protocol bgp 13. load-balancing flow-label {both | receive | transmit} [static] Step 12 pw-class class-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# pw-class path1 Associates the pseudowire class with this pseudowire. Step 13 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# end or RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-274 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 14. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters the configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 load-balancing flow {src-dst-mac | src-dst-ip} Example: RP/0/RSP0/CPU0:router(config-l2vpn)# load-balancing flow src-dst-ip Enables flow based load balancing. • src-dst-mac—Uses source and destination MAC addresses for hashing. • src-dst-ip—Uses source and destination IP addresses for hashing. Note It is recommended to use the load-balancing flow command with the src-dst-ip keyword. Step 4 pw-class {class-name} Example: RP/0/RSP0/CPU0:router(config-l2vpn)# pw-class class1 Associates the pseudowire class with this pseudowire. Step 5 encapsulation mpls Example: RP/0/RSP0/CPU0:router(config-l2vpn-pwc)# encapsulation mpls Configures the pseudowire encapsulation to MPLS. Step 6 load-balancing flow-label {both | receive | transmit} [static] Example: RP/0/RSP0/CPU0:router(config-l2vpn-pwc-mpls)# load-balancing flow-label both Enables load-balancing on ECMPs. Also, enables the imposition and disposition of flow labels for the pseudowire. Note If the static keyword is not specified, end to end negotiation of the FAT PW is enabled. Step 7 exit Example: RP/0/RSP0/CPU0:router(config-l2vpn-pwc-mpls)# exit Exits the pseudowire encapsulation submode and returns the router to the parent configuration mode.Implementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-275 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 8 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group group1 Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain. Step 9 bridge-domain bridge-domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridgedomain domain1 Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode. Step 10 vfi {vfi-name} Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#vfi my_vfi Enters virtual forwarding instance (VFI) configuration mode. Step 11 autodiscovery bgp Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# autodiscovery bgp Enters BGP autodiscovery configuration mode where all BGP autodiscovery parameters are configured. Step 12 signaling-protocol bgp Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad )# signaling-protocol bgp Enables BGP signaling, and enters the BGP signaling configuration submode where BGP signaling parameters are configured. Command or Action PurposeImplementing Multipoint Layer 2 Services How to Implement Multipoint Layer 2 Services LSC-276 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 13 load-balancing flow-label {both|receive|transmit} [static] Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad -sig)# load-balancing flow-label both static Enables load-balancing on ECMPs. Also, enables the imposition and disposition of flow labels for the pseudowire. Step 14 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad -sig)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad -sig)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-277 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuration Examples for Multipoint Layer 2 Services This section includes these configuration examples: • Virtual Private LAN Services Configuration for Provider Edge-to-Provider Edge: Example, page LSC-277 • Virtual Private LAN Services Configuration for Provider Edge-to-Customer Edge: Example, page LSC-278 • Displaying MAC Address Withdrawal Fields: Example, page LSC-279 • Split Horizon Group: Example, page LSC-280 • Blocking Unknown Unicast Flooding: Example, page LSC-281 • Disabling MAC Flush: Examples, page LSC-281 • Configuring VPLS with BGP Autodiscovery and Signaling: Example, page LSC-289 • Bridging on IOS XR Trunk Interfaces: Example, page LSC-282 • Bridging on Ethernet Flow Points: Example, page LSC-286 • Changing the Flood Optimization Mode: Example, page LSC-288 • Configuring VPLS with BGP Autodiscovery and Signaling: Example, page LSC-289 • Configuring Dynamic ARP Inspection: Example, page LSC-293 • Configuring IP Source Guard: Example, page LSC-295 • Configuring G.8032 Ethernet Ring Protection: Example, page LSC-296 • Configuring Flow Aware Transport Pseudowire: Example, page LSC-300 Virtual Private LAN Services Configuration for Provider Edge-to-Provider Edge: Example These configuration examples show how to create a Layer 2 VFI with a full-mesh of participating VPLS provider edge (PE) nodes. This configuration example shows how to configure PE 1: configure l2vpn bridge group 1 bridge-domain PE1-VPLS-A GigabitEthernet0/0/0/1 vfi 1 neighbor 10.2.2.2 pw-id 1 neighbor 10.3.3.3 pw-id 1 ! ! interface loopback 0 ipv4 address 10.1.1.1 255.255.255.25 This configuration example shows how to configure PE 2: configure l2vpn bridge group 1 bridge-domain PE2-VPLS-AImplementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-278 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 interface GigabitEthernet0/0/0/1 vfi 1 neighbor 10.1.1.1 pw-id 1 neighbor 10.3.3.3 pw-id 1 ! ! interface loopback 0 ipv4 address 10.2.2.2 255.255.255.25 This configuration example shows how to configure PE 3: configure l2vpn bridge group 1 bridge-domain PE3-VPLS-A interface GigabitEthernet0/0/0/1 vfi 1 neighbor 10.1.1.1 pw-id 1 neighbor 10.2.2.2 pw-id 1 ! ! interface loopback 0 ipv4 address 10.3.3.3 255.255.255.25 Virtual Private LAN Services Configuration for Provider Edge-to-Customer Edge: Example This configuration shows how to configure VPLS for a PE-to-CE nodes: configure interface GigabitEthernet0/0/0/1 l2transport---AC interface no ipv4 address no ipv4 directed-broadcast negotiation auto no cdp enable configure interface GigabitEthernet0/0 l2transport no ipv4 address no ipv4 directed-broadcast negotiation auto no cdp enable configure interface GigabitEthernet0/0 l2transport no ipv4 address no ipv4 directed-broadcast negotiation auto no cdp enableImplementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-279 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Displaying MAC Address Withdrawal Fields: Example This sample output shows the MAC address withdrawal fields: RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail Bridge group: siva_group, bridge-domain: siva_bd, id: 0, state: up, ShgId: 0, MSTi: 0 MAC Learning: enabled MAC withdraw: enabled Flooding: Broadcast & Multicast: enabled Unknown Unicast: enabled MAC address aging time: 300 s Type: inactivity MAC address limit: 4000, Action: none, Notification: syslog MAC limit reached: no Security: disabled DHCPv4 Snooping: disabled MTU: 1500 MAC Filter: Static MAC addresses: ACs: 1 (1 up), VFIs: 1, PWs: 2 (1 up) List of ACs: AC: GigabitEthernet0/4/0/1, state is up Type Ethernet MTU 1500; XC ID 0x5000001; interworking none; MSTi 0 (unprotected) MAC Learning: enabled MAC withdraw: disabled Flooding: Broadcast & Multicast: enabled Unknown Unicast: enabled MAC address aging time: 300 s Type: inactivity MAC address limit: 4000, Action: none, Notification: syslog MAC limit reached: no Security: disabled DHCPv4 Snooping: disabled Static MAC addresses: Statistics: packet totals: receive 6,send 0 byte totals: receive 360,send 4 List of Access PWs: List of VFIs: VFI siva_vfi PW: neighbor 10.1.1.1, PW ID 1, state is down ( local ready ) PW class not set, XC ID 0xff000001 Encapsulation MPLS, protocol LDP PW type Ethernet, control word enabled, interworking none PW backup disable delay 0 sec Sequencing not set MPLS Local Remote ------------ ------------------------------ ------------------------- Label 30005 unknown Group ID 0x0 0x0 Interface siva/vfi unknown MTU 1500 unknown Control word enabled unknown PW type Ethernet unknown ------------ ------------------------------ ------------------------- Create time: 19/11/2007 15:20:14 (00:25:25 ago) Last time status changed: 19/11/2007 15:44:00 (00:01:39 ago) MAC withdraw message: send 0 receive 0Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-280 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Split Horizon Group: Example This example configures interfaces for Layer 2 transport, adds them to a bridge domain, and assigns them to split horizon groups. RP/0/RSP0/CPU0:router(config)#l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group examples RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridge-domain all_three RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#interface GigabitEthernet 0/0/0/0.99 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#exit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#interface GigabitEthernet 0/0/0/0.101 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#split-horizon group RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#exit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#neighbor 192.168.99.1 pw-id 1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)#exit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#neighbor 192.168.99.9 pw-id 1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)#split-horizon group RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)#exit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#vfi abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)#neighbor 192.168.99.17 pw-id 1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)#exit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)#exit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#show Mon Oct 18 13:51:05.831 EDT l2vpn bridge group examples bridge-domain all_three interface GigabitEthernet0/0/0/0.99 ! interface GigabitEthernet0/0/0/0.101 split-horizon group ! neighbor 192.168.99.1 pw-id 1 ! neighbor 192.168.99.9 pw-id 1 split-horizon group ! vfi abc neighbor 192.168.99.17 pw-id 1 ! ! ! ! ! RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# According to this example, the Split Horizon group assignments for bridge domain all_three are: Bridge Port/Pseudowire Split Horizon Group bridge port: gig0/0/0/0.99 0 bridge port: gig0/0/0/0.101 2 PW: 192.168.99.1 pw-id 1 0 PW: 192.168.99.9 pw-id 1 2 PW: 192.168.99.17 pw-id 1 1Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-281 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Blocking Unknown Unicast Flooding: Example Unknown-unicast flooding can be blocked at these levels: • bridge domain • bridge port (attachment circuit (AC)) • access pseudowire (PW) This example shows how to block unknown-unicast flooding at the bridge domain level: configure l2vpn bridge-group group1 bridge-domain domain1 flooding unknown-unicast disable end This example shows how to block unknown-unicast flooding at the bridge port level: configure l2vpn bridge-group group1 bridge-domain domain1 interface GigabitEthernet 0/1/0/1 flooding unknown-unicast disable end This example shows how to block unknown-unicast flooding at the access pseudowire level: configure l2vpn bridge-group group1 bridge-domain domain1 neighbor 10.1.1.1 pw-id 1000 flooding unknown-unicast disable end Disabling MAC Flush: Examples You can disable the MAC flush at these levels: • bridge domain • bridge port (attachment circuit (AC)) • access pseudowire (PW) This example shows how to disable the MAC flush at the bridge domain level: configure l2vpn bridge-group group1 bridge-domain domain1 mac port-down flush disable endImplementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-282 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 This example shows how to disable the MAC flush at the bridge port level: configure l2vpn bridge-group group1 bridge-domain domain1 interface GigabitEthernet 0/1/0/1 mac port-down flush disable end This example shows how to disable the MAC flush at the access pseudowire level: configure l2vpn bridge-group group1 bridge-domain domain1 neighbor 10.1.1.1 pw-id 1000 mac port-down flush disable end Bridging on IOS XR Trunk Interfaces: Example This example shows how to configure a Cisco ASR 9000 Series Router as a simple L2 switch. Important Notes: Create a bridge domain that has four attachment circuits (AC). Each AC is an IOS XR trunk interface (i.e. not a subinterface/EFP). • This example assumes that the running config is empty, and that all the components are created. • This example provides all the necessary steps to configure the Cisco ASR 9000 Series Router to perform switching between the interfaces. However, the commands to prepare the interfaces such as no shut, negotiation auto, etc., have been excluded. • The bridge domain is in a no shut state, immediately after being created. • Only trunk (i.e. main) interfaces are used in this example. • The trunk interfaces are capable of handling tagged (i.e. IEEE 802.1Q) or untagged (i.e. no VLAN header) frames. • The bridge domain learns, floods, and forwards based on MAC address. This functionality works for frames regardless of tag configuration. • The bridge domain entity spans all the line cards of the system. It is not necessary to place all the bridge domain ACs on a single LC. This applies to any bridge domain configuration. • The show bundle and the show l2vpn bridge-domain commands are used to verify that the router was configured as expected, and that the commands show the status of the new configurations. • The ACs in this example use interfaces that are in the admin down state.Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-283 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuration Example RP/0/RSP0/CPU0:router#config RP/0/RSP0/CPU0:router(config)#interface Bundle-ether10 RP/0/RSP0/CPU0:router(config-if)#l2transport RP/0/RSP0/CPU0:router(config-if-l2)#interface GigabitEthernet0/2/0/5 RP/0/RSP0/CPU0:router(config-if)#bundle id 10 mode active RP/0/RSP0/CPU0:router(config-if)#interface GigabitEthernet0/2/0/6 RP/0/RSP0/CPU0:router(config-if)#bundle id 10 mode active RP/0/RSP0/CPU0:router(config-if)#interface GigabitEthernet0/2/0/0 RP/0/RSP0/CPU0:router(config-if)#l2transport RP/0/RSP0/CPU0:router(config-if-l2)#interface GigabitEthernet0/2/0/1 RP/0/RSP0/CPU0:router(config-if)#l2transport RP/0/RSP0/CPU0:router(config-if-l2)#interface TenGigE0/1/0/2 RP/0/RSP0/CPU0:router(config-if)#l2transport RP/0/RSP0/CPU0:router(config-if-l2)#l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group examples RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridge-domain test-switch RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#interface Bundle-ether10 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#exit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#interface GigabitEthernet0/2/0/0 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#exit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#interface GigabitEthernet0/2/0/1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#exit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#interface TenGigE0/1/0/2 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#commit RP/0/RSP0/CPU0:Jul 26 10:48:21.320 EDT: config[65751]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed by user 'lab'. Use 'show configuration commit changes 1000000973' to view the changes. RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#end RP/0/RSP0/CPU0:Jul 26 10:48:21.342 EDT: config[65751]: %MGBL-SYS-5-CONFIG_I : Configured from console by lab RP/0/RSP0/CPU0:router#show bundle Bundle-ether10 Bundle-Ether10 Status: Down Local links : 0 / 0 / 2 Local bandwidth : 0 (0) kbps MAC address (source): 0024.f71e.22eb (Chassis pool) Minimum active links / bandwidth: 1 / 1 kbps Maximum active links: 64 Wait while timer: 2000 ms LACP: Operational Flap suppression timer: Off mLACP: Not configured IPv4 BFD: Not configured Port Device State Port ID B/W, kbps -------------------- --------------- ----------- -------------- ---------- Gi0/2/0/5 Local Configured 0x8000, 0x0001 1000000 Link is down Gi0/2/0/6 Local Configured 0x8000, 0x0002 1000000 Link is down RP/0/RSP0/CPU0:router# RP/0/RSP0/CPU0:router#show l2vpn bridge-domain group examples Bridge group: examples, bridge-domain: test-switch, id: 2000, state: up, ShgId: 0, MSTi: 0 Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog Filter MAC addresses: 0 ACs: 4 (1 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up) List of ACs: BE10, state: down, Static MAC addresses: 0 Gi0/2/0/0, state: up, Static MAC addresses: 0 Gi0/2/0/1, state: down, Static MAC addresses: 0Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-284 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Te0/5/0/1, state: down, Static MAC addresses: 0 List of Access PWs: List of VFIs: RP/0/RSP0/CPU0:router# This table lists the configuration steps (actions) and the corresponding purpose for this example: Command or Action Purpose Step 1 configure Enters global configuration mode. Step 2 interface Bundle-ether10 Creates a new bundle trunk interface. Step 3 l2transport Changes Bundle-ether10 from an L3 interface to an L2 interface. Step 4 interface GigabitEthernet0/2/0/5 Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/2/0/5. Step 5 bundle id 10 mode active Establishes GigabitEthernet0/2/0/5 as a member of Bundle-ether10. The mode active keywords specify LACP protocol. Step 6 interface GigabitEthernet0/2/0/6 Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/2/0/6. Step 7 bundle id 10 mode active Establishes GigabitEthernet0/2/0/6 as a member of Bundle-ether10. The mode active keywords specify LACP protocol. Step 8 interface GigabitEthernet0/2/0/0 Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/2/0/0. Step 9 l2transport Change GigabitEthernet0/2/0/0 from an L3 interface to an L2 interface. Step 10 interface GigabitEthernet0/2/0/1 Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/2/0/1. Step 11 l2transport Change GigabitEthernet0/2/0/1 from an L3 interface to an L2 interface. Step 12 interface TenGigE0/1/0/2 Enters interface configuration mode. Changes configuration mode to act on TenGigE0/1/0/2. Step 13 l2transport Changes TenGigE0/1/0/2 from an L3 interface to an L2 interface. Step 14 l2vpn Enters L2VPN configuration mode. Step 15 bridge group examples Creates the bridge group examples. Step 16 bridge-domain test-switch Creates the bridge domain test-switch, that is a member of bridge group examples. Step 17 interface Bundle-ether10 Establishes Bundle-ether10 as an AC of bridge domain test-switch. Step 18 exit Exits bridge domain AC configuration submode, allowing next AC to be configured.Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-285 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Step 19 interface GigabitEthernet0/2/0/0 Establishes GigabitEthernet0/2/0/0 as an AC of bridge domain test-switch. Step 20 exit Exits bridge domain AC configuration submode, allowing next AC to be configured. Step 21 interface GigabitEthernet0/2/0/1 Establishes GigabitEthernet0/2/0/1 as an AC of bridge domain test-switch. Step 22 exit Exits bridge domain AC configuration submode, allowing next AC to be configured. Step 23 interface TenGigE0/1/0/2 Establishes interface TenGigE0/1/0/2 as an AC of bridge domain test-switch. Step 24 end or commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-286 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Bridging on Ethernet Flow Points: Example This example shows how to configure a Cisco ASR 9000 Series Router to perform Layer 2 switching on traffic that passes through Ethernet Flow Points (EFPs). EFP traffic typically has one or more VLAN headers. Although both IOS XR trunks and IOS XR EFPs can be combined as attachment circuits in bridge domains, this example uses EFPs exclusively. Important Notes: • An EFP is a Layer 2 subinterface. It is always created under a trunk interface. The trunk interface must exist before the EFP is created. • In an empty configuration, the bundle interface trunk does not exist, but the physical trunk interfaces are automatically configured when a line card is inserted. Therefore, only the bundle trunk is created. • In this example the subinterface number and the VLAN IDs are identical, but this is out of convenience, and is not a necessity. They do not need to be the same values. • The bridge domain test-efp has three attachment circuits (ACs). All the ACs are EFPs. • Only frames with a VLAN ID of 999 enter the EFPs. This ensures that all the traffic in this bridge domain has the same VLAN encapsulation. • The ACs in this example use interfaces that are in the admin down state, or interfaces for which no line card has been inserted (unresolved state). Bridge domains that use nonexistent interfaces as ACs are legal, and the commit for such configurations does not fail. In this case, the status of the bridge domain shows unresolved until you configure the missing interface. Configuration Example RP/0/RSP1/CPU0:router#configure RP/0/RSP1/CPU0:router(config)#interface Bundle-ether10 RP/0/RSP1/CPU0:router(config-if)#interface Bundle-ether10.999 l2transport RP/0/RSP1/CPU0:router(config-subif)#encapsulation dot1q 999 RP/0/RSP1/CPU0:router(config-subif)#interface GigabitEthernet0/6/0/5 RP/0/RSP1/CPU0:router(config-if)#bundle id 10 mode active RP/0/RSP1/CPU0:router(config-if)#interface GigabitEthernet0/6/0/6 RP/0/RSP1/CPU0:router(config-if)#bundle id 10 mode active RP/0/RSP1/CPU0:router(config-if)#interface GigabitEthernet0/6/0/7.999 l2transport RP/0/RSP1/CPU0:router(config-subif)#encapsulation dot1q 999 RP/0/RSP1/CPU0:router(config-subif)#interface TenGigE0/1/0/2.999 l2transport RP/0/RSP1/CPU0:router(config-subif)#encapsulation dot1q 999 RP/0/RSP1/CPU0:router(config-subif)#l2vpn RP/0/RSP1/CPU0:router(config-l2vpn)#bridge group examples RP/0/RSP1/CPU0:router(config-l2vpn-bg)#bridge-domain test-efp RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd)#interface Bundle-ether10.999 RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd-ac)#exit RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd)#interface GigabitEthernet0/6/0/7.999 RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd-ac)#exit RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd)#interface TenGigE0/1/0/2.999 RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd-ac)#commit RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd-ac)#end RP/0/RSP1/CPU0:router# RP/0/RSP1/CPU0:router#show l2vpn bridge group examples Fri Jul 23 21:56:34.473 UTC Bridge group: examples, bridge-domain: test-efp, id: 0, state: up, ShgId: 0, MSTi: 0 Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog Filter MAC addresses: 0 ACs: 3 (0 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up) List of ACs: BE10.999, state: down, Static MAC addresses: 0Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-287 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Gi0/6/0/7.999, state: unresolved, Static MAC addresses: 0 Te0/1/0/2.999, state: down, Static MAC addresses: 0 List of Access PWs: List of VFIs: RP/0/RSP1/CPU0:router# This table lists the configuration steps (actions) and the corresponding purpose for this example: Command or Action Purpose Step 1 configure Enters global configuration mode. Step 2 interface Bundle-ether10 Creates a new bundle trunk interface. Step 3 interface Bundle-ether10.999 l2transport Creates an EFP under the new bundle trunk. Step 4 encapsulation dot1q 999 Assigns VLAN ID of 999 to this EFP. Step 5 interface GigabitEthernet0/6/0/5 Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/6/0/5. Step 6 bundle id 10 mode active Establishes GigabitEthernet0/6/0/5 as a member of Bundle-ether10. The mode active keywords specify LACP protocol. Step 7 interface GigabitEthernet0/6/0/6 Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/6/0/6. Step 8 bundle id 10 mode active Establishes GigabitEthernet0/6/0/6 as a member of Bundle-ether10. The mode active keywords specify LACP protocol. Step 9 interface GigabitEthernet0/6/0/7.999 l2transport Creates an EFP under GigabitEthernet0/6/0/7. Step 10 encapsulation dot1q 999 Assigns VLAN ID of 999 to this EFP. Step 11 interface TenGigE0/1/0/2.999 l2transport Creates an EFP under TenGigE0/1/0/2. Step 12 encapsulation dot1q 999 Assigns VLAN ID of 999 to this EFP. Step 13 l2vpn Enters L2VPN configuration mode. Step 14 bridge group examples Creates the bridge group named examples. Step 15 bridge-domain test-efp Creates the bridge domain named test-efp, that is a member of bridge group examples. Step 16 interface Bundle-ether10.999 Establishes Bundle-ether10.999 as an AC of the bridge domain named test-efp. Step 17 exit Exits bridge domain AC configuration submode, allowing next AC to be configured. Step 18 interface GigabitEthernet0/6/0/7.999 Establishes GigabitEthernet0/6/0/7.999 as an AC of the bridge domain named test-efp. Step 19 exit Exits bridge domain AC configuration submode, allowing next AC to be configured.Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-288 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Changing the Flood Optimization Mode: Example This example shows how to change the default flood optimization mode under a bridge domain: config l2vpn bridge group MyGroup bridge-domain MyDomain flood mode convergence-optimized Step 20 interface TenGigE0/1/0/2.999 Establishes interface TenGigE0/1/0/2.999 as an AC of bridge domain named test-efp. Step 21 end or commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-289 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring VPLS with BGP Autodiscovery and Signaling: Example This section contains these configuration examples for configuring the BGP autodiscovery and signaling feature: • LDP and BGP Configuration • Minimum L2VPN Configuration for BGP Autodiscovery with BGP Signaling • VPLS with BGP Autodiscovery and BGP Signaling • Minimum Configuration for BGP Autodiscovery with LDP Signaling • VPLS with BGP Autodiscovery and LDP Signaling LDP and BGP Configuration Figure 19 illustrates an example of LDP and BGP configuration. Figure 19 LDP and BGP Configuration Configuration at PE1: interface Loopback0 ipv4 address 1.1.1.100 255.255.255.255 ! interface Loopback1 ipv4 address 1.1.1.10 255.255.255.255 ! mpls ldp router-id 1.1.1.1 interface GigabitEthernt0/1/0/0 ! router bgp 120 address-family l2vpn vpls-vpws ! neighbor 2.2.2.20 remote-as 120 update-source Loopback1 address-family l2vpn vpls-vpws signaling bgp disable Configuration at PE2: interface Loopback0 ipv4 address 2.2.2.200 255.255.255.255 ! interface Loopback1 ipv4 address 2.2.2.20 255.255.255.255 ! mpls ldp router-id 2.2.2.2 interface GigabitEthernt0/1/0/0 ! router bgp 120 249872 MPLS Core CE1 PE1 PE2 CE2 GigabitEthernet0/1/0/0 GigabitEthernet0/1/0/0Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-290 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 address-family l2vpn vpls-vpws ! neighbor 1.1.1.10 remote-as 120 update-source Loopback1 address-family l2vpn vpls-vpws Minimum L2VPN Configuration for BGP Autodiscovery with BGP Signaling This example illustrates the minimum L2VPN configuration required for BGP Autodiscovery with BGP Signaling, where any parameter that has a default value is not configured. (config)# l2vpn (config-l2vpn)# bridge group {bridge group name} (config-l2vpn-bg)# bridge-domain {bridge domain name} (config-l2vpn-bg-bd)# vfi {vfi name} (config-l2vpn-bg-bd-vfi)# autodiscovery bgp (config-l2vpn-bg-bd-vfi-ad)# vpn-id 10 (config-l2vpn-bg-bd-vfi-ad)# rd auto (config-l2vpn-bg-bd-vfi-ad)# route-target 1.1.1.1:100 (config-l2vpn-bg-bd-vfi-ad-sig)# signaling-protocol bgp (config-l2vpn-bg-bd-vfi-ad-sig)# ve-id 1 (config-l2vpn-bg-bd-vfi-ad-sig)# commit VPLS with BGP Autodiscovery and BGP Signaling Figure 20 illustrates an example of configuring VPLS with BGP autodiscovery (AD) and BGP Signaling. Figure 20 VPLS with BGP autodiscovery and BGP signaling Configuration at PE1: l2vpn bridge group gr1 bridge-domain bd1 interface GigabitEthernet0/1/0/1.1 vfi vf1 ! AD independent VFI attributes vpn-id 100 ! Auto-discovery attributes autodiscovery bgp rd auto route-target 2.2.2.2:100 ! Signaling attributes signaling-protocol bgp ve-id 3 249873 MPLS Core CE1 PE1 PE2 CE2 GigabitEthernet0/1/0/1.1 1.1.1.1 Gig 3.3.3.3 abitEthernet0/1/0/2.1Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-291 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuration at PE2: l2vpn bridge group gr1 bridge-domain bd1 interface GigabitEthernet0/1/0/2.1 vfi vf1 ! AD independent VFI attributes vpn-id 100 ! Auto-discovery attributes autodiscovery bgp rd auto route-target 2.2.2.2:100 ! Signaling attributes signaling-protocol bgp ve-id 5 This is an example of NLRI for VPLS with BGP AD and signaling: Discovery Attributes NLRI sent at PE1: Length = 19 Router Distinguisher = 3.3.3.3:32770 VE ID = 3 VE Block Offset = 1 VE Block Size = 10 Label Base = 16015 NLRI sent at PE2: Length = 19 Router Distinguisher = 1.1.1.1:32775 VE ID = 5 VE Block Offset = 1 VE Block Size = 10 Label Base = 16120 Minimum Configuration for BGP Autodiscovery with LDP Signaling This example illustrates the minimum L2VPN configuration required for BGP Autodiscovery with LDP Signaling, where any parameter that has a default value is not configured. (config)# l2vpn (config-l2vpn)# bridge group {bridge group name} (config-l2vpn-bg)# bridge-domain {bridge domain name} (config-l2vpn-bg-bd)# vfi {vfi name} (config-l2vpn-bg-bd-vfi)# autodiscovery bgp (config-l2vpn-bg-bd-vfi-ad)# vpn-id 10 (config-l2vpn-bg-bd-vfi-ad)# rd auto (config-l2vpn-bg-bd-vfi-ad)# route-target 1.1.1.1:100 (config-l2vpn-bg-bd-vfi-ad)# commit 249878 MPLS Core CE1 PE1 PE2 CE2 GigabitEthernet0/1/0/1.1 1.1.1.1 Gig 3.3.3.3 abitEthernet0/1/0/2.1Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-292 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 VPLS with BGP Autodiscovery and LDP Signaling Figure 21 illustrates an example of configuring VPLS with BGP autodiscovery (AD) and LDP Signaling. Figure 21 VPLS with BGP autodiscovery and LDP signaling Configuration at PE1: l2vpn router-id 10.10.10.10 bridge group bg1 bridge-domain bd1 vfi vf1 vpn-id 100 autodiscovery bgp rd 1:100 router-target 12:12 Configuration at PE2: l2vpn router-id 20.20.20.20 bridge group bg1 bridge-domain bd1 vfi vf1 vpn-id 100 autodiscovery bgp rd 2:200 router-target 12:12 signaling-protocol ldp vpls-id 120:100 Discovery and Signaling Attributes Configuration at PE1: LDP Router ID - 1.1.1.1 BGP Router ID - 1.1.1.100 Peer Address - 1.1.1.10 L2VPN Router ID - 10.10.10.10 Route Distinguisher - 1:100 249882 MPLS Core CE1 PE1 PE2 CE2 GigabitEthernet0/1/0/0 GigabitEthernet0/1/0/0 MPLS Core CE1 PE1 PE2 CE2 GigabitEthernet0/1/0/0 GigabitEthernet0/1/0/0Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-293 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Common Configuration between PE1 and PE2: ASN - 120 VPN ID - 100 VPLS ID - 120:100 Route Target - 12:12 Configuration at PE2: LDP Router ID - 2.2.2.2 BGP Router ID - 2.2.2.200 Peer Address - 2.2.2.20 L2VPN Router ID - 20.20.20.20 Route Distinguisher - 2:200 Discovery Attributes NLRI sent at PE1: Source Address - 1.1.1.10 Destination Address - 2.2.2.20 Length - 14 Route Distinguisher - 1:100 L2VPN Router ID - 10.10.10.10 VPLS ID - 120:100 Route Target - 12:12 NLRI sent at PE2: Source Address - 2.2.2.20 Destination Address - 1.1.1.10 Length - 14 Route Distinguisher - 2:200 L2VPN Router ID - 20.20.20.20 VPLS ID - 120:100 Route Target - 12:12 Configuring Dynamic ARP Inspection: Example This example shows how to configure basic dynamic ARP inspection under a bridge domain: config l2vpn bridge group MyGroup bridge-domain MyDomain dynamic-arp-inspection logging This example shows how to configure basic dynamic ARP inspection under a bridge port: config l2vpn bridge group MyGroup bridge-domain MyDomain interface gigabitEthernet 0/1/0/0.1 dynamic-arp-inspection loggingImplementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-294 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 This example shows how to configure optional dynamic ARP inspection under a bridge domain: l2vpn bridge group SECURE bridge-domain SECURE-DAI dynamic-arp-inspection logging address-validation src-mac dst-mac ipv4 This example shows how to configure optional dynamic ARP inspection under a bridge port: l2vpn bridge group SECURE bridge-domain SECURE-DAI interface GigabitEthernet0/0/0/1.10 dynamic-arp-inspection logging address-validation src-mac dst-mac ipv4 This example shows the output of the show l2vpn bridge-domain bd-name SECURE-DAI detail command: #show l2vpn bridge-domain bd-name SECURE-DAI detail Bridge group: SECURE, bridge-domain: SECURE-DAI, id: 2, state: up, … Dynamic ARP Inspection: enabled, Logging: enabled Dynamic ARP Inspection Address Validation: IPv4 verification: enabled Source MAC verification: enabled Destination MAC verification: enabled … List of ACs: AC: GigabitEthernet0/0/0/1.10, state is up … Dynamic ARP Inspection: enabled, Logging: enabled Dynamic ARP Inspection Address Validation: IPv4 verification: enabled Source MAC verification: enabled Destination MAC verification: enabled IP Source Guard: enabled, Logging: enabled … Dynamic ARP inspection drop counters: packets: 1000, bytes: 64000 This example shows the output of the show l2vpn forwarding interface interface-name detail location location-name command: #show l2vpn forwarding interface g0/0/0/1.10 det location 0/0/CPU0 Local interface: GigabitEthernet0/0/0/1.10, Xconnect id: 0x40001, Status: up … Dynamic ARP Inspection: enabled, Logging: enabled Dynamic ARP Inspection Address Validation: IPv4 verification: enabled Source MAC verification: enabled Destination MAC verification: enabled IP Source Guard: enabled, Logging: enabledImplementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-295 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 … This example shows the logging display: LC/0/0/CPU0:Jun 16 13:28:28.697 : l2fib[188]: %L2-L2FIB-5-SECURITY_DAI_VIOLATION_AC : Dynamic ARP inspection in AC GigabitEthernet0_0_0_7.1000 detected violated packet - source MAC: 0000.0000.0065, destination MAC: 0000.0040.0000, sender MAC: 0000.0000.0064, target MAC: 0000.0000.0000, sender IP: 5.6.6.6, target IP: 130.10.3.2 LC/0/5/CPU0:Jun 16 13:28:38.716 : l2fib[188]: %L2-L2FIB-5-SECURITY_DAI_VIOLATION_AC : Dynamic ARP inspection in AC Bundle-Ether100.103 detected violated packet - source MAC: 0000.0000.0067, destination MAC: 0000.2300.0000, sender MAC: 0000.7800.0034, target MAC: 0000.0000.0000, sender IP: 130.2.5.1, target IP: 50.5.1.25 Configuring IP Source Guard: Example This example shows how to configure basic IP source guard under a bridge domain: config l2vpn bridge group MyGroup bridge-domain MyDomain ip-source-guard logging This example shows how to configure basic IP source guard under a bridge port: config l2vpn bridge group MyGroup bridge-domain MyDomain interface gigabitEthernet 0/1/0/0.1 ip-source-guard logging This example shows how to configure optional IP source guard under a bridge domain: l2vpn bridge group SECURE bridge-domain SECURE-IPSG ip-source-guard logging This example shows how to configure optional IP source guard under a bridge port: l2vpn bridge group SECURE bridge-domain SECURE-IPSG interface GigabitEthernet0/0/0/1.10 ip-source-guard logging This example shows the output of the show l2vpn bridge-domain bd-name ipsg-name detail command: # show l2vpn bridge-domain bd-name SECURE-IPSG detail Bridge group: SECURE, bridge-domain: SECURE-IPSG, id: 2, state: up, … IP Source Guard: enabled, Logging: enabled … List of ACs: AC: GigabitEthernet0/0/0/1.10, state is up … IP Source Guard: enabled, Logging: enabled … IP source guard drop counters:Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-296 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 packets: 1000, bytes: 64000 This example shows the output of the show l2vpn forwarding interface interface-name detail location location-name command: # show l2vpn forwarding interface g0/0/0/1.10 detail location 0/0/CPU0 Local interface: GigabitEthernet0/0/0/1.10, Xconnect id: 0x40001, Status: up … IP Source Guard: enabled, Logging: enabled This example shows the logging display: LC/0/0/CPU0:Jun 16 13:32:25.334 : l2fib[188]: %L2-L2FIB-5-SECURITY_IPSG_VIOLATION_AC : IP source guard in AC GigabitEthernet0_0_0_7.1001 detected violated packet - source MAC: 0000.0000.0200, destination MAC: 0000.0003.0000, source IP: 130.0.0.1, destination IP: 125.34.2.5 LC/0/5/CPU0:Jun 16 13:33:25.530 : l2fib[188]: %L2-L2FIB-5-SECURITY_IPSG_VIOLATION_AC : IP source guard in AC Bundle-Ether100.100 detected violated packet - source MAC: 0000.0000.0064, destination MAC: 0000.0040.0000, source IP: 14.5.1.3, destination IP: 45.1.1.10 Configuring G.8032 Ethernet Ring Protection: Example This sample configuration illustrates the elements that a complete G.8032 configuration includes: # Configure the ERP profile characteristics if ERP instance behaviors are non-default. ethernet ring g8032 profile ERP-profile timer wtr 60 timer guard 100 timer hold-off 1 non-revertive # Configure CFM MEPs and configure to monitor the ring links. ethernet cfm domain domain1 service link1 down-meps continuity-check interval 3.3ms efd mep crosscheck mep-id 2 domain domain2 service link2 down-meps continuity-check interval 3.3ms efd protection-switching mep crosscheck mep id 2 Interface Gig 0/0/0/0 ethernet cfm mep domain domain1 service link1 mep-id 1 Interface Gig 1/1/0/0 ethernet cfm mep domain domain2 service link2 mep-id 1 # Configure the ERP instance under L2VPN l2vpn ethernet ring g8032 RingA port0 interface g0/0/0/0 port1 interface g0/1/0/0 instance 1Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-297 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 description BD2-ring profile ERP-profile rpl port0 owner vlan-ids 10-100 aps channel level 3 port0 interface g0/0/0/0.1 port1 interface g1/1/0/0.1 # Set up the bridge domains bridge group ABC bridge-domain BD2 interface Gig 0/0/0/0.2 interface Gig 0/1/0/0.2 interface Gig 0/2/0/0.2 bridge-domain BD2-APS interface Gig 0/0/0/0.1 interface Gig 1/1/0/0.1 # EFPs configuration interface Gig 0/0/0/0.1 l2transport encapsulation dot1q 5 interface Gig 1/1/0/0.1 l2transport encapsulation dot1q 5 interface g 0/0/0/0.2 l2transport encapsulation dot1q 10-100 interface g 0/1/0/0.2 l2transport encapsulation dot1q 10-100 interface g 0/2/0/0.2 l2transport encapsulation dot1q 10-100 Configuring Interconnection Node: Example This example shows you how to configure an interconnection node. Figure 22 illustrates an open ring scenario.Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-298 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Figure 22 Open Ring Scenario - interconnection node The minimum configuration required for configuring G.8032 at Router C (Open ring – Router C): interface l2transport encapsulation dot1q X1 interface l2transport encapsulation dot1q Y1 interface l2transport encapsulation dot1q Y1 interface l2transport encapsulation dot1q Y1 l2vpn ethernet ring g8032 port0 interface
port1 interface none #? This router is connected to an interconnection node open-ring #? Mandatory when a router is part of an open-ring instance <1-2> inclusion-list vlan-ids X1-Y1 aps-channel Port0 interface Port1 none #? This router is connected to an interconnection node bridge group bg1 bridge-domain bd-aps#? APS-channel has its own bridge domain #? There is only one APS-channel at the interconnection node bridge-domain bd-traffic #? Data traffic has its own bridge domain Configuring the Node of an Open Ring: Example This example shows you how to configure the node part of an open ring. Figure 23 illustrates an open ring scenario. Major Ring Minor Ring Router A Router C Router D Router E Router F Router B Interconnection node 282417 ifname2 ifname1 ifname2 Data traffic on VLAN Y1 R-APS on VLAN X1Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-299 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Figure 23 Open Ring Scenario The minimum configuration required for configuring G.8032 at the node of the open ring (node part of the open ring at router F): interface l2transport encapsulation dot1q X1 interface l2transport encapsulation dot1q X1 interface l2transport encapsulation dot1q Y1 interface l2transport encapsulation dot1q Y1 l2vpn ethernet ring g8032 port0 interface
port1 interface
open-ring #? Mandatory when a router is part of an open-ring instance <1-2> inclusion-list vlan-ids X1-Y1 rpl port1 owner #? This node is RPL owner and
is blocked aps-channel port0 interface port1 interface bridge group bg1 bridge-domain bd-aps#? APS-channel has its own bridge domain bridge-domain bd-traffic #? Data traffic has its own bridge domain Major Ring Minor Ring Router A Router C Router D Router E Router F Router B 282418 name2 Data traffic on VLAN Y1 R-APS on VLAN X1Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services LSC-300 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Configuring Flow Aware Transport Pseudowire: Example This sample configuration shows how to enable load balancing with FAT PW for VPWS. l2vpn pw-class class1 encapsulation mpls load-balancing flow-label transmit ! ! pw-class class2 encapsulation mpls load-balancing flow-label both ! xconnect group group1 p2p p1 interface GigabitEthernet 0/0/0/0.1 neighbor 1.1.1.1 pw-id 1 pw-class class1 ! ! ! This sample configuration shows how to enable load balancing with FAT PW for VPLS. Note For VPLS, the configuration at the bridge-domain level is applied to all PWs (access and VFI PWs). Pseudowire classes are defined to override the configuration for manual PWs. l2vpn pw-class class1 encapsulation mpls load-balancing flow-label both bridge group group1 bridge-domain domain1 vfi vfi2-auto-bgp autodiscovery bgp signaling-protocol bgp load-balancing flow-label both static ! ! ! ! bridge-domain domain2 vfi vfi2-auto-ldp autodiscovery bgp signaling-protocol ldp load-balancing flow-label both static ! ! ! ! !Implementing Multipoint Layer 2 Services Additional References LSC-301 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 Additional References For additional information related to implementing VPLS, refer to these: Related Documents Standards MIBs Related Topic Document Title Cisco IOS XR L2VPN commands Point to Point Layer 2 Services Commands module in the Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Command Reference MPLS VPLS-related commands Multipoint Layer 2 Services Commands module in the Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Command Reference Getting started material Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Traffic storm control on VPLS bridges Traffic Storm Control under VPLS Bridges on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Layer 2 multicast on VPLS bridges Layer 2 Multicast Using IGMP Snooping module in the Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide Standards 1 1. Not all supported standards are listed. Title draft-ietf-l2vpn-vpls-ldp-09 Virtual Private LAN Services Using LDP MIBs MIBs Link — To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at this URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtmlImplementing Multipoint Layer 2 Services Additional References LSC-302 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-26116-02 RFCs Technical Assistance RFCs Title RFC 4447 Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP), April 2006 RFC 4448 Encapsulation Methods for Transport of Ethernet over MPLS Networks, April 2006 RFC 4762 Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling Description Link The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. http://www.cisco.com/techsupportLSC-303 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Implementing IEEE 802.1ah Provider Backbone Bridge This module provides conceptual and configuration information for IEEE 802.1ah Provider Backbone Bridge on Cisco ASR 9000 Series Routers. The IEEE 802.1ah standard (Ref [4]) provides a means for interconnecting multiple provider bridged networks to build a large scale end-to-end Layer 2 provider bridged network. Feature History for Implementing IEEE 802.1ah Provider Backbone Bridge Contents • Prerequisites for Implementing 802.1ah Provider Backbone Bridge, page 304 • Information About Implementing 802.1ah Provider Backbone Bridge, page 304 • How to Implement 802.1ah Provider Backbone Bridge, page 309 • Configuration Examples for Implementing 802.1ah Provider Backbone Bridge, page 323 • Additional References, page 325 Release Modification Release 3.9.1 This feature was introduced on Cisco ASR 9000 Series Routers.Implementing IEEE 802.1ah Provider Backbone Bridge Prerequisites for Implementing 802.1ah Provider Backbone Bridge LSC-304 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Prerequisites for Implementing 802.1ah Provider Backbone Bridge This prerequisite applies to implementing 802.1ah Provider Backbone Bridge: • You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. • You must be familiar with the multipoint bridging concepts. Refer to the Implementing Multipoint Layer 2 Services module. Information About Implementing 802.1ah Provider Backbone Bridge To implement 802.1ah, you must understand these concepts: • Benefits of IEEE 802.1ah standard, page 304 • IEEE 802.1ah Standard for Provider Backbone Bridging Overview, page 305 • Backbone Edge Bridges, page 307 • IB-BEB, page 308 Benefits of IEEE 802.1ah standard The benefits of IEEE 802.1ah provider backbone bridges are as follows: • Increased service instance scalability • MAC address scalabilityImplementing IEEE 802.1ah Provider Backbone Bridge Information About Implementing 802.1ah Provider Backbone Bridge LSC-305 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 IEEE 802.1ah Standard for Provider Backbone Bridging Overview The IEEE 802.1ah Provider Backbone Bridge feature encapsulates or decapsulates end-user traffic on a Backbone Edge Bridge (BEB) at the edge of the Provider Backbone Bridged Network (PBBN). A Backbone Core Bridge (BCB) based network provides internal transport of the IEEE 802.1ah encapsulated frames within the PBBN. Figure 24 shows a typical 802.1ah PBB network. Figure 24 IEEE 802.1ah Provider Backbone Bridge Access Network (802.1ad) Access Network (802.1ad) UNI (.1ad) UNI (.1ah) UNI (.1ah) UNI (.1ad) Core Network (802.1ah) CE PEB PB PB PB CE CE PEB PB PB PEB PB BEB BEB BEB BCB BCB BCB PB - provider bridge 281789Implementing IEEE 802.1ah Provider Backbone Bridge Information About Implementing 802.1ah Provider Backbone Bridge LSC-306 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Figure 25 shows a typical provider backbone network topology. Figure 25 Provider Back Bone Network Topology Ethernet link carrying backbone frames comprising backbone SA and DA, B-VLAN tag, I-tag and customer frame Ethernet link carrying customer frames comprising optional service VLAN tag and original octets of data BEB internal link between edge BD and backbone BD 278091 Backbone BD BEB BEB CE CE Backbone BD Edge BD Backbone BD Edge BD Backbone BD BCB BCB Provider Network Port Provider Network Port Provider Network Port Provider Network Port Customer Network Port Customer Network Port PBBNImplementing IEEE 802.1ah Provider Backbone Bridge Information About Implementing 802.1ah Provider Backbone Bridge LSC-307 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Backbone Edge Bridges Backbone edge bridges (BEBs) can contain either an I-Component or a B-Component. The I-Component maps service VLAN identifiers (S-VIDs) to service instance identifiers (I-SIDs) and adds a provider backbone bridge (PBB) header without a backbone VLAN tag (B-Tag). The B-Component maps I-SIDs to backbone VIDs (B-VIDs) and adds a PBB header with a B-Tag. The IEEE 802.1ah standard specifies these three types of BEBs: • The B-BEB contains the B-Component of the MAC-in-MAC bridge. It validates the I-SIDs and maps the frames onto the backbone VLAN (B-VLAN). It also switches traffic based on the B-VLANS within the core bridge. • The I-BEB contains the I-Component of the MAC-in-MAC bridge. It performs B-MAC encapsulation and inserts the I-SIDs based on the provider VLAN tags (S-tags), customer VLAN tags (C-tags), or S-tag/C-tag pairs. • The IB-BEB contains one or more I-Components and a single B-Component interconnected through a LAN segment. Note Only IB-BEBs are supported on Cisco ASR 9000 Series Routers. Cisco IOS XR supports IB-BEB bridge type at the Edge node. Figure 26 shows the PBB bridge component topology on the Cisco ASR 9000 Series Routers. Figure 26 PBB Bridge Component Topology on Cisco ASR 9000 Series Routers I-component Provider Network Port (PNP) Core BD B-component CBP VIP VIP VIP Edge BD-1 Edge BD-2 Edge BD-n Provider Network Port (PNP) EFP-x EFP-y EFP-1 EFP-2 EFP-m System internal virtual port Customer Network Port (CNP) Customer Network Port (CNP) 278090Implementing IEEE 802.1ah Provider Backbone Bridge Information About Implementing 802.1ah Provider Backbone Bridge LSC-308 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 IB-BEB The IB-BEB contains both the I-Component and the B-Component. The bridge selects the B-MAC and inserts the I-SID based on the provider VLAN tag (S-tag), the customer VLAN tag (C-tag), or both the S-tag and the C-tag. It validates the I-SIDs and it transmits and receives frames on the B-VLAN. The IEEE 802.1ah on Provider Backbone Bridges feature supports all services mandated by the IEEE 802.1ah standard and extends the services to provides these additional functionalities: • S-Tagged Service: – In multiplexed environments each S-tag maps to an I-SID and may be retained or removed. – In bundled environments multiple S-tags map to the same I-SID and the S-tags must be retained. • C-Tagged Service: – In multiplexed environments each C-tag maps to an I-SID and may be retained or removed. – In bundled environments multiple C-tags map to the same I-SID and the C-tags must be retained. • S/C-Tagged Service: – In multiplexed environments each S-tag/C-tag pair maps to an I-SID. The S-tag or the S-tag/C-tag pair may be retained or removed. – In bundled environments multiple S-tag/C-tags pairs map to the same I-SID and the S-tag/C-tag pair must be retained. • Port-based Service – A port-based service interface is delivered on a Customer Network Port (CNP). A port-based service interface may attach to a C-VLAN Bridge, 802.1d bridge, router or end-station. The service provided by this interface forwards all frames without an S-Tag over the backbone on a single backbone service instance. A port-based interface discards all frames with an S-Tag that have non-null VLAN IDs. This example shows how to configure a port-based service: interface GigabitEthernet0/0/0/10.100 l2transport encapsulation untagged --> Creates an EFP for untagged frames. interface GigabitEthernet0/0/0/10.101 l2transport encapsulation dot1ad priority-tagged --> Creates an EFP for null S-tagged frames. interface GigabitEthernet0/0/0/10.102 l2transport encapsulation dot1q priority-tagged --> Creates an EFP for null C-tagged frames: interface GigabitEthernet0/0/0/10.103 l2transport encapsulation dot1q any --> Creates an EFP for C-tagged frames: Note To configure a port-based service, all the above EFPs must be added to the same edge bridge domain.Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge LSC-309 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 How to Implement 802.1ah Provider Backbone Bridge This section contains these procedures: • Restrictions for Implementing 802.1ah Provider Backbone Bridge, page 309 • Configuring Ethernet Flow Points on CNP and PNP Ports, page 309 • Configuring PBB Edge Bridge Domain and Service Instance ID, page 311 • Configuring the PBB Core Bridge Domain, page 313 • Configuring Backbone VLAN Tag under the PBB Core Bridge Domain, page 314 • Configuring Backbone Source MAC Address, page 316 (optional) • Configuring Unknown Unicast Backbone MAC under PBB Edge Bridge Domain, page 319 (optional) • Configuring Static MAC addresses under PBB Edge Bridge Domain, page 321 (optional) Restrictions for Implementing 802.1ah Provider Backbone Bridge These features are not supported: • Cross-connect based point to point services over MAC-in-MAC • One Edge bridge to multiple Core bridge mapping • I type backbone edge bridge (I-BEB) and B type backbone edge bridge (B-BEB) • IEEE 802.1ah over VPLS • Multiple source B-MAC addresses per chassis • Direct encapsulation of 802.1ah formatted packets natively over an MPLS LSP encapsulation Configuring Ethernet Flow Points on CNP and PNP Ports Perform this task to configure an Ethernet flow point (EFP) on the customer network port (CNP) or the provider network port (PNP). SUMMARY STEPS 1. configure 2. interface type interface-path-id.subinterface l2transport 3. encapsulation dot1q vlan-id or encapsulation dot1ad vlan-id or encapsulation dot1ad vlan-id dot1q vlan-id 4. end or commitImplementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge LSC-310 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 interface type interface-path-id.subinterface l2transport Example: RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet0/0/0/10.100 l2transport Configures an interface for L2 switching. Step 3 encapsulation dot1q vlan-id or encapsulation dot1ad vlan-id or encapsulation dot1ad vlan-id dot1q vlan-id Example: RP/0/RSP0/CPU0:router(config-subif)# encapsulation dot1q 100 or encapsulation dot1ad 100 or encapsulation dot1ad 100 dot1q 101 Assigns the matching VLAN ID and Ethertype to the interfac Step 4 end or commit Example: RP/0/RSP0/CPU0:router(config-subif)# end or RP/0/RSP0/CPU0:router(config-subif)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge LSC-311 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Configuring PBB Edge Bridge Domain and Service Instance ID Perform this task to configure a PBB edge domain and the service ID. Note To configure the PBB feature, login with admin user privileges and issue the hw-module profile feature l2 command to select an ASR 9000 Ethernet line card ucode version that supports the PBB feature. The PBB feature will not be supported on the ASR 9000 Ethernet line card unless you make this configuration. For more information on configuring the feature profile, refer to the Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group group-name 4. bridge-domain domain-name 5. interface type interface-path-id.subinterface 6. pbb edge i-sid service-id core-bridge core-bridge-name 7. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group pbb Enters configuration mode for the named bridge group. This command creates a new bridge group or modifies the existing bridge group if it already exists. A bridge group organizes bridge domains. Step 4 bridge-domain domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridgedomain pbb-edge Enters configuration mode for the named bridge domain. This command creates a new bridge domain or modifies the existing bridge domain, if it already exists.Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge LSC-312 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Step 5 interface type interface-path-id.subinterface Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#inter face GigabitEthernet0/5/0/0.20 Assigns the matching VLAN ID and Ethertype to the interface. This EFP is considered as the CNP for the Edge bridge. Step 6 pbb edge i-sid service-id core-bridge core-bridge-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# pbb edge i-sid 1000 core-bridge pbb-core Configures the bridge domain as PBB edge with the service identifier and the assigned core bridge domain, and enters the PBB edge configuration submode. This command also creates the Virtual instance port (VIP) that associates the PBB Edge bridge domain to the specified Core bridge domain. All the interfaces (bridge ports) under this bridge domain are treated as the customer network ports (CNP). Step 7 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbbedge)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbbedge)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge LSC-313 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Configuring the PBB Core Bridge Domain Perform this task to configure the PBB core bridge domain. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group group-name 4. bridge-domain domain-name 5. interface type interface-path-id.subinterface 6. pbb core 7. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group pbb Enters configuration mode for the named bridge group. This command creates a new bridge group or modifies the existing bridge group, if it already exists. A bridge group organizes bridge domains. Step 4 bridge-domain domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridgedomain pbb-core Enters configuration mode for the named bridge domain. This command creates a new bridge domain or modifies the existing bridge domain if it already exists. Step 5 interface type interface-path-id.subinterface Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#inter face GigabitEthernet0/5/0/0.20 Assigns the matching VLAN ID and Ethertype to the interface.Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge LSC-314 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Configuring Backbone VLAN Tag under the PBB Core Bridge Domain Perform this task to configure the backbone VLAN tag under the PBB core bridge domain. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group group-name 4. bridge-domain domain-name 5. interface type interface-path-id.subinterface 6. interface type interface-path-id.subinterface 7. pbb core 8. rewrite ingress tag push dot1ad vlan-id symmetric 9. end or commit Step 6 pbb core Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# pbb core Configures the bridge domain as PBB core and enters the PBB core configuration submode. This command also creates an internal port known as Customer bridge port (CBP). All the interfaces (bridge ports) under this bridge domain are treated as the provider network ports (PNP). Step 7 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbbcore)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbbcore)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge LSC-315 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group pbb Enters configuration mode for the named bridge group. This command creates a new bridge group or modifies the existing bridge group if it already exists. A bridge group organizes bridge domains. Step 4 bridge-domain domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridgedomain pbb-core Enters configuration mode for the named bridge domain. This command creates a new bridge domain or modifies the existing bridge domain if it already exists. Step 5 interface type interface-path-id.subinterface Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#inter face GigabitEthernet0/5/0/0.20 Assigns the matching VLAN ID and Ethertype to the interface. Step 6 interface type interface-path-id.subinterface Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#in terface GigabitEthernet0/5/0/1.15 Adds an interface to a bridge domain that allows packets to be forwarded and received from other interfaces that are part of the same bridge domain. The interface now becomes an attachment circuit on this bridge domain. Step 7 pbb core Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# pbb core Configures the bridge domain as PBB core and enters the PBB core configuration submode. This command also creates an internal port known as Customer bridge port (CBP). All the interfaces (bridge ports) under this bridge domain are treated as the provider network ports (PNP). Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge LSC-316 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Configuring Backbone Source MAC Address The backbone source MAC address (B-SA) is a unique address for a backbone network. Each Cisco ASR 9000 Series Router has one backbone source MAC address. If B-SA is not configured, then the largest MAC in the EEPROM is used as the PBB B-SA. Note The backbone source MAC address configuration is optional. If you do not configure the backbone source MAC address, the Cisco ASR 9000 Series Routers allocate a default backbone source MAC address from the chassis backplane MAC pool. Step 8 rewrite ingress tag push dot1ad vlan-id symmetric Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbbcore)# end Configures the backbone VLAN tag in the Mac-in-MAC frame and also, sets the tag rewriting policy. Note All PNPs in a Core bridge domain use the same backbone VLAN. Step 9 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbbcore)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbbcore)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge LSC-317 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Perform this task to configure the backbone source MAC address. SUMMARY STEPS 1. configure 2. l2vpn 3. pbb 4. backbone-source-mac mac-address 5. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 pbb Example: RP/0/RSP0/CPU0:router(config-l2vpn)# pbb Enters PBB configuration mode.Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge LSC-318 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Step 4 backbone-source-address mac-address Example: RP/0/RSP0/CPU0:router(config-l2vpn-pbb)# backbone-source-address 0045.1200.04 Configures the backbone source MAC address. Step 5 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-pbb)# end or RP/0/RSP0/CPU0:router(config-l2vpn-pbb)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge LSC-319 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Configuring Unknown Unicast Backbone MAC under PBB Edge Bridge Domain Perform this task to configure the unknown unicast backbone MAC under the PBB edge bridge domain. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group group-name 4. bridge-domain domain-name 5. interface type interface-path-id.subinterface 6. pbb edge i-sid service-id core-bridge core-bridge-name 7. unknown-unicast-bmac mac-address 8. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group pbb Enters configuration mode for the named bridge group. This command creates a new bridge group or modifies the existing bridge group if it already exists. A bridge group organizes bridge domains. Step 4 bridge-domain domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridgedomain pbb-edge Enters configuration mode for the named bridge domain. This command creates a new bridge domain or modifies the existing bridge domain if it already exists. Step 5 interface type interface-path-id.subinterface Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#inter face GigabitEthernet0/5/0/0.20 Assigns the matching VLAN ID and Ethertype to the interface.Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge LSC-320 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Step 6 pbb edge i-sid service-id core-bridge core-bridge-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# pbb edge i-sid 1000 core-bridge pbb-core Configures the bridge domain as PBB edge with the service identifier and the assigned core bridge domain and enters the PBB edge configuration submode. This command also creates the Virtual instance port (VIP) that associates the PBB Edge bridge domain to the specified Core bridge domain. All the interfaces (bridge ports) under this bridge domain are treated as the customer network ports (CNP). Step 7 unknown-unicast-bmac mac-address Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb-ed ge)# unknown-unicast-bmac 1.1.1 Configures unknown unicast backbone MAC address. Note On Trident line cards, once you configure the unknown unicast BMAC, the BMAC is used to forward customer traffic with multicast, broadcast and unknown unicast destination MAC address. Step 8 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbbedge)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbbedge)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge LSC-321 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Configuring Static MAC addresses under PBB Edge Bridge Domain Perform this task to configure the static MAC addresses under the PBB edge bridge domain. SUMMARY STEPS 1. configure 2. l2vpn 3. bridge group group-name 4. bridge-domain domain-name 5. interface type interface-path-id.subinterface 6. interface type interface-path-id.subinterface 7. pbb edge i-sid service-id core-bridge core-bridge-name 8. static-mac-address cda-mac-address bmac bda-mac-address 9. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Enters global configuration mode. Step 2 l2vpn Example: RP/0/RSP0/CPU0:router(config)# l2vpn Enters L2VPN configuration mode. Step 3 bridge group bridge-group-name Example: RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group pbb Enters configuration mode for the named bridge group. This command creates a new bridge group or modifies the existing bridge group if it already exists. A bridge group organizes bridge domains. Step 4 bridge-domain domain-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridgedomain pbb-edge Enters configuration mode for the named bridge domain. This command creates a new bridge domain or modifies the existing bridge domain if it already exists. Step 5 interface type interface-path-id.subinterface Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#inter face GigabitEthernet0/5/0/0.20 Assigns the matching VLAN ID and Ethertype to the interface.Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge LSC-322 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Step 6 interface type interface-path-id.subinterface Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#in terface GigabitEthernet0/5/0/1.15 Adds an interface to a bridge domain that allows packets to be forwarded and received from other interfaces that are part of the same bridge domain. The interface now becomes an attachment circuit on this bridge domain. Step 7 pbb edge i-sid service-id core-bridge core-bridge-name Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# pbb edge i-sid 1000 core-bridge pbb-core Configures the bridge domain as PBB edge with the service identifier and the assigned core bridge domain and enters the PBB edge configuration submode. This command also creates the Virtual instance port (VIP) that associates the PBB Edge bridge domain to the specified Core bridge domain. All the interfaces (bridge ports) under this bridge domain are treated as the customer network ports (CNP). Step 8 static-mac-address cda-mac-address bmac bda-mac-address Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb-ed ge)#static-mac-address 0033.3333.3333 bmac 0044.4444.4444 Configures the static CMAC to BMAC mapping under the PBB Edge submode. Step 9 end or commit Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbbedge)# end or RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbbedge)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing IEEE 802.1ah Provider Backbone Bridge Configuration Examples for Implementing 802.1ah Provider Backbone Bridge LSC-323 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Configuration Examples for Implementing 802.1ah Provider Backbone Bridge This section provides these configuration examples: • Configuring Ethernet Flow Points: Example, page 323 • Configuring PBB Edge Bridge Domain and Service Instance ID: Example, page 323 • Configuring PBB Core Bridge Domain: Example, page 324 • Configuring Backbone VLAN Tag: Example, page 324 • Configuring Backbone Source MAC Address: Example, page 324 • Configuring Static Mapping and Unknown Unicast MAC Address under the PBB Edge Bridge Domain, page 325 Configuring Ethernet Flow Points: Example This example shows how to configure Ethernet flow points: config interface GigabitEthernet0/0/0/10.100 l2transport encapsulation dot1q 100 or encapsulation dot1ad 100 or encapsulation dot1ad 100 dot1q 101 Configuring PBB Edge Bridge Domain and Service Instance ID: Example This example shows how to configure the PBB edge bridge domain: config l2vpn bridge group PBB bridge-domain PBB-EDGE interface GigabitEthernet0/0/0/38.100 ! interface GigabitEthernet0/2/0/30.150 ! pbb edge i-sid 1000 core-bridge PBB-CORE ! ! !Implementing IEEE 802.1ah Provider Backbone Bridge Configuration Examples for Implementing 802.1ah Provider Backbone Bridge LSC-324 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Configuring PBB Core Bridge Domain: Example This example shows how to configure the PBB core bridge domain: config l2vpn bridge group PBB bridge-domain PBB-CORE interface G0/5/0/10.100 ! interface G0/2/0/20.200 ! pbb core ! ! ! Configuring Backbone VLAN Tag: Example This example shows how to configure the backbone VLAN tag: config l2vpn bridge group PBB bridge-domain PBB-CORE interface G0/5/0/10.100 ! interface G0/2/0/20.200 ! pbb core rewrite ingress tag push dot1ad 100 symmetric ! ! ! Configuring Backbone Source MAC Address: Example This example shows how to configure the backbone source MAC address: config l2vpn pbb backbone-source-mac 0045.1200.04 ! !Implementing IEEE 802.1ah Provider Backbone Bridge Additional References LSC-325 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Configuring Static Mapping and Unknown Unicast MAC Address under the PBB Edge Bridge Domain This example shows how to configure static mapping and unknown unicast MAC address under the PBB edge bridge domain: config l2vpn bridge group PBB bridge-domain PBB-EDGE interface GigabitEthernet0/0/0/38.100 ! interface GigabitEthernet0/2/0/30.150 ! pbb edge i-sid 1000 core-bridge PBB-CORE static-mac-address 0033.3333.3333 bmac 0044.4444.4444 unknown-unicast-bmac 0123.8888.8888 ! ! ! Additional References These sections provide references related to implementing 802.1ah on Cisco ASR 9000 Series Routers. Related Documents Standards Related Topic Document Title 802.1ah commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples Provider Backbone Bridge Commands module in Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Command Reference Standards Title No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. —Implementing IEEE 802.1ah Provider Backbone Bridge Additional References LSC-326 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 MIBs RFCs Technical Assistance MIBs MIBs Link — To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at this URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml RFCs Title No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature. — Description Link The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. http://www.cisco.com/techsupportLSC-327 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Implementing Multiple Spanning Tree Protocol This module provides conceptual and configuration information for Multiple Spanning Tree Protocol on Cisco ASR 9000 Series Routers. Multiple Spanning Tree Protocol (MSTP) is a spanning-tree protocol used to prevent loops in bridge configurations. Unlike other types of STPs, MSTP can block ports selectively by VLAN. Feature History for Implementing Multiple Spanning Tree Protocol Contents • Prerequisites for Implementing Multiple Spanning Tree Protocol, page 328 • Information About Implementing Multiple Spanning Tree Protocol, page 328 • How to Implement Multiple Spanning Tree Protocol, page 342 • Configuration Examples for Implementing MSTP, page 365 • Additional References, page 374 Release Modification Release 3.7.3 This feature was introduced on Cisco ASR 9000 Series Routers. Release 3.9.1 Support for MSTP over Bundles feature was added. Release 4.0.1 Support for PVST+ and PVSTAG features was added. Release 4.1.0 Support for MSTAG Edge Mode feature was added.Implementing Multiple Spanning Tree Protocol Prerequisites for Implementing Multiple Spanning Tree Protocol LSC-328 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Prerequisites for Implementing Multiple Spanning Tree Protocol This prerequisite applies to implementing MSTP: You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Information About Implementing Multiple Spanning Tree Protocol To implement Ethernet services access lists, you must understand these concepts: • Spanning Tree Protocol Overview • Multiple Spanning Tree Protocol Overview • MSTP Supported Features • Restrictions for configuring MSTP • Access Gateway • Multiple VLAN Registration Protocol Spanning Tree Protocol Overview Ethernet is no longer just a link-layer technology used to interconnect network vehicles and hosts. Its low cost and wide spectrum of bandwidth capabilities coupled with a simple plug and play provisioning philosophy have transformed Ethernet into a legitimate technique for building networks, particularly in the access and aggregation regions of service provider networks. Ethernet networks lacking a TTL field in the Layer 2 (L2) header and, encouraging or requiring multicast traffic network-wide, are susceptible to broadcast storms if loops are introduced. However, loops are a desirable property as they provide redundant paths. Spanning tree protocols (STP) are used to provide a loop free topology within Ethernet networks, allowing redundancy within the network to deal with link failures. There are many variants of STP; however, they work on the same basic principle. Within a network that may contain loops, a sufficient number of interfaces are disabled by STP so as to ensure that there is a loop-free spanning tree, that is, there is exactly one path between any two devices in the network. If there is a fault in the network that affects one of the active links, the protocol recalculates the spanning tree so as to ensure that all devices continue to be reachable. STP is transparent to end stations which cannot detect whether they are connected to a single LAN segment or to a switched LAN containing multiple segments and using STP to ensure there are no loops.Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol LSC-329 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 STP Protocol Operation All variants of STP operate in a similar fashion: STP frames (known as bridge protocol data units (BPDUs)) are exchanged at regular intervals over Layer 2 LAN segments, between network devices participating in STP. Such network devices do not forward these frames, but use the information to construct a loop free spanning tree. The spanning tree is constructed by first selecting a device which is the root of the spanning tree (known as the root bridge), and then by determining a loop free path from the root bridge to every other device in the network. Redundant paths are disabled by setting the appropriate ports into a blocked state, where STP frames can still be exchanged but data traffic is never forwarded. If a network segment fails and a redundant path exists, the STP protocol recalculates the spanning tree topology and activates the redundant path, by unblocking the appropriate ports. The selection of the root bridge within an STP network is determined by the configured priority and the embedded bridge ID of each device. The device with the lowest priority, or with equal lowest priority but the lowest bridge ID, is selected as the root bridge. The selection of the active path among a set of redundant paths is determined primarily by the port path cost. The port path cost represents the cost of transiting between that port and the root bridge - the further the port is from the root bridge, the higher the cost. The cost is incremented for each link in the path, by an amount that is (by default) dependent on the media speed. Where two paths from a given LAN segment have an equal cost, the selection is further determined by the priority and bridge ID of the attached devices, and in the case of two attachments to the same device, by the configured port priority and port ID of the attached ports. Once the active paths have been selected, any ports that do not form part of the active topology are moved to the blocking state. Topology Changes Network devices in a switched LAN perform MAC learning; that is, they use received data traffic to associate unicast MAC addresses with the interface out of which frames destined for that MAC address should be sent. If STP is used, then a recalculation of the spanning tree (for example, following a failure in the network) can invalidate this learned information. The protocol therefore includes a mechanism to notify topology changes around the network, so that the stale information can be removed (flushed) and new information can be learned based on the new topology. A Topology Change notification is sent whenever STP moves a port from the blocking state to the forwarding state. When it is received, the receiving device flushes the MAC learning entries for all ports that are not blocked other than the one where the notification was received, and also sends its own topology change notification out of those ports. In this way, it is guaranteed that stale information is removed from all the devices in the network. Variants of STP There are many variants of the Spanning Tree Protocol: • Legacy STP (STP)—The original STP protocol was defined in IEEE 802.1D-1998. This creates a single spanning tree which is used for all VLANs and most of the convergence is timer-based. • Rapid STP (RSTP)—This is an enhancement defined in IEEE 802.1D-2004 to provide more event-based, and hence faster, convergence. However, it still creates a single spanning tree for all VLANs.Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol LSC-330 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 • Multiple STP (MSTP)—A further enhancement was defined in IEEE 802.1Q-2005. This allows multiple spanning trees to be created over the same physical topology. By assigning different VLANs to the different spanning trees, data traffic can be load-balanced over different physical links. The number of different spanning trees that can be created is restricted to a much smaller number than the number of possible VLANs; however, multiple VLANs can be assigned to the same spanning tree. The BPDUs used to exchange MSTP information are always sent untagged; the VLAN and spanning tree instance data is encoded inside the BPDU. • Per-Vlan STP (PVST)—This is an alternative mechanism for creating multiple spanning trees; it was developed by Cisco before the standardization of MSTP. Using PVST, a separate spanning tree is created for each VLAN. There are two variants: PVST+ (based on legacy STP), and PVRST (based on RSTP). At a packet level, the separation of the spanning trees is achieved by sending standard STP or RSTP BPDUs, tagged with the appropriate VLAN tag. • REP (Cisco-proprietary ring-redundancy protocol)— This is a Cisco-proprietary protocol for providing resiliency in rings. It is included for completeness, as it provides MSTP compatibility mode, using which, it interoperates with an MSTP peer. Multiple Spanning Tree Protocol Overview The Multiple Spanning Tree Protocol (MSTP) is an STP variant that allows multiple and independent spanning trees to be created over the same physical network. The parameters for each spanning tree can be configured separately, so as to cause a different network devices to be selected as the root bridge or different paths to be selected to form the loop-free topology. Consequently, a given physical interface can be blocked for some of the spanning trees and unblocked for others. Having set up multiple spanning trees, the set of VLANs in use can be partitioned among them; for example, VLANs 1 - 100 can be assigned to spanning tree 1, VLANs 101 - 200 can be assigned to spanning tree 2, VLANs 201 - 300 can be assigned to spanning tree 3, and so on. Since each spanning tree has a different active topology with different active links, this has the effect of dividing the data traffic among the available redundant links based on the VLAN - a form of load balancing. MSTP Regions Along with supporting multiple spanning trees, MSTP also introduces the concept of regions. A region is a group of devices under the same administrative control and have similar configuration. In particular, the configuration for the region name, revision, and the mapping of VLANs to spanning tree instances must be identical on all the network devices in the region. A digest of this information is included in the BPDUs sent by each device, so as to allow other devices to verify whether they are in the same region. Figure 27 shows the operation of MST regions when bridges running MSTP are connected to bridges running legacy STP or RSTP. In this example, switches SW1, SW2, SW3, SW4 support MSTP, while switches SW5 and SW6 do not.Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol LSC-331 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Figure 27 MST Interaction with Non-MST Regions To handle this situation, an Internal Spanning Tree (IST) is used. This is always spanning tree instance 0 (zero). When communicating with non-MSTP-aware devices, the entire MSTP region is represented as a single switch. The logical IST topology in this case is shown in Figure 28. Figure 28 Logical Topology in MST Region Interacting with Non-MST Bridges The same mechanism is used when communicating with MSTP devices in a different region. For example, SW5 in Figure 28 could represent a number of MSTP devices, all in a different region compared to SW1, SW2, SW3 and SW4. MSTP Port Fast MSTP includes a Port Fast feature for handling ports at the edge of the switched Ethernet network. For devices that only have one link to the switched network (typically host devices), there is no need to run MSTP, as there is only one available path. Furthermore, it is undesirable to trigger topology changes (and resultant MAC flushes) when the single link fails or is restored, as there is no alternative path. By default, MSTP monitors ports where no BPDUs are received, and after a timeout, places them into edge mode whereby they do not participate in MSTP. However, this process can be speeded up (and convergence of the whole network thereby improved) by explicitly configuring edge ports as port fast. 247171 Non MST regions MST regions SW5 SW6 SW1 SW2 SW3 SW4 247172 Non MST regions MST region as a bridge in IST topology SW5 SW6Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol LSC-332 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Note Port Fast is implemented as a Cisco-proprietary extension in Cisco implementations of legacy STP. However, it is encompassed in the standards for RSTP and MSTP, where it is known as Edge Port. MSTP Root Guard In networks with shared administrative control, it may be desirable for the network administrator to enforce aspects of the network topology and in particular, the location of the root bridge. By default, any device can become the root bridge for a spanning tree, if it has a lower priority or bridge ID. However, a more optimal forwarding topology can be achieved by placing the root bridge at a specific location in the centre of the network. Note The administrator can set the root bridge priority to 0 in an effort to secure the root bridge position; however, this is no guarantee against another bridge which also has a priority of 0 and has a lower bridge ID. The root guard feature provides a mechanism that allows the administrator to enforce the location of the root bridge. When root guard is configured on an interface, it prevents that interface from becoming a root port (that is, a port via which the root can be reached). If superior information is received via BPDUs on the interface that would normally cause it to become a root port, it instead becomes a backup or alternate port. In this case, it is placed in the blocking state and no data traffic is forwarded. The root bridge itself has no root ports. Thus, by configuring root guard on every interface on a device, the administrator forces the device to become the root, and interfaces receiving conflicting information are blocked. Note Root Guard is implemented as a Cisco-proprietary extension in Cisco implementations of legacy STP and RSTP. However, it is encompassed in the standard for MSTP, where it is known as Restricted Role. MSTP Topology Change Guard In certain situations, it may be desirable to prevent topology changes originating at or received at a given port from being propagated to the rest of the network. This may be the case, for example, when the network is not under a single administrative control and it is desirable to prevent devices external to the core of the network from causing MAC address flushing in the core. This behavior can be enabled by configuring Topology Change Guard on the port. Note Topology Change Guard is known as Restricted TCN in the MSTP standard.Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol LSC-333 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 MSTP Supported Features Cisco ASR 9000 Series Routers support MSTP, as defined in IEEE 802.1Q-2005, on physical Ethernet interfaces and Ethernet Bundle interfaces. Note that this includes the Port Fast, Backbone Fast, Uplink Fast and Root Guard features found in Cisco implementations of legacy STP, RSTP and PVST, as these are encompassed by the standard MSTP protocol. Cisco ASR 9000 Series Routers can operate in either standard 802.1Q mode, or in Provide Edge (802.1ad) mode. In provider edge mode, a different MAC address is used for BPDUs, and any BPDUs received with the 802.1Q MAC address are forwarded transparently. In addition, these additional Cisco features are supported: • BPDU Guard—This Cisco feature protects against misconfiguration of edge ports. • Flush Containment—This Cisco feature helps prevent unnecessary MAC flushes that would otherwise occur following a topology change. • Bringup Delay—This Cisco feature prevents an interface from being added to the active topology before it is ready to forward traffic. Note Interoperation with RSTP is supported, as described in the 802.1Q standard; however, interoperation with legacy STP is not supported. BPDU Guard BPDU Guard is a Cisco feature that protects against misconfiguration of edge ports. It is an enhancement to the MSTP port fast feature. When port fast is configured on an interface, MSTP considers that interface to be an edge port and removes it from consideration when calculating the spanning tree. When BPDU Guard is configured, MSTP additionally shuts down the interface using error-disable if an MSTP BPDU is received. Flush Containment Flush containment is a Cisco feature that helps prevent unnecessary MAC flushes due to unrelated topology changes in other areas of a network. This is best illustrated by example. Figure 29 shows a network containing four devices. Two VLANs are in use: VLAN 1 is only used on device D, while VLAN 2 spans devices A, B and C. The two VLANs are in the same spanning tree instance, but do not share any links. Figure 29 Flush Containment If the link AB goes down, then in normal operation, as C brings up its blocked port, it sends out a topology change notification on all other interfaces, including towards D. This causes a MAC flush to occur for VLAN 1, even though the topology change which has taken place only affects VLAN 2. VLAN 1 VLAN 2 254825 A B D CImplementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol LSC-334 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Flush containment helps deal with this problem by preventing topology change notifications from being sent on interfaces on which no VLANs are configured for the MSTI in question. In the example network this would mean no topology change notifications would be sent from C to D, and the MAC flushes which take place would be confined to the right hand side of the network. Note Flush containment is enabled by default, but can be disabled by configuration, thus restoring the behavior described in the IEEE 802.1Q standard. Bringup Delay Bringup delay is a Cisco feature that stops MSTP from considering an interface when calculating the spanning tree, if the interface is not yet ready to forward traffic. This is useful when a line card first boots up, as the system may declare that the interfaces on that card are Up before the dataplane is fully ready to forward traffic. According to the standard, MSTP considers the interfaces as soon as they are declared Up, and this may cause it to move other interfaces into the blocking state if the new interfaces are selected instead. Bringup delay solves this problem by adding a configurable delay period which occurs as interfaces that are configured with MSTP first come into existence. Until this delay period ends, the interfaces remain in blocking state, and are not considered when calculating the spanning tree. Bringup delay only takes place when interfaces which are already configured with MSTP are created, for example, on a card reload. No delay takes place if an interface which already exists is later configured with MSTP. Restrictions for configuring MSTP These restrictions apply when using MSTP: • MSTP must only be enabled on interfaces where the interface itself (if it is in L2 mode) or all of the subinterfaces have a simple encapsulation configured. These encapsulation matching criteria are considered simple: – Single-tagged 802.1Q frames – Double-tagged Q-in-Q frames (only the outermost tag is examined) – 802.1ad frames (if MSTP is operating in Provider Bridge mode) – Ranges or lists of tags (any of the above) Note Subinterfaces with a default and untagged encapsulation are not supported. • If an L2 interface or subinterface is configured with an encapsulation that matches multiple VLANs, then all of those VLANs must be mapped to the same spanning tree instance. There is therefore a single spanning tree instance associated with each L2 interface or subinterface. • All the interfaces or subinterfaces in a given bridge domain must be associated with the same spanning tree instance. • Multiple subinterfaces on the same interface must not be associated with the same spanning tree instance, unless those subinterfaces are in the same split horizon group. In other words, hair-pinning is not possible.Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol LSC-335 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 • Across the network, L2 interfaces or subinterfaces must be configured on all redundant paths for all the VLANs mapped to each spanning tree instance. This is to avoid inadvertent loss of connectivity due to STP blocking of a port. Caution A subinterface with a default or untagged encapsulation will lead to an MSTP state machine failure. Access Gateway One common deployment scenario for Cisco ASR 9000 Series Routers is as an nPE gateway device situated between a network of uPE access devices and a core or aggregation network. Each gateway device may provide connectivity for many access networks, as shown in Figure 30. The access networks (typically rings) have redundant links to the core or aggregation network, and therefore must use some variant of STP or a similar protocol to ensure the network remains loopfree. Figure 30 Core or Aggregation Network It is possible for the gateway devices to also participate in the STP protocol. However, since each gateway device may be connected to many access networks, this would result in one of two solutions: • A single topology is maintained covering all of the access networks. This is undesirable as it means topology changes in one access network could impact all the other access networks. • The gateway devices runs multiple instances of the STP protocol, one for each access network. This means a separate protocol database and separate protocol state machines are maintained for each access network, which is undesirable due to the memory and CPU resource that would be required on the gateway device. It can be seen that both of these options have significant disadvantages. Another alternative is for the gateway devices to tunnel protocol BPDUs between the legs of each access network, but not to participate in the protocol themselves. While this results in correct loopfree topologies, it also has significant downsides: Core/Aggregation Network 254826 Access networks Gateway device Gateway deviceImplementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol LSC-336 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 • Since there is no direct connection between the legs of the access ring, a failure in one of the leg links is not immediately detected by the access device connected to the other leg. Therefore, recovery from the failure must wait for protocol timeouts, which leads to a traffic loss of at least six seconds. • As the gateway devices do not participate in the protocol, they are not aware of any topology changes in the access network. The aggregation network may therefore direct traffic destined for the access network over the wrong leg, following a topology change. This can lead to traffic loss on the order of the MAC learning timeout (5 minutes by default). Access gateway is a Cisco feature intended to address this deployment scenario, without incurring the disadvantages of the solutions described above. Overview of Access Gateway Access gateway is based on two assumptions: • Both gateway devices provide connectivity to the core or aggregation network at all times. Generally, resiliency mechanisms used within the core or aggregation network are sufficient to ensure this is the case. In many deployments, VPLS is used in the core or aggregation network to provide this resiliency. • The desired root of all of the spanning trees for each access network is one of the gateway devices. This will be the case if (as is typical) the majority of the traffic is between an access device and the core or aggregation network, and there is little if any traffic between the access devices. With these assumptions, an STP topology can be envisaged where for every spanning tree, there is a virtual root bridge behind (that is, on the core side of) the gateway devices, and both gateway devices have a zero cost path to the virtual root bridge. In this case, the ports that connect the gateway devices to the access network would never be blocked by the spanning tree protocol, but would always be in the forwarding state. This is illustrated inFigure 31. Figure 31 Access Networks These ports will never be blocked Virtual Root Bridge Possible location of blocked port 254827 Access networks Gateway device Gateway device 0-cost link 0-cost linkImplementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol LSC-337 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 With this topology, it can be observed that the BPDUs sent by the gateway devices are constant: since the root bridge never changes (as we assume the aggregation or core network always provides connectivity) and the ports are always forwarding, the information sent in the BPDUs never changes. Access gateway makes use of this by removing the need to run the full STP protocol and associated state machines on the gateway devices, and instead just sends statically configured BPDUs towards the access network. The BPDUs are configured so as to mimic the behavior above, so that they contain the same information that would be sent if the full protocol was running. To the access devices, it appears that the gateway devices are fully participating in the protocol; however, since in fact the gateway devices are just sending static BPDUs, very little memory or CPU resource is needed on the gateway devices, and many access networks can be supported simultaneously. For the most part, the gateway devices can ignore any BPDUs received from the access network; however, one exception is when the access network signals a topology change. The gateway devices can act on this appropriately, for example by triggering an LDP MAC withdrawal in the case where the core or aggregation network uses VPLS. In many cases, it is not necessary to have direct connectivity between the gateway devices; since the gateway devices statically send configured BPDUs over the access links, they can each be configured independently (so long as the configuration on each is consistent). This also means that different access networks can use different pairs of gateway devices, as shown in Figure 32. Figure 32 Access Networks Note Although Figure 32 shows access rings, in general there are no restrictions on the access network topology or the number or location of links to the gateway devices. Access gateway ensures loop-free connectivity in the event of these failure cases: • Failure of a link in the access network. • Failure of a link between the access network and the gateway device. • Failure of an access device. • Failure of a gateway device. Core/Aggregation Network 254828 Access networks Gateway device Gateway device Gateway deviceImplementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol LSC-338 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Topology Change Propagation There is one case where the two gateway devices need to exchange BPDUs between each other, and this is to handle topology changes in the access network. If a failure in the access network results in a topology change that causes a previously blocked port to move to forwarding, the access device sends a topology change notification out on that port, so as to notify the rest of the network about the change and trigger the necessary MAC learning flushes. Typically, the topology change notification is sent towards the root bridge, in the case of access gateway, that means it is sent to one of the gateway devices. As described above, this causes the gateway device itself to take any necessary action; however, if the failure caused the access network to become partitioned, it may also be necessary to propagate the topology change notification to the rest of the access network, that is, the portion connected to the other gateway device. This can be achieved by ensuring there is connectivity between the gateway devices, so that each gateway device can propagate any topology change notifications it receives from the access network to the other device. When a gateway device receives a BPDU from the other gateway device that indicates a topology change, it signals this in the static BPDUs (that it is sending towards the access network). Topology Change Propagation is only necessary when these two conditions are met: • The access network contains three or more access devices. If there are fewer than three devices, then any possible failure must be detected by all the devices. • The access devices send traffic to each other, and not just to or from the core or aggregation network. If all the traffic is to or from the core or aggregation network, then all the access devices must either already be sending traffic in the right direction, or will learn about the topology change from the access device that originates it. Preempt Delay One of the assumptions underpinning access gateway is that the gateway devices are always available to provide connectivity to the core or aggregation network. However, there is one situation where this assumption may not hold, which is at bringup time. At bringup, it may be the case that the access facing interface is available before all of the necessary signaling and convergence has completed that means traffic can successfully be forwarded into the core or aggregation network. Since access gateway starts sending BPDUs as soon as the interface comes up, this could result in the access devices sending traffic to the gateway device before it is ready to receive it. To avoid this problem, the preempt delay feature is used. The preempt delay feature causes access gateway to send out inferior BPDUs for some period of time after the interface comes up, before reverting to the normal values. These inferior BPDUs can be configured such that the access network directs all traffic to the other gateway device, unless the other gateway device is also down. If the other gateway device is unavailable, it is desirable for the traffic to be sent to this device, even if it is only partially available, rather than being dropped completely. For this reason, inferior BPDUs are sent during the preempt delay time, rather than sending no BPDUs at all.Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol LSC-339 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Supported Access Gateway Protocols Access Gateway is supported on Cisco ASR 9000 Series Routers when the following protocols are used in the access network. MSTAG Edge Mode An access gateway is used in a Layer 2 (L2) environment to ensure that for each Multiple Spanning Tree Instance (MSTI), each access device has one path to the core or aggregation network. The core or aggregation network provides L2 (Ethernet) connectivity between two gateway devices. Therefore, when there are no failures, there must be at least one blocked port in the access network for each MSTI. In the case of an access ring, there should be one blocked port in the access ring. For each MSTI – this is typically one of the uplink ports that connects to one of the gateway devices. This is achieved by configuring MSTAG in such a way that the gateway devices appear to have the best path to the best possible Multiple Spanning Tree Protocol (MSTP) root node. Thus, the access devices always use the gateway devices to reach the root, and the ports on the gateway devices are always in the designated forwarding state. In a mixed Layer 2-Layer 3 environment, the L2 access network is used to provide a Layer 2 service on certain VLANs and a Layer 3 (L3) service on other VLANs. In the access network, a different MSTI is used for the L2 service and the L3 service. For the L2 VLANs, the core or aggregation network provides L2 connectivity between the gateway devices. However, for the L3 service, the gateway devices terminate the L2 network and perform L3 routing. Typically, an L3 redundancy mechanism such as HSRP or VRRP is used to allow the end hosts to route to the correct gateway. In this scenario, the use of MSTAG alone does not achieve the desired behavior for the L3 MSTI. This is because it results in one of the ports in the access network being blocked, even though there is actually no loop. (This, in turn, is because there is no L2 connectivity between the gateway devices for the L3 VLANs.) In fact, because the gateway devices terminate the L2 network for the L3 VLANs, the desirable behavior is for the MSTP root to be located in the access network, and for the gateway devices to appear as leaf nodes with a single connection. This can be achieved by reversing the MSTAG configuration; that is, setting the gateway devices to advertise the worst possible path to the worst possible root. This forces the access devices to elect one of the access devices as the root, and therefore, no ports are blocked. In this case, the ports on the gateway devices are always in root forwarding state. The MSTAG Edge mode feature enables this scenario by changing the role advertised by the gateway devices from designated to root. Figure 33 illustrates this scenario. Table 3 Protocols Access Network Protocol Access Gateway Variant MSTP MST Access Gateway (MSTAG) REP REP Access gateway (REPAG) 1 PVST+ PVST+ Access Gateway (PVSTAG) 2 PVRST PVRST Access Gateway (PVRSTAG) 3 1. REP Access Gateway is supported when the access device interfaces that connect to the gateway devices are configured with REP MSTP Compatibility mode. 2. Topology Change Propagation is not supported for PVSTAG. 3. Topology Change Propagation is not supported for PVRSTAG.Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol LSC-340 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Figure 33 MSTAG Edge Mode scenario For normal MSTAG, and for the L2 MSTIs, topology change notifications are propagated from one gateway device to the other, and re-advertised into the access network. However, for the L3 MSTI, this is not desirable. As there is no block for the L3 MSTI in the access network, the topology change notification could loop forever. To avoid that situation, MSTAG Edge mode completely disables handling of topology change notifications in the gateway devices. Multiple VLAN Registration Protocol The Multiple VLAN Registration Protocol is defined in IEEE 802.1ak and is used in MSTP based networks to optimize the propagation of multicast and broadcast frames. By default, multicast and broadcast frames are propagated to every point in the network, according to the spanning tree, and hence to every edge (host) device that is attached to the network. However, for a given VLAN, it may be the case that only certain hosts are interested in receiving the traffic for that VLAN. Furthermore, it may be the case that a given network device, or even an entire segment of the network, has no attached hosts that are interested in receiving traffic for that VLAN. In this case, an optimization is possible by avoiding propagating traffic for that VLAN to those devices that have no stake in it. MVRP provides the necessary protocol signaling that allows each host and device to indicate to its attached peers which VLANs it is interested in. MVRP-enabled devices can operate in two modes: D - Designated port (forwarding) R - Root port (forwarding) A - Alternate port (blocked) Core/Aggregation Network 246197 Gateway (ASR9k) L2 Root D R R D D D D R R R R D D R D A Gateway (ASR9k) Access Device Access Device Access Device L3 Root Physical Topology Logical Topology for L2 MSTI Logical Topology for L3 MSTIImplementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol LSC-341 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 • Static mode—In this mode, the device initiates MVRP messages declaring interest in a statically configured set of VLANs. Note that the protocol is still dynamic with respect to the MSTP topology; it is the set of VLANs that is static. • Dynamic mode—In this mode, the device processes MVRP messages received on different ports, and aggregates them dynamically to determine the set of VLANs it is interested in. It sends MVRP messages declaring interest in this set. In dynamic mode, the device also uses the received MVRP messages to prune the traffic sent out of each port so that traffic is only sent for the VLANs that the attached device has indicated it is interested in. Cisco ASR 9000 Series Routers support operating in static mode. This is known as MVRP-lite.Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-342 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 How to Implement Multiple Spanning Tree Protocol This section contains these procedures: • Configuring MSTP • Configuring MSTAG or REPAG • Configuring PVSTAG or PVRSTAG • Configuring MVRP-lite Configuring MSTP This section describes the procedure for configuring MSTP: • Enabling MSTP • Configuring MSTP parameters • Verifying MSTP Note This section does not describe how to configure data switching. Refer to the Implementing Multipoint Layer 2 Services module for more information. Enabling MSTP By default, STP is disabled on all interfaces. MSTP should be explicitly enabled by configuration on each physical or Ethernet Bundle interface. When MSTP is configured on an interface, all the subinterfaces of that interface are automatically MSTP-enabled. Configuring MSTP parameters The MSTP Standard defines a number of configurable parameters. The global parameters are: • Region Name and Revision • Bringup Delay • Forward Delay • Max Age or Hops • Transmit Hold Count • Provider Bridge mode • Flush Containment • VLAN IDs (per spanning-tree instance) • Bridge Priority (per spanning-tree instance) The per-interface parameters are: • External port path cost • Hello Time • Link TypeImplementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-343 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 • Port Fast and BPDU Guard • Root Guard and Topology Change Guard • Port priority (per spanning-tree instance) • Internal port path cost (per spanning-tree instance) Per-interface configuration takes place in an interface submode within the MST configuration submode. Note The configuration steps listed in the following sections show all of the configurable parameters. However, in general, most of these can be retained with the default value.Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-344 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 SUMMARY STEPS 1. configure 2. spanning-tree mst protocol instance identifier 3. bringup delay for interval {minutes | seconds} 4. flush containment disable 5. name name 6. revision revision-number 7. forward-delay seconds 8. maximum {age seconds | hops hops} 9. transmit hold-count count 10. provider-bridge 11. instance id 12. priority priority 13. vlan-id vlan-range [,vlan-range][,vlan-range][,vlan-range] 14. interface {Bundle-Ether | GigabitEthernet | TenGigE | FastEthernet} instance 15. instance id port-priority priority 16. instance id cost cost 17. external-cost cost 18. link-type {point-to-point | multipoint} 19. hello-time seconds 20. portfast [bpdu-guard] 21. guard root 22. guard topology-change 23. end or commitImplementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-345 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# config Thu Jun 4 07:50:02.660 PST RP/0/RSP0/CPU0:router(config)# Enters global configuration mode. Step 2 spanning-tree mst protocol instance identifier Example: RP/0/RSP0/CPU0:router(config)# spanning-tree mst a RP/0/RSP0/CPU0:router(config-mstp)# Enters the MSTP configuration submode. Step 3 bringup delay for interval {minutes | seconds} Example: RP/0/RSP0/CPU0:router(config-mstp)# bringup delay for 10 minutes Configures the time interval to delay bringup for. Step 4 flush containment disable Example: RP/0/RSP0/CPU0:router(config-mstp)# flush containment disable Disable flush containment. This command performs MAC flush on all instances regardless of the their state. Step 5 name name Example: RP/0/RSP0/CPU0:router(config-mstp)# name m1 Sets the name of the MSTP region. The default value is the MAC address of the switch, formatted as a text string by means of the hexadecimal representation specified in IEEE Std 802. Step 6 revision revision-number Example: RP/0/RSP0/CPU0:router(config-mstp)# revision 10 Sets the revision level of the MSTP region. Allowed values are from 0 through 65535. Step 7 forward-delay seconds Example: RP/0/RSP0/CPU0:router(config-mstp)# forward-delay 20 Sets the forward-delay parameter for the bridge. Allowed values for bridge forward-delay time in seconds are from 4 through 30. Step 8 maximum {age seconds | hops hops} Example: RP/0/RSP0/CPU0:router(config-mstp)# max age 40 RP/0/RSP0/CPU0:router(config-mstp)# max hops 30 Sets the maximum age and maximum hops performance parameters for the bridge. Allowed values for maximum age time for the bridge in seconds are from 6 through 40. Allowed values for maximum number of hops for the bridge in seconds are from 6 through 40.Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-346 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Step 9 transmit hold-count count Example: RP/0/RSP0/CPU0:router(config-mstp)# transmit hold-count 8 Sets the transmit hold count performance parameter. Allowed values are from 1 through 10. Step 10 provider-bridge Example: RP/0/RSP0/CPU0:router(config-mstp)# provider-bridge Places the current instance of the protocol in 802.1ad mode. Step 11 instance id Example: RP/0/RSP0/CPU0:router(config-mstp)# instance 101 RP/0/RSP0/CPU0:router(config-mstp-inst)# Enters the MSTI configuration submode. Allowed values for the MSTI ID are from 0 through 4094. Step 12 priority priority Example: RP/0/RSP0/CPU0:router(config-mstp-inst)# priority 8192 Sets the bridge priority for the current MSTI. Allowed values are from 0 through 61440 in multiples of 4096. Step 13 vlan-id vlan-range [,vlan-range][,vlan-range][,vlan-range] Example: RP/0/RSP0/CPU0:router(config-mstp-inst)# vlan-id 2-1005 Associates a set of VLAN IDs with the current MSTI. List of VLAN ranges in the form a-b, c, d, e-f, g, and so on. Note Repeat steps 11 to 13 for each MSTI. Step 14 interface {Bundle-Ether | GigabitEthernet | TenGigE | FastEthernet} instance Example: RP/0/RSP0/CPU0:router(config-mstp)# interface FastEthernet 0/0/0/1 RP/0/RSP0/CPU0:router(config-mstp-if)# Enters the MSTP interface configuration submode, and enables STP for the specified port. Forward interface in Rack/Slot/Instance/Port format. Step 15 instance id port-priority priority Example: RP/0/RSP0/CPU0:router(config-mstp-if)# instance 101 port-priority 160 Sets the port priority performance parameter for the MSTI. Allowed values for the MSTI ID are from 0 through 4094. Allowed values for port priority are from 0 through 240 in multiples of 16. Step 16 instance id cost cost Example: RP/0/RSP0/CPU0:router(config-mstp-if)# instance 101 cost 10000 Sets the internal path cost for a given instance on the current port. Allowed values for the MSTI ID are from 0 through 4094. Allowed values for port cost are from 1 through 200000000. Note Repeat steps 15 and 16 for each MSTI for each interface. Command or Action PurposeImplementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-347 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Step 17 external-cost cost Example: RP/0/RSP0/CPU0:router(config-mstp-if)# external-cost 10000 Sets the external path cost on the current port. Allowed values for port cost are from 1 through 200000000. Step 18 link-type {point-to-point | multipoint} Example: RP/0/RSP0/CPU0:router(config-mstp-if)# link-type point-to-point Sets the link type of the port to point-to-point or multipoint. Step 19 hello-time seconds Example: RP/0/RSP0/CPU0:router(config-mstp-if)# hello-time 1 Sets the port hello time in seconds. Allowed values are 1 and 2. Step 20 portfast [bpdu-guard] Example: RP/0/RSP0/CPU0:router(config-mstp-if)# portfast RP/0/RSP0/CPU0:router(config-mstp-if)# portfast bpduguard Enables PortFast on the port, and optionally enables BPDU guard. Step 21 guard root Example: RP/0/RSP0/CPU0:router(config-mstp-if)# guard root Enables RootGuard on the port. Command or Action PurposeImplementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-348 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Verifying MSTP These show commands allow you to verify the operation of MSTP: • show spanning-tree mst mst-name • show spanning-tree mst mst-name interface interface-name • show spanning-tree mst mst-name errors • show spanning-tree mst mst-name configuration • show spanning-tree mst mst-name bpdu interface interface-name • show spanning-tree mst mst-name topology-change flushes Step 22 guard topology-change Example: RP/0/RSP0/CPU0:router(config-mstp-if)# guard topology-change Enables TopologyChangeGuard on the port. Note Repeat steps 14 to 22 for each interface. Step 23 end or commit Example: RP/0/RSP0/CPU0:router(config-mstp-if)# end or RP/0/RSP0/CPU0:router(config-mstp-if)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-349 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Configuring MSTAG or REPAG This section describes the procedures for configuring MSTAG: • Configuring an untagged subinterface • Enabling MSTAG • Configuring MSTAG parameters • Configuring MSTAG Topology Change Propagation • Verifying MSTAG Note The procedures for configuring REPAG are identical. This section does not describe how to configure data switching. Refer to the Implementing Multipoint Layer 2 Services module for more information. Configuring an untagged subinterface In order to enable MSTAG on a physical or Bundle Ethernet interface, an L2 subinterface must first be configured which matches untagged packets, using the encapsulation untagged command. Refer to The Cisco ASR 9000 Series Routers Carrier Ethernet Model module for more information about configuring L2 subinterfaces. Enabling MSTAG MSTAG is enabled on a physical or Bundle Ethernet interface by explicitly configuring it on the corresponding untagged subinterface. When MSTAG is configured on the untagged subinterface, it is automatically enabled on the physical or Bundle Ethernet interface and on all other subinterfaces on that physical or Bundle Ethernet subinterface. Configuring MSTAG parameters MSTAG parameters are configured separately on each interface, and MSTAG runs completely independently on each interface. There is no interaction between the MSTAG parameters on different interfaces (unless they are connected to the same access network). These parameters are configurable for each interface: • Region Name and Revision • Bridge ID • Port ID • External port path cost • Max Age • Provide Bridge mode • Hello TimeImplementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-350 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 The following MSTAG parameters are configurable for each interface, for each spanning tree instance: • VLAN IDs • Root Bridge Priority and ID • Bridge Priority • Port Priority • Internal Port Path Cost To ensure consistent operation across the access network, these guidelines should be used when configuring: • Both gateway devices should be configured with a Root Bridge Priority and ID (for each spanning tree instance) that is better (lower) than the Bridge Priority and Bridge ID of any device in the access network. It is recommended to set the Root Bridge Priority and ID to 0 on the gateway devices. Note To avoid an STP dispute being detected by the access devices, the same root priority and ID should be configured on both gateway devices. • Both gateway devices should be configured with a Port Path Cost of 0. • For each spanning tree instance, one gateway device should be configured with the bridge priority and ID that is higher than the root bridge priority and ID, but lower than the bridge priority and ID of any other device in the network (including the other gateway device). It is recommended to set the bridge priority to 0. • For each spanning tree instance, the second gateway device should be configured with a bridge priority and ID that is higher than the root bridge priority and ID and the first gateway device bridge priority and ID, but lower than the bridge priority and ID of any device in the access network. It is recommended to set the bridge priority to 4096 (this is the lowest allowable value greater than 0). • All of the access devices should be configured with a higher bridge priority than the gateway devices. It is recommended to use values of 8192 or higher. • For each spanning tree instance, the port path cost and other parameters may be configured on the access devices so as to ensure the desired port is put into the blocked state when all links are up. Caution There are no checks on MSTAG configuration—misconfiguration may result in incorrect operation of the MSTP protocol in the access devices (for example, an STP dispute being detected). The guidelines above are illustrated in Figure 34. Note These guidelines do not apply to REPAG, as in that case the access devices ignore the information received from the gateway devices apart from when a topology change is signalled.Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-351 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Figure 34 MSTAG Guidelines Note The configuration steps listed in the following sections show all of the configurable parameters. However, in general, most of these can be retained with the default values. SUMMARY STEPS 1. configure 2. spanning-tree mstag protocol instance identifier 3. preempt delay for interval {seconds | minutes | hours} 4. interface {Bundle-Ether | GigabitEthernet | TenGigE | FastEthernet} instance.subinterface 5. name name 6. revision revision-number 7. max age seconds 8. provider-bridge 9. bridge-id id 10. port-id id 11. external-cost cost 12. hello-time seconds 13. instance id 14. vlan-id vlan-range [,vlan-range][,vlan-range][,vlan-range] 15. priority priority 16. port-priority priority 17. cost cost 18. root-bridge id Virtual Root Bridge 254829 Access devices Pri: 8192 Gateway device 1 Gateway device 2 Cost: 0 Pri: 0 Id: 0.0.0 Pri: 0 ID: 0.0.1 Pri: 4096 ID: 0.0.2 Cost: 0 > =Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-352 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 19. root-priority priority 20. end or commit DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Thu Jun 4 07:50:02.660 PST RP/0/RSP0/CPU0:router(config)# Enters global configuration mode. Step 2 spanning-tree mstag protocol instance identifier Example: RP/0/RSP0/CPU0:router(config)# spanning-tree mstag a RP/0/RSP0/CPU0:router(config-mstag)# Enters the MSTAG configuration submode. Step 3 preempt delay for interval {seconds | minutes | hours} Example: RP/0/RSP0/CPU0:router(config-mstag)# preempt delay for 10 seconds Specifies the delay period during which startup BPDUs should be sent, before preempting. Step 4 interface {Bundle-Ether | GigabitEthernet | TenGigE | FastEthernet} instance.subinterface Example: RP/0/RSP0/CPU0:router(config-mstag)# interface GigabitEthernet0/2/0/30.1 RP/0/RSP0/CPU0:router(config-mstag-if)# Enters the MSTAG interface configuration submode, and enables MSTAG for the specified port. Step 5 name name Example: RP/0/RSP0/CPU0:router(config-mstag-if)# name leo Sets the name of the MSTP region. The default value is the MAC address of the switch, formatted as a text string using the hexadecimal representation specified in IEEE Standard 802. Step 6 revision revision-number Example: RP/0/RSP0/CPU0:router(config-mstag-if)# revision 1 Sets the revision level of the MSTP region. Allowed values are from 0 through 65535.Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-353 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Step 7 max age seconds Example: RP/0/RSP0/CPU0:router(config-mstag-if)# max age 20 Sets the maximum age performance parameters for the bridge. Allowed values for the maximum age time for the bridge in seconds are from 6 through 40. Step 8 provider-bridge Example: RP/0/RSP0/CPU0:router(config-mstag-if)# provider-bridge Places the current instance of the protocol in 802.1ad mode. Step 9 bridge-id id Example: RP/0/RSP0/CPU0:router(config-mstag-if)# bridge-id 001c.0000.0011 Sets the bridge ID for the current switch. Step 10 port-id id Example: RP/0/RSP0/CPU0:router(config-mstag-if)# port-id 111 Sets the port ID for the current switch. Step 11 external-cost cost Example: RP/0/RSP0/CPU0:router(config-mstag-if)# external-cost 10000 Sets the external path cost on the current port. Allowed values for port cost are from 1 through 200000000. Step 12 hello-time seconds Example: RP/0/RSP0/CPU0:router(config-mstag-if)# hello-time 1 Sets the port hello time in seconds. Allowed values are from 1 through 2. Step 13 instance id Example: RP/0/RSP0/CPU0:router(config-mstag-if)# instance 1 Enters the MSTI configuration submode. Allowed values for the MSTI ID are from 0 through 4094. Step 14 edge mode Example: RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# edge mode Enables access gateway edge mode for this MSTI. Step 15 vlan-id vlan-range [,vlan-range][,vlan-range][,vlan-range] Example: RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# vlan-id 2-1005 Associates a set of VLAN IDs with the current MSTI. List of VLAN ranges in the form a-b, c, d, e-f, g, and so on. Command or Action PurposeImplementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-354 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Step 16 priority priority Example: RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# priority 4096 Sets the bridge priority for the current MSTI. Allowed values are from 0 through 61440 in multiples of 4096. Step 17 port-priority priority Example: RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# port-priority 160 Sets the port priority performance parameter for the MSTI. Allowed values for port priority are from 0 through 240 in multiples of 16. Step 18 cost cost Example: RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# cost 10000 Sets the internal path cost for a given instance on the current port. Allowed values for port cost are from 1 through 200000000. Step 19 root-bridge id Example: RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# root-id 001c.0000.0011 Sets the root bridge ID for the BPDUs sent from the current port. Step 20 root-priority priority Example: RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# root-priority 4096 Sets the root bridge priority for the BPDUs sent from this port. Note Repeat steps 4 to 19 to configure each interface, and repeat steps 13 to 19 to configure each MSTI for each interface. Step 21 end or commit Example: RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# end or RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-355 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Configuring MSTAG Topology Change Propagation MSTAG Topology Change Propagation is configured simply by configuring connectivity between the MSTAG-enabled interfaces on the two gateway devices: 1. Configure MSTAG as described above. Take note of the untagged subinterface that is used. 2. Configure connectivity between the gateway devices. This may be via an MPLS Pseudowire, or may be a VLAN subinterface if there is a direct physical link. 3. Configure a point-to-point (P2P) cross-connect on each gateway device that contains the untagged subinterface and the link (PW or subinterface) to the other gateway device. Once the untagged subinterface that is configured for MSTAG is added to the P2P cross-connect, MSTAG Topology Change Propagation is automatically enabled. MSTAG forwards BDPUs via the cross-connect to the other gateway device, so as to signal when a topology change has been detected. For more information on configuring MPLS pseudowire or P2P cross-connects, refer to the Implementing Point to Point Layer 2 Services module. Verifying MSTAG These show commands allow you to verify the operation of MSTAG: • show spanning-tree mstag mst-name • show spanning-tree mstag mst-name bpdu interface interface-name • show spanning-tree mstag mst-name topology-change flushes Analogous commands are available for REPAG. Configuring PVSTAG or PVRSTAG This section describes the procedures for configuring PVSTAG: • Enabling PVSTAG • Configuring PVSTAG parameters • Configuring Subinterfaces • Verifying PVSTAG The procedures for configuring PVRSTAG are identical. Note This section does not describe how to configure data switching. Refer to the Implementing Multipoint Layer 2 Services module for more information. Enabling PVSTAG PVSTAG is enabled for a particular VLAN, on a physical interface, by explicit configuration of that physical interface and VLAN for PVSTAG.Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-356 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Configuring PVSTAG parameters The configurable PVSTAG parameters for each interface on each VLAN are: • Root Priority and ID • Root cost • Bridge Priority and ID • Port priority and ID • Max Age • Hello Time For correct operation, these guidelines must be followed when configuring PVSTAG. • Both gateway devices should be configured with a root bridge priority and ID that is better (lower) than the bridge priority and Bridge ID of any device in the access network. It is recommended that you set the root bridge priority and ID to 0 on the gateway devices. • Both gateway devices should be configured with a root cost of 0. • One gateway device should be configured with the bridge priority and ID that is higher than the root bridge priority and ID, but lower than the bridge priority and ID of any other device in the network (including the other gateway device). It is recommended that you set the bridge priority to 0. • The second gateway device should be configured with a bridge priority and ID that is higher than the root bridge priority and ID and the first gateway device bridge priority and ID, but lower than the bridge priority and ID of any device in the access network. It is recommended that you set the bridge priority to 1 for PVSTAG or 4096 for PVRSTAG. (For PVRSTAG, this is the lowest allowable value greater than 0.) • All access devices must be configured with a higher bridge priority than the gateway devices. It is recommended that you use values of 2 or higher for PVSTAG, or 8192 or higher for PVRSTAG. • For each spanning tree instance, the port path cost and other parameters may be configured on the access devices, so as to ensure the desired port is placed into the blocked state when all links are up. Caution There are no checks on PVSTAG configuration—misconfiguration may result in incorrect operation of the PVST protocol in the access devices (for example, an STP dispute being detected). These guidelines are illustrated in Figure 35.Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-357 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Figure 35 PVSTAG Guidelines Note The configuration steps listed in the following sections show all of the configurable parameters. However, in general, most of these can be retained with the default values. PVSTAG Topology Restrictions These restrictions are applicable to PVSTAG topology: • Only a single access device can be attached to the gateway devices. • Topology change notifications on a single VLAN affect all VLANs and bridge domains on that physical interface. SUMMARY STEPS 1. configure 2. spanning-tree pvstag protocol instance identifier 3. preempt delay for interval {seconds | minutes | hours} 4. interface interface-instance.subinterface 5. vlan vlan-id 6. root-priority priority 7. root-id id 8. root-cost cost 9. priority priority 10. bridge-id id 11. port-priority priority 12. port-id id Virtual Root Bridge 254830 Access device Pri: >2 Gateway device 1 Gateway device 2 Cost: 0 Pri: 0 Id: 0.0.0 Pri: 0 ID: 0.0.1 Pri: 1 ID: 0.0.2 Cost: 0Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-358 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 13. hello-time seconds 14. max age seconds 15. end or commitImplementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-359 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 DETAILED STEPS Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Thu Jun 4 07:50:02.660 PST RP/0/RSP0/CPU0:router(config)# Enters global configuration mode. Step 2 spanning-tree pvstag protocol instance identifier Example: RP/0/RSP0/CPU0:router(config)# spanning-tree pvstag a RP/0/RSP0/CPU0:router(config-pvstag)# Enters the PVSTAG configuration submode. Step 3 preempt delay for interval {seconds | minutes | hours} Example: RP/0/RSP0/CPU0:router(config-pvstag)# preempt delay for 10 seconds Specifies the delay period during which startup BPDUs should be sent, before preempting. Step 4 interface interface-instance.subinterface Example: RP/0/RSP0/CPU0:router(config-pvstag)# interface GigabitEthernet0/2/0/30.1 RP/0/RSP0/CPU0:router(config-pvstag-if)# Enters the PVSTAG interface configuration submode, and enables PVSTAG for the specified port. Step 5 vlan vlan-id Example: RP/0/RSP0/CPU0:router(config-pvstag-if)# vlan 200 Enables and configures a VLAN on this interface. Step 6 root-priority priority Example: RP/0/RSP0/CPU0:router(config-pvstag-ifvlan)# root-priority 4096 Sets the root bridge priority for the BPDUs sent from this port. Step 7 root-id id Example: RP/0/RSP0/CPU0:router(config-pvstag-ifvlan)# root-id 0000.0000.0000 Sets the identifier of the root bridge for BPDUs sent from a port. Step 8 root-cost cost Example: RP/0/RSP0/CPU0:router(config-pvstag-ifvlan)# root-cost 10000 Set the root path cost to sent in BPDUs from this interface.Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-360 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Step 9 priority priority Example: RP/0/RSP0/CPU0:router(config-pvstag-ifvlan)# priority 4096 Sets the bridge priority for the current MSTI. For PVSTAG, allowed values are from are 0 through 65535; for PVRSTAG, the allowed values are from 0 through 61440 in multiples of 4096. Step 10 bridge-id id Example: RP/0/RSP0/CPU0:router(config-pvstag-ifvlan)# bridge-id 001c.0000.0011 Sets the bridge ID for the current switch. Step 11 port-priority priority Example: RP/0/RSP0/CPU0:router(config-pvstag-ifvlan)# port-priority 160 Sets the port priority performance parameter for the MSTI. For PVSTAG, allowed values for port priority are from 0 through 255; for PVRSTAG, the allowed values are from 0 through 240 in multiples of 16. Step 12 port-id id Example: RP/0/RSP0/CPU0:router(config-pvstag-ifvlan)# port-id 111 Sets the port ID for the current switch. Step 13 hello-time seconds Example: RP/0/RSP0/CPU0:router(config-pvstag-ifvlan)# hello-time 1 Sets the port hello time in seconds. Allowed values are from 1 through 2. Command or Action PurposeImplementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-361 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Configuring Subinterfaces For each VLAN that is enabled for PVSTAG on an interface, a corresponding subinterface that matches traffic for that VLAN must be configured. This is used both for data switching and for PVST BPDUs. Follow these guidelines when configuring subinterfaces: • VLAN 1 is treated as the native VLAN in PVST. Therefore, for VLAN 1, a subinterface that matches untagged packets (encapsulation untagged) must be configured. It may also be necessary to configure a subinterface that matches packets tagged explicitly with VLAN 1 (encapsulation dot1q 1). • Only dot1q packets are allowed in PVST; Q-in-Q and dot1ad packets are not supported by the protocol, and therefore subinterfaces configured with these encapsulation will not work correctly with PVSTAG. • Subinterfaces that match a range of VLANs are supported by PVSTAG; it is not necessary to configure a separate subinterface for each VLAN, unless it is desirable for provisioning the data switching. • PVSTAG does not support: – Physical interfaces configured in L2 mode – Subinterface configured with a default encapsulation (encapsulation default) – Subinterfaces configured to match any VLAN (encapsulation dot1q any) Step 14 max age seconds Example: RP/0/RSP0/CPU0:router(config-pvstag-ifvlan)# max age 20 Sets the maximum age performance parameters for the bridge. Allowed values for the maximum age time for the bridge in seconds are from 6 through 40. Note Repeat steps 4 to 14 to configure each interface; repeat steps 5 to 14 to configure each VLAN on each interface. Step 15 end or commit Example: RP/0/RSP0/CPU0:router(config-pvstag-ifvlan)# end or RP/0/RSP0/CPU0:router(config-pvstag-ifvlan)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-362 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 For more information about configuring L2 subinterfaces, refer to the Implementing Point to Point Layer 2 Services module. Verifying PVSTAG These show commands allow you to verify the operation of PVSTAG or PVRSTAG: • show spanning-tree pvstag mst-name • show spanning-tree pvstag mst-name In particular, these commands display the subinterface that is being used for each VLAN. Configuring MVRP-lite This section describes the procedure for configuring MVRP-lite: • Enabling MVRP-lite • Configuring MVRP-lite parameters • Verifying MVRP-lite Enabling MVRP-lite When MVRP-lite is configured, it is automatically enabled on all interfaces where MSTP is enabled. MSTP must be configured before MVRP can be enabled. For more information on configuring MSTP, see Configuring MSTP, page 342. Configuring MVRP-lite parameters The configurable MVRP-lite parameters are: • Periodic Transmission • Join Time • Leave Time • Leave-all Time Summary Steps 1. configure 2. spanning-tree mst protocol instance name 3. mvrp static 4. periodic transmit [interval seconds] 5. join-time milliseconds 6. leave-time seconds 7. leaveall-time seconds 8. end or commitImplementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-363 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Detailed Steps Command or Action Purpose Step 1 configure Example: RP/0/RSP0/CPU0:router# configure Thu Jun 4 07:50:02.660 PST RP/0/RSP0/CPU0:router(config)# Enters global configuration mode. Step 2 spanning-tree mst protocol instance identifier Example: RP/0/RSP0/CPU0:router(config)# spanning-tree mst a RP/0/RSP0/CPU0:router(config-mstp)# Enters the MSTP configuration submode. Step 3 mvrp static Example: RP/0/RSP0/CPU0:router(config-mstp)# mvrp static Configures MVRP to run over this MSTP protocol instance. Step 4 periodic transmit [interval seconds] Example: RP/0/RSP0/CPU0:router(config-mvrp)# periodic transmit Sends periodic Multiple VLAN Registration Protocol Data Unit (MVRPDU) on all active ports. Step 5 join-time milliseconds Example: RP/0/RSP0/CPU0:router(config-mvrp)# hello-time 1 Sets the join time for all active ports. Step 6 leave-time seconds Example: RP/0/RSP0/CPU0:router(config-mvrp)# leave-time 20 Sets the leave time for all active ports.Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol LSC-364 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Verifying MVRP-lite These show commands allow you to verify the operation of MVRP-lite: • show ethernet mvrp mad • show ethernet mvrp status • show ethernet mvrp statistics Step 7 leaveall-time seconds Example: RP/0/RSP0/CPU0:router(config-mvrp)# leaveall-time 20 Sets the leave all time for all active ports. Step 8 end or commit Example: RP/0/RSP0/CPU0:router(config-mvrp)# end or RP/0/RSP0/CPU0:router(config-mvrp)# commit Saves configuration changes. • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: – Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. – Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. – Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Command or Action PurposeImplementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP LSC-365 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Configuration Examples for Implementing MSTP This section provides configuration examples for the following: • Configuring MSTP: Examples • Configuring MSTAG: Examples • Configuring PVSTAG: Examples • Configuring MVRP-Lite: Examples Configuring MSTP: Examples This example shows MSTP configuration for a single spanning-tree instance with MSTP enabled on a single interface: config spanning-tree mst example name m1 revision 10 forward-delay 20 maximum hops 40 maximum age 40 transmit hold-count 8 provider-bridge bringup delay for 60 seconds flush containment disable instance 101 vlans-id 101-110 priority 8192 ! interface GigabitEthernet0/0/0/0 hello-time 1 external-cost 10000 link-type point-to-point portfast guard root guard topology-change instance 101 cost 10000 instance 101 port-priority 160 ! ! This example shows the output from the show spanning-tree mst command, which produces an overview of the spanning tree protocol state: # show spanning-tree mst example Role: ROOT=Root, DSGN=Designated, ALT=Alternate, BKP=Backup, MSTR=Master State: FWD=Forwarding, LRN=Learning, BLK=Blocked, DLY=Bringup Delayed Operating in dot1q mode MSTI 0 (CIST): VLANS Mapped: 1-9,11-4094 CIST Root Priority 4096 Address 6262.6262.6262 This bridge is the CIST rootImplementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP LSC-366 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 Ext Cost 0 Root ID Priority 4096 Address 6262.6262.6262 This bridge is the root Int Cost 0 Max Age 20 sec, Forward Delay 15 sec Bridge ID Priority 4096 (priority 4096 sys-id-ext 0) Address 6262.6262.6262 Max Age 20 sec, Forward Delay 15 sec Max Hops 20, Transmit Hold count 6 Interface Port ID Role State Designated Port ID Pri.Nbr Cost Bridge ID Pri.Nbr ------------ ------- --------- ---- ----- -------------------- ------- Gi0/0/0/0 128.1 20000 DSGN FWD 4096 6262.6262.6262 128.1 Gi0/0/0/1 128.2 20000 DSGN FWD 4096 6262.6262.6262 128.2 Gi0/0/0/2 128.3 20000 DSGN FWD 4096 6262.6262.6262 128.3 Gi0/0/0/3 128.4 20000 ---- BLK ----- -------------- ------- MSTI 1: VLANS Mapped: 10 Root ID Priority 4096 Address 6161.6161.6161 Int Cost 20000 Max Age 20 sec, Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address 6262.6262.6262 Max Age 20 sec, Forward Delay 15 sec Max Hops 20, Transmit Hold count 6 Interface Port ID Role State Designated Port ID Pri.Nbr Cost Bridge ID Pri.Nbr ------------ ------- --------- ---- ----- -------------------- ------- Gi0/0/0/0 128.1 20000 ROOT FWD 4096 6161.6161.6161 128.1 Gi0/0/0/1 128.2 20000 ALT BLK 4096 6161.6161.6161 128.2 Gi0/0/0/2 128.3 20000 DSGN FWD 32768 6262.6262.6262 128.3 Gi0/0/0/3 128.4 20000 ---- BLK ----- -------------- ------- ========================================================================= In the show spanning-tree mst example output, the first line indicates whether MSTP is operating in dot1q or the Provider Bridge mode, and this information is followed by details for each MSTI. For each MSTI, the following information is displayed: • The list of VLANs for the MSTI. • For the CIST, the priority and bridge ID of the CIST root, and the external path cost to reach the CIST root. The output also indicates if this bridge is the CIST root. • The priority and bridge ID of the root bridge for this MSTI, and the internal path cost to reach the root. The output also indicates if this bridge is the root for the MSTI. • The max age and forward delay times received from the root bridge for the MSTI. • The priority and bridge ID of this bridge, for this MSTI.Implementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP LSC-367 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 • The maximum age, forward delay, max hops and transmit hold-count for this bridge (which is the same for every MSTI). • A list of MSTP-enabled interfaces. For each interface, the following information is displayed: – The interface name – The port priority and port ID for this interface for this MSTI. – The port cost for this interface for this MSTI. – The current port role: DSGN—Designated: This is the designated port on this LAN, for this MSTI ROOT—Root: This is the root port for the bridge for this MSTI. ALT—Alternate: This is an alternate port for this MSTI. BKP—Backup: This is a backup port for this MSTI MSTR—Master: This is a boundary port that is a root or alternate port for the CIST. The interface is down, or the bringup delay timer is running and no role has been assigned yet. – The current port state: BLK—The port is blocked. LRN—The port is learning. FWD—The port is forwarding. DLY—The bringup-delay timer is running. – If the port is a boundary port, and not CIST and the port is not designated, then only the BOUNDARY PORT is displayed and the remaining information is not displayed. – If the port is not up, or the bringup delay timer is running, no information is displayed for the remaining fields. Otherwise, the bridge priority and bridge ID of the designated bridge on the LAN that the interface connects to is displayed, followed by the port priority and port ID of the designated port on the LAN. If the port role is Designated, then the information for this bridge or port is displayed. The following example shows the output from the show spanning-tree mst command, which produces more detailed information regarding interface state than the standard command as described above: # show spanning-tree mst a interface GigabitEthernet0/1/2/1 GigabitEthernet0/1/2/1 Cost: 20000 link-type: point-to-point hello-time 1 Portfast: no BPDU Guard: no Guard root: no Guard topology change: no BPDUs sent 492, received 3Implementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP LSC-368 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 MST 3: Edge port: Boundary : internal Designated forwarding Vlans mapped to MST 3: 1-2,4-2999,4000-4094 Port info port id 128.193 cost 200000 Designated root address 0050.3e66.d000 priority 8193 cost 20004 Designated bridge address 0002.172c.f400 priority 49152 port id 128.193 Timers: message expires in 0 sec, forward delay 0, forward transitions 1 Transitions to reach this state: 12 The output includes interface information about the interface which applies to all MSTIs: • Cost • link-type • hello-time • portfast (including whether BPDU guard is enabled) • guard root • guard topology change • BPDUs sent, received. It also includes information specific to each MSTI: • Port ID, priority, cost • BPDU information from root (bridge ID, cost, and priority) • BPDU information being sent on this port (Bridge ID, cost, priority) • State transitions to reach this state. • Topology changes to reach this state. • Flush containment status for this MSTI. This example shows the output of show spanning-tree mst errors, which produces information about interfaces that are configured for MSTP but where MSTP is not operational. Primarily this shows information about interfaces which do not exist: # show spanning-tree mst a errors Interface Error ------------------------------- GigabitEthernet1/2/3/4 Interface does not exist. This example shows the output of show spanning-tree mst configuration, which displays the VLAN ID to MSTI mapping table. It also displays the configuration digest which is included in the transmitted BPDUs—this must match the digest received from other bridges in the same MSTP region: # show spanning-tree mst a configuration Name leo Revision 2702 Config Digest 9D-14-5C-26-7D-BE-9F-B5-D8-93-44-1B-E3-BA-08-CE Instance Vlans mapped -------- ------------------------------- 0 1-9,11-19,21-29,31-39,41-4094 1 10,20,30,40 ------------------------------------------Implementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP LSC-369 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 This example shows the output of show spanning-tree mst bpdu interface, which produces details on the BPDUs being output and received on a given local interface: Note Several received packets can be stored in case of MSTP operating on a shared LAN. # show spanning-tree mst a bpdu interface GigabitEthernet0/1/2/2 direction transmit MSTI 0 (CIST): Root ID : 0004.9b78.0800 Path Cost : 83 Bridge ID : 0004.9b78.0800 Port ID : 12 Hello Time : 2 ... This example shows the output of show spanning-tree mst topology-change flushes, which displays details about the topology changes that have occurred for each MSTI on each interface: # show spanning-tree mst M topology-change flushes instance$ MSTI 1: Interface Last TC Reason Count ------------ -------------------- -------------------------------- ----- Te0/0/0/1 04:16:05 Mar 16 2010 Role change: DSGN to ---- 10 # # # show spanning-tree mst M topology-change flushes instance$ MSTI 0 (CIST): Interface Last TC Reason Count ------------ -------------------- -------------------------------- ----- Te0/0/0/1 04:16:05 Mar 16 2010 Role change: DSGN to ---- 10 # Configuring MSTAG: Examples This example shows MSTAG configuration for a single spanning-tree instance on a single interface: config interface GigabitEthernet0/0/0/0.1 l2transport encapsulation untagged ! spanning-tree mstag example preempt delay for 60 seconds interface GigabitEthernet0/0/0/0.1 name m1 revision 10 external-cost 0 bridge-id 0.0.1 port-id 1 maximum age 40 provider-bridge hello-time 1 instance 101 edge-mode vlans-id 101-110 root-priority 0 root-id 0.0.0Implementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP LSC-370 Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-26116-02 cost 0 priority 0 port-priority 0 ! ! ! This example shows additional configuration for MSTAG Topology Change Propagation: l2vpn xconnect group example p2p mstag-example interface GigabitEthernet0/0/0/0.1 neighbor 123.123.123.1 pw-id 100 ! ! ! This example shows the output of show spanning-tree mstag: # show spanning-tree mstag A GigabitEthernet0/0/0/1 Preempt delay is disabled. Name: 6161:6161:6161 Revision: 0 Max Age: