Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide November 28, 201

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/76spasw.pdf Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide November 28, 2011 OL-5070-30THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with Cisco’s installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. Modifying the equipment without Cisco’s written authorization may result in the equipment no longer complying with FCC requirements for Class A or Class B digital devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to correct any interference to radio or television communications at your own expense. You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the Cisco equipment or one of its peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures: • Turn the television or radio antenna until the interference stops. • Move the equipment to one side or the other of the television or radio. • Move the equipment farther away from the television or radio. • Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the equipment and the television or radio are on circuits controlled by different circuit breakers or fuses.) Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate your authority to operate the product. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide Copyright © 2011, Cisco Systems, Inc. All rights reserved. iii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 C O N T E N T S Preface xxix Objectives xxix Document Revision History xxix Organization xlv Related Documentation xlvii Cisco 7600 Series Router Documentation xlvii Other Cisco IOS Software Publications xlviii Document Conventions xlviii Obtaining Documentation, Obtaining Support, and Security Guidelines l Using Cisco IOS Software 1-1 Accessing the CLI Using a Router Console 1-1 Accessing the CLI Using a Directly-Connected Console 1-1 Accessing the CLI from a Remote Console Using Telnet 1-3 Accessing the CLI from a Remote Console Using a Modem 1-5 Using Keyboard Shortcuts 1-6 Using the History Buffer to Recall Commands 1-6 Understanding Command Modes 1-6 Getting Help 1-8 Finding Command Options Example 1-8 Using the no and default Forms of Commands 1-11 Saving Configuration Changes 1-12 Filtering Output from the show and more Commands 1-12 Finding Support Information for Platforms and Cisco Software Images 1-13 Using Cisco Feature Navigator 1-13 Using Software Advisor 1-13 Using Software Release Notes 1-13 SIP, SSC, and SPA Product Overview 2-1 Introduction to SIPs, SSCs, and SPAs 2-1 SPA Interface Processors 2-1 SPA Services Cards 2-2 Shared Port Adapters 2-2 Contents iv Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 SIP, SSC, and SPA Compatibility 2-4 Modular Optics Compatibility 2-6 Overview of the SIPs and SSC 3-1 Release History 3-1 Supported SIP Features 3-5 Cisco 7600 SIP-200 Features 3-5 Cisco 7600 SIP-400 Features 3-11 Cisco 7600 SIP-600 Features 3-16 Supported SSC Features 3-19 Cisco 7600 SSC-400 Features 3-19 Restrictions 3-19 Cisco 7600 SIP-200 Restrictions 3-19 Cisco 7600 SIP-400 Restrictions 3-20 Cisco 7600 SIP-600 Restrictions 3-23 Cisco 7600 SSC-400 Restrictions 3-24 Supported MIBs 3-24 Displaying the SIP and SSC Hardware Type 3-26 Example of the show module Command 3-26 Example of the show idprom Command 3-26 SIP-200 and SIP-400 Network Clock Distribution 3-27 Configuring the SIPs and SSC 4-1 Configuration Tasks 4-1 Required Configuration Tasks 4-2 Identifying Slots and Subslots for SIPs, SSCs, and SPAs 4-2 Configuring Compressed Real-Time Protocol 4-5 Configuring Frame Relay Features 4-7 Frame Relay Fragmentation (FRF.12) 4-22 Configuring Layer 2 Interworking Features on a SIP 4-32 Verification 4-44 Configuring Private Hosts over Virtual Private LAN Service (VPLS) 4-54 Configuring BFD over VCCV on SIP-400 4-75 Configuring MPLS Features on a SIP 4-79 Configuring QoS Features on a SIP 4-94 Configuring NAT 4-129 Configuring Lawful Intercept on a Cisco 7600 SIP-400 4-129 Configuring Security ACLs on an Access Interface on a Cisco 7600 SIP-400 4-131 Contents v Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Configuring CoPP on the Cisco 7600 SIP-400 4-132 Configuring DBUS COS Queuing on SIP-400 4-138 Configuring IPv6 Hop-by-Hop Header Security on SIP-200 or SIP-400 4-142 Triple Nesting QoS Support on SIP400 4-147 Configuration and Restrictions 4-150 Configuration procedure 4-150 Configuration Samples 4-151 Configuring IGMP Snooping on a SIP-200 4-153 Configuring ACFC and PFC Support on Multilink Interfaces 4-154 Configuring PPPoEoE on a Cisco 7600 SIP-400 4-159 Configuring Source IPv4 and Source MAC Address Binding on the SIP-400 4-164 Resetting a SIP 4-170 Configuration Examples 4-170 Layer 2 Interworking Configuration Examples 4-170 MPLS Configuration Examples 4-172 QoS Configuration Examples 4-173 Private Hosts SVI (Interface VLAN) Configuration Example 4-178 Troubleshooting 4-179 Troubleshooting the SIPs and SSC 5-1 General Troubleshooting Information 5-1 Interpreting Console Error Messages 5-1 Using debug Commands 5-2 Using show Commands 5-2 Using the Cisco IOS Event Tracer to Troubleshoot Problems 5-2 Troubleshooting Oversubscription on the Cisco 7600 SIP-400 5-3 Preparing for Online Insertion and Removal of SIPs, SSCs, and SPAs 5-3 Preparing for Online Removal of a SIP or SSC 5-4 Verifying Deactivation and Activation of a SIP or SSC 5-5 Preparing for Online Removal of a SPA 5-6 Verifying Deactivation and Activation of a SPA 5-7 Deactivation and Activation Configuration Examples 5-8 Overview of the ATM SPAs 6-1 Release History 6-2 Overview 6-3 ATM Overview 6-4 Contents vi Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 PVC and SVC Encapsulations 6-4 PVC and SVC Service Classes 6-5 Advanced Quality of Service 6-6 Supported Features 6-7 SIP-Dependent Features 6-7 Basic Features 6-8 SONET/SDH Error, Alarm, and Performance Monitoring 6-9 Layer 2 Features 6-10 Layer 3 Features 6-11 High-Availability Features 6-12 Enhancements to RFC 1483 Spanning Tree Interoperability 6-12 Supported Supervisor Engines and Line Cards 6-13 Interoperability Problem 6-13 BPDU Packet Formats 6-13 Unsupported Features 6-15 Prerequisites 6-16 Restrictions 6-16 Restrictions for SPA-1xOC3-ATM-V2, SPA-3xOC3-ATM-V2, and SPA-1xOC12-ATM-V2 6-17 Supported MIBs 6-17 SPA Architecture 6-18 Path of Cells in the Ingress Direction 6-19 Path of Packets in the Egress Direction 6-19 Displaying the SPA Hardware Type 6-20 Example of the show interfaces Command 6-20 Example of the show diag Command 6-21 Example of the show controllers Command 6-21 Configuring the ATM SPAs 7-1 Configuration Tasks 7-1 Required Configuration Tasks 7-2 Specifying the Interface Address on a SPA 7-3 Modifying the Interface MTU Size 7-3 Creating a Permanent Virtual Circuit 7-8 Creating a PVC on a Point-to-Point Subinterface 7-10 Configuring a PVC on a Multipoint Subinterface 7-12 Configuring RFC 1483 Bridging for PVCs 7-14 Configuring Layer 2 Protocol Tunneling Topology 7-17 Configuring Layer 2 Tunneling Protocol Version 3 (L2TPv3) 7-17 Contents vii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Configuring RFC 1483 Bridging for PVCs with IEEE 802.1Q Tunneling 7-18 Configuring ATM RFC 1483 Half-Bridging 7-20 Configuring ATM Routed Bridge Encapsulation 7-23 Configuring RFC 1483 Bridging of Routed Encapsulations 7-25 Configuring the Bridged Routed Encapsulation within an Automatic Protection Switching Group 7-28 Configuring MPLS over RBE 7-29 Configuring Aggregate WRED for PVCs 7-30 Configuring Non-aggregate WRED 7-36 Creating and Configuring Switched Virtual Circuits 7-42 Configuring Traffic Parameters for PVCs or SVCs 7-46 Configuring Virtual Circuit Classes 7-50 Configuring Virtual Circuit Bundles 7-51 Configuring Multi-VLAN to VC Support 7-54 Configuring Link Fragmentation and Interleaving with Virtual Templates 7-54 Configuring the Distributed Compressed Real-Time Protocol 7-58 Configuring Automatic Protection Switching 7-60 Configuring Access Circuit Redundancy on SIP-400 ATM SPA s 7-65 Configuring SONET and SDH Framing 7-76 Configuring for Transmit-Only Mode 7-78 Configuring AToM Cell Relay VP Mode 7-79 Configuring Packed Cell Relay over Multi-Protocol Label Switching (PCRoMPLS) on SIP-400 for CeOP and 1-Port OC-48c/STM-16 ATM SPA 7-80 Configuring AToM Cell Relay Port Mode 7-85 Configuring QoS Features on ATM SPAs 7-87 Phase 2 Local Switching Redundancy 7-87 Saving the Configuration 7-88 Multi Router Automatic Protection Switching (MR-APS) Integration with Hot Standby Pseudowire 7-89 Failover Operations 7-90 Restrictions 7-91 Verification 7-98 N:1 PVC Mapping to Pseudowires with Non-Unique VPI 7-101 Examples 7-104 Verification 7-105 Shutting Down and Restarting an Interface on a SPA 7-105 Shutting Down an ATM Shared Port Adapter 7-107 Verifying the Interface Configuration 7-108 Contents viii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Verifying Per-Port Interface Status 7-109 Monitoring Per-Port Interface Statistics 7-110 Configuration Examples 7-111 Basic Interface Configuration Example 7-112 MTU Configuration Example 7-112 Permanent Virtual Circuit Configuration Example 7-112 PVC on a Point-to-Point Subinterface Configuration Example 7-113 PVC on a Multipoint Subinterface Configuration Example 7-114 RFC 1483 Bridging for PVCs Configuration Example 7-115 RFC 1483 Bridging for PVCs with IEEE 802.1Q Tunneling Configuration Example 7-116 ATM RFC 1483 Half-Bridging Configuration Example 7-116 ATM Routed Bridge Encapsulation Configuration Example 7-116 Precedence-Based Aggregate WRED Configuration Example 7-116 DSCP-Based Aggregate WRED Configuration Example 7-118 Switched Virtual Circuits Configuration Example 7-118 Traffic Parameters for PVCs or SVCs Configuration Example 7-119 Virtual Circuit Classes Configuration Example 7-120 Virtual Circuit Bundles Configuration Example 7-120 Link Fragmentation and Interleaving with Virtual Templates Configuration Example 7-121 Distributed Compressed Real-Time Protocol Configuration Example 7-122 Automatic Protection Switching Configuration Example 7-123 SONET and SDH Framing Configuration Example 7-123 Layer 2 Protocol Tunneling Topology with a Cisco 7600, Catalyst 5500, and Catalyst 6500 Configuration Example 7-124 Layer 2 Protocol Tunneling Topology with a Cisco 7600 and Cisco 7200 Configuration Example 7-125 Cisco 7600 Basic Back-to-Back Scenario Configuration Example 7-126 Catalyst 5500 Switch and Cisco 7600 Series Routers in Back-to-Back Topology Configuration Example 7-126 Cisco 7600 and Cisco 7200 in Back-to-Back Topology Configuration Example 7-127 Troubleshooting the ATM SPAs 8-1 General Troubleshooting Information 8-1 Interpreting Console Error and System Messages 8-1 Using debug Commands 8-2 Using show Commands 8-2 Monitoring the ATM SPA 8-2 Displaying Hardware Information 8-2 Contents ix Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Displaying Information About ATM Interfaces 8-5 Displaying Information About PVCs and SVCs 8-7 Displaying Information About Automatic Protection Switching 8-13 Troubleshooting the ATM Shared Port Adapter 8-15 Understanding Line Coding Errors 8-16 Using the Ping Command to Verify Network Connectivity 8-16 Using Loopback Commands 8-17 Using ATM Debug Commands 8-26 Using the Cisco IOS Event Tracer to Troubleshoot Problems 8-26 Preparing for Online Insertion and Removal of a SPA 8-27 Overview of the CEoP and Channelized ATM SPAs 9-1 Release History 9-1 Overview 9-2 CEoP Frame Formats 9-2 Circuit Emulation Services over Packet Switched Network (CESoPSN) over UDP 9-4 Restrictions and Usage Guidelines 9-5 Configuring CESoPSN with UDP Encapsulation 9-5 Troubleshooting the CESoPSN with UDP Encapsulation Configuration 9-8 Supported Features 9-9 Basic Features 9-9 SONET/SDH Error, Alarm, and Performance Monitoring 9-11 Layer 2 Features 9-13 Layer 3 Features 9-14 High Availability Features 9-15 Unsupported Features 9-15 Prerequisites 9-15 Restrictions 9-16 Supported MIBs 9-16 Displaying the SPA Hardware Type 9-17 Example of the show interfaces cem Command 9-17 Configuring the CEoP and Channelized ATM SPAs 10-1 Configuration Tasks 10-2 Specifying the Interface Address on a SPA 10-2 Configuring Port Usage (Overview) 10-2 Configuring Circuit Emulation 10-13 Contents x Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Configuring a CEM Group 10-14 Configuring a CEM Class (Optional) 10-15 Configuring a CEM Pseudowire 10-17 Configuring TDM Local Switching 10-18 Local Switching Redundancy 10-19 Configuring ATM 10-20 Configuring VC QoS on VP-PW CEoP SPAs 10-21 Configuring an ATM Pseudowire 10-22 Configuring Pseudowire Redundancy (Optional) 10-23 Configuring T1 10-24 Configuring E1 10-24 Configuring T3 10-25 T3 Configuration Guidelines 10-25 Configuring Port Usage 10-25 Configuring the SPA for Clear-Channel ATM 10-27 Configuring SONET (OC-3) 10-28 Configuring Inverse Multiplexing over ATM 10-29 IMA Configuration Guidelines 10-30 Configuring an IMA Link Bundle 10-33 Configuring IMA Group Parameters 10-34 Verifying the IMA Configuration 10-36 Configuring Clocking 10-37 BITS Clock Support—Receive and Distribute—CEoP SPA on SIP-400 10-37 Configuring Clock Recovery 10-40 Verifying Clock Recovery 10-41 Configuring Out-of-Band Clocking 10-42 Configuring CEM Parameters 10-50 Configuring Payload Size (Optional) 10-50 Setting the Dejitter Buffer Size 10-51 Setting the Idle Pattern (Optional) 10-51 Enabling Dummy Mode 10-51 Setting the Dummy Pattern 10-51 Shutting Down a CEM Channel 10-51 Configuring Access Circuit Redundancy on CEoP and ATM SPAs 10-51 Restrictions and Usage Guidelines 10-51 Configuring the ACR Group 10-52 Show Commands 10-56 Contents xi Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Troubleshooting the ACR configuration 10-56 Configuring Layer 3 QoS on CEoP SPAs 10-57 Configuring AIS and RAI Alarm Forwarding in CESoPSN Mode on CEoP SPAs 10-61 Configuring SONET Mode 10-62 Configuring SDH AU-4 Mode 10-62 Configuring SDH AU-3 Mode 10-63 Configuring T1 Mode 10-63 Configuring E1 Mode 10-63 Configuration Restrictions 10-64 MR-APS Integration with Hot Standby Pseudowire 10-64 Failover Operations 10-65 Restrictions 10-66 Configuring MR-APS Integration with Hot Standby Pseudowire 10-67 Verification 10-81 Troubleshooting Tips 10-82 Verifying the Interface Configuration 10-82 Overview of the Ethernet SPAs 11-1 Release History 11-1 Supported Ethernet SPA 11-2 2-Port Gigabit Synchronous Ethernet SPA 11-2 Supported Features 11-3 1588V2 Overview 11-4 Time of Day (TOD) 11-6 Precision Time Protocol (PTP) 11-8 Synchronous Ethernet 11-16 SSM and ESMC 11-18 Restrictions 11-19 Supported MIBs 11-20 SPA Architecture 11-21 Path of a Packet in the Ingress Direction 11-21 Path of a Packet in the Egress Direction 11-21 Displaying the SPA Hardware Type 11-22 Example of the show hw-module subslot transceiver Command 11-22 Example of the show interfaces Command 11-22 Contents xii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Configuring the Fast Ethernet and Gigabit Ethernet SPAs 12-1 Configuration Tasks 12-1 Required Configuration Tasks 12-2 Specifying the Interface Address on a SPA 12-4 Modifying the MAC Address on the Interface 12-5 Configuring HSRP 12-6 Customizing VRRP 12-6 Modifying the Interface MTU Size 12-9 Configuring the Encapsulation Type 12-11 Configuring Autonegotiation on an Interface 12-11 Configuring an Ethernet VLAN 12-13 Configuring a Subinterface on a VLAN 12-13 Configuring Layer 2 Switching Features 12-15 Configuring Flow Control Support on the Link 12-21 Configuring 2-Port Gigabit Synchronous Ethernet SPA in Unicast Mode 12-23 Configuring 2-Port Gigabit Synchronous Ethernet SPA in Unicast Neg Mode 12-24 Configuring 2-Port Gigabit Synchronous Ethernet SPA in Multicast Mode 12-25 Configuring ToD on 1588V2 Master 12-26 Configuring ToD on 1588V2 Slave 12-27 Configuring Boundary Clock for 2-Port Gigabit Synchronous Ethernet SPA on Cisco 7600 SIP-400 12-29 Configuring Network Clock for 2-Port Gigabit Synchronous Ethernet SPA on Cisco 7600 SIP-400 12-29 Configuring EtherChannels 12-46 Configuring Virtual Private LAN Service (VPLS) and Hierarchical VPLS 12-46 Configuring Connectivity Fault Management (CFM) 12-46 Configuring Maintenance Domains and Maintenance Points 12-49 Configuring CFM in the EVC 12-51 Sample Configuration 12-53 Verifying Ethernet CFM Configuration 12-55 Debugging the Ethernet CFM Configuration 12-56 Configuring Ethernet Operations, Administration, and Maintenance 12-60 Configuring IP Subscriber Awareness over Ethernet 12-78 Configuring a Backup Interface for Flexible UNI 12-79 Flexible QinQ Mapping and Service Awareness on the 1-Port 10-Gigabit Ethernet SPA 12-85 Troubleshooting 12-92 Configuring MultiPoint Bridging over Ethernet on the 1-Port 10-Gigabit Ethernet SPA 12-93 Contents xiii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Configuring QoS on Ethernet SPAs 12-99 Saving the Configuration 12-103 Shutting Down and Restarting an Interface on a SPA 12-103 Verifying the Interface Configuration 12-104 Configuration Examples 12-105 Basic Interface Configuration Example 12-105 MAC Address Configuration Example 12-105 MAC Address Accounting Configuration Example 12-106 HSRP Configuration Example 12-106 MTU Configuration Example 12-108 VLAN Configuration Example 12-108 AToM over GRE Configuration Example 12-109 mVPNoGRE Configuration Examples 12-110 EoMPLS Configuration Example 12-111 Backup Interface for Flexible UNI Configuration Example 12-111 Changing the Speed of a Fast Ethernet SPA Configuration Example 12-114 Ethernet OAM Configuration Example 12-116 Troubleshooting the Fast Ethernet and Gigabit Ethernet SPAs 13-1 General Troubleshooting Information 13-1 Using debug Commands 13-1 Using show Commands 13-2 Performing Basic Interface Troubleshooting 13-2 Verifying the Interface Is Up 13-5 Verifying the Line Protocol Is Up 13-6 Verifying Output Hang Status 13-6 Verifying the CRC Counter 13-6 Verifying Late Collisions 13-6 Verifying the Carrier Signal 13-7 Understanding SPA Automatic Recovery 13-7 When Automatic Recovery Occurs 13-7 If Automatic Recovery Fails 13-7 Configuring the Interface for Internal and External Loopback 13-8 Configuring the Interface for Internal Loopback 13-8 Configuring the Interface for External Loopback 13-8 Verifying Loopback Status 13-8 Using the Cisco IOS Event Tracer to Troubleshoot Problems 13-9 Contents xiv Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preparing for Online Insertion and Removal of a SPA 13-10 Overview of the POS SPAs 14-1 Release History 14-1 POS Technology Overview 14-2 Supported Features 14-2 SONET/SDH Compliance Features 14-3 SONET/SDH Error, Alarm, and Performance Monitoring Features 14-3 SONET/SDH Synchronization Features 14-4 WAN Protocol Features 14-4 Network Management Features 14-5 Restrictions 14-5 Supported MIBs 14-6 SPA Architecture 14-7 4-Port OC-3c/STM-1 POS SPA Architecture 14-7 1-Port OC-192c/STM-64 POS/RPR XFP SPA Architecture 14-8 2-Port OC-48c/STM-16 POS SPA Architecture 14-9 Displaying the SPA Hardware Type 14-10 Example of the show idprom Command 14-11 Example of the show interfaces Command 14-12 Example of the show controllers Command 14-12 Configuring the POS SPAs 15-1 Configuration Tasks 15-1 Specifying the Interface Address on a SPA 15-2 Modifying the Interface MTU Size 15-2 Modifying the POS Framing 15-3 Modifying the Keepalive Interval 15-5 Modifying the CRC Size 15-6 Modifying the Clock Source 15-6 Modifying SONET Payload Scrambling 15-8 Configuring the Encapsulation Type 15-8 Configuring APS 15-9 Configuring POS Alarm Trigger Delays 15-10 Configuring SDCC 15-13 Saving the Configuration 15-14 Shutting Down and Restarting an Interface on a SPA 15-15 Contents xv Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Verifying the Interface Configuration 15-15 Verifying Per-Port Interface Status 15-15 Monitoring Per-Port Interface Statistics 15-16 Configuration Examples 15-16 Basic Interface Configuration Example 15-17 MTU Configuration Example 15-17 POS Framing Configuration Example 15-18 Keepalive Configuration Example 15-18 CRC Configuration Example 15-18 Clock Source Configuration Example 15-19 SONET Payload Scrambling Configuration Example 15-19 Encapsulation Configuration Example 15-19 APS Configuration Example 15-19 POS Alarm Trigger Delays Configuration Example 15-21 SDCC Configuration Example 15-21 Overview of the Serial SPAs 16-1 Release History 16-1 Supported Features 16-2 Restrictions 16-2 SPA Features 16-3 Supported MIBs 16-6 Displaying the SPA Hardware Type 16-8 Virtual Tributary Alarms 16-8 Examples of the show interface Command 16-9 Examples of the show controllers Command 16-10 Configuring the 8-Port Channelized T1/E1 SPA 17-1 Configuration Tasks 17-1 Required Configuration Tasks 17-1 Specifying the Interface Address on a SPA 17-6 Optional Configurations 17-6 Saving the Configuration 17-20 Verifying the Interface Configuration 17-20 Verifying Per-Port Interface Status 17-21 Configuration Examples 17-21 Framing and Encapsulation Configuration Example 17-21 Contents xvi Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 CRC Configuration Example 17-22 Facility Data Link Configuration Example 17-22 MLPPP Configuration Example 17-23 MFR Configuration Example 17-23 Invert Data on the T1/E1 Interface Example 17-24 Configuring the 2-Port and 4-Port Clear Channel T3/E3 SPAs 18-1 Configuration Tasks 18-1 Required Configuration Tasks 18-2 Specifying the Interface Address on a SPA 18-5 Optional Configurations 18-5 Verifying the Interface Configuration 18-17 Verifying Per-Port Interface Status 18-18 Monitoring Per-Port Interface Statistics 18-18 Configuration Examples 18-19 DSU Configuration Example 18-19 MDL Configuration Example 18-20 Scrambling Configuration Example 18-20 Framing Configuration Example 18-20 Encapsulation Configuration Example 18-21 Cable Length Configuration Example 18-21 Invert Data Configuration Example 18-21 Trace Trail Buffer Configuration Example 18-21 Configuring the 2-Port and 4-Port Channelized T3 SPAs 19-1 Configuration Tasks 19-1 Required Configuration Tasks 19-2 Specifying the Interface Address on a SPA 19-7 Optional Configurations 19-8 Saving the Configuration 19-25 Verifying the Interface Configuration 19-25 Verifying Per-Port Interface Status 19-26 Configuration Examples 19-28 DSU Configuration Example 19-28 MDL Configuration Example 19-28 Encapsulation Configuration Example 19-29 Framing—Unchannelized Mode Configuration Example 19-29 Facility Data Link Configuration Example 19-29 Contents xvii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Scrambling Configuration Example 19-29 Creating a Multilink Bundle Configuration Example 19-30 Assigning a T1 Interface to a Multilink Bundle Configuration Example 19-30 Configuring 1-Port ChOC-3/STM-1 and ChOC-12 / STM-4 SPAs 20-1 Configuration Tasks 20-1 Required Configuration Tasks 20-2 Selection of Physical Port and Controller Configuration 20-2 Optional Configurations 20-15 Saving the Configuration 20-26 Verifying the Interface Configuration 20-26 Verifying Per-Port Interface Status 20-26 Configuration Tasks 20-27 Configuring CRTP 20-27 Stateful MLPPP MR-APS 20-27 MR-APS Deployment 20-28 Inter Chassis Redundancy Manager 20-28 Automatic Protection Switching 20-29 Failure Protection Scenarios 20-29 Restrictions for Stateful MLPPP with MR-APS Inter-Chassis Redundancy 20-33 Configuring Stateful MLPPP with MR-APS Inter-Chassis Redundancy 20-33 Removing Stateful MLPPP with MR-APS Inter-Chassis Redundancy 20-53 Verification 20-56 Troubleshooting Tips 20-59 Cisco 1-Port Channelized OC-48/DS3 STM-16 SPA 21-1 Modes and Sub-modes Supported on the Cisco 1-Port Channelized OC-48/DS3 STM-16 SPA 21-1 Interface Naming 21-2 LED States 21-2 Restrictions for Cisco 1-Port Channelized OC-48/DS3 STM-16 SPA 21-3 Configuring Cisco 1-Port Channelized OC-48/DS3 STM-16 SPA 21-3 Configuring Interfaces Using SONET Framing 21-3 Configuring Interfaces with SDH Framing 21-7 Configuring BER Testing 21-17 Sending a BERT Pattern on a DS3/E3 Interface 21-18 Inserting Errors in BERT 21-18 Displaying a BERT 21-18 Contents xviii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Terminating a BERT 21-20 Verification 21-20 Configuring the 4-Port Serial Interface SPA 22-1 Configuration Tasks 22-1 Configuring the 4-Port Serial Interface SPA 22-1 Specifying the Interface Address on a SPA 22-2 Verifying the Configuration 22-3 Optional Configurations 22-9 Saving the Configuration 22-22 Verifying the Interface Configuration 22-22 Verifying Per-Port Interface Status 22-22 Configuration Examples 22-23 Inverting the Clock Signal Configuration Example 22-23 NRZI Format Configuration Example 22-23 Cyclic Redundancy Checks Configuration Example 22-24 Encapsulation Configuration Example 22-24 Distributed Multilink PPP Configuration Example 22-24 MLFR Configuration Example 22-24 Bridging Control Protocol Support Configuration Example 22-24 BCP on MLPPP Configuration Example 22-25 Troubleshooting the Serial SPAs 23-1 General Troubleshooting Information 23-1 Interpreting Console Error Messages 23-1 Using debug Commands 23-2 Using show Commands 23-2 Performing Basic Interface Troubleshooting 23-2 Serial Lines: show interfaces serial Status Line Conditions 23-3 Serial Lines: Increasing Output Drops on Serial Link 23-7 Serial Lines: Increasing Input Drops on Serial Link 23-8 Serial Lines: Increasing Input Errors in Excess of 1 Percent of Total Interface Traffic 23-9 Serial Lines: Troubleshooting Serial Line Input Errors 23-9 Serial Lines: Increasing Interface Resets on Serial Link 23-12 Serial Lines: Increasing Carrier Transitions Count on Serial Link 23-13 Using Bit Error Rate Tests 23-14 Configuring a BER Test 23-15 Contents xix Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Viewing a BER Test 23-15 Interpreting BER Test Results 23-15 Using loopback Commands 23-16 Using the Cisco IOS Event Tracer to Troubleshoot Problems 23-18 Preparing for Online Insertion and Removal of a SPA 23-18 Overview of the IPSec VPN SPA 24-1 Release History 24-1 Overview of the IPSec VPN SPAs 24-4 Overview of Basic IPSec and IKE Configuration Concepts 24-5 Information About IPSec Configuration 24-5 Information About IKE Configuration 24-6 Configuring VPNs with the IPSec VPN SPAs 24-7 Crypto-Connect Mode 24-7 VRF Mode 24-8 IPSec Feature Support 24-8 IPSec Features Common To All VPN Modes 24-9 IPSec Features in Crypto-Connect Mode 24-17 IPSec Features in VRF Mode 24-18 Interoperability for SPA-IPSEC-2G IPSEC VPN SPA 24-20 Restrictions 24-23 Supported MIBs 24-24 IPSec VPN SPA Hardware Configuration Guidelines 24-25 Displaying the SPA Hardware Type 24-25 Example of the show module Command 24-26 Example of the show crypto eli Command 24-26 Configuring VPNs in Crypto-Connect Mode 25-1 Configuring Ports in Crypto-Connect Mode 25-2 Understanding Port Types in Crypto-Connect Mode 25-2 Crypto-Connect Mode Configuration Guidelines and Restrictions 25-5 Configuring the IPSec VPN SPA Inside Port and Outside Port 25-7 Configuring an Access Port 25-8 Configuring a Routed Port 25-11 Configuring a Trunk Port 25-15 Configuring IPSec VPN SPA Connections to WAN Interfaces 25-20 Contents xx Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Displaying the VPN Running State 25-21 Configuring GRE Tunneling in Crypto-Connect Mode 25-21 Understanding GRE Tunneling in Crypto-Connect Mode 25-21 Configuring the GRE Takeover Criteria 25-23 Configuring IP Multicast over a GRE Tunnel 25-26 Configuration Examples 25-28 Access Port in Crypto-Connect Mode Configuration Example 25-29 Routed Port in Crypto-Connect Mode Configuration Example 25-31 Trunk Port in Crypto-Connect Mode Configuration Example 25-34 IPSec VPN SPA Connections to WAN Interfaces Configuration Examples 25-36 GRE Tunneling in Crypto-Connect Mode Configuration Example 25-40 GRE Takeover Criteria Configuration Examples 25-42 IP Multicast over a GRE Tunnel Configuration Example 25-43 Configuring VPNs in VRF Mode 26-1 Configuring VPNs in VRF Mode 26-1 Understanding VPN Configuration in VRF Mode 26-3 VRF Mode Configuration Guidelines and Restrictions 26-4 Configuring VPNs in VRF Mode without Tunnel Protection 26-6 Configuring VPNs in VRF Mode with Tunnel Protection (GRE) 26-11 Configuring an IPSec Virtual Tunnel Interface 26-16 IPSec Virtual Tunnel Interface Configuration Guidelines and Restrictions 26-16 Configuring an IPSec Static Tunnel 26-17 Verifying the IPSec Virtual Tunnel Interface Configuration 26-20 Configuring VTI in the Global Context 26-21 Configuration Examples 26-21 VRF Mode Basic Configuration Example 26-22 VRF Mode Remote Access Using Easy VPN Configuration Example 26-25 VRF Mode PE Configuration Example 26-27 VRF Mode CE Configuration Example 26-30 VRF Mode Tunnel Protection Configuration Example 26-32 IP Multicast in VRF Mode Configuration Example 26-33 IPSec Virtual Tunnel Interfaces Configuration Examples 26-35 Contents xxi Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Configuring IPSec VPN Fragmentation and MTU 27-1 Understanding IPSec VPN Fragmentation and MTU 27-1 Overview of Fragmentation and MTU 27-1 IPSec Prefragmentation 27-3 Fragmentation in Different Modes 27-3 Configuring IPSec Prefragmentation 27-9 IPSec Prefragmentation Configuration Guidelines 27-9 Configuring IPSec Prefragmentation Globally 27-10 Configuring IPSec Prefragmentation at the Interface 27-11 Verifying the IPSec Prefragmentation Configuration 27-11 Configuring MTU Settings 27-12 MTU Settings Configuration Guidelines and Restrictions 27-12 Changing the Physical Egress Interface MTU 27-13 Changing the Tunnel Interface MTU 27-13 Changing the Interface VLAN MTU 27-13 Verifying the MTU Size 27-13 Configuring IKE Features Using the IPSec VPN SPA 28-1 Overview of IKE 28-2 Configuring Advanced Encryption Standard in an IKE Policy Map 28-2 Verifying the AES IKE Policy 28-3 Configuring ISAKMP Keyrings 28-4 ISAKMP Keyrings Configuration Guidelines and Restrictions 28-4 Limiting an ISAKMP Profile to a Local Termination Address or Interface 28-4 Limiting a Keyring to a Local Termination Address or Interface 28-5 Configuring Certificate to ISAKMP Profile Mapping 28-6 Certificate to ISAKMP Profile Mapping Configuration Guidelines and Restrictions 28-6 Mapping the Certificate to the ISAKMP Profile 28-6 Verifying the Certificate to ISAKMP Profile Mapping Configuration 28-6 Assigning the Group Name to the Peer 28-12 Verifying the Group Name to Peer Assignation Configuration 28-12 Configuring an Encrypted Preshared Key 28-13 Encrypted Preshared Key Configuration Guidelines and Restrictions 28-13 Configuring an Encrypted Preshared Key 28-14 Verifying the Encrypted Preshared Key Configuration 28-14 Configuring Call Admission Control for IKE 28-15 Configuring the IKE Security Association Limit 28-16 Contents xxii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Configuring a System Resource Limit 28-16 Clearing Call Admission Statistics 28-16 Verifying the Call Admission Control for IKE Configuration 28-17 Configuring Dead Peer Detection 28-17 DPD Configuration Guidelines and Restrictions 28-18 Configuring a Dead Peer Detection Message 28-19 Verifying the DPD Configuration 28-19 Understanding IPSec NAT Transparency 28-19 IPSec NAT Transparency Configuration Guidelines and Restrictions 28-20 Configuring NAT Transparency 28-20 Disabling NAT Transparency 28-20 Configuring NAT Keepalives 28-20 Verifying the NAT Configuration 28-21 Configuration Examples 28-22 Advanced Encryption Standard Configuration Example 28-22 ISAKMP Keyrings Configuration Examples 28-22 Certificate to ISAKMP Profile Mapping Configuration Examples 28-23 Encrypted Preshared Key Configuration Example 28-23 Call Admission Control for IKE Configuration Examples 28-24 Dead Peer Detection Configuration Examples 28-24 ISAKMP NAT Keepalive Configuration Example 28-24 Configuring Enhanced IPSec Features Using the IPSec VPN SPA 29-1 Overview of Enhanced IPSec Features 29-2 Configuring Advanced Encryption Standard in a Transform Set 29-2 Verifying the AES Transform Set 29-2 Configuring Reverse Route Injection 29-3 RRI Configuration Guidelines and Restrictions 29-3 Configuring RRI Under a Static Crypto Map 29-4 Configuring RRI Under a Dynamic Crypto Map 29-5 Configuring the IPSec Anti-Replay Window Size 29-6 Expanding the IPSec Anti-Replay Window Size Globally 29-6 Expanding the IPSec Anti-Replay Window at the Crypto Map Level 29-7 Verifying the IPSec Anti-Replay Window Size Configuration at the Crypto Map Level 29-7 Disabling the IPSec Anti-Replay Checking 29-8 Configuring an IPSec Preferred Peer 29-8 IPSec Preferred Peer Configuration Guidelines and Restrictions 29-9 Contents xxiii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Configuring a Default Peer 29-10 Configuring the IPSec Idle Timer with a Default Peer 29-11 Configuring IPSec Security Association Idle Timers 29-12 IPSec Security Association Idle Timer Configuration Guidelines 29-12 Configuring the IPSec SA Idle Timer Globally 29-12 Configuring the IPSec SA Idle Timer per Crypto Map 29-13 Configuring Distinguished Name-Based Crypto Maps 29-13 Distinguished Name-Based Crypto Map Configuration Guidelines and Restrictions 29-14 Configuring QoS on the SPA-IPSEC-2G IPSEC VPN SPA 29-15 QoS Configuration Guidelines and Restrictions 29-16 Configuring QoS on the WS-IPSEC-3 IPSEC VSPA 29-17 Using the Module QoS Features of the WS-IPSEC-3 IPSEC VSPA 29-18 Using the Carrier QoS Features of the SSC-600 29-22 QoS Configuration Examples 29-24 Configuring Sequenced Crypto ACLs 29-33 Configuring Deny Policy Enhancements for Crypto ACLs 29-33 Deny Policy Enhancements for Crypto ACLs Configuration Guidelines and Restrictions 29-33 Configuration Examples 29-34 Advanced Encryption Standard Configuration Example 29-34 Reverse Route Injection Configuration Examples 29-34 IPSec Anti-Replay Window Size Configuration Examples 29-36 IPSec Preferred Peer Configuration Examples 29-38 IPSec Security Association Idle Timer Configuration Examples 29-38 Distinguished Name-Based Crypto Maps Configuration Example 29-39 QoS Configuration Example 29-40 Deny Policy Enhancements for ACLs Configuration Example 29-40 Configuring PKI Using the IPSec VPN SPA 30-1 Overview of PKI 30-2 Configuring Multiple RSA Key Pairs 30-3 Multiple RSA Key Pairs Configuration Guidelines and Restrictions 30-3 Removing RSA Key Pair Settings 30-4 Verifying RSA Key Information 30-4 Configuring Protected Private Key Storage 30-5 Protected Private Key Storage Configuration Guidelines and Restrictions 30-6 Configuring Private Keys 30-6 Verifying the Protected and Locked Private Keys 30-8 Contents xxiv Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Configuring a Trustpoint CA 30-8 Trustpoint CA Configuration Guidelines and Restrictions 30-9 Verifying a Trustpoint CA 30-10 Configuring Query Mode Definition Per Trustpoint 30-11 Query Mode Definition Per Trustpoint Configuration Guidelines and Restrictions 30-12 Verifying Query Mode Definition Per Trustpoint CA 30-13 Configuring a Local Certificate Storage Location 30-14 Local Certificate Storage Location Configuration Guidelines and Restrictions 30-14 Specifying a Local Storage Location for Certificates 30-15 Verifying the Local Certificate Storage Location Configuration 30-15 Configuring Direct HTTP Enroll with CA Servers (Reenroll Using Existing Certificates) 30-16 Direct HTTP Enroll with CA Servers Configuration Guidelines and Restrictions 30-16 Configuring an Enrollment Profile for a Client Router 30-17 Configuring an Enrollment Profile for a Client Router Enrolled with a Third-Party Vendor CA 30-18 Configuring the CA to Accept Enrollment Requests from Clients of a Third-Party Vendor CA 30-20 Configuring Manual Certificate Enrollment (TFTP and Cut-and-Paste) 30-22 Manual Certificate Enrollment (TFTP and Cut-and-Paste) Configuration Guidelines and Restrictions 30-22 Configuring Manual Enrollment Using TFTP 30-22 Configuring Certificate Enrollment Using Cut-and-Paste 30-24 Verifying the Manual Certificate Enrollment Configuration 30-24 Configuring Certificate Autoenrollment 30-26 Preloading Root CAs 30-28 Verifying CA Information 30-29 Configuring Key Rollover for Certificate Renewal 30-30 Key Rollover for Certificate Renewal Configuration Guidelines and Restrictions 30-30 Configuring Automatic Certificate Enrollment with Key Rollover 30-31 Configuring Manual Certificate Enrollment with Key Rollover 30-33 Configuring PKI: Query Multiple Servers During Certificate Revocation Check 30-36 Configuring the Online Certificate Status Protocol 30-37 OCSP Configuration Guidelines and Restrictions 30-37 Verifying the OCSP Configuration 30-38 Configuring Optional OCSP Nonces 30-41 Disabling OCSP Nonces 30-41 Configuring Certificate Security Attribute-Based Access Control 30-41 Certificate Security Attribute-Based Access Control Configuration Guidelines and Restrictions 30-42 Contents xxv Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Verifying Certificate-Based ACLs 30-44 Configuring PKI AAA Authorization Using the Entire Subject Name 30-45 PKI AAA Authorization Using the Entire Subject Name Configuration Guidelines and Restrictions 30-45 Configuring Source Interface Selection for Outgoing Traffic with Certificate Authority 30-47 Configuring Persistent Self-Signed Certificates 30-48 Persistent Self-Signed Certificates Configuration Guidelines and Restrictions 30-49 Configuring a Trustpoint and Specifying Self-Signed Certificate Parameters 30-50 Enabling the HTTPS Server 30-51 Verifying the Persistent Self-Signed Certificate Configuration 30-51 Configuring Certificate Chain Verification 30-52 Certificate Chain Verification Configuration Guidelines and Restrictions 30-52 Configuration Examples 30-53 Multiple RSA Key Pairs Configuration Example 30-53 Protected Private Key Storage Configuration Examples 30-54 Trustpoint CA Configuration Example 30-54 Query Mode Definition Per Trustpoint Configuration Example 30-54 Local Certificate Storage Location Configuration Example 30-55 Direct HTTP Enrollment with CA Servers Configuration Examples 30-55 Manual Certificate Enrollment Configuration Examples 30-56 Certificate Autoenrollment Configuration Example 30-59 Key Rollover for Certificate Renewal Configuration Examples 30-60 PKI: Query Multiple Servers During Certificate Revocation Check (CDP Override) Configuration Example 30-61 Online Certificate Status Protocol Configuration Examples 30-61 Optional OCSP Nonces Configuration Example 30-62 Certificate Security Attribute-Based Access Control Configuration Example 30-62 PKI AAA Authorization Using the Entire Subject Name Configuration Example 30-63 Source Interface Selection for Outgoing Traffic with Certificate Authority Configuration Example 30-63 Persistent Self-Signed Certificates Configuration Examples 30-64 Certificate Chain Verification Configuration Examples 30-65 Configuring Advanced VPNs Using the IPSec VPN SPA 31-1 Overview of Advanced VPNs 31-2 Configuring DMVPN 31-2 DMVPN Configuration Guidelines and Restrictions 31-2 DMVPN Prerequisites 31-3 Contents xxvi Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Configuring an IPSec Profile 31-4 Configuring the Hub for DMVPN in VRF Mode 31-5 Configuring the Hub for DMVPN in Crypto-Connect Mode 31-7 Configuring the Spoke for DMVPN in VRF Mode 31-8 Configuring the Spoke for DMVPN in Crypto-Connect Mode 31-10 Verifying the DMVPN Configuration 31-12 Configuring the Easy VPN Server 31-15 Easy VPN Server Configuration Guidelines and Restrictions 31-15 Configuring the Easy VPN Remote 31-16 Easy VPN Remote Configuration Guidelines 31-16 Configuring Easy VPN Remote RSA Signature Storage 31-16 Easy VPN Remote RSA Signature Support Configuration Guidelines and Restrictions 31-17 Configuring Easy VPN Remote RSA Signature Support 31-17 Configuration Examples 31-17 DMVPN Configuration Examples 31-18 Easy VPN Server (Router Side) Configuration Example 31-22 Configuring Duplicate Hardware and IPSec Failover Using the IPSec VPN SPA 32-1 Overview of Duplicate Hardware Configurations and IPSec Failover 32-2 Configuring Multiple IPSec VPN SPAs in a Chassis 32-2 Understanding Stateless Failover Using HSRP 32-3 Understanding Stateful Failover Using HSRP and SSP 32-3 Configuring IPSec Failover 32-4 Configuring IPSec Stateless Failover Using HSRP with Crypto-Connect Mode 32-5 Configuring IPSec Stateful Failover Using HSRP and SSP with Crypto-Connect Mode 32-11 Configuring IPSec Stateless and Stateful Failover with VRF Mode 32-18 Verifying HSRP Configurations 32-18 Displaying SSP Information 32-21 Configuring Intrachassis IPSec Stateful Failover Using a Blade Failure Group 32-22 IPSec Stateful Failover Using a BFG Configuration Guidelines and Restrictions 32-22 Configuring a BFG for IPSec Stateful Failover 32-23 Verifying the IPSec Stateful Failover Using a BFG Configuration 32-23 Configuration Examples 32-24 Multiple IPSec VPN SPAs in a Chassis Configuration Example 32-24 IPSec Stateless Failover Using HSRP with Crypto-Connect Mode Configuration Examples 32-27 IPSec Stateful Failover Using HSRP and SSP with Crypto-Connect Mode Configuration Example 32-29 IPSec Stateless Failover Using HSRP with VRF Mode Configuration Example 32-33 Contents xxvii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 IPSec Stateful Failover Using HSRP with VRF Mode Configuration Example 32-34 IPSec Stateful Failover Using a Blade Failure Group Configuration Example 32-38 Configuring Monitoring and Accounting for the IPSec VPN SPA 33-1 Overview of Monitoring and Accounting for the IPSec VPN SPA 33-2 Monitoring and Managing IPSec VPN Sessions 33-2 Adding the Description of an IKE Peer 33-2 Verifying Peer Descriptions 33-3 Getting a Summary Listing of Crypto Session Status 33-3 Syslog Notification for Crypto Session Up or Down Status 33-4 Clearing a Crypto Session 33-4 Configuring IPSec VPN Accounting 33-5 Configuring IPSec and IKE MIB Support for Cisco VRF-Aware IPSec 33-9 MIBs Supported by the IPSec and IKE MIB Support for Cisco VRF-Aware IPSec Feature 33-9 Configuring IPSec and IKE MIB Support for Cisco VRF-Aware IPSec 33-9 Configuration Examples 33-10 IPSec VPN Accounting Configuration Example 33-10 IPSec VPN Monitoring Configuration Example 33-11 Troubleshooting the IPSec VPN SPA 34-1 General Troubleshooting Information 34-1 Interpreting Console Error Messages 34-2 Using debug Commands 34-2 Using show Commands 34-2 Monitoring the IPSec VPN SPA 34-3 Displaying IPSec VPN SPA Hardware and System Information 34-3 Displaying IPSec VPN SPA Configuration Information 34-6 Troubleshooting Specific Problems on the IPSec VPN SPA 34-24 Clearing IPsec Security Associations 34-24 Troubleshooting Trunk Port Configurations 34-24 Troubleshooting IPsec Stateful Failover (VPN High Availability) 34-25 Troubleshooting a Blade Failure Group 34-27 Troubleshooting IKE Policy and Transform Sets 34-27 Using Crypto Conditional Debug 34-27 Crypto Conditional Debug Configuration Guidelines and Restrictions 34-29 Enabling Crypto Conditional Debug Filtering 34-29 Contents xxviii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Disabling Crypto Conditional Debugging 34-29 Enabling Crypto Error Debug Messages 34-30 Preparing for Online Insertion and Removal of a SPA 34-30 Upgrading Field-Programmable Devices 35-1 Release History 35-1 FPD Quick Upgrade 35-2 FPD Quick Upgrade Before Upgrading your Cisco IOS Release (Recommended) 35-2 FPD Quick Upgrade After Upgrading your Cisco IOS Release 35-2 Overview of FPD Images and Packages 35-3 Upgrading FPD Images 35-3 Migrating to a Newer Cisco IOS Release 35-3 Upgrading FPD Images in a Production System 35-5 Upgrading FPD Images Using Fast Software Upgrade 35-6 Optional FPD Procedures 35-6 FPD Image Upgrade Examples 35-13 Troubleshooting Problems with FPD Image Upgrades 35-16 Power Failure or Removal of a SIP or SPA During an FPD Image Upgrade 35-16 I N D E X xxix Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface This preface describes the objectives and organization of this document and explains how to find additional information on related products and services. This preface contains the following sections: • Objectives • Document Revision History • Organization • Related Documentation • Document Conventions • Obtaining Documentation, Obtaining Support, and Security Guidelines Objectives This document describes the configuration and troubleshooting of SPA interface processors (SIPs), SPA services cards (SSCs), and shared port adapters (SPAs) that are supported on a Cisco 7600 series router. Document Revision History The Document Revision History records technical changes to this document. The table shows the Cisco IOS software release number and document revision number for the change, the date of the change, and a brief summary of the change. xxx Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface Release No. Revision Date Change Summary 15.2(1)S OL-5070-30 November 2011 Added support for the following features: • Frame Relay Fragmentation (FRF.12), page 4-22 in Chapter 4, “Configuring the SIPs and SSC”. • Added Chapter 21, “Cisco 1-Port Channelized OC-48/DS3 STM-16 SPA.” • N:1 PVC Mapping to Pseudowires with Non-Unique VPI, page 7-101 in Chapter 7, “Configuring the ATM SPAs” • Multi Router Automatic Protection Switching (MR-APS) Integration with Hot Standby Pseudowire, page 7-89 in Chapter 7, “Configuring the ATM SPAs.” • Updated Configuring Multipoint Bridging, page 4-36 in Chapter 4, “Configuring the SIPs and SSC”. 15.1(3) S1 OL-5070-29 October 2011 • Updated Chapter 24, “Overview of the IPSec VPN SPA” with support information for WS-IPSEC-3 SPA and also Chapter 29, “Configuring Enhanced IPSec Features Using the IPSec VPN SPA”. • Updated the configuration steps in Chapter 4, “Configuring IPv6 Hop-by-Hop Header Security on SIP-200 or SIP-400.” 12.2(33) SRE5 OL-5070-28 September 2011 Updated Cisco 7600 SIP 200 configuration restrictions in Chapter 16, “Overview of the Serial SPAs”. 15.1(2) S2 OL-5070-27 August 2011 Updated Cisco 7600 SIP 200 configuration restrictions in Chapter 16, “Overview of the Serial SPAs”. 15.1(3)S OL-5070-26 July 2011 Added support for the following features: • L2TPv3 configuration in Chapter 7, “Configuring the ATM SPAs”. • Stateful MLPPP MR-APS feature in Chapter 20, “Configuring 1-Port ChOC-3/STM-1 and ChOC-12 / STM-4 SPAs,”. 15.0(1)S3a OL-5070-25 April 2011 Support added to disable Network Processor crashinfo for all the Network Processor exception in Chapter 3, “Overview of the SIPs and SSC.” xxxi Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface 15.1(2)S OL-5070-24 March 2011 Added support for the following features: • Circuit Emulation Service over UDP in Chapter 9, “Overview of the CEoP and Channelized ATM SPAs” • L3 QoS on CEoP SPAs in Chapter 10, “Configuring the CEoP and Channelized ATM S PAs ” 15.1(1)S1 OL-5070-23 February 2011 • Extended support for the limitation to avoid console flooding in Chapter 5, “Troubleshooting the SIPs and SSC” • Added new CLI options for configuring hardware timer to bring up controller in SONET/SDH Error, Alarm, and Performance Monitoring section in the Chapter 9, “Overview of the CEoP and Channelized ATM S PAs .” 12.2 (33) SRE3 OL-5070-22 January 2011 • Added new CLI options for configuring hardware timer to bring up controller in SONET/SDH Error, Alarm, and Performance Monitoring section in the Chapter 9, “Overview of the CEoP and Channelized ATM S PAs .” • Support added to disable Network Processor crashinfo for all the Network Processor exception in Chapter 3, “Overview of the SIPs and SSC.” 12.2 (33) SRD6 OL-5070-21 December 2010 Extended support for the limitation to avoid console flooding in Chapter 5, “Troubleshooting the SIPs and SSC” 15.0(1) S2 OL-5070-20 December 2010 Added limitation to avoid console flooding in Chapter 5, “Troubleshooting the SIPs and SSC” xxxii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface 15.1(1)S OL-5070-19 November 2010 • Added adaptive clock recovery support for 2XT3E3 CE/ATM SPA in Configuring Clocking, page 37. • Updated Chapter 3, Overview of the SIPs and SSC. Added support for the HSPW feature. • Updated Chapter 10, Configuring the CEoP and Channelized ATM SPAs to include the IMA Scalability, configuring access circuit redundancy on CEoP and ATM SPAs, and E3 and Channelization support for SPA-2CHT3-CE-ATM feature. • Updated Chapter 11, Overview of the Ethernet SPAs with 1588-V2 feature enhancements feature. • Updated Chapter 14, Overview of the POS SPAs and Chapter 16, Overview of the SIPs and SSC with SSM support on SPA-1XCHOC12/DS0 and SPA-1XOC48POS/RPR feature • Updated Chapter 20, Configuring 1-Port ChOC-3/STM-1 and ChOC-12 / STM-4 SPAs with SDH support for SPA-1XCHSTM4/OC12 feature. 12.2(33)SRD5 OL-5070-18 October 2010 Added troubleshooting information for: • Layer 2 features in Chapter 12, “Configuring the Fast Ethernet and Gigabit Ethernet SPAs”. • MPLS VPN 15.0(1) S OL-5070-17 July 2010 Added support for: • ONS-SC-OC3-EL support on POS OC3 SPAs to Modular Optics Compatibility, page 6 and SIP, SSC, and SPA Compatibility, page 4. • SPA-1xOC3-ATM-V2, SPA-3xOC3-ATM-V2 and SPA-1xOC12-ATM-V2 Support on Cisco 7600 SIP-400 • Non-Aggregate WRED ATM SPA • 2-Port Gigabit Synchronous Ethernet SPA • Added support for feature Configuring BFD over VCCV on SIP-400, page 75 in Chapter 4. • Added restriction for the 2-Port Gigabit Ethernet SPA. xxxiii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface 12.2 (33) SRE1 OL-5070-16 June 2010 • Added information that Priority percent is not supported for ATM SPAs in Table 4-15QoS Congestion Management and Avoidance Feature Compatibility by SIP and SPA Combination. 12.2 (33) SRE1 OL-5070-16 April 2010 • Added information indicating that SVI is not supported with MPLSoGRE. 12.2 (33) SRE1 OL-5070-16 April 2010 • Extended support for the following features: – Private Host on Pseudoport on CWAN cards in Chapter 4, “Configuration Tasks”. – Bridged Routing Encapsulation on Automatic Protection Service Group in Chapter 7, “Configuration Tasks”. 12.2 (33) SRD4 OL-5070-15 Februray 2010 • Support for the following features were introduced: – Private Host on Pseudoport on CWAN cards in Chapter 4, “Configuration Tasks”. Private Host on Pseudoport on CWAN cards was previously shared as a hidden documentation. For SRD4, it has been brought to the mainline documentation. – Bridged Routing Encapsulation on Automatic Protection Service Group in Chapter 7, “Configuration Tasks”. 12.2 (33) SRE OL-5070-14 December 2009 • Supervisor Engine Support for the IPSec VPN SPA was added. • Note added under the session Information About IPSec Configuration in the chapter Overview of the IPSec VPN SPA. xxxiv Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface 12.2(33)SRE OL-5070-14 November 2009 Support was added for: • STM1 Electrical SFP to SPA-1ChOC3-CE-ATM and SPA-1xCHSTM1/OC3 on 7600 in Modular Optics Compatibility, page 6 of Chapter 2, “SIP, SSC, and SPA Product Overview”. • XFP-10F-MM-SR for 10GE SPAs on the SIP400 and SIP600 in Modular Optics Compatibility, page 6 of Chapter 2, “SIP, SSC, and SPA Product Overview” • X2-DWDM and X2-10GB-LRM/ZR support on RSP720-10GE in Modular Optics Compatibility, page 6 of Chapter 2, “SIP, SSC, and SPA Product Overview”. • Access Circuit Redundancy on SIP400 2-Port and 4-Port OC-3c/STM-1 ATM SPA and QoS support (Chapter 7, “Configuring the ATM SPAs” added section Configuring Access Circuit Redundancy on SIP-400 ATM SPA s, page 65 • VC QoS on VP pseudowire. Added support for match atm-vci command to ATM VP interface in Cisco 7600 SIP-400 Classification Into a Queue, page 13 • Triple nesting QoS support on SIP-400 to add support for an additional level of policy-map nesting to Cisco 7600 SIP-400 Policing and Dropping, page 13 • RSP720-10GE on Cisco 7600-SSC-400 to SPA Services Cards, page 2 • VP and VC mode support on 7600/SIP400 for CEoP and 1-Port OC-48c/STM-16 ATM SPA to Chapter 9, “Overview of the CEoP and Channelized ATM SPAs” • IEEE IEEE 802.1ag Draft 8.1compliant Connectivity Fault Management on EVC (VPLS and pseudowire) on SIP-400 and SIP-600 in Cisco 7600 SIP-400 Features, page 11 and Cisco 7600 SIP-600 Features, page 16 • Updates to IPv6 Hop-by-Hop on SIP-200 to Cisco 7600 SIP-200 Other QoS Features, page 9 and Configuring IPv6 Hop-by-Hop Header Security on SIP-200 or SIP-400, page 142 xxxv Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface 12.2 (33) SRD3 OL-5070-13 September 2009 Support is added for Private Hosts SVI on CWAN linecards in Private Hosts SVI (Interface VLAN) Configuration Example, page 178 This version of the document with the Private Hosts feature is available only to a select set of customers. 12.2 (33) SRD3 OL-5070-12 September 2009 Support is added for: • IPv6 Hop-by-Hop Policing for SIP-200 in Configuring IPv6 Hop-by-Hop Header Security on SIP-200 or SIP-400, page 142 • AIS and RAI alarm forwarding in CESoPSN mode on CEoP SPA in Configuring AIS and RAI Alarm Forwarding in CESoPSN Mode on CEoP SPAs, page 61 • CeOP SPA updates in Chapter 9, “Overview of the CEoP and Channelized ATM SPAs” and Chapter 10, “Configuring the CEoP and Channelized ATM SPAs” 12.2 (33) SRD 2 OL-5070-11 May 2009 • Support was added for: – PPP/MLPPP APS performance enhancement in Chapter 20, “Configuring 1-Port ChOC-3/STM-1 and ChOC-12 / STM-4 SPAs” section Configuring APS, page 20 and Verifying the APS Configuration, page 22 – Support for new pluggable SFP ONS-SC-155-ELthe section Modular Optics Compatibility, page 6 of Chapter 2, “SIP, SSC, and SPA Compatibility” 12.2 (33) SRD1 OL-5050-10 February 2009 • Support was added for: – 1xCHOC12STM4 SPA – IPv6 Hop-by-Hop xxxvi Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface 12.2 (33) SRD OL-5050-10 October, 2008 • Support was added for the following features: – IMA on SIP-400 for 24xT1/E1 CEOP and 1xOC3 CEOP SPAs – Private Host SVI (interface VLAN) – SPA-8X1FE-TX-V2 & SPA-4X1FE-TX-V2 Support on SIP400 – Port Mode Cell Relay support on Cisco 7600 SIP400 ATM SPA – DBUS CoS API on SIP-400 – SIP-400 Hierarchical Queuing Framework (HQF) – L2VPN Interworking- Ethernet VLAN to ATM AAL5 – Bridging Routed Encapsulations (BRE) on Cisco SIP-400 – Asymmetric Carrier Delay 12.2 (33) SRC 1 OL-5050-09 May 27, 2008 Support was added for the following features: • SPA-4XT-Serial (Cisco 4-Port Serial Shared Port Adapter) support on 7600/SIP200- Added Chapter 21, “Configuring the 4-Port Serial Interface SPA” • Updated Restrictions in Chapter 23 to add the limitation that TCP ADJUST-MSS is NOT supported on VTI tunnel. xxxvii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface 12.2(33)SRC OL-5050-08 Jan 2008 Support was added for the following features: • CT3 CEoP on c7600-SIP-400 • Accelerated Lawful Intercept on Cisco 7600 SIP-400 • CoPP Enhancements of Cisco 7600 SIP-400 • PPPoEoE on Cisco 7600 SIP-400 • Source IPv4 and Source MAC Address Binding on Cisco 7600 SIP-400 • IMA on SIP-400 for 24xT1/E1 CEOP and 1xOC3 CEOP SPAs • IGMP Snooping support on SIP-200 • AFC and PFC support on Multilink Interface on SIP-200 for 2- and 4-port CT3, 8-port channelized T1/E1 channelized, and 1-port channelized OC3/STM-1 SPAs • Programmable BERT patterns enhancement on SIP-200 for 2- and 4-port channelized T3 and 1-port channelized OC3/STM-1 SPAs • TDM Local switching • Phase 2 Local Switching Redundancy • SPA-1xCHSTM1/OC3 • Cisco Channelized T3 to DS0 Shared Port Adapter (SPA-2XCT3/DS0, SPA-4XCT3/DS0) • Cisco 8-Port Channelized T1/E1 Shared Port Adapter (SPA-8XCHT1/E1) • Cisco Clear Channel T3/E3 Shared Port Adapter (SPA-2XT3/E3, SPA-4XT3/E3) 12.2(33)SRB1 OL-5070-07 June 4, 2007 Support for the following features was introduced: • Backup interface for Flexible UNI (for Gigabit Ethernet SPAs) on a Cisco 7600 SIP-400 • Any Transport over MPLS over GRE (AToM over GRE) on a Cisco 7600 SIP-400 • MTU support on MLPPP interfaces on a Cisco 7600 SIP-200 • ATM pseudowire redundancy for the CEoP SPA • Out-of-band clocking for the CEoP SPA • Support for XFP-10GZR-OC192LR xxxviii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface 12.2(33)SRB OL-5070-06 February 27, 2007 Sixth release. Support for the following features was introduced: • Software-based MLP bundles from 256 to 1024 on a Cisco 7600 SIP-200 • Network clock support on a Cisco 7600 SIP-200 • Lawful Intercept on a Cisco 7600 SIP-400 • Per-subscriber/per-protocol CoPP support on a Cisco 7600 SIP-400 • Security ACLs on a Cisco 7600 SIP-400 • Percent priority/percent bandwidth support on a Cisco 7600 SIP-400 • IGMP/PIM snooping for VPLS pseudowire on a Cisco 7600 SIP-400 • Dual-priority queue support on a Cisco 7600 SIP-400 • 24-Port Channelized T1/E1 ATM CEoP SPA, 1-Port Channelized OC-3 STM1 ATM CEoP SPAs, and 2-Port Copper and Optical Gigabit Ethernet SPAs. xxxix Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface 12.2(33)SRA OL-5070-05 June 5, 2006 Fifth release. The following modifications were made: • Support was added for the following SPAs on the Cisco 7600 SIP-200: – 1-Port Channelized OC-3/STM-1 SPA – 4-Port and 8-Port Fast Ethernet SPA • Support was added for the 1-Port OC-48c/STM-16 POS SPA on the Cisco 7600 SIP-400 • Support was added for the 2-Port and 4-Port OC-48c/STM-16 POS SPA on the Cisco 7600 SIP-600 • The following features were introduced for the IPSec VPN SPA: – Front-side VRF – IPSec Virtual Tunnel Interface (VTI) – Certificate to ISAKMP Profile Mapping – Call Admission Control – Periodic Message Option (now supported in Dead Peer Detection) – Reverse Route Injection (RRI) – IPSec Anti-replay Windowsize – IPSec Preferred Peer – Local Certificate Storage Location – Optional OCSP Nonces – Persistent Self-signed Certificates – Certificate Chain Verification – Easy VPN Remote RSA Signature Storage – IPSec and IKE MIB support for Cisco VRF-Aware IPSec Note Support is not included for IPSec stateful failover using HSRP and SSP. xl Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface 12.2(33)SRA OL-5070-05 June 5, 2006 • The single configuration chapter for the IPSec VPN SPA has been restructured into seven smaller chapters. • Support for the following features was introduced on the Cisco 7600 SIP-200: – AToM VP Mode Cell Relay—ATM SPAs – BCP over dMLPPP (Trunk Mode)—Channelized SPAs – MPLS over RBE—ATM SPAs – Multi-VC to VLAN scalability – QoS support on bridging features – Software-based MLPPP – Software-based MLFR • Support for the following features was introduced on the Cisco 7600 SIP-400: – AToM VP Mode Cell Relay—ATM SPAs – Ethernet over MPLS (EoMPLS) VC Scaling—Increase from 4K to 10K VCs – Ingress/Egress CoS classification with ingress policing per VLAN or EoMPLS VC – Hierarchical VPLS (H-VPLS) with MPLS Edge – Hierarchical QoS support for EoMPLS VCs – Multipoint Bridging (MPB) for Gigabit Ethernet SPA – Multi-VC to VLAN scalability – Multi-VLAN to VC—ATM SPAs – QoS support on bridging features – Tag-Native Mode for Trunk BCP xli Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface 12.2(18)SXF2 OL-5070-04 February 28, 2006 The following updates were made to the documentation: • Removed the restriction of “Mapping DSCP values to MPLS EXP bits is not supported” from the Cisco 7600 SIP-600 list of restrictions. • Added the following VPLS scalability support information for the Cisco 7600 SIP-600: – Up to 4000 VPLS domains – Up to 60 VPLS peers per domain – Up to 30,000 pseudowires, used in any combination of domains and peers up to the 4000-domain or 60-peer maximums. For example, support of up to 4000 domains with 7 peers or up to 60 peers in 500 domains. • Added H-VPLS with Q-in-Q edge feature support on Cisco 7600 SIP-600—Requires Cisco 7600 SIP-600 in the uplink, and any LAN port or Cisco 7600 SIP-600 on the downlink • Removed VPLS pseudowire redundancy feature support for the Cisco 7600 SIP-600 • Removed the “Cisco 7600 SIP-600 MPLS Marking” section • Modified the encapsulations supported in the ATM chapters to “aal5snap” only • Corrected the note in the “Configuring Compressed Real-Time Protocol” section of Chapter 4, “Configuring the SIPs and SSC” to state: “cRTP is supported only on the Cisco 7600 SIP-200 with the 8-Port Channelized T1/E1 SPA and 2-Port and 4-Port Channelized T3 SPA.” 12.2(18)SXF2 OL-5070-04 January 27, 2006 The following update to the hardware-based MLPPP LFI guidelines was made in Chapter 17, “Configuring the 8-Port Channelized T1/E1 SPA,” and Chapter 19, “Configuring the 2-Port and 4-Port Channelized T3 SPAs”: When hardware-based LFI is enabled, fragmentation counters are not displayed. xlii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface 12.2(18)SXF2 OL-5070-04 January 20, 2006 Fourth release. The following modifications were made: • The 1-Port OC-192c/STM-64 POS/RPR VSR Optics SPA was introduced on the Cisco 7600 SIP-600. • Support was introduced for the configuration of IP multicast over a GRE tunnel on the IPSec VPN SPA. • Support for the “Enhancements to RFC 1483 Spanning Tree Interoperability” feature was added for ATM SPAs on the Cisco 7600 SIP-200. • Documentation of a workaround for ATM SPA configuration on the Cisco 7600 SIP-200 was added in Chapter 7, “Configuring the ATM S PAs ” to address a Routed Bridge Encapsulation (RBE) limitation where only one remote MAC address is supported. 12.2(18)SXF OL-5070-03 January 12, 2006 The following modifications were made: • Adjusted ATM SPA PVC restriction (correctly noted elsewhere in the documentation) from “A maximum number of 400 PVCs or SVCs...” to “A maximum number of 1000 PVCs or 400 SVCs configured with MQC policy maps.” • Added cross-references throughout Chapter 3, “Overview of the SIPs and SSC” to the Cisco IOS Release SX Supervisor Engine release notes. • Updated the Cisco 7600 SIP-400 restrictions to clarify that the SIP does not work with the Supervisor Engine PFC3A or in PFC3A mode. • Updated the Cisco 7600 SIP-600 restrictions to clarify lack of support for the Supervisor Engine 720 PFC3A or PFC3A mode: “The Cisco 7600 SIP-600 is not supported by the Supervisor Engine 32. The Cisco 7600 SIP-600 is supported by the Supervisor Engine 720 PFC3B and Supervisor Engine 720 PFC3BXL. It is not supported with a Supervisor Engine 720 PFC3A or in PFC3A mode.” xliii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface 12.2(18)SXF OL-5070-03 January 12, 2006 • Added a cross-reference to Chapter 3, “Overview of the SIPs and SSC” in each of the SPA overview chapters to ease location of additional features and restrictions that are SIP- or SSC-specific. • Removed the list of supported modules from Chapter 24, “Overview of the IPSec VPN SPA”. Any unsupported modules will be documented in the “Restrictions” section. • Further qualified Cisco 7600 SIP-200 Any Transport over MPLS (AToM) support for ATM in Chapter 3, “Overview of the SIPs and SSC” to state: “Any Transport over MPLS (AToM) support, including: – ATM over MPLS (ATMoMPLS)—AAL5 VC mode – Ethernet over MPLS (EoMPLS)—(Single cell relay) VC mode” • Removed references to “1-Port 10-Gigabit Ethernet SPA and 10-Port Gigabit Ethernet SPA on a SIP-400” in the “Enabling Autonegotiation” and “Disabling Autonegotiation” sections of Chapter 12, “Configuring the Fast Ethernet and Gigabit Ethernet SPAs.” • Qualified AToM core-facing restriction for the Cisco 7600 SIP-200 as follows: – AToM (ATMoMPLS, FRoMPLS, HDLCoMPLS, and PPPoMPLs) on a SPA requires a Cisco 7600 SIP-200, FlexWAN, Enhanced FlexWAN, or OSM PXF interface as the core-facing interface. – AToM (ATMoMPLS, FRoMPLS) on a Cisco 7600 SIP-200 also is supported with a Cisco 7600 SIP-400 as the core-facing interface. • Documentation of the Fast Software Upgrade (FSU) procedure supported by Route Processor Redundancy (RPR) for supervisor engines was added to Chapter 35, “Upgrading Field-Programmable Devices.” xliv Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface 12.2(18)SXF OL-5070-03 September 19, 2005 Third release. The following hardware was introduced: • 1-Port OC-48c/STM-16 ATM SPA • 2-Port Gigabit Ethernet SPA • 5-Port Gigabit Ethernet SPA • 10-Port Gigabit Ethernet SPA • 1-Port 10-Gigabit Ethernet SPA • 1-Port OC-192c/STM-64 POS/RPR SPA • 1-Port OC-192c/STM-64 POS/RPR XFP SPA For specific feature changes, see the Release History tables in the “Overview” chapters of this book. 12.2(18)SXE2 OL-5070-02 August 17, 2005 The following modifications were made: • Chapter 17, “Configuring the 8-Port Channelized T1/E1 SPA” and Chapter 19, “Configuring the 2-Port and 4-Port Channelized T3 SPAs” were modified to clarify support of MLPPP and MLFR for both E1 and T1 links. • Added cRTP to the supported features list for the serial SPAs in Chapter 16, “Overview of the Serial SPAs.” • Document was modified with the following updates in Chapter 4, “Configuring the SIPs and SSC”: – Removed references to support of software-based MLFR. – In the “Assigning an Interface to an MLPPP Bundle,” moved step order of the ppp multilink command and qualified it as optional. – Under “MLPPP Configuration Guidelines,” added guidelines for distributed links on the Cisco 7600 SIP-200 and restrictions. – Under “MLPPP Configuration Tasks” and “MLFR Configuration Tasks,” added task to emphasize that distributed CEF is required for these features; however, dCEF is automatically enabled on the Cisco 7600 series router. 12.2(18)SXE2 OL-5070-02 July 25, 2005 Second release. The Cisco 7600 SSC-400 and IPSec VPN SPA were introduced. 12.2(18)SXE OL-5070-01 March 28, 2005 First release. xlv Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface Organization This document contains the following chapters: Chapter Title Description Chapter 1 Using Cisco IOS Software Provides an introduction to accessing the command-line interface (CLI) and using the Cisco IOS software and related tools. Chapter 2 SIP, SSC, and SPA Product Overview Provides a brief introduction to the SIP and SPA products on the Cisco 7600 series router, and information about SIP, SSC, SPA, and optics compatibility. Chapter 3 Overview of the SIPs and SSC Describes release history, and feature and Management Information Base (MIB) support for the SIPs and SSCs on the Cisco 7600 series router. Chapter 4 Configuring the SIPs and SSC Describes related configuration and verification information for the SIPs and SSCs on the Cisco 7600 series router. Chapter 5 Troubleshooting the SIPs and SSC Describes techniques that you can use to troubleshoot the operation of the SIPs and SSCs on the Cisco 7600 series router. Chapter 6 Overview of the ATM SPAs Describes release history, feature and Management Information Base (MIB) support, and an introduction to the ATM SPA architecture on the Cisco 7600 series router. Chapter 7 Configuring the ATM SPAs Describes the related configuration and verification information for the ATM SPAs on the Cisco 7600 series router. Chapter 8 Troubleshooting the ATM SPAs Describes techniques that you can use to troubleshoot the operation of the ATM SPAs on the Cisco 7600 series router. Chapter 9 Overview of the CEoP and Channelized ATM SPAs Describes release history, feature and Management Information Base (MIB) support, and an introduction to the CEoP SPA architecture on the Cisco 7600 series router. Chapter 10 Configuring the CEoP and Channelized ATM SPAs Describes the related configuration and verification information for the CEoP and Channelized SPAs on the Cisco 7600 series router. Chapter 11 Overview of the Ethernet SPAs Describes release history, feature and Management Information Base (MIB) support, and an introduction to the Gigabit Ethernet SPA architecture on the Cisco 7600 series router. Chapter 12 Configuring the Fast Ethernet and Gigabit Ethernet SPAs Describes the related configuration and verification information for the Gigabit Ethernet SPAs on the Cisco 7600 series router. xlvi Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface Chapter 13 Troubleshooting the Fast Ethernet and Gigabit Ethernet SPAs Describes techniques that you can use to troubleshoot the operation of the Gigabit Ethernet SPAs on the Cisco 7600 series router. Chapter 14 Overview of the POS SPAs Describes release history, feature and Management Information Base (MIB) support, and an introduction to the POS SPA architecture on the Cisco 7600 series router. Chapter 15 Configuring the POS SPAs Describes the related configuration and verification information for the POS SPAs on the Cisco 7600 series router. Chapter 16 Overview of the Serial SPAs Describes release history, feature and Management Information Base (MIB) support, and an introduction to the serial SPA architecture on the Cisco 7600 series router. Chapter 17 Configuring the 8-Port Channelized T1/E1 SPA Describes the related configuration and verification information for the 8-Port Channelized T1/E1 SPAs on the Cisco 7600 series router. Chapter 18 Configuring the 2-Port and 4-Port Clear Channel T3/E3 SPAs Describes the related configuration and verification information for the 2-Port and 4-Port Clear Channel T3/E3 SPAs on the Cisco 7600 series router. Chapter 19 Configuring the 2-Port and 4-Port Channelized T3 SPAs Describes the related configuration and verification information for the 2-Port and 4-Port Channelized T3 SPAs on the Cisco 7600 series router. Chapter 20 Configuring 1-Port ChOC-3/STM-1 and ChOC-12 / STM-4 SPAs Describes the related configuration and verification information for the 1-Port Channelized OC-3/STM-1 SPA on the Cisco 7600 series router. Chapter 21 Configuring the 4-Port Serial Interface SPA Describes information about configuring the 4-Port Serial Interface Shared Port Adapter (SPA) on the Cisco 7600 series router. Chapter 22 Troubleshooting the Serial SPAs Describes techniques that you can use to troubleshoot the operation of the serial SPAs on the Cisco 7600 series router. Chapter 23 Overview of the IPSec VPN SPA Describes release history, feature and Management Information Base (MIB) support, and an introduction to the IPSec VPN SPA architecture on the Cisco 7600 series router. Chapter 24 Configuring VPNs in Crypto-Connect Mode Describes the related configuration and verification information for IPSec VPNs using the IPSec VPN SPA on the Cisco 7600 series router. Chapter 25 Configuring VPNs in VRF Mode Describes information about configuring IPSec VPNs in Virtual Routing and Forwarding (VRF) mode using the IPSec VPN SPA on the Cisco 7600 series router. Chapter Title Description xlvii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface Related Documentation This section refers you to other documentation that also might be useful as you configure your Cisco 7600 series router. The documentation listed below is available online. Cisco 7600 Series Router Documentation As you configure your Cisco 7600 series router, you should also refer to the following companion publication for important hardware installation information: • Cisco 7600 Series Ethernet Services 20G Line Card Hardware Installation Guide Chapter 26 Configuring IPSec VPN Fragmentation and MTU Describes information about configuring IPSec VPN fragmentation and the maximum transmission unit (MTU) using the IPSec VPN SPA on the Cisco 7600 series router. Chapter 27 Configuring IKE Features Using the IPSec VPN SPA Describes the related configuration and verification information for Internet Key Exchange (IKE) features using the IPSec VPN SPA on the Cisco 7600 series router. Chapter 28 Configuring Enhanced IPSec Features Using the IPSec VPN SPA Describes the related configuration and verification information for enhanced IPSec features using the IPSec VPN SPA on the Cisco 7600 series router. Chapter 29 Configuring PKI Using the IPSec VPN SPA Describes the related configuration and verification information for Public Key Infrastructure (PKI) features using the IPSec VPN SPA on the Cisco 7600 series router. Chapter 30 Configuring Advanced VPNs Using the IPSec VPN SPA Describes the related configuration and verification information for advanced IPSec VPNs using the IPSec VPN SPA on the Cisco 7600 series router. Chapter 31 Configuring Duplicate Hardware and IPSec Failover Using the IPSec VPN SPA Describes the related configuration and verification information for duplicate hardware configurations and IPSec failover using the IPSec VPN SPA on the Cisco 7600 series router. Chapter 32 Configuring Monitoring and Accounting for the IPSec VPN SPA Describes the related configuration and verification information for monitoring and accounting using the IPSec VPN SPA on the Cisco 7600 series router. Chapter 33 Troubleshooting the IPSec VPN SPA Describes techniques that you can use to troubleshoot the operation of the IPSec VPN SPA on the Cisco 7600 series router. Chapter 34 Upgrading Field-Programmable Devices Provides information about upgrading the field-programmable devices on the Cisco 7600 series router. Chapter Title Description xlviii Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface An overview of the Cisco 7600 series router features, benefits, and applications can be found in the Cisco 7600 Series Internet Router Essentials document located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps368/products_quick_start09186a0080092248.html Some of the following other Cisco 7600 series router publications might be useful to you as you configure your Cisco 7600 series router. • Cisco 7600 Series Cisco IOS Software Configuration Guide http://www.cisco.com/en/US/products/hw/routers/ps368/products_installation_and_configuration_ guides_list.html • Cisco 7600 Series Cisco IOS Command Reference http://www.cisco.com/en/US/products/hw/routers/ps368/prod_command_reference_list.html • Cisco 7600 Series Cisco IOS System Message Guide http://www.cisco.com/en/US/products/hw/routers/ps368/products_system_message_guides_list.ht ml • Cisco 7600 Series Internet Router MIB Specifications Guide http://www.cisco.com/en/US/products/hw/routers/ps368/prod_technical_reference_list.html Several other publications are also related to the Cisco 7600 series router. For a complete reference of related documentation, refer to the Cisco 7600 Series Routers Documentation Roadmap located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps368/products_documentation_roadmaps_list.html Other Cisco IOS Software Publications Your router and the Cisco IOS software running on it contain extensive features. You can find documentation for Cisco IOS software features at the following URL: http://www.cisco.com/cisco/web/psa/default.html?mode=prod Cisco IOS Release 12.2SR Software Publications Documentation for Cisco IOS Release 12.2SR, including command reference and system error messages, can be found at the following URL: http://www.cisco.com/en/US/products/ps6922/tsd_products_support_series_home.html Document Conventions Within the SIP and SPA software configuration guides, the term router is generally used to refer to a variety of Cisco products (for example, routers, access servers, and switches). Routers, access servers, and other networking devices that support Cisco IOS software are shown interchangeably within examples. These products are used only for illustrative purposes; that is, an example that shows one product does not necessarily indicate that other products are not supported. This documentation uses the following conventions: xlix Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface Command syntax descriptions use the following conventions: Nested sets of square brackets or braces indicate optional or required choices within optional or required elements. For example: Examples use the following conventions: The following conventions are used to attract the attention of the reader: Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data. Convention Description ^ or Ctrl The ^ and Ctrl symbols represent the Control key. For example, the key combination ^D or Ctrl-D means hold down the Control key while you press the D key. Keys are indicated in capital letters but are not case sensitive. string A string is a nonquoted set of characters shown in italics. For example, when setting an SNMP community string to public, do not use quotation marks around the string or the string will include the quotation marks. Convention Description bold Bold text indicates commands and keywords that you enter exactly as shown. italics Italic text indicates arguments for which you supply values. [x] Square brackets enclose an optional element (keyword or argument). | A vertical line indicates a choice within an optional or required set of keywords or arguments. [x | y] Square brackets enclosing keywords or arguments separated by a vertical line indicate an optional choice. {x | y} Braces enclosing keywords or arguments separated by a vertical line indicate a required choice. Convention Description [x {y | z}] Braces and a vertical line within square brackets indicate a required choice within an optional element. Convention Description screen Examples of information displayed on the screen are set in Courier font. bold screen Examples of text that you must enter are set in Courier bold font. < > Angle brackets enclose text that is not printed to the screen, such as passwords. ! An exclamation point at the beginning of a line indicates a comment line. (Exclamation points are also displayed by the Cisco IOS software for certain processes.) [ ] Square brackets enclose default responses to system prompts. l Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Preface Note Means reader take note. Notes contain helpful suggestions or references to materials that may not be contained in this manual. Tip Means the following information will help you solve a problem. The tips information might not be troubleshooting or even an action, but could be useful information, similar to a Timesaver. Obtaining Documentation, Obtaining Support, and Security Guidelines For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0. P A R T 1 Introduction C H A P T E R 1-1 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 1 Using Cisco IOS Software This chapter provides information to prepare you to configure a SPA interface processor (SIP) or shared port adapter (SPA) using the Cisco IOS software. It includes the following sections: • Accessing the CLI Using a Router Console, page 1-1 • Using Keyboard Shortcuts, page 1-6 • Using the History Buffer to Recall Commands, page 1-6 • Understanding Command Modes, page 1-6 • Getting Help, page 1-8 • Using the no and default Forms of Commands, page 1-11 • Saving Configuration Changes, page 1-12 • Filtering Output from the show and more Commands, page 1-12 • Finding Support Information for Platforms and Cisco Software Images, page 1-13 Accessing the CLI Using a Router Console The following sections describe how to access the command-line interface (CLI) using a directly-connected console or by using Telnet or a modem to obtain a remote console: • Accessing the CLI Using a Directly-Connected Console, page 1-1 • Accessing the CLI from a Remote Console Using Telnet, page 1-3 • Accessing the CLI from a Remote Console Using a Modem, page 1-5 For more detailed information about configuring and accessing a router through various services, refer to the Cisco IOS Terminal Services Configuration Guide and Cisco IOS Terminal Services Command Reference publications. For more information about making the console cable connections, refer to the Cisco 7600 Series Router Module Installation Guide. Accessing the CLI Using a Directly-Connected Console This section describes how to connect to the console port on the router and use the console interface to access the CLI. 1-2 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 1 Using Cisco IOS Software Accessing the CLI Using a Router Console The console port on a Cisco 7600 series router is an EIA/TIA-232 asynchronous, serial connection with hardware flow control and an RJ-45 connector. The console port is located on the front panel of the supervisor engine, as shown in Figure 1-1 and Figure 1-2. Figure 1-1 Supervisor Engine 720 Console Port Connector Figure 1-2 Supervisor Engine 32 Console Port Connector Connecting to the Console Port Before you can use the console interface on the router using a terminal or PC, you must perform the following steps: Step 1 Configure your terminal emulation software with the following settings: • 9600 bits per second (bps) • 8 data bits • No parity • 2 stop bits Note These are the default serial communication parameters on the router. For information about how to change the default settings to meet the requirements of your terminal or host, refer to the Cisco IOS Terminal Services Configuration Guide. Step 2 Connect a terminal or PC to the console port using one of the following methods: a. To connect to the console port using the cable and adapters provided in the accessory kit that shipped with your Cisco 7600 series router: – Place the console port mode switch in the in position (factory default). 122989 Console port 138281 Console port CATALYST 6500 SUPERVISOR ENGINE 32 WS-SUP32-GE-3B STATUS SYSTEM ACTIVE PWR MGMT RESET CONSOLE 1-3 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 1 Using Cisco IOS Software Accessing the CLI Using a Router Console – Connect to the port using the RJ-45-to-RJ-45 cable and RJ-45-to-DB-25 DTE adapter or using the RJ-45-to-DB-9 DTE adapter (labeled “Terminal”). b. To connect to the console port using a Catalyst 5000 family Supervisor Engine III console cable: – Place the console port mode switch in the out position. – Connect to the port using the Supervisor Engine III cable and the appropriate adapter for the terminal connection. Using the Console Interface To access the CLI using the console interface, complete the following steps: Step 1 After you attach the terminal hardware to the console port on the router and you configure your terminal emulation software with the proper settings, the following prompt appears: Press Return for Console prompt Step 2 Press Return to enter user EXEC configuration mode. The following prompt appears: Router> Step 3 From user EXEC configuration mode, enter the enable command as shown in the following example: Router> enable Step 4 At the password prompt, enter your system’s password. (The following example shows entry of the password called “enablepass”): Password: enablepass Step 5 When your enable password is accepted, the privileged EXEC configuration mode prompt appears: Router# Step 6 You now have access to the CLI in privileged EXEC configuration mode and you can enter the necessary commands to complete your desired tasks. Step 7 To exit the console session, enter the quit command as shown in the following example: Router# quit Accessing the CLI from a Remote Console Using Telnet This section describes how to connect to the console interface on a router using Telnet to access the CLI. Preparing to Connect to the Router Console Using Telnet Before you can access the router remotely using Telnet from a TCP/IP network, you need to configure the router to support virtual terminal lines (vtys) using the line vty global configuration command. You also should configure the vtys to require login and specify a password. 1-4 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 1 Using Cisco IOS Software Accessing the CLI Using a Router Console Note To prevent disabling login on the line, be careful that you specify a password with the password command when you configure the login line configuration command. If you are using authentication, authorization, and accounting (AAA), you should configure the login authentication line configuration command. To prevent disabling login on the line for AAA authentication when you configure a list with the login authentication command, you must also configure that list using the aaa authentication login global configuration command. For more information about AAA services, refer to the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference publications. In addition, before you can make a Telnet connection to the router, you must have a valid host name for the router or have an IP address configured on the router. For more information about requirements for connecting to the router using Telnet, information about customizing your Telnet services, and using Telnet key sequences, refer to the Cisco IOS Terminal Services Configuration Guide. Using Telnet to Access a Console Interface To access a console interface using Telnet, complete the following steps: Step 1 From your terminal or PC, enter one of the following commands: • connect host [port] [keyword] • telnet host [port] [keyword] In this syntax, host is the router host name or an IP address, port is a decimal port number (23 is the default), and keyword is a supported keyword. For more information, refer to the Cisco IOS Terminal Services Command Reference. Note If you are using an access server, then you will need to specify a valid port number such as telnet 172.20.52.40 2004, in addition to the host name or IP address. The following example shows the telnet command to connect to the router named router: unix_host% telnet router Trying 172.20.52.40... Connected to 172.20.52.40. Escape character is '^]'. unix_host% connect Step 2 At the password prompt, enter your login password. The following example shows entry of the password called “mypass”: User Access Verification Password: mypass Note If no password has been configured, press Return. Step 3 From user EXEC configuration mode, enter the enable command as shown in the following example: Router> enable 1-5 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 1 Using Cisco IOS Software Accessing the CLI Using a Router Console Step 4 At the password prompt, enter your system’s password. (The following example shows entry of the password called “enablepass”): Password: enablepass Step 5 When the enable password is accepted, the privileged EXEC configuration mode prompt appears: Router# Step 6 You now have access to the CLI in privileged EXEC configuration mode and you can enter the necessary commands to complete your desired tasks. Step 7 To exit the Telnet session, use the exit or logout command as shown in the following example: Router# logout Accessing the CLI from a Remote Console Using a Modem To access the router remotely using a modem through an asynchronous connection, connect the modem to the console port. The console port on a Cisco 7600 series router is an EIA/TIA-232 asynchronous, serial connection with hardware flow control and an RJ-45 connector. The console port is located on the front panel of the supervisor engine, as shown in Figure 1-3 and Figure 1-4. Figure 1-3 Supervisor Engine 720 Console Port Connector Figure 1-4 Supervisor Engine 32 Console Port Connector To connect a modem to the console port, place the console port mode switch in the in position. Connect to the port using the RJ-45-to-RJ-45 cable and the RJ-45-to-DB-25 DCE adapter (labeled “Modem”). 122989 Console port 138281 Console port CATALYST 6500 SUPERVISOR ENGINE 32 WS-SUP32-GE-3B STATUS SYSTEM ACTIVE PWR MGMT RESET CONSOLE 1-6 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 1 Using Cisco IOS Software Using Keyboard Shortcuts Using Keyboard Shortcuts Commands are not case sensitive. You can abbreviate commands and parameters if the abbreviations contain enough letters to be different from any other currently available commands or parameters. Table 1-1 lists the keyboard shortcuts for entering and editing commands. Using the History Buffer to Recall Commands The history buffer stores the last 20 commands you entered. History substitution allows you to access these commands without retyping them, by using special abbreviated commands. Table 1-2 lists the history substitution commands. Understanding Command Modes You use the CLI to access Cisco IOS software. Because the CLI is divided into many different modes, the commands available to you at any given time depend on the mode that you are currently in. Entering a question mark (?) at the CLI prompt allows you to obtain a list of commands available for each command mode. Table 1-1 Keyboard Shortcuts Keystrokes Purpose Ctrl-B or the Left Arrow key 1 Move the cursor back one character Ctrl-F or the Right Arrow key1 Move the cursor forward one character Ctrl-A Move the cursor to the beginning of the command line Ctrl-E Move the cursor to the end of the command line Esc B Move the cursor back one word Esc F Move the cursor forward one word 1. The arrow keys function only on ANSI-compatible terminals such as VT100s. Table 1-2 History Substitution Commands Command Purpose Ctrl-P or the Up Arrow key 1 Recall commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands. Ctrl-N or the Down Arrow key1 Return to more recent commands in the history buffer after recalling commands with Ctrl-P or the Up Arrow key. Router# show history While in EXEC mode, list the last several commands you have just entered. 1. The arrow keys function only on ANSI-compatible terminals such as VT100s. 1-7 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 1 Using Cisco IOS Software Understanding Command Modes When you log in to the CLI, you are in user EXEC mode. User EXEC mode contains only a limited subset of commands. To have access to all commands, you must enter privileged EXEC mode, normally by using a password. From privileged EXEC mode you can issue any EXEC command—user or privileged mode—or you can enter global configuration mode. Most EXEC commands are one-time commands. For example, show commands show important status information, and clear commands clear counters or interfaces. The EXEC commands are not saved when the software reboots. CLI configurations are not visible in the running configuration displays when the DBUS Class Of Service (CoS) bits are set to the default values 5, 6, or 7. The IOS is designed this way to prevent simple configurations from becoming huge if each default setting is displayed. For example, if you specify load-interval 300 on an interface, which is equivalent to no load-interval, the default setting is not shown in the running configuration display. Configuration modes allow you to make changes to the running configuration. If you later save the running configuration to the startup configuration, these changed commands are stored when the software is rebooted. To enter specific configuration modes, you must start at global configuration mode. From global configuration mode, you can enter interface configuration mode and a variety of other modes, such as protocol-specific modes. ROM monitor mode is a separate mode used when the Cisco IOS software cannot load properly. If a valid software image is not found when the software boots or if the configuration file is corrupted at startup, the software might enter ROM monitor mode. Table 1-3 describes how to access and exit various common command modes of the Cisco IOS software. It also shows examples of the prompts displayed for each mode. For more information on command modes, refer to the “Using the Command-Line Interface” chapter in the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide. Table 1-3 Accessing and Exiting Command Modes Command Mode Access Method Prompt Exit Method User EXEC Log in. Router> Use the logout command. Privileged EXEC From user EXEC mode, use the enable EXEC command. Router# To return to user EXEC mode, use the disable command. Global configuration From privileged EXEC mode, use the configure terminal privileged EXEC command. Router(config)# To return to privileged EXEC mode from global configuration mode, use the exit or end command. Interface configuration From global configuration mode, specify an interface using an interface command. Router(config-if)# To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command. ROM monitor From privileged EXEC mode, use the reload EXEC command. Press the Break key during the first 60 seconds while the system is booting. > To exit ROM monitor mode, use the continue command. 1-8 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 1 Using Cisco IOS Software Getting Help Getting Help Entering a question mark (?) at the CLI prompt displays a list of commands available for each command mode. You can also get a list of keywords and arguments associated with any command by using the context-sensitive help feature. To get help specific to a command mode, a command, a keyword, or an argument, use one of the following commands: Finding Command Options Example This section provides an example of how to display syntax for a command. The syntax can consist of optional or required keywords and arguments. To display keywords and arguments for a command, enter a question mark (?) at the configuration prompt or after entering part of a command followed by a space. The Cisco IOS software displays a list and brief description of available keywords and arguments. For example, if you were in global configuration mode and wanted to see all the keywords or arguments for the arap command, you would type arap ?. The symbol in command help output stands for “carriage return.” On older keyboards, the carriage return key is the Return key. On most modern keyboards, the carriage return key is the Enter key. The symbol at the end of command help output indicates that you have the option to press Enter to complete the command and that the arguments and keywords in the list preceding the symbol are optional. The symbol by itself indicates that no more arguments or keywords are available and that you must press Enter to complete the command. Table 1-5 shows examples of how you can use the question mark (?) to assist you in entering commands. Table 1-4 Help Commands and Purpose Command Purpose help Provides a brief description of the help system in any command mode. abbreviated-command-entry? Provides a list of commands that begin with a particular character string. (No space between command and question mark.) abbreviated-command-entry Completes a partial command name. ? Lists all commands available for a particular command mode. command ? Lists the keywords or arguments that you must enter next on the command line. (Space between command and question mark.) 1-9 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 1 Using Cisco IOS Software Getting Help Table 1-5 Finding Command Options Command Comment Router> enable Password: Router# Enter the enable command and password to access privileged EXEC commands. You are in privileged EXEC mode when the prompt changes to a “#” from the “>”; for example, Router> to Router#. Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# Enter the configure terminal privileged EXEC command to enter global configuration mode. You are in global configuration mode when the prompt changes to Router(config)#. Router(config)# interface serial ? <0-6> Serial interface number Router(config)# interface serial 4 ? / Router(config)# interface serial 4/ ? <0-3> Serial interface number Router(config)# interface serial 4/0 ? Router(config)# interface serial 4/0 Router(config-if)# Enter interface configuration mode by specifying the serial interface that you want to configure using the interface serial global configuration command. Enter ? to display what you must enter next on the command line. In this example, you must enter the serial interface slot number and port number, separated by a forward slash. When the symbol is displayed, you can press Enter to complete the command. You are in interface configuration mode when the prompt changes to Router(config-if)#. 1-10 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 1 Using Cisco IOS Software Getting Help Router(config-if)# ? Interface configuration commands: . . . ip Interface Internet Protocol config commands keepalive Enable keepalive lan-name LAN Name command llc2 LLC2 Interface Subcommands load-interval Specify interval for load calculation for an interface locaddr-priority Assign a priority group logging Configure logging for interface loopback Configure internal loopback on an interface mac-address Manually set interface MAC address mls mls router sub/interface commands mpoa MPOA interface configuration commands mtu Set the interface Maximum Transmission Unit (MTU) netbios Use a defined NETBIOS access list or enable name-caching no Negate a command or set its defaults nrzi-encoding Enable use of NRZI encoding ntp Configure NTP . . . Router(config-if)# Enter ? to display a list of all the interface configuration commands available for the serial interface. This example shows only some of the available interface configuration commands. Router(config-if)# ip ? Interface IP configuration subcommands: access-group Specify access control for packets accounting Enable IP accounting on this interface address Set the IP address of an interface authentication authentication subcommands bandwidth-percent Set EIGRP bandwidth limit broadcast-address Set the broadcast address of an interface cgmp Enable/disable CGMP directed-broadcast Enable forwarding of directed broadcasts dvmrp DVMRP interface commands hello-interval Configures IP-EIGRP hello interval helper-address Specify a destination address for UDP broadcasts hold-time Configures IP-EIGRP hold time . . . Router(config-if)# ip Enter the command that you want to configure for the interface. This example uses the ip command. Enter ? to display what you must enter next on the command line. This example shows only some of the available interface IP configuration commands. Table 1-5 Finding Command Options (continued) Command Comment 1-11 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 1 Using Cisco IOS Software Using the no and default Forms of Commands Using the no and default Forms of Commands Almost every configuration command has a no form. In general, use the no form to disable a function. Use the command without the no keyword to re-enable a disabled function or to enable a function that is disabled by default. For example, IP routing is enabled by default. To disable IP routing, use the no ip routing command; to re-enable IP routing, use the ip routing command. The Cisco IOS software command reference publications provide the complete syntax for the configuration commands and describe what the no form of a command does. Router(config-if)# ip address ? A.B.C.D IP address negotiated IP Address negotiated over PPP Router(config-if)# ip address Enter the command that you want to configure for the interface. This example uses the ip address command. Enter ? to display what you must enter next on the command line. In this example, you must enter an IP address or the negotiated keyword. A carriage return () is not displayed; therefore, you must enter additional keywords or arguments to complete the command. Router(config-if)# ip address 172.16.0.1 ? A.B.C.D IP subnet mask Router(config-if)# ip address 172.16.0.1 Enter the keyword or argument that you want to use. This example uses the 172.16.0.1 IP address. Enter ? to display what you must enter next on the command line. In this example, you must enter an IP subnet mask. A is not displayed; therefore, you must enter additional keywords or arguments to complete the command. Router(config-if)# ip address 172.16.0.1 255.255.255.0 ? secondary Make this IP address a secondary address Router(config-if)# ip address 172.16.0.1 255.255.255.0 Enter the IP subnet mask. This example uses the 255.255.255.0 IP subnet mask. Enter ? to display what you must enter next on the command line. In this example, you can enter the secondary keyword, or you can press Enter. A is displayed; you can press Enter to complete the command, or you can enter another keyword. Router(config-if)# ip address 172.16.0.1 255.255.255.0 Router(config-if)# In this example, Enter is pressed to complete the command. Table 1-5 Finding Command Options (continued) Command Comment 1-12 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 1 Using Cisco IOS Software Saving Configuration Changes Many CLI commands also have a default form. By issuing the command default command-name, you can configure the command to its default setting. The Cisco IOS software command reference publications describe the function of the default form of the command when the default form performs a different function than the plain and no forms of the command. To see what default commands are available on your system, enter default ? in the appropriate command mode. Saving Configuration Changes Use the copy running-config startup-config command to save your configuration changes to the startup configuration so that the changes will not be lost if the software reloads or a power outage occurs. For example: Router# copy running-config startup-config Building configuration... It might take a minute or two to save the configuration. After the configuration has been saved, the following output appears: [OK] Router# On most platforms, this task saves the configuration to NVRAM. On the Class A Flash file system platforms, this task saves the configuration to the location specified by the CONFIG_FILE environment variable. The CONFIG_FILE variable defaults to NVRAM. Filtering Output from the show and more Commands You can search and filter the output of show and more commands. This functionality is useful if you need to sort through large amounts of output or if you want to exclude output that you need not see. To use this functionality, enter a show or more command followed by the “pipe” character (|); one of the keywords begin, include, or exclude; and a regular expression on which you want to search or filter (the expression is case sensitive): show command | {begin | include | exclude} regular-expression The output matches certain lines of information in the configuration file. The following example illustrates how to use output modifiers with the show interface command when you want the output to include only lines in which the expression “protocol” appears: Router# show interface | include protocol FastEthernet0/0 is up, line protocol is up Serial4/0 is up, line protocol is up Serial4/1 is up, line protocol is up Serial4/2 is administratively down, line protocol is down Serial4/3 is administratively down, line protocol is down For more information on the search and filter functionality, refer to the “Using the Command-Line Interface” chapter in the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide. 1-13 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 1 Using Cisco IOS Software Finding Support Information for Platforms and Cisco Software Images Finding Support Information for Platforms and Cisco Software Images Cisco IOS software is packaged in feature sets consisting of software images that support specific platforms. The feature sets available for a specific platform depend on which Cisco IOS software images are included in a release. To identify the set of software images available in a specific release or to find out if a feature is available in a given Cisco IOS software image, you can use Cisco Feature Navigator or the software release notes. Using Cisco Feature Navigator Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear. Using Software Advisor To see if a feature is supported by a Cisco IOS release, to locate the software document for that feature, or to check the minimum software requirements of Cisco IOS software with the hardware installed on your router, Cisco maintains the Software Advisor tool on Cisco.com at http://tools.cisco.com/Support/Fusion/FusionHome.do You must be a registered user on Cisco.com to access this tool. Using Software Release Notes Cisco IOS software releases include release notes that provide the following information: • Platform support information • Memory recommendations • New feature information • Open and resolved severity 1 and 2 caveats for all platforms Release notes are intended to be release-specific for the most current release, and the information provided in these documents may not be cumulative in providing information about features that first appeared in previous releases. Refer to Cisco Feature Navigator for cumulative feature information. 1-14 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 1 Using Cisco IOS Software Finding Support Information for Platforms and Cisco Software ImagesC H A P T E R 2-1 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 2 SIP, SSC, and SPA Product Overview This chapter provides an introduction to SPA interface processors (SIPs), SPA services cards (SSCs), and shared port adapters (SPAs). It includes the following sections: • Introduction to SIPs, SSCs, and SPAs, page 2-1 • SIP, SSC, and SPA Compatibility, page 2-4 • Modular Optics Compatibility, page 2-6 For more hardware details for the specific SIPs, SSCs, and SPAs that are supported on the Cisco 7600 series router, refer to the companion publication, Cisco 7600 Series Router SIP, SSC, and SPA Hardware Installation Guide. Introduction to SIPs, SSCs, and SPAs SIPs, SSCs, and SPAs are a new carrier card and port adapter architecture to increase modularity, flexibility, and density across Cisco Systems routers for network connectivity. This section describes the SIPs, SSCs, and SPAs and provides some guidelines for their use. SPA Interface Processors The following list describes some of the general characteristics of a SIP: • A SIP is a carrier card that inserts into a router slot like a line card. It provides no network connectivity on its own. • A SIP contains one or more subslots, which are used to house one or more SPAs. The SPA provides interface ports for network connectivity. • During normal operation the SIP should reside in the router fully populated either with functional SPAs in all subslots, or with a blank filler plate (SPA-BLANK=) inserted in all empty subslots. • SIPs support online insertion and removal (OIR) with SPAs inserted in their subslots. SPAs also support OIR and can be inserted or removed independently from the SIP.2-2 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 2 SIP, SSC, and SPA Product Overview Introduction to SIPs, SSCs, and SPAs SPA Services Cards The following list describes some of the general charateristics of an SSC: • An SSC is a carrier card that inserts into a router slot like a line card. It provides no network connectivity. • An SSC provides one or more subslots, which are used to house one or more SPAs. The supported SPAs do not provide interface ports for network connectivity, but provide certain services. • During normal operation the SSC should reside in the router fully populated either with functional SPAs in all subslots, or with a blank filler plate (SPA-BLANK=) inserted in all empty subslots. • SSCs support online insertion and removal (OIR) with SPAs inserted in their subslots. SPAs also support OIR and can be inserted or removed independently from the SSC. • Cisco IOS Release 12.2(33) SRE adds support for Route Switch Processor 720 10GE to the Cisco 7600 SSC-400. Shared Port Adapters The following list describes some of the general characteristics of a SPA: • A SPA is a modular type of port adapter that inserts into a subslot of a compatible SIP carrier card to provide network connectivity and increased interface port density. A SIP can hold one or more SPAs, depending on the SIP type. • Some SPAs provide services rather than network connectivity, and insert into subslots of compatible SSCs. For example, the IPSec VPN SPA provides services such as IP Security (IPSec) encryption/decryption, generic routing encapsulation (GRE ), and Internet Key Exchange (IKE) key generation. • SPAs are available in the following sizes, as shown in Figure 2-1 and Figure 2-2: – Single-height SPA—Inserts into one SIP subslot. – Double-height SPA—Inserts into two single, vertically aligned SIP subslots. Figure 2-1 Single-Height and Double-Height SPA Sizes Single-height SPA Double-height SPA Front of SIP 1168862-3 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 2 SIP, SSC, and SPA Product Overview Introduction to SIPs, SSCs, and SPAs Figure 2-2 Horizontal and Vertical Chassis Slot Orientation for SPAs • Each SPA provides a certain number of connectors, or ports, that are the interfaces to one or more networks. These interfaces can be individually configured using the Cisco IOS command-line interface (CLI). • Either a blank filler plate or a functional SPA should reside in every subslot of an SIP during normal operation to maintain cooling integrity. Blank filler plates are available in single-height form only. • SPAs support online insertion and removal (OIR). They can be inserted or removed independently from the SIP. SIPs also support online insertion and removal (OIR) with SPAs inserted in their subslots. SPA 0 SPA 1 SPA 2 SPA 3 Front of SIP, horizontal chassis slots SPA 0 SPA 1 SPA 2 SPA 3 Vertical slot orientation SPA 0 SPA 1 Double-height SPA SPA 3 SPA 1 Double-height SPA 116887 SPA 0 SPA 22-4 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 2 SIP, SSC, and SPA Product Overview SIP, SSC, and SPA Compatibility SIP, SSC, and SPA Compatibility The following tables show SIP and SPA compatibility by SPA technology area on the Cisco 7600 series router. Note For more information about the introduction of support for different SIPs and SPAs, refer to the “Release History” sections in the overview chapters of this document Table 2-1 SIP and SPA Compatibility Table for ATM SPAs SPA Product ID SIP Type Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Cisco 7600 SSC-400 1-Port, 2-Port and 4-Port OC-3c/STM-1 ATM SPA SPA-1xOC3-ATM-v 2 SPA-2XOC3-ATM, SPA-3XOC3-ATMv2 SPA-4XOC3-ATM Yes Yes No No 1-Port OC-12c/STM-4 ATM SPA SPA-1XOC12-ATM No Yes No No 1-Port OC-48c/STM-16 ATM SPA SPA-1XOC48-ATM No Yes No No Table 2-2 SIP and SPA Compatibility Table for Ethernet SPAs SPA Product ID SIP Type Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Cisco 7600 SSC-400 1-Port 10-Gigabit Ethernet SPA 1 1. Only one 1-Port 10-Gigabit Ethernet SPA can be installed in a SIP-400 at a time; no other SPAs can be installed in the same SIP-400. Only one 1-Port 10-Gigabit or one 10-port 1-Gigabit Ethernet SPA can be installed on a SIP-600 at a time; no other SPAs can be installed on the same SIP-600. SPA-1XTENGE-XFP, No No Yes No SPA-1X10GE-L-V2 No Yes Yes No 2-Port Gigabit Ethernet SPA SPA-2X1GE, SPA-2X1GE-V2 No Yes No No 5-Port Gigabit Ethernet SPA SPA-5X1GE No No Yes No SPA-5X1GE-V2 No Yes Yes No 10-Port Gigabit Ethernet SPA SPA-10X1GE, SPA-10X1GE-V2 No No Yes No 4-Port and 8-Port Fast Ethernet SPA SPA-4X1FE-TX-V2, SPA-8X1FE-TX-V2 Yes Yes No No2-5 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 2 SIP, SSC, and SPA Product Overview SIP, SSC, and SPA Compatibility Certain restrictions apply while using the SIP-600 and the IPSec VPN SPA on the same chassis: • The SIP-600 should not be installed in the same chassis with an IPSec VPN SPA when running SXF. • The SIP-600 is not supported in 12.2(33)SRA. • Starting with 12.2(33)SRB, the SIP-600 and IPSec VPN SPA can be present in the same chassis. However, SIP-600 subinterfaces cannot be used when VPN crypto-connect mode is configured. Table 2-3 SIP and SPA Compatibility Table for the IPSec VPN SPA SPA Product ID SIP Type Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Cisco 7600 SSC-400 IPSec VPN SPA SPA-IPSEC-2G No No No Yes Table 2-4 SIP and SPA Compatibility Table for POS SPAs SPA Product ID SIP Type Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Cisco 7600 SSC-400 2-Port and 4-Port OC-3c/STM-1 POS SPA SPA-2XOC3-POS, SPA-4XOC3-POS Yes Yes No No 1-Port OC-12c/STM-4 POS SPA SPA-1XOC12-POS No Yes No No 1-Port OC-48c/STM-16 POS SPA SPA-1XOC48-POS/RPR No Yes No No 2-Port and 4-Port OC-48c/STM-16 POS SPA SPA-2XOC48-POS/RPR, SPA-4XOC48-POS/RPR No No Yes No 1-Port OC-192c/STM-64 POS/RPR SPA SPA-OC192POS-LR, SPA-OC192POS-VSR, SPA-OC192POS-XFP No No Yes No 1-Port Channelized OC-12/STM-4 SPA SPA-1XCHOC12/DS0 No Yes No No Table 2-5 SIP and SPA Compatibility Table for Serial SPAs SPA Product ID SIP Type Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Cisco 7600 SSC-400 1-Port Channelized OC-3/STM-1 SPA SPA-1XCHSTM1/OC3 Yes Yes No No 2-Port and 4-Port Channelized T3 SPA SPA-2XCT3/DS0, SPA-4XCT3/DS0 Yes Yes No No 2-Port and 4-Port Clear Channel T3/E3 SPA SPA-2XT3/E3, SPA-4XT3/E3 Yes Yes No No 8-Port Channelized T1/E1 SPA SPA-8XCHT1/E1 Yes Yes No No 1-Port Channelized OC-12/STM-4 SPA SPA-1XCHOC12/DS0 No Yes No No2-6 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 2 SIP, SSC, and SPA Product Overview Modular Optics Compatibility Modular Optics Compatibility Some SPAs implement small form-factor pluggable (SFP) optical transceivers to provide network connectivity. An SFP module is a transceiver device that mounts into the front panel to provide network connectivity. Cisco Systems qualifies the SFP modules that can be used with SPAs. Note The SPAs will only accept the SFP modules listed as supported in this document. An SFP check is run every time an SFP module is inserted into a SPA and only SFP modules that pass this check will be usable. Table 2-7 shows the optics modules qualified for use with a SPA. Table 2-6 SIP and SPA Compatibility Table for CEoP SPAs SPA Product ID SIP Type Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Cisco 7600 SSC-400 1-Port Channelized OC-3 STM1 ATM CEoP SPA SPA-1CHOC3-CE-ATM No Yes No No 24-Port Channelized T1/E1 ATM CEoP SPA SPA-24CHT1-CE-ATM No Yes No No 2-Port Channelized T3/E3 ATM CEoP SPA SPA-2CHT3-CE-ATM No Yes No No Table 2-7 SPA Optics Compatibility SPA Qualified Optics Modules (Cisco Part Numbers) 1-port and 3 port ATM V2 SPA 2-Port and4-Port OC-3c/STM-1 ATM-SPA ONS-SC-155-EL 1-Port and 3-port OC-3c/STM-1 ATM S PA - v 2 • SFP-OC3-MM • SFP-OC3-SR • SFP-OC3-IR1 • SFP-OC3-LR1 • SFP-OC3-LR2 • ONS-SC-155-EL 1-Port OC-12c/STM-4 ATM SPA • SFP-OC12-MM • SFP-OC12-SR • SFP-OC12-IR1 • SFP-OC12-LR1 • SFP-OC12-LR2 1-Port OC-48c/STM-16 ATM SPA • SFP-OC48-IR1 • SFP-OC48-SR2-7 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 2 SIP, SSC, and SPA Product Overview Modular Optics Compatibility 1-Port 10-Gigabit Ethernet SPA • XFP-10GLR-OC192SR • XFP-10GER-OC192IR • XFP-10GZR-OC192LR • XFP-10F-MM-SR (Supported only on SIP-400 and SIP-600 from Cisco IOS release 12.2(33)SRE) • X2-DWDM on on RSP720 • X2-10GB-LRM/ZR on RSP720 2-Port Gigabit Ethernet SPA • SFP-GE-S • SFP-GE-L • SFP-GE-Z • SFP-GE-T 5-Port Gigabit Ethernet SPA • SFP-GE-S • SFP-GE-L • SFP-GE-Z • SFP-GE-T 10-Port Gigabit Ethernet SPA • SFP-GE-S • SFP-GE-L • SFP-GE-Z • SFP-GE-T 2-Port and 4-Port OC-3c/STM-1 POS SPA • SFP-OC3-MM • SFP-OC3-SR • SFP-OC3-IR1 • SFP-OC3-LR1 • SFP-OC3-LR2 • ONS-SC-155-EL 1-Port OC-12c/STM-4 POS SPA • SFP-OC12-MM • SFP-OC12-SR • SFP-OC12-IR1 • SFP-OC12-LR1 • SFP-OC12-LR2 1-Port OC-48c/STM-16 POS SPA • SFP-OC48-SR • SFP-OC48-IR1 • SFP-OC48-LR2 Table 2-7 SPA Optics Compatibility (continued) SPA Qualified Optics Modules (Cisco Part Numbers)2-8 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 2 SIP, SSC, and SPA Product Overview Modular Optics Compatibility 5-Port Gigabit Ethernet SPA • SFP-GE-S • SFP-GE-L • SFP-GE-Z • SFP-GE-T 10-Port Gigabit Ethernet SPA • SFP-GE-S • SFP-GE-L • SFP-GE-Z • SFP-GE-T 2-Port and 4-Port OC-3c/STM-1 POS SPA • SFP-OC3-MM • SFP-OC3-SR • SFP-OC3-IR1 • SFP-OC3-LR1 • SFP-OC3-LR2 • ONS-SC-155-EL 1-Port OC-12c/STM-4 POS SPA • SFP-OC12-MM • SFP-OC12-SR • SFP-OC12-IR1 • SFP-OC12-LR1 • SFP-OC12-LR2 1-Port OC-48c/STM-16 POS SPA • SFP-OC48-SR • SFP-OC48-IR1 • SFP-OC48-LR2 Table 2-7 SPA Optics Compatibility (continued) SPA Qualified Optics Modules (Cisco Part Numbers)2-9 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 2 SIP, SSC, and SPA Product Overview Modular Optics Compatibility 1-Port Channelized OC-3 STM1 ATM CEoP SPA • SFP-OC3-MM • SFP-OC3-SR • SFP-OC3-IR1 • SFP-OC3-LR1 • SFP-OC3-LR2 • ONS-SC-155-EL • STM1E-SFP 1-Port Channelized OC-12/STM-4 SPA (Supported on SIP-400 from 12.2(33)SRD 1) • SFP-OC12-MM • SFP-OC12-SR • SFP-OC12-IR1 • SFP-OC12-LR1 • SFP-OC12-LR2 Table 2-7 SPA Optics Compatibility (continued) SPA Qualified Optics Modules (Cisco Part Numbers)2-10 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 2 SIP, SSC, and SPA Product Overview Modular Optics Compatibility P A R T 2 SPA Interface Processors and SPA Services Cards C H A P T E R 3-1 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 3 Overview of the SIPs and SSC This chapter provides an overview of the release history, and feature and Management Information Base (MIB) support for the Cisco 7600 SIP-200, Cisco 7600 SIP-400, Cisco 7600 SIP-600, and Cisco 7600 SSC-400. This chapter includes the following sections: • Release History, page 3-1 • Supported SIP Features, page 3-5 • Supported SSC Features, page 3-19 • Restrictions, page 3-19 • Supported MIBs, page 3-24 • Displaying the SIP and SSC Hardware Type, page 3-26 • SIP-200 and SIP-400 Network Clock Distribution, page 3-27 Release History Note For release history information about the introduction of SPA support on the SIPs, refer to the corresponding “Overview” chapters in the SPA technology sections of this document. In addition, features specific to certain SPA technologies are documented in the corresponding SPA sections of this document.3-2 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Release History Release Modification Cisco IOS Release 12.2(33)SRE3 Support added to disable Network Processor crashinfo for all the Network Processor exception Cisco IOS Release 15.0(1)S Support for the following features was introduced: • 1-Port Clear Channel OC-3 ATM SPA Version 2 • 3-Port Clear Channel OC-3 ATM SPA Version 2 • 1-Port Clear Channel OC-12 ATM SPA Version 2 Cisco IOS Release 12.2(33)SRE Support for the following features was added: • RSP720-10GE supervisor engine was added for SSC-400 • IPv6 Hop-by-Hop Header Security on SIP-200 • Access Circuit Redundancy on 2-Port OC-3c/STM-1 ATM SPA on SIP-400 • VC QoS on VP-PW on SIP-400 Cisco IOS Release 12.2(33)SRD1 Support for IPv6 Hop-by-Hop Header Security and 1xCHOC12STM4 SPA on SIP-400 was introduced Cisco IOS Release 12.2(33)SRD Support for the following features was introduced: • AToM - ATM Cell Relay over MPLS, Port Mode on SIP400/SIP200 • SPA-8X1FE-TX-V2 & SPA-4X1FE-TX-V2 on SIP400 • Hierarchical Queuing Framework (HQF) • CLI to control DBUS CoS priority on SIP400 • Private host SVI (Interface VLAN) • Asymmetric Carrier Delay on SIP-200/400/6003-3 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Release History Cisco IOS Release 12.2(33)SRC Support for the following features was introduced: • CT3 CEoP on c7600-SIP-400 • Accelerated Lawful Intercept on Cisco 7600 SIP-400 • CoPP Enhancements of Cisco 7600 SIP-400 • PPPoEoE on Cisco 7600 SIP-400 • Source IPv4 and Source MAC Address Binding on Cisco 7600 SIP-400 • 12in1 Serial SPA support on 7600/SIP200 • IMA on SIP-400 for 24xT1/E1 CEOP and 1xOC3 CEOP SPAs • IGMP Snooping support on SIP-200 • AFC and PFC support on Multilink Interface on SIP-200 for 2- and 4-port CT3, 8-port channelized T1/E1 channelized, 1-port channelized OC3/STM-1 SPAs • Programmable BERT patterns enhancement on SIP-200 for 2- and 4-port channelized T3 and 1-port channelized OC3/STM-1 SPAs • TDM Local switching • Phase 2 Local Switching Redundancy • SPA-1xCHSTM1/OC3 • Cisco Channelized T3 to DS0 Shared Port Adapter (SPA-2XCT3/DS0, SPA-4XCT3/DS0) • Cisco 8-Port Channelized T1/E1 Shared Port Adapter (SPA-8XCHT1/E1) • Cisco Clear Channel T3/E3 Shared Port Adapter (SPA-2XT3/E3, SPA-4XT3/E3) Cisco IOS Release 12.2(33)SRB1 Support for the following feature was introduced: • MTU support on MLPPP interfaces on a Cisco 7600 SIP-200 • Any Transport over MPLS over GRE (AToM over GRE) on a Cisco 7600 SIP-400 Cisco IOS Release 12.2(33)SRB Support for the following features was introduced: • Software-based MLP bundles from 256 to 1024 on a Cisco 7600 SIP-200 • Lawful Intercept on a Cisco 7600 SIP-400 • Per-subscriber/per-protocol CoPP support on a Cisco 7600 SIP-400 • Security ACLs on a Cisco 7600 SIP-400 • Percent priority/percent bandwidth support on a Cisco 7600 SIP-400 • Network Clock Support on a Cisco 7600 SIP-200 • IGMP/PIM snooping for VPLS pseudowire on a Cisco 7600 SIP-400 • Dual-priority queue support on a Cisco 7600 SIP-4003-4 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Release History Cisco IOS Release 12.2(33)SRA Support for the following features was introduced on the Cisco 7600 SIP-200: • Bridge Control Protocol (BCP) over dMLPPP • MPLS over RBE • Multi-VC to VLAN Scalability • QoS support on bridging features • Software-based dMLPPP • Software-based dMLFR • Tag-Native Mode for Trunk BCP Support for the following features was introduced on the Cisco 7600 SIP-400: • Ethernet over MPLS (EoMPLS) VC Scaling • Ingress/Egress CoS classification with ingress policing per VLAN or EoMPLS VC • Hierarchical VPLS (H-VPLS) with MPLS Edge • Hierarchical QoS support for Ethernet over MPLS (EoMPLS) VCs • Multipoint Bridging (MPB) • Multi-VC to VLAN scalability • Multi-VLAN to VC support • QoS support on bridging features • Tag-Native Mode for Trunk BCP Cisco IOS Release 12.2(18)SXF Support for the following SIP hardware was introduced on the Cisco 7600 series router and Catalyst 6500 series switch: • Cisco 7600 SIP-600 Support for the following features was introduced on the Cisco 7600 SIP-400: • Policing by committed information rate (CIR) percentage • QoS matching on class of service (CoS)—2-Port Gigabit Ethernet SPA only Cisco IOS Release 12.2(18)SXE2 Support for the following SPA services card (SSC) was introduced on the Cisco 7600 series router and Catalyst 6500 series switch: • Cisco 7600 SSC-400 Cisco IOS Release 12.2(18)SXE Support for the following SPA interface processor (SIP) hardware was introduced on the Cisco 7600 series router and Catalyst 6500 series switch: • Cisco 7600 SIP-200 • Cisco 7600 SIP-4003-5 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SIP Features Supported SIP Features The Cisco 7600 SIP-200, Cisco 7600 SIP-400, and Cisco 7600 SIP-600 are high-performance, feature-rich SPA interface processors that function as carrier cards for shared port adapters (SPAs) on the Cisco 7600 series router. These SIPs are supported on the Cisco 7600 series router and Catalyst 6500 series switch, and are compatible with one or more platform-independent SPAs. For more information on SPA compatibility, see the “SIP, SSC, and SPA Compatibility” section on page 2-4. The Cisco 7600 series router is an edge aggregation router, and the SIPs provide a cost-effective solution for customers seeking moderate- to high-port density and line rate services: • The Cisco 7600 SIP-200 provides WAN edge aggregation through lower-speed and low-density SPAs for network environments requiring regional office connectivity to headquarters, or collapsed LAN/WAN deployment. • The Cisco 7600 SIP-400 provides higher-speed, high-density link aggregation for network environments requiring leased line and metro aggregation. • The Cisco 7600 SIP-600 provides a high-speed interface for WANs and metro aggregation. This section provides a list of some of the primary features supported by the SIP hardware and software. For feature compatibility information by SIP and SPA combination, and information about configuring these features, see Chapter 4, “Configuring the SIPs and SSC.” Cisco 7600 SIP-200 Features • Field-programmable device (FPD) upgrade support The Cisco 7600 SIP-200 supports the standard FPD upgrade methods for the Cisco 7600 series router. For more information about FPD support, see Chapter 35, “Upgrading Field-Programmable Devices.” Cisco 7600 SIP-200 High-Availability Features • Automatic protection switching (APS)—ATM and POS SPAs • Multilink PPP APS performance improvements to decrease switchover time • Online insertion and removal (OIR) of the SIP and SPAs • Nonstop Forwarding (NSF) • Stateful switchover (SSO)—Not supported with dMLFR feature (dMLFR only supports RPR+) Cisco 7600 SIP-200 ATM Features • Aggregate Weighted Random Early Detection (WRED) • ATM Adaptation Layer 5 (AAL5) Subnetwork Access Protocol (SNAP) • AAL5 over Multiprotocol Label Switching (MPLS) • ATM Cell Relay over MPLS in Port Mode • ATM virtual circuit (VC) bundles • RFC 1483, Multiprotocol Encapsulation over ATM Adaptation Layer 5, Multipoint Bridging (MPB) on the 2-Port and 4-Port OC-3c/STM-1 ATM SPA3-6 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SIP Features • VC bundle Class of Service (CoS) precedence mapping For a comprehensive list of supported and unsupported ATM features, SIP-dependent features, and restrictions see Chapter 6, “Overview of the ATM SPAs.” Cisco 7600 SIP-200 Frame Relay Features For additional Frame Relay features, see also the MPLS and Quality of Service (QoS) feature sections. Note Based on your link configuration, Multilink PPP (MLPPP) and Multilink Frame Relay (MLFR) are either software-based on the Cisco 7600 SIP-200, or hardware-based on the 8-Port Channelized T1/E1 SPA, 2-Port and 4-Port Channelized T3 SPA, and 1-Port Channelized OC-3/STM-1 SPA. For more information, see the corresponding configuration chapters for the SIPs and the serial SPAs. • Distributed Multilink Frame Relay (dMLFR) (FRF.16) • Frame Relay over MPLS (FRoMPLS) • Frame Relay VC bundles • Frame Relay switching • RFC 1490, Multiprotocol Interconnect over Frame Relay, Multipoint Bridging (MPB) on the 2-Port and 4-Port Clear Channel T3/E3 SPA, 2-Port and 4-Port Channelized T3 SPA, and the 8-Port Channelized T1/E1 SPA • VC bundle Class of Service (CoS) precedence mapping Cisco 7600 SIP-200 MPLS Features • Explicit null • Label disposition • Label imposition • Label swapping • QoS tunneling • Virtual private network (VPN) routing and forwarding (VRF) instance description • dMLPPP with MPLS on VPN—Supported between the customer edge (CE) and provider edge (PE) devices • Any Transport over MPLS (AToM) support, including: – ATM over MPLS (ATMoMPLS)—AAL5 VC mode – ATM Cell Relay over MPLS —Port Mode – Ethernet over MPLS (EoMPLS)—(Single cell relay) VC mode – Frame Relay over MPLS (FRoMPLS) – FRoMPLS with dMLFR—Supported between the CE and PE devices – High-Level Data Link Control (HDLC) over MPLS (HDLCoMPLS) – PPP over MPLS (PPPoMPLS)—Not supported with dMLPPP or dLFI • Hierarchical QoS for EoMPLS VCs3-7 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SIP Features Beginning in Cisco IOS Release 12.2(33)SRA, the Cisco 7600 SIP-200 adds the following MPLS feature support: • MPLS over RBE—ATM SPAs only Beginning in Cisco IOS Release 12.2(33)SRB, the Cisco 7600 SIP-200 adds the following support: • Software-based MLP bundles from 256 to 1024 Cisco 7600 SIP-200 MPLS Classification • Default copy of IP precedence to MPLS experimental (EXP) bit • Match on MPLS EXP bit using Modular QoS CLI (MQC) Cisco 7600 SIP-200 MPLS Congestion Management • Low latency queueing (LLQ) • Class-based weighted fair queueing (CBWFQ) Cisco 7600 SIP-200 MPLS Encapsulations • ATM AAL5 SNAP • Frame Relay • HDLC • MLPPP • PPP Cisco 7600 SIP-200 MPLS Marking • Set MPLS EXP bit using MQC Cisco 7600 SIP-200 MPLS Traffic Shaping • Traffic shaping using MQC Cisco 7600 SIP-200 Multiservice Features • Compressed Real-Time Protocol (CRTP) • FRF.11—Supported only in Cisco IOS Release 12.2(18)SXE and Cisco IOS Release 12.2(18)SXE2; Support for this feature was removed in Cisco IOS Release 12.2(18)SXF3-8 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SIP Features Cisco 7600 SIP-200 QoS Features This section provides a list of the Quality of Service (QoS) features that are supported by the Cisco 7600 SIP-200. Cisco 7600 SIP-200 ATM SPA QoS Implementation For the 2-Port and 4-Port OC-3c/STM-1 ATM SPA, the following applies: • In the ingress direction, all Quality of Service (QoS) features are supported by the Cisco 7600 SIP-200. • In the egress direction: – All queueing based features (such as class-based weighted fair queueing [CBWFQ], and ATM per-VC WFQ) are implemented on the Segmentation and Reassembly (SAR) processor on the SPA. – Policing is implemented on the SIP. – Class queue shaping is not supported. Cisco 7600 SIP-200 Packet Marking • IP precedence • Differentiated Services Code Point (DSCP) • Class-based marking • ATM cell loss priority (CLP) to EXP marking/Type of Service (ToS)/DSCP • Frame relay discard eligibility (DE) to EXP marking/ToS/DSCP Cisco 7600 SIP-200 Policing and Dropping • Aggregate • Dual rate • Hierarchical • DSCP Markdown • Policing—Precedence, DSCP marking • Policing—EXP marking • Policing - Setting priority percent on a policy map • Explicit Drop in Class • Matching packet length • IPv6 Hop-by-Hop Header Security on SIP-200 Cisco 7600 SIP-200 Classification Into a Queue • MPLS EXP • ACL number • Configurable queue size3-9 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SIP Features • Network-based application recognition (NBAR)/dSTILE (NBAR feature is not supported in Release 15.0(1)S and later Releases) Cisco 7600 SIP-200 Congestion Management • Weighted fair queueing (WFQ) • Class-based weighted fair queueing (CBWFQ) • Per-VC CBWFQ • Allocation, DSCP, EXP and precedence matching • LLQ or priority queueing (strict priority only) • Configurable LLQ burst size Cisco 7600 SIP-200 Congestion Avoidance • Random early detection (RED) • Weighted random early detection (WRED) • DiffServ-compliant WRED • Aggregate WRED—ATM SPAs only Cisco 7600 SIP-200 Shaping • Generic traffic shaping (GTS)/Distributed traffic shaping (DTS) • Hierarchical service policy with GTS • Hierarchical traffic shaping with Frame Relay (FR) • Hierarchical traffic shaping FR adaptive to FECN, BECN (Cisco 7600 SIP-200 only) • Hierarchical traffic shaping for PPP and HDLC • Ingress shaping • Egress shaping Note Egress shaping is not supported on the Cisco 7600 SIP-200 for the 2-Port and 4-Port OC-3c/STM-1 ATM SPA. • Shaping by percentage Cisco 7600 SIP-200 Other QoS Features • Hierarchical QoS for EoMPLS VCs • QoS with MLPPP Beginning in Cisco IOS Release 12.2(33)SRA, the Cisco 7600 SIP-200 adds the following QoS feature support: • QoS on bridging features3-10 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SIP Features Cisco 7600 SIP-200 Fragmentation Features • FRF.12 Cisco 7600 SIP-200 Layer 2 Protocols and Encapsulation • AAL5 Network Layer Protocol ID (NLPID) • AAL5 SNAP • Cisco Frame Relay • IETF Frame Relay • Frame Relay two-octet header • Frame Relay BECN/FECN • Frame Relay PVC • Frame Relay UNI • HDLC • MLPPP • PPP Cisco 7600 SIP-200 Layer 2 Interworking • ATM VC trunk emulation • Bridged and routed RFC 1483, Multiprotocol Encapsulation over ATM Adaptation Layer 5 • RFC 1483, Multiprotocol Encapsulation over ATM Adaptation Layer 5, Multipoint Bridging (MPB) • RFC 1490, Multiprotocol Interconnect over Frame Relay, Multipoint Bridging (MPB) • Bridging of Routed Encapsulations (BRE) • Routed bridged encapsulation (RBE) Note RBE is not supported when using the Intermediate System-to-Intermediate System (IS-IS) routing protocol. • RFC 3518, Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP) Beginning in Cisco IOS Release 12.2(33)SRA, the Cisco 7600 SIP-200 adds the following Layer 2 interworking feature support: • BCP support on 8-Port Channelized T1/E1 SPA, 2-Port and 4-Port Channelized T3 SPAs, 1-Port Channelized OC-3/STM-1 SPA, 2-Port and 4-Port Clear Channel T3/E3 SPAs, and 2-Port and 4-Port OC-3c/STM-1 POS SPAs • BCP (trunk mode) support over MLPPP on 8-Port Channelized T1/E1 SPA, 2-Port and 4-Port Channelized T3 SPAs, and 1-Port Channelized OC-3/STM-1 SPA • Multi-VC to VLAN scalability • QoS support on bridging • Software-based MLPPP • Software-based MLFR3-11 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SIP Features • Asymmetric Carrier Delay Cisco 7600 SIP-400 Features • FPD upgrade support—The Cisco 7600 SIP-400 supports the standard FPD upgrade methods for the Cisco 7600 series router. For more information about FPD support, see Chapter 35, “Upgrading Field-Programmable Devices.” • Lawful Intercept—The Cisco 7600 SIP-400 supports Lawful Intercept in Cisco IOS Release 12.2(33)SRB and later releases. • Starting in Cisco IOS Release 12.2(33)SRE, SIP-400 supports IEEE 802.1ag Draft 8.1 compliant Connectivity Fault Management (CFM) on EVC (VPLS and pseudowire). This includes the ability to configure 802.1ag on an EVC that is configured with xconnect as well as for monitoring the VPLS core as listed below: – Support for CFM on an EFP that is configured forEoMPLS using xconnect (scalable EoMPLS) or is connected to a bridge domain with VPLS uplink – Support for monitoring the VPLS core using CFM on the VFI See details of CFM and 802.1ag configuration on http://www.cisco.com/en/US/docs/ios/12_2sr/12_2sra/feature/guide/srethcfm.html Note Network Processor crashinfo also known as eventinfo is disabled for all Network Processor exception by default. Cisco 7600 SIP-400 High-Availability Features • Automatic protection switching (APS)—ATM and POS SPAs • Multi Link PPP APS performance improvements to decrease switchover time with PPP/MLPPP bundles • Online insertion and removal (OIR) of the SIP and SPAs • Stateful switchover (SSO) • Access Circuit Redundancy (ACR) and ACR QoS on all the following ATM SPAs on SIP-400: – 2-Port OC-3c/STM-1 ATM SPA – 1-Port OC-12c/STM-4 ATM SPA – 1-Port OC-48c/STM-16 ATM SPA Cisco 7600 SIP-400 MPLS Features Note For the Cisco 7600 SIP-400, the following MPLS features are implemented on the Supervisor Engine 720 (PFC3B and PFC3BXL) and the Route Switch Processor 720 (PFC3C and PFC3CXL): Label imposition, label swapping, label disposition, explicit null, default copy of IP precedence to EXP bit classification, and QoS tunneling. For more information about the requirements for Policy Feature Cards (PFCs) on the Cisco 7600 series router, refer to the Release Notes for Cisco IOS Release 12.2SX 3-12 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SIP Features on the Supervisor Engine 720, Supervisor Engine 32, and Supervisor Engine 2 at the following URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/release/notes/OL_416 4.html • VRF description • Any Transport over MPLS (AToM) support, including: – ATMoMPLS—AAL0 mode (single cell relay only) – ATMoMPLS—AAL5 mode – ATMoMPLS—Port Mode – EoMPLS—Port mode – EoMPLS—VLAN mode – FRoMPLS—DLCI mode Beginning in Cisco IOS Release 12.2(33)SRA, the Cisco 7600 SIP-400 adds the following MPLS feature support: • Ethernet over MPLS (EoMPLS) VC scaling • Ingress/Egress CoS classification with ingress policing per VLAN or EoMPLS VC • Hierarchical VPLS (H-VPLS) with MPLS Edge • Hierarchical QoS support for Ethernet over MPLS (EoMPLS) VCs Effective from Cisco IOS Release 15.1(01)S, the Cisco 7600 SIP-400 adds support for: • Hot-Standby PsuedoWire (HSPW) Support for Ethernet, ATM and TDM ACs Cisco 7600 SIP-400 MPLS Congestion Management • LLQ • CBWFQ Cisco 7600 SIP-400 MPLS Encapsulations • ATM AAL5 SNAP • Ethernet with 802.1q • Frame Relay • HDLC • Generic Routing Encapsulation (GRE) • PPP Cisco 7600 SIP-400 MPLS Marking • Set MPLS EXP bits at tag imposition using MQC (set mpls-experiment command)—Input IP interface • Set MPLS EXP bits on topmost label (set EXP topmost) using MQC (set mpls-experiment topmost command)—Input and output MPLS interface • Mapping Ethernet 802.1q priority bits to MPLS EXP bits for EoMPLS3-13 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SIP Features Cisco 7600 SIP-400 QoS Features This section provides a list of the Quality of Service (QoS) features that are supported by the Cisco 7600 SIP-400. Cisco 7600 SIP-400 Packet Marking • IP precedence (set ip precedence command)—Input and output • DSCP (set dscp command)—Input and output • Class-based marking • DE to EXP marking/ToS/DSCP • CLP to EXP marking/ToS/DSCP • Ethernet 802.1q priority bits to EXP marking (EoMPLS) Cisco 7600 SIP-400 Policing and Dropping • Dual rate • Hierarchical • Dual-rate policer with three-color marker • Policing—Percent • Policing—Precedence, DSCP marking • Policing—EXP marking • Policing—Set ATM CLP, FR DE • Policing—Set MPLS EXP bits on topmost label (set EXP topmost) • Policing - Setting priority percent on a policy map • Explicit Drop in Class • IPv6 Hop-by-Hop Header Security • Triple nesting QoS on policy-maps Cisco 7600 SIP-400 Classification Into a Queue • Access control lists (IPv4 and IPv6) – Access group (match access-group command)—Input and output – Address (IPv6 compress mode only) – Name – Number – Source and destination port – TCP flag (IPv4 only) • ATM CLP (match atm clp command)—Input ATM interface • Configurable queue size • CoS (match cos command)—Input and output dot1q tagged frames • Frame Relay DE (match fr-de command)—Input Frame Relay interface3-14 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SIP Features • Inner CoS (match cos inner command) • IP DSCP (match dscp command)—Input and output • IP precedence (match ip precedence command)—Input and output • MPLS EXP (match mpls experimental command)—Input and output MPLS interface • Multiple matches per class map (up to 8) Beginning in Cisco IOS Release 12.2(33)SRA, the Cisco 7600 SIP-400 adds the following QoS classification feature support: • Ingress/Egress CoS classification with ingress policing per VLAN or EoMPLS VC Beginning in Cisco IOS Release12.2(33)SRE support is added for: • Modular QoS CLI (MQC) policy support existing on ATM VC is extended to the ATM PVP on 2-Port and 4-Port OC-3c/STM-1 ATM SPA and the below three flavors of CEoP SPA: – SPA-24XT1E1-CE – SPA-1XOC3-CE – SPA-2XT3E3-CE • ATM VCI (match atm-vci command)—Input ATM PVP Interface is added to the ATM VP Cisco 7600 SIP-400 Congestion Management • CBWFQ • Per-VC CBWFQ • DSCP, EXP and Precedence matching • LLQ or priority queueing (strict priority only) Note For the 12.2(33) SRD a parent shaper or conditional policer has no effect when only LLQ traffic is flowing through a physical port. For example, if only 200 Mbps of LLQ traffic is flowing, a 100-Mbps parent shaper gives the full 200-Mbps output. However, if the ratio of LLQ to non-LLQ traffic on a subinterface is such that the LLQ rate is higher than the non-LLQ rate, the shaper output is inaccurate. (For example, on a system configured for 200 Mbps of LLQ and 500 kbps of non-LLQ, a 100-Mbps parent shaper gives 165-Mbps output. Therefore, we recommend that customers configure an explicit policer if the LLQ traffic rate might exceed the parent shape rate, which could starve regular traffic significantly. • Hierarchical Queuing Framework (HQF) • Dual-priority queuing • CLI to control DBUS CoS queuing This feature allows users to configure which DBUS CoS values are mapped to the high-priority queue in the SIP-400 switch. The hw-module slot slot queue priority switch-fpga output cos values|none command is used on the Routing Processor (RP) to configure the priority values. Cisco 7600 SIP-400 Congestion Avoidance • RED • WRED 3-15 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SIP Features • DiffServ-compliant WRED • Aggregate WRED—ATM SPAs only Cisco 7600 SIP-400 Shaping • Hierarchical traffic shaping using class-default (not supported for user-defined class) • Hierarchical traffic shaping FR • Hierarchical traffic shaping for PPP and HDLC • Egress shaping Cisco 7600 SIP-400 Fragmentation Features • dLFI with ATM Cisco 7600 SIP-400 Layer 2 Protocols and Encapsulation • PPP • AAL5 SNAP • HDLC • Cisco Frame Relay • IETF Frame Relay • Frame Relay two-octet header • Frame Relay BECN/FECN • Frame Relay PVC • Frame Relay UNI Cisco 7600 SIP-400 Layer 2 Interworking • Bridged and routed RFC 1483, Multiprotocol Encapsulation over ATM Adaptation Layer 5 • RFC 3518, Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP), on the 2-Port and 4-Port OC-3c/STM-1 POS SPA and 1-Port OC-12c/STM-4 POS SPA. Beginning in Cisco IOS Release 12.2(33)SRB1, the Cisco 7600 SIP-400 supports: • Backup Interface for Flexible UNI (for Gigabit Ethernet SPAs) Beginning in Cisco IOS Release 12.2(33)SRA, the Cisco 7600 SIP-400 supports: • BCP on POS SPAs (OC-3c/STM-1, OC-12c/STM-4, OC-48c/STM-16, and OC-192c/STM-64) • Multipoint Bridging (MPB) • Multi-VC to VLAN scalability • QoS support on bridging features • L2VPN Interworking (Ethernet VLAN to ATM AAL5) Six types of configurations for L2VPN Interworking (Ethernet VLAN to ATM AAL5) are supported on the SIP-400. For configuration procedures, refer to the following URL: http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_l2vpn_intrntwkg.html 3-16 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SIP Features • Asymmetric Carrier Delay • BFD for VCCV (Phase 1) Type1 Support on SIP-400 to verify and diagnose the forwarding path of pseudowires Cisco 7600 SIP-600 Features • FPD upgrade support—The Cisco 7600 SIP-600 supports the standard FPD upgrade methods for the Cisco 7600 series router. For more information about FPD support, see Chapter 35, “Upgrading Field-Programmable Devices.” • Layer 2 switch port • EtherChannel and Link Aggregate Control Protocol (IEEE 802.3ad) • Control Plane Policing (CoPP) • Cisco IOS Release 12.2(33)SRE and later releases introduce support for IEEE 802.1ag Draft 8.1 compliant Connectivity Fault Management (CFM) on EVC on SIP-600. This includes the ability to configure 802.1ag to monitor the VPLS core using CFM on the VFI. See details of CFM and 802.1ag configuration on http://www.cisco.com/en/US/docs/ios/12_2sr/12_2sra/feature/guide/srethcfm.html. Cisco 7600 SIP-600 High Availability Features • Automatic protection switching (APS) • Online insertion and removal (OIR) of the SIP and SPAs • Nonstop Forwarding (NSF) • Stateful switchover (SSO) Cisco 7600 SIP-600 MPLS Features • Unicast switching, with specific support for up to six label push operations, one label pop operation (two label pop operations in case of Explicit Null), or one label swap with up to five label push operations, at each MPLS switch node • Support for Explicit Null label to preserve CoS information when forwarding packets from provider (P) to provider edge (PE) routers • Support for Implicit Null label to request that penultimate hop router forward IP packets without labels to the router at the end of the label switch path (LSP) • VRF • Traffic engineering • Any Transport over MPLS (AToM) support—EoMPLS only, including: – PFC-based (No MAC address learning) – SIP-based (MAC address learning, requires SIP as uplink) – Up to 4000 EoMPLS VCs per system3-17 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SIP Features • Virtual Private LAN Service (VPLS) support, including: – H-VPLS with MPLS edge—H-VPLS with MPLS edge requires either an OSM or Cisco 7600 SIP-600 in both the downlink (facing UPE) and uplink (MPLS core). For more information about configuring H-VPLS, see Chapter 12, “Configuring the Fast Ethernet and Gigabit Ethernet SPAs.” – H-VPLS with Q-in-Q edge—Requires Cisco 7600 SIP-600 in the uplink, and any LAN port or Cisco 7600 SIP-600 on the downlink – Up to 4000 VPLS domains – Up to 60 VPLS peers per domain – Up to 30,000 pseudowires, used in any combination of domains and peers up to the 4000-domain or 60-peer maximums; for example, support of up to 4000 domains with 7 peers or up to 60 peers in 500 domains • MPLS Operation, Administration, and Maintenance (OAM) support, including: – LSP ping and traceroute – Virtual Circuit Connection Verification (VCCV) Cisco 7600 SIP-600 Layer 2 Protocols and Encapsulation • HDLC (Cisco Systems) • PPP • PPP over SONET/SDH • Layer 2 Gigabit Ethernet support, including: – IEEE 802.3z 1000 Mbps Gigabit Ethernet – IEEE 802.3ab 1000BaseT Gigabit Ethernet – IEEE 802.3ae 10 Gbps Ethernet (1-Port 10-Gigabit Ethernet SPA only) – Jumbo frame (up to 9216 bytes) – ARPA, IEEE 802.3 SAP, IEEE 802.3 SNAP, Q-in-Q – IEEE 802.1q VLANs – Autonegotiation support including IEEE 802.3 flow control and pause frames – Gigabit Ethernet Channel (GEC) – IEEE 802.3ad link aggregation – Address Resolution Protocol (ARP)/Reverse ARP (RARP) – Hot Standby Router Protocol (HSRP) – Virtual Router Redundancy Protocol (VRRP)3-18 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SIP Features Cisco 7600 SIP-600 QoS Features This section provides a list of the Quality of Service (QoS) features that are supported by the Cisco 7600 SIP-600. • MQC Cisco 7600 SIP-600 Packet Marking • IP precedence (set ip precedence command) • DSCP (set dscp command) • MPLS EXP (match mpls experimental command) Note Mapping 802.1p CoS values to MPLS EXP bits is supported using EoMPLS only. Cisco 7600 SIP-600 Policing and Dropping • Input policing on a per-port and per-VLAN basis Cisco 7600 SIP-600 Classification Into a Queue • Input and output ACLs on a per-port and per-VLAN basis • Input VLAN (match input vlan command) • IP DSCP (match dscp command) • IP precedence (match ip precedence command) • MPLS EXP (match mpls experimental command) • QoS group (match qos-group command) • VLAN (match vlan command) Cisco 7600 SIP-600 Congestion Management • CBWFQ • LLQ Cisco 7600 SIP-600 Congestion Avoidance • WRED Cisco 7600 SIP-600 Shaping • Output shaping on a per-port and per-VLAN basis • Output hierarchical traffic shaping—Two levels of shaping on an interface, subinterface, or group of subinterfaces 3-19 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported SSC Features Supported SSC Features The Cisco 7600 SSC-400 is a streamlined services card that provides a very high bandwidth data path between the Cisco 7600 series router platform backplane and the high-speed interconnects on the IPSec VPN SPA. For more information about the features and configuration supported by the IPSec VPN SPA with the Cisco 7600 SSC-400, see the related chapters in the IPSec VPN Shared Port Adapter part of this book. Cisco 7600 SSC-400 Features • Support of up to two IPSec VPN SPAs per slot • Online insertion and removal (OIR) of the SSC and SPAs • Support for RSP720-10GE supervisor engine is added for SSC-400 beginning with Cisco IOS Release 12.2(33)SRE Restrictions This section documents unsupported features and feature restrictions for the SIPs and SSC on the Cisco 7600 series router. Cisco 7600 SIP-200 Restrictions As of Cisco IOS Release 12.2(18)SXE, the Cisco 7600 SIP-200 has the following restrictions: • The Cisco 7600 SIP-200 is not supported with a Supervisor Engine 1, Supervisor Engine 1A, Supervisor Engine 2, or Supervisor Engine 720A. • A maximum number of 200 PVCs or SVCs using Link Fragmentation and Interleaving (LFI) is supported for all ATM SPAs (or other ATM modules) in a Cisco 7600 series router. • The following features are not supported: – ATM LAN Emulation (LANE) – dLFI over Frame Relay (dLFIoFR) – PPP over Frame Relay (PPPoFR) – MLP over Frame Relay (MLPoFR) – dLFI with MPLS – Layer 2 Tunneling Protocol (L2TP) version 2 – L2TP version 3 – Legacy Priority Queueing and Custom Queueing – PPP over Ethernet (PPPoE) – Reliable PPP (RFC 1663, PPP Reliable Transmission) – Stacker Compression (STAC) – X.25, Link Access Procedure, Balanced (LAPB)3-20 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Restrictions • PPP over MPLS (PPPoMPLS) is not supported with dMLPPP or dLFI. • High availability (HA) features have some restrictions when configured with the following distributed features on the Cisco 7600 SIP-200: – When you configure HA with dMLFR, the Cisco 7600 SIP-200 only supports RPR+. – HA features with dLFI over ATM (dLFIoATM) are not supported. – HA features with dLFI over Frame Relay (dLFIoFR) are not supported. • NBAR feature is not supported in Release 15.0(1)S and later Releases. Cisco 7600 SIP-400 Restrictions In Cisco IOS Release 12.2(18)SXE and later, the Cisco 7600 SIP-400 has the following restrictions: • The Cisco 7600 SIP-400 is not supported with a Supervisor Engine 1, Supervisor Engine 1A, or Supervisor Engine 2. It is also not supported with a Supervisor Engine 720 PFC3A, or in PFC3A mode. For more information about the requirements for Policy Feature Cards (PFCs) on the Cisco 7600 series router, refer to the Release Notes for Cisco IOS Release 12.2SX on the Supervisor Engine 720, Supervisor Engine 32, and Supervisor Engine 2 at the following URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/release/notes/OL _4164.html • The Cisco 7600 SIP-400 is not supported with PFC-2 based systems. • EtherChannel is not supported on Cisco 7600 SIP-400 • A maximum number of 200 PVCs or SVCs using Link Fragmentation and Interleaving (LFI) is supported for all ATM SPAs (or other ATM modules) in a Cisco 7600 series router. • For AToM in Cisco IOS 12.2SX releases, the Cisco 7600 SIP-400 does not support the following features when they are located in the data path. This means you should not configure the following features if the SIP is facing the customer edge (CE) or the MPLS core: – HDLCoMPLS – PPPoMPLS – Virtual Private LAN Service (VPLS) • For AToM beginning in Cisco IOS Release 12.2(33)SRA, the Cisco 7600 SIP-400 supports the following features on CE-facing interfaces: – HDLCoMPLS – PPPoMPLS – VPLS • The Cisco 7600 SIP-400 supports EoMPLS with directly connected provider edge (PE) devices when the Cisco 7600 SIP-400 is on the MPLS core side of the network. • The Cisco 7600 SIP-400 does not support the ability to enable or disable tunneling of Layer 2 packets, such as for the VLAN Trunking Protocol (VTP), Cisco Discovery Protocol (CDP), and bridge protocol data unit (BPDU). The Cisco 7600 SIP-400 tunnels BPDUs, and always blocks VTP and CDP packets from the tunnel. • In ATMoMPLS AAL5 and cell mode, the Cisco 7600 SIP-400 supports non-matching VPIs/VCIs between PEs if the Cisco 7600 SIP-400 is on both sides of the network. • The Cisco 7600 SIP-400 supports matching on FR-DE to set MPLS-EXP for FRoMPLS.3-21 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Restrictions • The Cisco 7600 SIP-400 supports use of the xconnect command to configure AToM circuits for all AToM connection types. • The Cisco 7600 SIP-400 does not support the following QoS classification features with AToM: – Matching on data-link connection identifier (DLCI) is unsupported. – Matching on virtual LAN (VLAN) is unsupported. – Matching on class of service (CoS) is unsupported in Cisco IOS Release 12.2(18)SXE and Cisco IOS Release 12.2(18)SXE2 only. Beginning in Cisco IOS Release 12.2(18)SXF, it is supported with the 2-Port Gigabit Ethernet SPA. – Matching on input interface is unsupported. – Matching on packet length is unsupported. – Matching on media access control (MAC) address is unsupported. – Matching on protocol type, including Border Gateway Protocol (BGP), is unsupported. • The Cisco 7600 SIP-400 does not support the following QoS classification features using MQC: – ACL IPv6 full address – ACL IPv6 TCP flags – Class map (match class-map command) – CoS inner (match cos inner command)—Supported beginning in Cisco IOS Release 12.2(33)SRA on 2-Port Gigabit Ethernet SPA input and output interfaces and with bridging features. – Destination sensitive services (DSS) – Discard class (match discard-class command) – Frame Relay DLCI (match fr-dlci command)—Supported beginning in Cisco IOS Release 12.2(33)SRA on Frame Relay input and output interfaces and with Frame Relay bridging features. – Input interface (match input-interface command) – Input VLAN (match input vlan command)—Supported beginning in Cisco IOS Release 12.2(33)SRA on output interfaces only. – IP RTP (match ip rtp command) – IPv4 and IPv6 ToS – MAC address (match mac command) – Match protocol (match protocol command)—Supports IP only. – Packet length (match packet length command) – QoS group (match qos-group command) – Source and destination autonomous system (AS) (match as command) – Source and destination Border Gateway Protocol (BGP) community (match bgp-community command) – VLAN (match vlan command) – VLAN inner (match vlan inner command)—Supported beginning in Cisco IOS Release 12.2(33)SRA on input and output interfaces and with bridging features.3-22 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Restrictions • The Cisco 7600 SIP-400 does not support the following QoS marking features: – CoS (set cos command) – CoS inner (set cos inner command) • The Cisco 7600 SIP-400 does not support the following QoS marking features using MQC: – QoS group (set qos-group command) – Next-hop (set next-hop command) – Discard class (set discard-class command) – Table (set table command) • The Cisco 7600 SIP-400 does not support the following QoS queueing actions using MQC: – Flow-based queueing – Adaptive shaping • The Cisco 7600 SIP-400 does not support the following QoS policing feature: – Policing by Committed Information Rate (CIR) percentage (police cir percent command)—Supported as of Cisco IOS Release 12.2(18)SXF. • The Cisco 7600 SIP-400 does not support the following Frame Relay features: – Matching on DLCI. – Bridging encapsulation. – Multicast on multipoint interfaces. – FRF.5 – FRF.8. – FRF.12 fragmentation – FRF.16 multilink support of four-octet extended addressing on an SVC – NNI – PVC bundling – PPP over Frame Relay • The Cisco 7600 SIP-400 does not support RFC 1483, Multiprotocol Encapsulation over ATM Adaptation Layer 5, Multipoint Bridging (MPB). However, point-to-point bridging is supported. • As of Cisco IOS Release 12.2(18)SXF, when using the Cisco 7600 SIP-400 with the 2-Port Gigabit Ethernet SPA or the 1-Port OC-48c/STM-16 ATM SPA, consider the following oversubscription guidelines: – The Cisco 7600 SIP-400 only supports installation of one 1-Port OC-48c/STM-16 ATM SPA without any other SPAs installed in the SIP. – The Cisco 7600 SIP-400 supports installation of up to two 2-Port Gigabit Ethernet SPAs without any other SPAs installed in the SIP. – The Cisco 7600 SIP-400 supports installation of any combination of OC-3 or OC-12 POS or ATM SPAs, up to a combined ingress bandwidth of OC-48 rates. – The Cisco 7600 SIP-400 supports installation of any combination of OC-3 or OC-12 POS or ATM SPAs up to a combined ingress bandwidth of OC-24 rates, when installed with a single 2-Port Gigabit Ethernet SPA. For more details on SIP-400 oversubscription guidelines refer to 3-23 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Restrictions • Q-in-Q (the ability to map a single 802.1Q tag or a random double tag combination into a VPLS instance, a Layer 3 MPLS VPN, or an EoMPLS VC) is not supported. • Cisco Discovery Protocol (CDP) is disabled by default on the 2-Port Gigabit Ethernet SPA interfaces and subinterfaces on the Cisco 7600 SIP-400. • The SDH, E1/E3 modes are not qualified on 1XCHOC12/DS0 SPA on Cisco 7600 SIP-400 in 12.2(33)SRD1 release. • MFR, FRF.12 is not supported on 1XCHOC12/DS0 SPA on Cisco 7600 SIP-400 in 12.2(33)SRD1 release. • VC QoS on VP-PW feature works only with Single Cell Relay and does not work with Packed Cell Relay. • Effective from Cisco IOS Release 15.1(01)S, the Hot-Standby Psuedo Wires (HSPW) feature is supported on SIP400 PW having imposition and disposition on access side for ScEoMPLS, ATM and TDM cross connect.The feature also supports a maximum number of 6000 backup PWs. – SONET OC3 SPA supports a maximum number of 576 PWs. • 24T1E1 SPA supports a maximum number of 191 PWs. Cisco 7600 SIP-600 Restrictions As of Cisco IOS Release 12.2(18)SXF, the Cisco 7600 SIP-600 has the following restrictions: • The Cisco 7600 SIP-600 is not supported by the Supervisor Engine 32 or the Supervisor Engine 720 with PFC3A. For more information about the requirements for Policy Feature Cards (PFCs) on the Cisco 7600 series router, refer to the Release Notes for Cisco IOS Release 12.2SX on the Supervisor Engine 720, Supervisor Engine 32, and Supervisor Engine 2 at the following URL:http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/release/note s/OL_4164.html The Cisco 7600 SIP-600 supports installation of only a single SPA in the first subslot. • Removal of one type of SPA and reinsertion of a different type of SPA during OIR causes a reload of the Cisco 7600 SIP-600. • Q-in-Q (the ability to map a single 802.1Q tag or a random double tag combination into a VPLS instance, a Layer 3 MPLS VPN, or an EoMPLS VC) is not supported. • H-VPLS with MPLS edge requires either an OSM or Cisco 7600 SIP-600 in both the downlink (facing UPE) and uplink (MPLS core). • Output policing is not supported. • The aggregate guaranteed bandwidth configured for all QOS policies applied to a main interface cannot exceed the bandwidth of the link. 1% of the link rate bandwidth is reserved for control packet traffic. The remaining 99% of guaranteed rates are available for QoS configuration. For policies applied to the main interface, an attempt is made to acquire the 1% guaranteed rate from class-default. If control packet bandwidth can not be acquired, then errors are reported in the log file. • On any Cisco 7600 SIP-600 Ethernet port subinterface using VLANs, a unique VLAN ID must be assigned. This VLAN ID cannot be in use by any other interface on the Cisco 7600 series router. • Certain restrictions apply when using the SIP-600 and the IPSec VPN SPA on the same chassis: – The SIP-600 should not be installed in the same chassis with an IPSec VPN SPA when running SXF.3-24 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported MIBs – The SIP-600 is not supported in 12.2(33)SRA. – Starting with SRB, the SIP-600 and IPSec VPN SPA can be present in the same chassis. However, SIP-600 subinterfaces cannot be used when VPN crypto-connect mode is configured. Cisco 7600 SSC-400 Restrictions As of Cisco IOS Release 12.2(18)SXE2, the Cisco 7600 SSC-400 has the following restrictions: • The Cisco 7600 SSC-400 is only supported by the Supervisor Engine 720 (MSFC3 and PFC3). For more information about the requirements for Policy Feature Cards (PFCs) on the Cisco 7600 series router, refer to the Release Notes for Cisco IOS Release 12.2SX on the Supervisor Engine 720, Supervisor Engine 32, and Supervisor Engine 2 at the following URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/release/notes/OL _4164.html The Cisco 7600 SSC-400 only supports two IPSec VPN SPAs. As of Cisco IOS Release 12.2(18)SXF, the Cisco 7600 SSC-400 has the following restrictions: • The Cisco 7600 SSC-400 is not supported by the Supervisor Engine 32. The Cisco 7600 SSC-400 is only supported by the Supervisor Engine 720 (MSFC3 and PFC3). For more information about the requirements for Policy Feature Cards (PFCs) on the Cisco 7600 series router, refer to the Release Notes for Cisco IOS Release 12.2SX on the Supervisor Engine 720, Supervisor Engine 32, and Supervisor Engine 2 at the following URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/release/notes/OL _4164.html • The Cisco 7600 SSC-400 only supports two IPSec VPN SPAs. Supported MIBs The following MIBs are supported in Cisco IOS Release 12.2(18)SXE and later for the Cisco 7600 SIP-200 on a Cisco 7600 series router: • CISCO-ENTITY-ASSET-MIB • CISCO-ENTITY-EXT-MIB • CISCO-ENTITY-FRU-CONTROL-MIB • ENTITY-MIB • OLD-CISCO-CHASSIS-MIB The following MIBs are supported in Cisco IOS Release 12.2(18)SXE and later for the Cisco 7600 SIP-400 on a Cisco 7600 series router: • ATM-ACCOUNTING-INFORMATION-MIB (RFC 2512) • ATM-MIB (RFC 2515) • ATM-SOFT-PVC-MIB • ATM-TC-MIB • ATM-TRACE-MIB • CISCO-AAL5-MIB3-25 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Supported MIBs • CISCO-ATM-CONN-MIB • CISCO-ATM-RM-MIB • CISCO-ATM TRAFFIC-MIB • CISCO-CLASS-BASED-QOS-MIB • CISCO-ENTITY-ASSET-MIB • CISCO-ENTITY-EXT-MIB • CISCO-ENTITY-FRU-CONTROL-MIB • ENTITY-MIB • IF-MIB • OLD-CISCO-CHASSIS-MIB • SONET MIB (RFC 2558) The following MIBs are supported in Cisco IOS Release 12.2(18)SXF and later for the Cisco 7600 SIP-600 on a Cisco 7600 series router: • CISCO-ENTITY-ASSET-MIB • CISCO-ENTITY-EXT-MIB • CISCO-ENTITY-FRU-CONTROL-MIB • ENTITY-MIB • OLD-CISCO-CHASSIS-MIB The following MIBs are supported in Cisco IOS Release 12.2(18)SXE2 and later for the Cisco 7600 SSC-400 on a Cisco 7600 series router: • CISCO-ENTITY-ASSET-MIB • CISCO-ENTITY-EXT-MIB • CISCO-ENTITY-FRU-CONTROL-MIB • ENTITY-MIB • ETHER-MIB • OLD-CISCO-CHASSIS-MIB For more information about MIB support on a Cisco 7600 series router, refer to the Cisco 7600 Series Internet Router MIB Specifications Guide at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps368/prod_technical_reference_list.html To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://tools.cisco.com/ITDIT/MIBS/servlet/index If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml3-26 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC Displaying the SIP and SSC Hardware Type To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL: https://tools.cisco.com/RPF/register/register.do Displaying the SIP and SSC Hardware Type To verify the SIP or SSC hardware type that is installed in your Cisco 7600 series router, you can use the show module command. There are other commands on the Cisco 7600 series router that also provide SIP and SSC hardware information, such as the show idprom command and show diagbus command. Table 3-1 shows the hardware description that appears in the show module and show idprom command output for each type of SIP that is supported on the Cisco 7600 series router. Example of the show module Command The following example shows output from the show module command on the Cisco 7600 series router with a Cisco 7600 SIP-400 installed in slot 13: Router# show module 13 Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 13 0 4-subslot SPA Interface Processor-400 7600-SIP-400 JAB0851042X Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------- 13 00e0.aabb.cc00 to 00e0.aabb.cc3f 0.525 12.2(PP_SPL_ 12.2(PP_SPL_ Ok Mod Online Diag Status --- ------------------- 13 Pass Example of the show idprom Command The following example shows sample output for a Cisco 7600 SIP-200 installed in slot 4 of the router: Router# show idprom module 4 IDPROM for module #4 (FRU is '4-subslot SPA Interface Processor-200') OEM String = 'Cisco Systems' Product Number = '7600-SIP-200' Table 3-1 SIP Hardware Descriptions in show Commands SIP Description in show module and show idprom Commands Cisco 7600 SIP-200 4-subslot SPA Interface Processor-200 / 7600-SIP-200 Cisco 7600 SIP-400 4-subslot SPA Interface Processor-400 / 7600-SIP-400 Cisco 7600 SIP-600 1-subslot SPA Interface Processor-600 / 7600-SIP-600 Cisco 7600 SSC-400 2-subslot Services SPA Carrier-400 / 7600-SSC-400 3-27 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC SIP-200 and SIP-400 Network Clock Distribution Serial Number = 'SAD0738006Y' Manufacturing Assembly Number = '73-8272-03' Manufacturing Assembly Revision = '03' Hardware Revision = 0.333 Current supplied (+) or consumed (-) = -4.77A SIP-200 and SIP-400 Network Clock Distribution The Cisco 7600 series routers have a distributed clocking system with two 8 KHZ backplane reference clocks that connect to every slot in the backplane to provide an egress (Tx) timing reference for the SPAs. Starting with Cisco IOS release 12.2(33)SRB,the SIP-200 or SIP-400 can take clock input from various clock sources and distribute the clock to other supported cards by way of the chassis backplane to allow network operators to synchronize the transmit clocks of serial interfaces to a central timing reference. Synchronization to a central timing reference can help eliminate frame slips and associated loss of data on SONET and SDH interfaces. Both the SIP-200 and the SIP-400 can act as the source that drives the backplane reference clocks by other SIPs. When a SIP-200 or SIP-400 is the source of the clocks, the SIP uses the recovered Rx clock from any one of its SPA's input ports (see Table 3- 2 for which SPAs support this functionality). The SIP either derives an 8-KHz [no space] clock that it drives onto one or both backplane signals, or provides its own Stratum 3 clock to the backplane. Both the SIP-200 and the SIP-400 can also receive backplane clocks for use by their SPAs. When the SIP-200 and the SIP-400 receives backplane clocks, the clocks are dejittered and provided to the SPAs. Table 3-2 shows reference clock sources. Table 3-3 shows the reference clock sources available for mapping to the backplane. Table 3-4 shows the clocks available to specific line cards. Table 3-2 Reference Clock Sources Reference Clock Input for Data Transmission SIP-200 SIP-400 Local All supported SONET/Serial SPAs All supported SONET/Serial SPAs Line All supported SONET/Serial SPAs All supported SONET/Serial SPAs BITS Input SPA-8XCHT1/E1 SPA-24CHT1-CE-ATM Table 3-3 Reference Clock Sources Available for Mapping to Backplane Clock Source Line Card SPA Clock Derived From Internal Oscillator SIP-200 Not applicable Not applicable SIP-400 Not applicable Not applicable3-28 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC SIP-200 and SIP-400 Network Clock Distribution Interface SIP-200 SONET/SDH SPA-2XOC3-POS, SPA-4XOC3-POS SPA-2XOC3-ATM, SPA-4XOC3-ATM SIP-400 SPA-1CHOC3-CE-AT M SPA-2XOC3-POS, SPA-4XOC3-POS SPA-1XOC12-POS SPA-1XOC48-POS SPA-2XOC3-ATM, SPA-4XOC3-ATM SPA-1XOC12-ATM SPA-1XOC-48ATM 8X1FE-TX-V2 4X1FE-TX-V2 Controller SIP-200 SPA-8XCHT1/E1 T1/E1 SPA-1XCHSTM1/OC3 STM1/OC3 SPA-2XT3/E3, SPA-4XT3/E3 Cannot provide clock to backplane SPA-2XCT3/DS0, SPA-4XCT3/DS0 Cannot provide the clock to backplane Table 3-4 Line Cards Able to Receive Clocks from Backplane Line Card SPA Minimum Interface Level for Clock Source Input SIP-200 SPA-8XCHT1/E1 Cannot take clock from backplane SPA-2XT3/E3, SPA-4XT3/E3 Cannot take clock from backplane SPA-2XCT3/DS0, SPA-4XCT3/DS0 Cannot take clock from backplane SPA-1XCHSTM1/OC3 STM1/OC3 SPA-2XOC3-POS, SPA-4XOC3-POS SPA-2XOC3-ATM, SPA-4XOC3-ATM Table 3-3 Reference Clock Sources Available for Mapping to Backplane Clock Source Line Card SPA Clock Derived From3-29 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC SIP-200 and SIP-400 Network Clock Distribution Note The default clock for T3 / E3 interfaces for the SPA-1xCHSTM1/OC3 or SPA-1xCHOC12/STM4 are internal. If you have line configuration on the T3, you must change the clock source back to line, to get the setup back to the old state after upgrade. For additional information, see BITS Clock Support—Receive and Distribute—CEoP SPA on SIP-400, page 10-37. SIP-400 SPA-24CHT1-CE-ATM T1/E1 SPA-1CHOC3-CE-ATM STM1/OC3 SPA-2XOC3-POS, SPA-4XOC3-POS SPA-1XOC12-POS STM4/OC12 SPA-2XOC3-ATM, SPA-4XOC3-ATM STM1/OC3 SPA-1XOC12-ATM STM4/OC12 SPA-1XOC-48ATM STM16/OC48 Table 3-4 Line Cards Able to Receive Clocks from Backplane Line Card SPA Minimum Interface Level for Clock Source Input3-30 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 3 Overview of the SIPs and SSC SIP-200 and SIP-400 Network Clock DistributionC H A P T E R 4-1 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 4 Configuring the SIPs and SSC This chapter provides information about configuring SIPs and SSCs on the Cisco 7600 series router. It includes the following sections: • Configuration Tasks, page 4-1 • Configuration Examples, page 4-170 For information about managing your system images and configuration files, refer to the Cisco IOS Configuration Fundamentals Configuration Guide and Cisco IOS Configuration Fundamentals Command Reference publications that correspond to your Cisco IOS software release. For more information about the commands used in this chapter,refer to the Cisco IOS Software Releases 15.0SR Command References and to the Cisco IOS Software Releases 12.2SX Command References. Also refer to the related Cisco IOS Release 12.2 software command reference and master index publications. For more information, see the “Related Documentation” section on page xlvii. Configuration Tasks This section describes how to configure the SIPs and SSCs and includes information about verifying the configuration. It includes the following topics: • Required Configuration Tasks, page 4-2 • Identifying Slots and Subslots for SIPs, SSCs, and SPAs, page 4-2 • Configuring Compressed Real-Time Protocol, page 4-5 • Configuring Frame Relay Features, page 4-7 • Configuring Layer 2 Interworking Features on a SIP, page 4-32 • Configuring Private Hosts over Virtual Private LAN Service (VPLS), page 4-54 • Configuring BFD over VCCV on SIP-400, page 4-75 • Configuring MPLS Features on a SIP, page 4-79 • Configuring QoS Features on a SIP, page 4-94 • Configuring NAT, page 4-129 • Configuring Lawful Intercept on a Cisco 7600 SIP-400, page 4-129 • Configuring Security ACLs on an Access Interface on a Cisco 7600 SIP-400, page 4-131 • Configuring CoPP on the Cisco 7600 SIP-400, page 4-1324-2 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • Configuring IGMP Snooping on a SIP-200, page 4-153 • Configuring ACFC and PFC Support on Multilink Interfaces, page 4-154 • Configuring PPPoEoE on a Cisco 7600 SIP-400, page 4-159 • Configuring Source IPv4 and Source MAC Address Binding on the SIP-400, page 4-164 • Resetting a SIP, page 4-170 • Layer 2 Interworking Configuration Examples, page 4-170 • MPLS Configuration Examples, page 4-172 • QoS Configuration Examples, page 4-173 • Private Hosts SVI (Interface VLAN) Configuration Example, page 4-178 This section identifies those features that have SIP-specific configuration guidelines for you to consider and refers you to the supporting platform documentation. Many of the Cisco IOS software features on the Cisco 7600 series router that the FlexWAN and Enhanced FlexWAN modules support, the SIPs also support. Use this chapter while also referencing the list of supported features on the SIPs in Chapter 3, “Overview of the SIPs and SSC.” Note When referring to the other platform documentation, be sure to note any SIP-specific configuration guidelines described in this document.Layer 2 Interworking Configuration Examples, page 4-170 For information about configuring other features supported on the Cisco 7600 series router but not discussed in this document, refer to the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SR at the following URL: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/swcg.html Note Effective from Cisco IOS Software Release 15.0(1)S, a number of QoS commands documented in this chapter are hidden in the software image; hence you have to use their replacement commands. Although the hidden commands are still available on Cisco IOS Software, you cannot access these commands from the CLI interactive help. For more information on the replacement commands, see the Legacy QoS Command Deprecation feature document at: http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/legacy_qos_cli_deprecation_xe. html Required Configuration Tasks As of Cisco IOS Release 12.2(18)SXE, there are not any features that require direct configuration on the SIP or SSC. This means that you do not need to attach to the SIP or SSC itself to perform any configuration. However, the Cisco 7600 SIP-200 and Cisco 7600 SIP-400 do implement and support certain features that are configurable at the system level on the Route Processor (RP). Identifying Slots and Subslots for SIPs, SSCs, and SPAs This section describes how to specify the physical locations of a SIP and SPA on the Cisco 7600 series routers within the command-line interface (CLI) to configure or monitor those devices.4-3 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Note For simplicity, any reference to “SIP” in this section also applies to the SSC. Specifying the Slot Location for a SIP or SSC The Cisco 7600 series router supports different chassis models, each of which supports a certain number of chassis slots. Note The Cisco 7600 series router SIPs are not supported with a Supervisor Engine 1, Supervisor Engine 1A, Supervisor Engine 2, or Supervisor Engine 720-3A.4-4 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Figure 4-1 shows an example of a SIP installed in slot 6 on a Cisco 7609 router. The Cisco 7609 router has nine vertically-oriented chassis slots, which are numbered 1 to 9 from right to left. Figure 4-1 SIP and SPA Installed in a Cisco 7609 Router Some commands allow you to display information about the SIP itself, such as show module, show sip-disk, show idprom module, show hw-module slot, and show diagbus. These commands require you to specify the chassis slot location where the SIP that you want information about is installed. For example, to display status and information about the SIP installed in slot 6 as shown in Figure 4-1, enter the following command: Router# show module 6 For more information about the commands used in this chapter, refer to the Cisco IOS Software Releases 15.0SR Command References and to the Cisco IOS Software Releases 12.2SX Command References.. 1 SIP subslot 0 4 SIP subslot 3 2 SIP subslot 1 5 Chassis slots 1–9 (numbered from right to left) 3 SIP subslot 2 129006 INPUT OK FAN OK OUTPUT FAIL o INPUT OK FAN OK OUTPUT FAIL o SUPERVISOR2 WS-X6K-SUP2-2GE STATUS SYSTEM CONSOL PW E R MGMT RESET CONSOLE CONSOLE PORT MODE PCMCIA EJECT PORT 1 PORT 2 Switch Load 100% 1% LINK LINK SUPERVISOR2 WS-X6K-SUP2-2GE STATUS SYSTEM CONSOL PW E R MGMT RESET CONSOLE CONSOLE PORT MODE PCMCIA EJECT PORT 1 PORT 2 Switch Load 100% 1% LINK LINK SWITCH FABRIC MDL STATUS SELECT NEXT WS-C6500-SFM ACTIVE OC12 POS MM OSM-40C12-POS-MM STATUS 2 1 4 3 RESET LINK 1 LINK 2 LINK 3 LINK 4 CARRIER ALARM ACTIVE TX RX TX PORT 1 RX CARRIER ALARM ACTIVE TX RX TX PORT 2 RX CARRIER ALARM ACTIVE TX RX TX PORT 3 RX CARRIER ALARM ACTIVE TX RX TX RX OC12 POS MM OSM-40C12-POS-MM STATUS 2 1 4 3 RESET LINK 1 LINK 2 LINK 3 LINK 4 CARRIER ALARM ACTIVE TX RX TX PORT 1 RX CARRIER ALARM ACTIVE TX RX TX PORT 2 RX CARRIER ALARM ACTIVE TX RX TX PORT 3 RX CARRIER ALARM ACTIVE TX RX TX RX OC12 POS MM OSM-40C12-POS-MM STATUS 2 1 4 3 RESET LINK 1 LINK 2 LINK 3 LINK 4 CARRIER ALARM ACTIVE TX RX TX PORT 1 RX CARRIER ALARM ACTIVE TX RX TX PORT 2 RX CARRIER ALARM ACTIVE TX RX TX PORT 3 RX CARRIER ALARM ACTIVE TX RX TX RX 8 PORT OC3 POS MM OSM-8OC3-POS MM STATUS 1 1 2 2 3 3 1 2 3 4 4 4 RESET LINK CARRIER ALARM LINK LINK LINK LINK 5 6 7 8 8 PORT OC3 POS MM OSM-8OC3-POS MM STATUS 1 1 2 2 3 3 1 2 3 4 4 4 RESET LINK CARRIER ALARM LINK LINK LINK LINK 5 6 7 8 STATUS 2 0 3 1 PROCESSOR SPA INTERFACE 7600-SIP-200 LINK CARRIER ALARM LINK 5 POWER SUPPLY 1 POWER SUPPLY 2 3 1 4 2 SPA-4XT3 E/ 3 TX RX A/L 0 C/A TX RX A/L 1 C/A TX RX A/L 2 C/A TX RX A/L 3 STATUS C/A4-5 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Specifying the SIP or SSC Subslot Location for a SPA SIP subslots begin their numbering with “0” and have a horizontal or vertical orientation depending on the orientation of the SIP in the router chassis slot, as shown in the “SIP, SSC, and SPA Product Overview” chapter of the Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide. Figure 4-1 shows an example of a Cisco 7600 SIP-200 installed with a vertical orientation on a Cisco 7609 router. The Cisco 7600 SIP-200 supports four subslots for the installation of SPAs. In this example, the subslot locations are vertically oriented as follows: • SIP subslot 0—Top–right subslot • SIP subslot 1—Bottom–right subslot • SIP subslot 2—Top–left subslot • SIP subslot 3—Bottom–left subslot Figure 4-2 shows the faceplate for the Cisco 7600 SIP-200 in a horizontal orientation. Figure 4-2 Cisco 7600 SIP-200 Faceplate In this view, the subslot locations in a horizontal orientation are as follows: • SIP subslot 0—Top–left subslot • SIP subslot 1—Top–right subslot • SIP subslot 2—Bottom–left subslot • SIP subslot 3—Bottom–right subslot The SIP subslot numbering is indicated by a small numeric label beside the subslot on the faceplate. Just as with the SIPs, some commands allow you to display information about the SPA itself, such as show idprom module and show hw-module subslot. These commands require you to specify both the physical location of the SIP and SPA in the format, slot/subslot, where: • slot—Specifies the chassis slot number in the Cisco 7600 series router where the SIP is installed. • subslot—Specifies the secondary slot of the SIP where the SPA is installed. For example, to display the operational status for the SPA installed in the first subslot of the SIP in chassis slot 6 shown in Figure 4-1, enter the following command: Router# show hw-module subslot 6/0 oir For more information about the commands used in this chapter, refer to the Cisco IOS Software Releases 15.0SR Command References and to the Cisco IOS Software Releases 12.2SX Command References. Configuring Compressed Real-Time Protocol Compressed Real-Time Protocol (CRTP), from RFC 1889 (RTP: A Transport Protocol for Real-Time Applications), provides bandwidth efficiencies over low-speed links by compressing the UDP/RTP/IP header when transporting voice. With CRTP, the header for Voice over IP traffic can be reduced from 40 STATUS 2 0 3 1 SPA INTERFACE PROCESSOR 7600-SIP-200 1168494-6 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks bytes to approximately 2 to 5 bytes offering substantial bandwidth efficiencies for low-speed links. CRTP is supported over Frame Relay, ATM, PPP, distributed MLPPP (dMLPPP), and HDLC encapsulated interfaces. Table 4-1 provides information about where the CRTP feature for SPA interfaces is supported. CRTP Configuration Guidelines To support CRTP on the Cisco 7600 SIP-200, consider the following guidelines: • High-level Data Link Control (HDLC), PPP, or Frame Relay encapsulation must be configured. • TCP or RTP header compression, or both, must be enabled. • When distributed fast-switching is enabled, the detail option is not available with the show ip rtp header-compression and show ip tcp header-compression commands. Users who need the detailed information for either of these commands can retrieve this information by disabling distributed fast-switching and then entering the show ip rtp header-compression detail or show ip tcp header-compression detail commands. • When using CRTP with distributed features on the Cisco 7600 SIP-200, consider the following guidelines and restrictions: – Hardware- and software-based CRTP is supported with Distributed Link Fragmentation and Interleaving over Leased Lines (dLFIoLL) if only one link is present on the multilink interface. – The following restrictions apply to Multilink PPP interfaces that use LFI: If RTP header compression is configured, RTP packets originating on or destined to the router will be fast-switched if the link is limited to one channel. If the link has more than one channel, the packets will be process-switched. Table 4-1 CRTP Feature Compatibility by SIP and SPA Combination Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Hardware-based CRTP In Cisco IOS Release 12.2(18)SXE and later: • 8-Port Channelized T1/E1 SPA • 2-Port and 4-Port Channelized T3 SPA Not supported. Not supported. Hardware- and software-based CRTP In Cisco IOS Release 12.2(33)SRA: • 8-Port Channelized T1/E1 SPA • 2-Port and 4-Port Channelized T3 SPA • 1-Port Channelized OC-3/STM-1 SPA Not supported. Not supported. CRTP with dLFIoLL—Only supported with one link present on the multilink interface In Cisco IOS Release 12.2(18)SXE and later: • 8-Port Channelized T1/E1 SPA • 2-Port and 4-Port Channelized T3 SPA Support for the following SPA was added in Cisco IOS Release 12.2(33)SRA: • 1-Port Channelized OC-3/STM-1 SPA Not supported. Not supported. CRTP with dMLPPP Supported. Not supported if LFI is enabled. Not supported. Not supported. CRTP with dMLPPP and MPLS Not supported. Not supported. Not supported.4-7 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks CRTP should not be configured on a multilink interface when LFI is enabled on the multilink interface if the multilink bundle has more than one member link, and a QoS policy with a feature is enabled on the multilink interface. Note In a dMLPPP/dLFI configuration, packets do not carry the MLPPP header and sequence number. Thus, MLPPP distributes the packets across all member links. As a result, packets that are compressed by CRTP may arrive out-of-order at the receiving router. This prohibits CRTP from decompressing the packet header and forces CRTP to drop the packets. For information on configuring CRTP, see Configuring Distributed Compressed Real-Time Protocol at the following URL: http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfdcrtp.html Configuring Frame Relay Features Many of the Frame Relay features supported on the FlexWAN and Enhanced FlexWAN modules on the Cisco 7600 series router are also supported by the SIPs. For a list of the supported Frame Relay features on the SIPs, see Chapter 3, “Overview of the SIPs and SSC.” This section describes those Frame Relay features that have SIP-specific configuration guidelines. After you review the SIP-specific guidelines described in this document, then refer to the referenced URLs for more information about configuring Frame Relay features. The Frame Relay features for SIPs and SPAs are qualified as distributed features because the processing for the feature is handled by the SIP or SPA, or a combination of both. Configuring Distributed Multilink Frame Relay (FRF.16) on the Cisco 7600 SIP-200 The Distributed Multilink Frame Relay (dMLFR) feature provides a cost-effective way to increase bandwidth for particular applications by enabling multiple serial links to be aggregated into a single bundle of bandwidth. Multilink Frame Relay is supported on the User-Network Interface (UNI) and the Network-to-Network Interface (NNI) in Frame Relay networks. Note Based on your link configuration, dMLFR can be either software-based on the Cisco 7600 SIP-200, or hardware-based on the 8-Port Channelized T1/E1 SPA, 2-Port and 4-Port Channelized T3 SPAs, and 1-Port Channelized OC-3/STM-1 SPA. For more information about the hardware-based configuration, see also Chapter 17, “Configuring the 8-Port Channelized T1/E1 SPA,” and Chapter 19, “Configuring the 2-Port and 4-Port Channelized T3 SPAs.”4-8 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Table 4-2 provides information about where the dMLFR feature for SPA interfaces is supported. This section includes the following topics: • Overview of dMLFR, page 4-8 • dMLFR Configuration Guidelines, page 4-9 • dMLFR Configuration Tasks, page 4-10 • Verifying dMLFR, page 4-13 Overview of dMLFR The Distributed Multilink Frame Relay feature enables you to create a virtual interface called a bundle or bundle interface. The bundle interface emulates a physical interface for the transport of frames. The Frame Relay data link runs on the bundle interface, and Frame Relay virtual circuits are built upon it. The bundle is made up of multiple serial links, called bundle links. Each bundle link within a bundle corresponds to a physical interface. Bundle links are invisible to the Frame Relay data-link layer, so Frame Relay functionality cannot be configured on these interfaces. Regular Frame Relay functionality that you want to apply to these links must be configured on the bundle interface. Bundle links are visible to peer devices. The local router and peer devices exchange link integrity protocol control messages to determine which bundle links are operational and to synchronize which bundle links should be associated with which bundles. For link management, each end of a bundle link follows the MLFR link integrity protocol and exchanges link control messages with its peer (the other end of the bundle link). To bring up a bundle link, both ends of the link must complete an exchange of ADD_LINK and ADD_LINK_ACK messages. To maintain the link, both ends periodically exchange HELLO and HELLO_ACK messages. This exchange of hello messages and acknowledgments serves as a keepalive mechanism for the link. If a router is sending hello messages but not receiving acknowledgments, it will resend the hello message up to a configured maximum number of times. If the router exhausts the maximum number of retries, the bundle link line protocol is considered down (unoperational). The bundle link interface’s line protocol status is considered up (operational) when the peer device acknowledges that it will use the same link for the bundle. The line protocol remains up when the peer device acknowledges the hello messages from the local router. The bundle interface’s line status becomes up when at least one bundle link has its line protocol status up. The bundle interface’s line status goes down when the last bundle link is no longer in the up state. This behavior complies with the Class A bandwidth requirement defined in FRF.16. Table 4-2 dMLFR Feature Compatibility by SIP and SPA Combination Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Hardware- and software-based dMLFR In Cisco IOS Release 12.2(18)SXE and later: • 8-Port Channelized T1/E1 SPA • 2-Port and 4-Port Channelized T3 SPA In Cisco IOS Release 12.2(33)SRA and later: • 1-Port Channelized OC-3/STM-1 SPA InCisco IOS Release 12.2(33)SRC and later: Not supported. Not supported.4-9 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks The bundle interface’s line protocol status is considered up when the Frame Relay data-link layer at the local router and peer device synchronize using the Local Management Interface (LMI), when LMI is enabled. The bundle line protocol remains up as long as the LMI keepalives are successful. dMLFR Configuration Guidelines To support dMLFR on the Cisco 7600 SIP-200, consider the following guidelines: • dMLFR must be configured on the peer device. • The dMLFR peer device must not send frames that require assembly. • The Cisco 7600 SIP-200 supports distributed links under the following conditions: – All links are on the same Cisco 7600 SIP-200. – T1 and E1 links cannot be mixed in a bundle. – Member links in a bundle are recommended to have the same bandwidth. • QoS is implemented on the Cisco 7600 SIP-200 for dMLFR. • dMLFR is supported with Frame Relay over MPLS (FRoMPLS) on the Cisco 7600 SIP-200 between the customer edge (CE) and provider edge (PE) of the MPLS network. • The Cisco 7600 SIP-200 only supports the RPR+ High Availability (HA) feature with dMLFR. • dMLFR is supported in software by the Cisco 7600 SIP-200, or in hardware by the supported SPA. This support is determined by your link configuration. • dMLFR is supported in software if bundle link members are on different SPAs in the same SIP. Software-Based Guidelines dMLFR will be implemented in the software if any of the following conditions are met: • Any one bundle link member is a fractional T1 or E1 link. • There are more than 12 T1 or E1 links in a bundle. Hardware-Based Guidelines dMLFR will be implemented in the hardware when all of the following conditions are met: • All bundle link members are T1 or E1 only. • All bundle links are on the same SPA. • There are no more than 12 links in a bundle. dMLFR Restrictions When configuring dMLFR on the Cisco 7600 SIP-200, consider the following restrictions: • FRF.9 hardware compression is not supported. • Software compression is not supported. • Encryption is not supported. • The maximum differential delay supported is 50 ms when supported in hardware, and 100 ms when supported in software. • Fragmentation is not supported on the transmit side.4-10 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks dMLFR Configuration Tasks The following sections describe how to configure dMLFR: • Creating a Multilink Frame Relay Bundle, page 4-10 (required) • Assigning an Interface to a dMLFR Bundle, page 4-11 (required) Creating a Multilink Frame Relay Bundle SUMMARY STEPS Step 1 interface mfr number Step 2 frame-relay multilink bid name Step 3 frame-relay intf-type dce DETAILED STEPS To configure the bundle interface for dMLFR, use the following commands beginning in global configuration mode: Command Purpose Step 1 Router(config)# interface mfr number Configures a multilink Frame Relay bundle interface and enters interface configuration mode, where: • number—Specifies the number for the Frame Relay bundle. Step 2 Router(config-if)# frame-relay multilink bid name (Optional) Assigns a bundle identification name to a multilink Frame Relay bundle, where: • name—Specifies the name for the Frame Relay bundle. Note The bundle identification (BID) will not go into effect until the interface has gone from the down state to the up state. One way to bring the interface down and back up again is by using the shutdown and no shutdown commands in interface configuration mode. Step 3 Router(config-if)# frame-relay intf-type dce Configures the router to function as a digital communications equipment (DCE) device, or as a switch.4-11 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Assigning an Interface to a dMLFR Bundle To configure an interface link and associate it as a member of a dMLFR bundle, use the following commands beginning in global configuration mode. Repeat these steps to assign multiple links to the dMLFR bundle. SUMMARY STEPS Step 1 interface serial address OR interface serial slot/subslot/port/t1-number:channel-group OR interface serial slot/subslot/port:channel-group Step 2 encapsulation frame-relay mfr number [name] Step 3 frame-relay multilink lid name Step 4 Router(config-if)# frame-relay multilink hello seconds Step 5 Router(config-if)# frame-relay multilink ack seconds Step 6 Router(config-if)# frame-relay multilink retry number DETAILED STEPS If you use this task to assign more than 12 T1 or E1 interface links as part of the same bundle, or if any of the T1/E1 interface links are fractional T1/E1, or any links reside on multiple SPAs as part of the same bundle, then software-based dMLFR is implemented automatically by the Cisco 7600 SIP-200.4-12 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Command Purpose Step 1 1-Port Channelized OC-3/STM-1 SPA Router(config)# interface serial address 2-Port and 4-Port Channelized T3 SPA Router(config)# interface serial slot/subslot/port/t1-number:channel-group 8-Port Channelized T1/E1 SPA Router(config)# interface serial slot/subslot/port:channel-group Specifies a serial interface and enters interface configuration mode, where: • address—For the different supported syntax options for the address argument for the 1-Port Channelized OC-3/STM-1 SPA, refer to the “Interface Naming” section of the “Configuring the 1-Port Channelized OC-3/STM-1 SPA” chapter. • slot—Specifies the chassis slot number where the SIP is installed. • subslot—Specifies the secondary slot number on a SIP where a SPA is installed. • port—Specifies the number of the interface port on the SPA. • t1-number—Specifies the logical T1 number in channelized mode. • channel-group—Specifies the logical channel group assigned to the time slots within the T1 or E1 group. Note If you configure a fractional T1/E1 interface on the SPA using a channel group and specify that fractional T1/E1 channel group as part of this task, then software-based dMLFR is implemented automatically by the Cisco 7600 SIP-200 when you assign the interface to the dMLFR bundle. Step 2 Router(config-if)# encapsulation frame-relay mfr number name Creates a multilink Frame Relay bundle link and associates the link with a bundle, where: • number—Specifies the number for the Frame Relay bundle. This number should match the dMLFR interface number specified in the interface mfr command. • name—(Optional) Specifies the name for the Frame Relay bundle. Step 3 Router(config-if)# frame-relay multilink lid name (Optional) Assigns a bundle link identification name with a multilink Frame Relay bundle link, where: • name—Specifies the name for the Frame Relay bundle. Note The bundle link identification (LID) will not go into effect until the interface has gone from the down state to the up state. One way to bring the interface down and back up again is by using the shutdown and no shutdown commands in interface configuration mode.4-13 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Verifying dMLFR To verify dMLFR configuration, use the show frame-relay multilink command. If you use the show frame-relay multilink command without any options, information for all bundles and bundle links is displayed. The following examples show output for the show frame-relay multilink command with the serial number and detailed options. Detailed information about the specified bundle links is displayed. Router# show frame-relay multilink serial6 detailed Bundle: MFR49, State = down, class = A, fragmentation disabled BID = MFR49 No. of bundle links = 1, Peer's bundle-id = Bundle links: Serial6/0/0:0, HW state = up, link state = Add_sent, LID = test Cause code = none, Ack timer = 4, Hello timer = 10, Max retry count = 2, Current count = 0, Peer LID = , RTT = 0 ms Statistics: Add_link sent = 21, Add_link rcv'd = 0, Add_link ack sent = 0, Add_link ack rcv'd = 0, Add_link rej sent = 0, Add_link rej rcv'd = 0, Remove_link sent = 0, Remove_link rcv'd = 0, Remove_link_ack sent = 0, Remove_link_ack rcv'd = 0, Hello sent = 0, Hello rcv'd = 0, Hello_ack sent = 0, Hello_ack rcv'd = 0, outgoing pak dropped = 0, incoming pak dropped = 0 Step 4 Router(config-if)# frame-relay multilink hello seconds (Optional) Configures the interval at which a bundle link will send out hello messages, where: • seconds—Specifies the number of seconds between hello messages sent out over the multilink bundle. The default is 10 seconds. Step 5 Router(config-if)# frame-relay multilink ack seconds (Optional) Configures the number of seconds that a bundle link will wait for a hello message acknowledgment before resending the hello message, where: • seconds—Specifies the number of seconds a bundle link will wait for a hello message acknowledgment before resending the hello message. The default is 4 seconds. Step 6 Router(config-if)# frame-relay multilink retry number (Optional) Configures the maximum number of times a bundle link will resend a hello message while waiting for an acknowledgment, where: • number—Specifies the maximum number of times a bundle link will resend a hello message while waiting for an acknowledgment. The default is 2 tries. Command Purpose4-14 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring Distributed Multilink PPP on the Cisco 7600 SIP-200 The Distributed Multilink Point-to-Point Protocol (dMLPPP) feature allows you to combine T1/E1 lines into a bundle that has the combined bandwidth of multiple T1/E1 lines. This is done by using a dMLPPP link. You choose the number of bundles and the number of T1/E1 lines in each bundle. This allows you to increase the bandwidth of your network links beyond that of a single T1/E1 line without having to purchase a T3 line. Note Based on your link configuration, dMLPPP can be either software-based on the Cisco 7600 SIP-200, or hardware-based on the 8-Port Channelized T1/E1 SPA and 2-Port and 4-Port Channelized T3 SPAs. For more information about the hardware-based configuration, see also Chapter 17, “Configuring the 8-Port Channelized T1/E1 SPA,” Chapter 19, “Configuring the 2-Port and 4-Port Channelized T3 SPAs.”, and Chapter 25, “configuring the 1-Port Channelized OC3/STM-1 SPA. SIP-200 includes the per-fragment overhead of the MLPPP header for every fragment. On the Cisco 7600 series router, if you apply a QoS policy (with queuing CLI like bandwidth, WRED, shaping or a non-queuing CLI like policing on the egress interface of the MLP bundle having any number of member links in it), the rate and number of packets received can be different in the following situations: • Without an MLP header • If the policy is applied on the ingress side of the MLP bundle This difference narrows down as the size of the packet increases say, from 50 to 480 bytes. This behavior is expected owing to line card architecture. Note On SIP-400 shaping and policing is done without taking the MLP header into account. Table 4-3 provides information about where the dMLppp feature for SPA interfaces is supported. This section includes the following topics: • dMLPPP Configuration Guidelines, page 4-15 • dMLPPP Configuration Tasks, page 4-15 • Verifying dMLPPP, page 4-20 Table 4-3 dMLPPP Feature Compatibility by SIP and SPA Combination Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Hardware-based dMLPPP Supported Not supported. Not supported. Hardware- and software-based dMLPPP In Cisco IOS Release 12.2(18)SXE and later: • 8-Port Channelized T1/E1 SPA • 2-Port and 4-Port Channelized T3 SPA In Cisco IOS Release 12.2(33)SRA and later: • 1-Port Channelized OC3/STM-1 SPA Not supported. Not supported.4-15 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks dMLPPP Configuration Guidelines dMLPPP is supported in software by the Cisco 7600 SIP-200, or in hardware by the supported SPA. This support is determined by your link configuration. The Cisco 7600 SIP-200 supports distributed links under the following conditions: • All links are on the same Cisco 7600 SIP-200. • T1 and E1 links cannot be mixed in a bundle. • Member links in a bundle are recommended to have the same bandwidth. • Multilink interface creation is not supported beyond 65535. If you configure a multilink interface number that is more than 65535, on a switchover, you will experience a connectivity loss. • QoS is implemented on the Cisco 7600 SIP-200 for dMLPPP. Software-Based Guidelines dMLPPP will be implemented in the software if any of the following conditions are met: • Any one bundle link member is a fractional T1 or E1 link. • There are more than 12 T1 or E1 links in a bundle. • To enable fragmentation for software-based dMLPPP, you must configure the ppp multilink interleave command. This command is not required to enable fragmentation for hardware-based dMLPPP. Hardware-Based Guidelines dMLPPP will be implemented in the hardware when all of the following conditions are met: • All bundle link members are T1 or E1 only. • All bundle links are on the same SPA. • There are no more than 12 links in a bundle. dMLPPP Restrictions When configuring dMLPPP on the Cisco 7600 SIP-200, consider the following restrictions: • Hardware and software compression is not supported. • Encryption is not supported. • The maximum differential delay supported is 50 ms when supported in hardware, and 100 ms when supported in software. dMLPPP Configuration Tasks The following sections describe how to configure dMLPPP: • Enabling Distributed CEF Switching, page 4-15 (required) • Creating a dMLPPP Bundle, page 4-16 (required) • Assigning an Interface to a dMLPPP Bundle, page 4-18 (required) • Configuring Link Fragmentation and Interleaving over dMLPPP, page 4-20 (optional) Enabling Distributed CEF Switching To enable dMLPPP, you must first enable distributed CEF switching. Distributed CEF switching is enabled by default on the Cisco 7600 series router.4-16 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Note When the value of the cef table is high due to high number of routes and the LC doesnot have enough memory, CEF gets disabled. New xconnect does not get activated on the device irrespective of LC being used or not used as ingress or egress LC. SUMMARY STEPS Step 1 ip cef distributed DETAILED STEPS To enable dCEF, use the following command in global configuration mode: Creating a dMLPPP Bundle SUMMARY STEPS Step 1 interface multilink group-number Step 2 ip address ip-address mask Step 3 ppp multilink interleave Step 4 ppp multilink mrru local | remote mrru-value Step 5 mtu bytes Step 6 ppp multilink fragment delay delay DETAILED STEPS Command Purpose Router(config)# ip cef distributed Enables distributed CEF switching. 4-17 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks To configure a dMLPPP bundle, use the following commands beginning in global configuration mode: Command Purpose Step 1 Router(config)# interface multilink group-number Creates a multilink interface and enters interface configuration mode, where: • group-number—Specifies the group number for the multilink bundle. Note To enable no interface multilink group-number, remove the associated multilink group for the member links using the command no ppp multilink. Step 2 Router(config-if)# ip address ip-address mask Sets the IP address for the multilink group, where: • ip-address—Specifies the IP address for the interface. • mask—Specifies the mask for the associated IP subnet. Step 3 Router(config-if)# ppp multilink interleave (Optional—Software-based LFI) Enables fragmentation for the interfaces assigned to the multilink bundle. Fragmentation is disabled by default in software-based LFI. Step 4 Router(config-if)# ppp multilink mrru [local | remote] mrru-value Configures the MRRU value negotiated on a multilink bundle when MLP is used. • local—(Optional) Configures the local MRRU value. The default values for the local MRRU are the value of the multilink group interface MTU for multilink group members, and 1524 bytes for all other interfaces. • remote—(Optional) Configures the minimum value that software will accept from the peer when it advertises its MRRU. By default, the software accepts any peer MRRU value of 128 or higher. You can specify a higher minimum acceptable MRRU value in a range from 128 to 16384 bytes.4-18 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Assigning an Interface to a dMLPPP Bundle To configure an interface PPP link and associate it as a member of a multilink bundle, use the following commands beginning in global configuration mode. Repeat these steps to assign multiple links to the dMLPPP bundle. Note If you use this task to assign more than 12 T1 or E1 interface links as part of the same bundle, or if any of the T1/E1 interface links are fractional T1/E1, or any links reside on multiple SPAs as part of the same bundle, then software-based dMLPPP is implemented automatically by the Cisco 7600 SIP-200. SUMMARY STEPS Step 1 interface serial address OR interface serial slot/subslot/port/t1-number:channel-group OR interface serial slot/subslot/port:channel-group OR Step 2 encapsulation ppp Step 3 ppp multilink Step 4 ppp authentication chap Step 5 ppp chap hostname name Step 6 ppp multilink group group-number Step 5 Router(config-if)# mtu bytes (Optional) Adjusts the maximum packet size or MTU size. • Once you configure the MRRU on the bundle interface, you enable the router to receive large reconstructed MLP frames. You may want to configure the bundle MTU so the router can transmit large MLP frames, although it is not strictly necessary. • The maximum recommended value for the bundle MTU is the value of the peer’s MRRU. The default MTU for serial interfaces is 1500. The software will automatically reduce the bundle interface MTU if necessary, to avoid violating the peer’s MRRU. Step 6 Router(config-if)# ppp multilink fragment delay delay (Optional) Sets the fragmentation size satisfying the configured delay on the multilink bundle, where: • delay—Specifies the delay in milliseconds. Command Purpose4-19 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks DETAILED STEPS Command Purpose Step 1 1-Port Channelized OC-3/STM-1 SPA Router(config)# interface serial address 2-Port and 4-Port Channelized T3 SPA Router(config)# interface serial slot/subslot/port/t1-number:channel-group 8-Port Channelized T1/E1 SPA Router(config)# interface serial slot/subslot/port:channel-group 1 Port Channelized OC12/STM4 SPA Router(config)# interface serial address Specifies a serial interface and enters interface configuration mode, where: • address—For the different supported syntax options for the address argument for the 1-Port Channelized OC-3/STM-1 SPA, refer to the “Interface Naming” section of the “Configuring the 1-Port Channelized OC-3/STM-1 SPA” chapter. • slot—Specifies the chassis slot number where the SIP is installed. • subslot—Specifies the secondary slot number on a SIP where a SPA is installed. • port—Specifies the number of the interface port on the SPA. • t1-number—Specifies the logical T1 number in channelized mode. • channel-group—Specifies the logical channel group assigned to the time slots within the T1 or E1 group. Note If you configure a fractional T1/E1 interface on the SPA using a channel group and specify that fractional T1/E1 channel group as part of this task, then software-based dMLPPP is implemented automatically by the Cisco 7600 SIP-200 when you assign the interface to the dMLPPP bundle. Step 2 Router(config-if)# encapsulation ppp Enables PPP encapsulation. Note To enable no encapsulation ppp, remove the associated multilink group for the member links using the command no ppp multilink. Step 3 Router(config-if)# ppp multilink (Optional) Enables dMLPPP on the interface. Step 4 Router(config-if)# ppp authentication chap (Optional) Enables Challenge Handshake Authentication Protocol (CHAP) authentication. Step 5 Router(config-if)# ppp chap hostname name (Optional) Assigns a name to be sent in the CHAP challenge. • name—Specifies an alternate username that will be used for CHAP authentication Step 6 Router(config-if)# ppp multilink group group-number Assigns the interface to a multilink bundle, where: • group-number—Specifies the group number for the multilink bundle. This number should match the dMLPPP interface number specified in the interface multilink command.4-20 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring Link Fragmentation and Interleaving over dMLPPP Link fragmentation and interleaving (LFI) over dMLPPP is supported in software on the Cisco 7600 SIP-200, or in hardware on the 2-Port and 4-Port Channelized T3 SPA and the 8-Port Channelized T1/E1 SPA. This support is determined by your link configuration. Software-Based Guidelines When configuring LFI over dMLPPP, consider the following guidelines for software-based LFI: • LFI over dMLPPP will be configured in software if there is more than one link assigned to the dMLPPP bundle. • LFI is disabled by default in software-based LFI. To enable LFI on the multilink interface, use the ppp multilink interleave command. • Fragmentation size is calculated from the delay configured and the member link bandwidth. • You must configure a policy map with a class under the multilink interface. • CRTP should not be configured on a multilink interface when LFI is enabled on the multilink interface if the multilink bundle has more than one member link, and a QoS policy with a feature is enabled on the multilink interface. Hardware-Based Guidelines When configuring LFI over dMLPPP, consider the following guidelines for hardware-based LFI: • LFI over dMLPPP will be configured in hardware if you only assign one link (either T1/E1 or fractional T1/E1) to the dMLPPP bundle. • LFI is enabled by default in hardware-based LFI with a default size of 512 bytes. To enable LFI on the serial interface, use the ppp multilink interleave command. • A policy map having a class needs to be applied to the multilink interface. Verifying dMLPPP To verify dMLPPP configuration, use the show ppp multilink command, as shown in the following example: Router# show ppp multilink Multilink2, bundle name is group2 Bundle up for 00:01:21 Bundle is Distributed 0 lost fragments, 0 reordered, 0 unassigned 0 discarded, 0 lost received, 1/255 load 0x0 received sequence, 0x0 sent sequence Member links: 2 active, 0 inactive (max not set, min not set) Se4/3/0/1:0, since 00:01:21, no frags rcvd Se4/3/0/1:1, since 00:01:19, no frags rcvd If hardware-based dMLPPP is configured on the SPA, the show ppp multilink command displays “Multilink in Hardware” as shown in the following example: Router# show ppp multilink Multilink1, bundle name is group1 Bundle up for 00:00:13 Bundle is Distributed 0 lost fragments, 0 reordered, 0 unassigned 0 discarded, 0 lost received, 206/255 load 0x0 received sequence, 0x0 sent sequence4-21 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Member links: 2 active, 0 inactive (max not set, min not set) Se4/2/0/1:0, since 00:00:13, no frags rcvd Se4/2/0/2:0, since 00:00:10, no frags rcvd Distributed fragmentation on. Fragment size 512. Multilink in Hardware. Configuring Distributed Link Fragmentation and Interleaving for Frame Relay and ATM Interfaces The Distributed Link Fragmentation and Interleaving (dLFI) feature supports the transport of real-time traffic, such as voice, and non-real-time traffic, such as data, on lower-speed Frame Relay and ATM virtual circuits (VCs) and on leased lines without causing excessive delay to the real-time traffic. This feature is implemented using dMLPPP over Frame Relay, ATM, and leased lines. The feature enables delay-sensitive real-time packets and non-real-time packets to share the same link by fragmenting the large data packets into a sequence of smaller data packets (fragments). The fragments are then interleaved with the real-time packets. On the receiving side of the link, the fragments are reassembled and the packets reconstructed. The dLFI feature is often useful in networks that send real-time traffic using Distributed Low Latency Queueing, such as voice, but have bandwidth problems that delay this real-time traffic due to the transport of large, less time-sensitive data packets. The dLFI feature can be used in these networks to disassemble the large data packets into multiple segments. The real-time traffic packets then can be sent between these segments of the data packets. In this scenario, the real-time traffic does not experience a lengthy delay waiting for the low- data packets to traverse the network. The data packets are reassembled at the receiving side of the link, so the data is delivered intact. The ability to configure Quality of Service (QoS) using the Modular QoS CLI while also using dMLPPP is also introduced as part of the dLFI feature. For specific information about configuring dLFI, refer to the FlexWAN and Enhanced FlexWAN Module Installation and Configuration Note located at the following URL: http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/flexport/combo/index.htm For information about configuring dLFI on ATM SPAs, see the “Configuring Link Fragmentation and Interleaving with Virtual Templates” section on page 7-54 in Chapter 7, “Configuring the ATM SPAs.” Table 4-4 provides information about where the dLFI feature for SPA interfaces is supported. Table 4-4 dLFI Feature Compatibility by SIP and SPA Combination Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Hardware-based dLFI In Cisco IOS Release 12.2(18)SXE and later: • 8-Port Channelized T1/E1 SPA • 2-Port and 4-Port Channelized T3 SPA In Cisco IOS Release 12.2(18)SXE and later: • 2-Port OC-3c/STM-1 ATM S PA • 1-Port OC-12c/STM-4 ATM S PA Not supported. Hardware- and software-based dLFI In Cisco IOS Release 12.2(33)SRA: • 8-Port Channelized T1/E1 SPA • 2-Port and 4-Port Channelized T3 SPA • 1-Port Channelized OC-3/STM-1 SPA Not supported. Not supported.4-22 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Cisco 7600 Series Router LFI Restrictions When configuring LFI on the Cisco 7600 series router, consider the following restrictions: • A maximum number of 200 permanent virtual circuits (PVCs) or switched virtual circuits (SVCs) using Link Fragmentation and Interleaving (LFI) is supported for all ATM SPAs (or other ATM modules) in a Cisco 7600 series router. • LFI using FRF.12 is supported in hardware only for the 2-Port and 4-Port Channelized T3 SPA and 8-Port Channelized T1/E1 SPA. • LFI over dMLPPP is supported in software or hardware depending on your link configuration. For more information about software-based LFI over dMLPPP, see the “Configuring Link Fragmentation and Interleaving over dMLPPP” section on page 4-20. For more information about hardware-based LFI over dMLPPP, refer to the Chapter 17, “Configuring the 8-Port Channelized T1/E1 SPA,” and Chapter 19, “Configuring the 2-Port and 4-Port Channelized T3 SPAs.” • QoS is implemented on the Cisco 7600 SIP-200 for dLFI. Frame Relay Fragmentation (FRF.12) Frame Relay Fragmentation (FRF.12) supports voice and other real-time delay-sensitive data on low-speed links. The standard accommodates variations in frame sizes that allows a combination of real-time and non real-time data. FRF.12 is developed to allow long data frames to be fragmented into smaller pieces (fragments) and interleaved with real-time frames. In this way, real-time and non-real-time data frames are carried together on lower-speed links without causing excessive delay to the real-time traffic. dLFI with MPLS Not supported. Not supported. Not supported. dLFI with MPLS on VPN Supported between the CE and PE devices, and with virtual routing and forwarding (VRF) configuration. Not supported. Not supported. Table 4-4 dLFI Feature Compatibility by SIP and SPA Combination Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-6004-23 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Table 4-5 shows the list of SPAs supporting FRF.12 on SIP-400. The table also lists the fragment size and fragment mode. Ta b l e 4 - 5 List of SPAs supporting FRF.12 on SIP-400 Restrictions Following restrictions apply for FRF.12 on SIP-400: • FRF.12 supports SPA with fragmentation and re-assembly capability in their hardware. • Fragmentation support is available only for fragment size of 128, 256 and 512 bytes. Any other value configured is rounded off to the nearest lower denomination from the allowed fragment size with a console message. • Fragmentation statistics counters are not supported for SPA based fragmentation. Configuring FRF.12 on SIP-400 Configure FRF.12 on SIP-400 through Policy-map-class Complete the following to configure FRF.12 on SIP-400 through policy-map-class. SUMMARY STEPS Step 1 enable Step 2 configure terminal Step 3 class-map class-map-name Step 4 match ip precedence precedence-range Step 5 policy-map policy-map-name Step 6 class class-name Step 7 priority percent {x% | y ms} Step 8 map-class frame-relay map-class-name Step 9 frame-relay fragment fragment_size Step 10 service-policy input | output policy-map-name Step 11 interface serial slot/subslot/port:channel-group Step 12 ip address address mask Step 13 encapsulation frame-relay SPA Name Fragment Size Supported (bytes) Fragment Mode 1-port Channelized OC12/STM-4 SPA 128, 256, and 512 Hardware 8-Port Channelized T1/E1 SPA 128, 256, and 512 Hardware 2-Port and 4-Port Channelized T3 SPA 128, 256, and 512 Hardware 1-Port Channelized OC-3/STM-1 SPA 128, 256, and 512 Hardware 1-Port Channelizes OC48/DS3 SPA 128, 256, and 512 Hardware4-24 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Step 14 frame-relay interface-type dce | dte Step 15 frame-relay interface-dlci dlci-number Step 16 class frf12 Step 17 exit4-25 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks DETAILED STEPS Command or Action Purpose Step 1 enable Example: Router> enable Enables privileged EXEC mode. Enter your password when prompted. Step 2 configure terminal Example: Router# configure terminal Enters global configuration mode. Step 3 class-map [match-all | match-any] class-name Example: Router(config)# class-map match-all prec4 Creates a traffic class. • match-all—(Optional) Specifies that all match criteria in the class map must be matched, using a logical function AND of all matching statements defined under the class. This is the default keyword. • match-any—(Optional) Specifies that one or more match criteria must match, using a logical function OR of all matching statements defined under the class. • class-name—Specifies the user-defined name of the class. Note You can define up to 256 unique class maps. Step 4 match ip precedence precedence-range Example: Router(config-cmap)# match ip precedence 4 Matches the precedence value in the IP header. • precedence-range: Specifies the precedence value ranging from 0 to 7. Step 5 policy-map policy-map-name Example: Router(config-cmap)# policy-map child2 Specifies the name of the policy map to be created or modified. • policy-map-name—Specifies the name of the policy to configure. Step 6 class class-name Example: Router(config-pmap)# class prec4 Specifies the name of a predefined class included in the service policy. • class-name—Specifies the name of the class to configure. Step 7 priority percent x% | y ms Example: Router(config-pmap-c)# priority percent 45 Enables conditional policing rate (kbps or link percent). Conditional policing is used if the logical or physical link is congested, where: • x —Specifies the burst size in kbps.The burst size configures the network to accommodate temporary bursts of traffic. • y —Specifies the burst size in bytes. • ms —Specifies the burst size in bytes. 4-26 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Step 8 map-class frame-relay map-class-name Example: Router(config-pmap-c)# map-class frame-relay frf12 Specifies a map class to define FRF.12. Step 9 frame-relay fragment fragment_size Example: Router(config-map-class)# frame-relay fragment 128 Enables fragmentation of frame relay frames for a frame relay map class. Step 10 service-policy input | output policy-map-name Example: Router(config-map-class)# service-policy output parent2 Attaches a traffic policy to the input or output direction of an interface, where: • policy-map-name—Specifies the name of the traffic policy to configure. Step 11 interface serial slot/subslot/port:channel-grou p Example: Router(config-map-class)# interface serial 3/0/2/1:0 Selects the interface to configure. • slot/subslot/port:channel-group—Specifies the location of the interface. Step 12 ip address ip-address mask Example: Router(config-if)# ip address 111.10.10.11 255.255.255.0 Sets an IP address for an interface. • ip-address—IP address. • mask—Mask for the associated subnet. Step 13 encapsulation frame-relay Example: Router(config-if)# encapsulation frame-relay Enables frame relay encapsulation and allows frame relay processing on the supported interface. Step 14 frame-relay interface-type dce | dte Example: Router(config-if)# frame-relay interface-type dte Configures the router to function as a Digital Communications Equipment (DCE) or Data Terminal Equipment (DTE) device. Command or Action Purpose4-27 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuration Example This is an example to configure FRF.12 on SIP-400 through policy-map-class. Router> enable Router# configure terminal Router(config)# class-map match-all precedence 4 Router(config-cmap)# match ip precedence 4 Router(config-cmap)# policy-map child2 Router(config-pmap)# class precedence 4 Router(config-pmap-c)# priority percent 45 Router(config-pmap-c)# map-class frame-relay frf12 Router(config-map-class)# frame-relay fragment 128 Router(config-map-class)# service-policy output parent2 Router(config-map-class)# interface serial 3/0/2/1:0 Router(config-if)# ip address 111.10.10.11 255.255.255.0 Router(config-if)# encapsulation frame-relay Router(config-if)# frame-relay intf-type dte Router(config-if)# frame-relay interface-dlci 100 Router(config-fr-dlci)# class frf12 Router(config-fr-dlci)# exit This is an example to disable FRF.12 on SIP-400 through policy-map-class: Router(config-map-class)# interface Serial3/0/2/1:0 Router(config-if)# frame-relay interface-dlci 100 Router(config-fr-dlci)# no class frf12 Step 15 frame-relay interface-dlci dlci-number Example: Router(config-if)# frame-relay interface-dlci 100 Creates the specified DLCI on the subinterface and enters DLCI configuration mode, where: • dlci-number—Specifies the DLCI number to be used on the specified subinterface. Step 16 class frf12 no class frf12 Example: Router(config-fr-dlci)# class frf12 Router(config-fr-dlci)# no class frf12 Specifies a class to define FRF.12. Use the no form of this command to disable frame relay fragmentation. Step 17 exit Example: Router(config-fr-dlci)# exit Returns the command-line interface (CLI) to privileged EXEC mode. Command or Action Purpose4-28 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configure End-to-end FRF.12 Fragmentation on SIP-400 Complete the following to configure end-to-end FRF.12 fragmentation on SIP-400. SUMMARY STEPS Step 1 enable Step 2 configure terminal Step 3 interface serial slot/subslot/port:channel-group Step 4 ip address address mask Step 5 encapsulation frame-relay Step 6 frame-relay interface-dlci dlci-number [protocol ip ip-address] Step 7 frame-relay interface-type dce | dte Step 8 frame-relay fragment fragment_size end-to-end Step 9 exit4-29 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks DETAILED STEPS Command or Action Purpose Step 1 enable Example: Router> enable Enables privileged EXEC mode. Enter your password when prompted. Step 2 configure terminal Example: Router# configure terminal Enters global configuration mode. Step 3 interface serial slot/subslot/port:channel-grou p Example: Router(config-map-class)# interface Serial 3/0/2/1:0 Selects the interface to configure. • slot/subslot/port:channel-group—Specifies the location of the interface. Step 4 ip address ip-address mask Example: Router(config-if)# ip address 111.10.10.11 255.255.255.0 Sets an IP address for an interface. • ip-address—IP address. • mask—Mask for the associated subnet. Step 5 encapsulation frame-relay Example: Router(config-if)# encapsulation frame-relay Enables frame relay encapsulation and allows frame relay processing on the supported interface. Step 6 frame-relay interface-dlci dlci-number [protocol ip ip-address] Example: Router(config-if)# frame-relay interface-dlci 100 For point-to-point subinterfaces, assigns a data link connection identifier (DLCI) to the interface that connects to the new router, and provides the IP address of the serial port on the new router. This command should be used if the staging router is acting as the BOOTP server. Step 7 frame-relay interface-type dce | dte Example: Router(config-if)# frame-relay interface-type dte Configures the router to function as a Digital Communications Equipment (DCE) or Data Terminal Equipment (DTE) device.4-30 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuration Example This is an example to configure FRF.12 on SIP-400 through policy-map-class. Router> enable Router# configure terminal Router(config)# interface Serial3/0/2/1:0 Router(config-if)# ip address 111.10.10.11 255.255.255.0 Router(config-if)# encapsulation frame-relay Router(config-if)# frame-relay interface-dlci 100 Router(config-if)# frame-relay intf-type dte Router(config-if)# frame-relay fragment 128 end-to-end Router(config-if)# exit Verifying the Configuration This section provides the commands to verify the configuration of FRF.12 on SIP-400. Router# show frame-relay fragment interface dlci frag-type size in-frag out-frag dropped-frag Se3/0/2/1:0.1 *** fragment counters are not supported *** Note The show frame-relay fragment command does not work for hardware based fragmentation. Router# show frame-relay pvc PVC Statistics for interface Serial3/0/2/1:0 (Frame Relay DCE) Active Inactive Deleted Static Local 1 0 0 0 Switched 0 0 0 0 Unused 0 0 0 0 DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial3/0/2/1:0.1 input pkts 20 output pkts 17 in bytes 7640 out bytes 5799 dropped pkts 0 in pkts dropped 0 Step 8 frame-relay fragment fragment_size end-to-end no frame-relay fragment fragment_size end-to-end Example: Router(config-if)# frame-relay fragment 128 end-to-end Router(config-if)# no frame-relay fragment 128 end-to-end Enables fragmentation of frame relay frames on an interface. Use the no form of this command to disable frame relay fragmentation. Step 9 exit Example: Router(config-if)# exit Returns the command-line interface (CLI) to privileged EXEC mode. Command or Action Purpose4-31 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 16 out bcast bytes 5760 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 00:19:08, last time pvc status changed 00:09:22 fragment type end-to-end fragment size 128 <<<<<<<<< Troubleshooting Tips Configuring Voice over Frame Relay FRF.11 and FRF.12 Voice over Frame Relay (VoFR) enables a router to carry voice traffic (for example, telephone calls and faxes) over a frame relay network using the FRF.11 protocol. This specification defines multiplexed data, voice, fax, dual-tone multi-frequency (DTMF) digit-relay, and channel-associated signaling (CAS) frame formats. The Frame Relay backbone must be configured to include the map class and Local Management Interface (LMI). The Cisco VoFR implementation enables dynamic- and tandem-switched calls and Cisco trunk calls. Dynamic-switched calls include dial-plan information included that processes and routes calls based on the telephone numbers. The dial-plan information is contained within dial-peer entries. Note Because the Cisco 7600 series router does not support voice modules, it can act only as a VoFR tandem switch when FRF.11 or FRF.12 is configured on the SIPs. Tandem-switched calls are switched from incoming VoFR to an outgoing VoFR-enabled data-link connection identifier (DLCI) and tandem nodes enable the process. The nodes also switch Cisco trunk calls. Permanent calls are processed over the Cisco private-line trunks and static FRF.11 trunks that specify the frame format and coder types for voice traffic over a Frame Relay network. VoFR connections depend on the hardware platform and type of call. The types of calls are: • Switched (user dialed or auto-ringdown and tandem) • Permanent (Cisco trunk or static FRF.11 trunk) Problem Solution How do I debug the NPC frame relay. Use the debug npc frame-relay command to display information related to Frame Relay fragmentation on an NPC. Use the command on LC. How do I display the contents of the next hop protocol address to DLCI mapping table on the router. Use the show frame-relay map command. Sample output of the command: Router#show frame-relay map Serial1/2 (up): ip 172.16.1.4 dlci 401(0x191,0x6410), dynamic, broadcast,, status defined, active Serial1/2 (up): ip 172.16.1.5 dlci 501(0x1F5,0x7C50), dynamic, broadcast,, status defined, active Serial1/2 (up): ip 172.16.1.2 dlci 301(0x12D,0x48D0), dynamic, broadcast,, status defined, active4-32 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Note FRF.11 support was removed in Cisco IOS Release 12.2(18)SXF on the Cisco 7600 series router. Table 4-6 provides information about where the VoFR feature for SPA interfaces is supported. For specific information about configuring voice over Frame Relay FRF.11 and FRF.12, refer to the Cisco IOS Voice, Video, and Fax Configuration Guide located at the following URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fvvfax_c/vvfvofr.htm Configuring Layer 2 Interworking Features on a SIP This section provides SIP-specific information about configuring the Layer 2 interworking features on the Cisco 7600 series router. It includes the following topics: • Configuring Bridging for ATM Interfaces (RFC 1483/RFC 2684), page 4-33 Table 4-6 VoFR Feature Compatibility by SIP and SPA Combination Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 FRF.11 In Cisco IOS Releases 12.2(18)SXE and 12.2(18)SXE2: • 8-Port Channelized T1/E1 SPA • 2-Port and 4-Port Channelized T3 SPA Not supported Not supported FRF.12 In Cisco IOS Release 12.2(18)SXE and later, and in Cisco IOS Release 12.2(33)SRA for FRF.12 in SPA, which is hardware mode: • 8-Port Channelized T1/E1 SPA • 2-Port and 4-Port Channelized T3 SPA • 1-Port Channelized OC-3/STM-1 SPA In Cisco IOS Release 12.2(18)SXE and later, and in Cisco IOS Release 12.2(33)SRA for FRF.12 in LC mode, which is software mode: • SPA-12in1 • SPA-2xt3/e3 • SPA-4xt3/e3 Supported Not supported FRF.12 Effective with 15.2(1)S Release, FRF.12 supports SIP-400 with the following Channelized SPAs: • 1-port Channelized OC12/STM4 SPA • 8-port Channelized T1/E1 SPA • 2-port and 4-port Channelized T3 SPA • 1-port Channelized OC3/STM1 SPA • 1-port Channelized OC48/STM16/DS3 SPA Supported Not supported4-33 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • Configuring Multipoint Bridging, page 4-36 • Configuring Private Hosts over Virtual Private LAN Service (VPLS), page 4-54 Configuring Bridging for ATM Interfaces (RFC 1483/RFC 2684) The following types of bridging are supported on ATM SPAs in the Cisco 7600 series router. For information about SIP and SPA compatibility with each of these features, see Table 4-7. Note RFC 1483 has been obsoleted and superseded by RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5. To avoid confusion, this document continues to refer to the original RFC numbers. • RFC 1483/RFC 2684 bridging for point-to-point PVCs —RFC 1483 has been obsoleted and superseded by RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5. RFC 2684 specifies the implementation of point-to-point bridging of Layer 2 PDUs from an ATM interface. • RFC 1483/RFC 2684 bridging with IEEE 802.1Q tunneling—Allows service providers to aggregate multiple VLANs over a single VLAN, while still keeping the individual VLANs segregated and preserving the VLAN IDs for each customer. This tunneling simplifies traffic management for the service provider, while keeping customer networks secure. • RFC 1483/RFC 2684 half-bridging—Routes IP traffic from a stub-bridged Ethernet LAN over a bridged RFC 1483/RFC 2684 ATM interface, without using integrated routing and bridging (IRB). This allows bridged traffic that terminates on an ATM PVC to be routed on the basis of the destination IP address. • ATM routed bridge encapsulation (RBE)—The ATM SPAs support ATM Routed Bridge Encapsulation (RBE), which is similar in functionality to RFC 1483 ATM half-bridging, except that ATM half-bridging is configured on a point-to-multipoint PVC, while RBE is configured on a point-to-point PVC. • Bridging of routed encapsulations (BRE)—Enables an ATM SPA to receive RFC 1483/2684 routed encapsulated packets and forward them as Layer 2 frames. In a BRE configuration, the PVC receives the routed PDUs, removes the RFC 1483 routed encapsulation header, and adds an Ethernet MAC header to the packet. The Layer 2 encapsulated packet is then switched by the forwarding engine to the Layer 2 interface determined by the VLAN number and destination MAC. • Per VLAN Spanning Tree (PVST) to PVST+ Bridge Protocol Data Unit (BPDU) interoperability—PVST is a Cisco proprietary protocol that allows a Cisco device to support multiple spanning tree topologies on a per-VLAN basis. PVST uses the BPDUs defined in IEEE 802.1D, but instead of one STP instance per switch, there is one STP instance per VLAN. PVST+ is a Cisco proprietary protocol that creates one STP instance per VLAN (as in PVST). However, PVST+ enhances PVST and uses Cisco proprietary BPDUs with a special 802.2 Subnetwork Access Protocol (SNAP) Organizational Unique Identifier (OUI) instead of the standard IEEE 802.1D frame format used by PVST. PVST+ BPDUs are also known as Simple Symmetric Transmission Protocol (SSTP) BPDUs. Note The 1GE SPA on SIP-400 does not support the encapsulation dot1q vlan-id [native] command4-34 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Table 4-7 provides information about where the bridging features for ATM SPA interfaces are supported. For more details about the implementation and information about configuring bridging for ATM SPA interfaces, see Chapter 7, “Configuring the ATM SPAs.” Table 4-7 Bridging for ATM Interfaces Feature Compatibility by SIP and SPA Combination Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 RFC 1483/RFC 2684 Bridging for Point-to-Point PVCs (bridge-domain command) In Cisco IOS Release 12.2(18)SXE and later, and in Cisco IOS Release 12.2(33)SRA: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA In Cisco IOS Release 12.2(18)SXE and later, and in Cisco IOS Release 12.2(33)SRA: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA • 1-Port OC-12c/STM-4 ATM S PA Not supported. RFC 1483/RFC 2684 Bridging with IEEE 802.1Q Tunneling for Point-to-Point PVCs (bridge-domain dot1q-tunnel command) In Cisco IOS Release 12.2(18)SXE and later, and in Cisco IOS Release 12.2(33)SRA and later: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA In Cisco IOS Release 12.2(18)SXE and later, and in Cisco IOS Release 12.2(33)SRA: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA • 1-Port OC-12c/STM-4 ATM S PA In Cisco IOS Release 12.2(18)SXF and Cisco IOS Release 12.2(33)SRA and later: • 1-Port OC-48c/STM-16 ATM S PA Not supported. RFC 1483/RFC 2684 Half-Bridging for Point-to-Multipoint PVCs In Cisco IOS Release 12.2(18)SXE and later, and in Cisco IOS Release 12.2(33)SRA: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA Not supported. Not supported. RFC 1483/RFC 2684 Routed Bridge Encapsulation (RBE) for Point-to-Point PVCs In Cisco IOS Release 12.2(18)SXE and later, and in Cisco IOS Release 12.2(33)SRA: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA Not supported. Not supported.4-35 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks RFC 1483/RFC 2684 Bridging of Routed Encapsulations (BRE) for PVCs In Cisco IOS Release 12.2(18)SXE and later, and in Cisco IOS Release 12.2(33)SRA: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA Not supported. Not supported. Enhancements to RFC 1483/RFC 2684 Spanning Tree Interoperability (PVST to PVST+ BPDU Interoperability) In Cisco IOS Release 12.2(18)SXF2 and later, and in Cisco IOS Release 12.2(33)SRA: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA In Cisco IOS Release 12.2(18)SXF2 and later, and in Cisco IOS Release 12.2(33)SRA: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA • 1-Port OC-12c/STM-4 ATM S PA • 1-Port OC-48c/STM-16 ATM S PA Not supported. Multi-VLAN to VC In Cisco IOS Release 12.2(18)SXE and later, and in Cisco IOS Release 12.2(33)SRA and later: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA In Cisco IOS Release 12.2(33)SRA: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA • 1-Port OC-12c/STM-4 ATM S PA • 1-Port OC-48c/STM-16 ATM S PA Not supported. Table 4-7 Bridging for ATM Interfaces Feature Compatibility by SIP and SPA Combination (continued) Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-6004-36 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring Multipoint Bridging Multipoint bridging (MPB) enables the connection of multiple ATM PVCs, Frame Relay PVCs, Bridge Control Protocol (BCP) ports, and WAN Gigabit Ethernet subinterfaces into a single broadcast domain (virtual LAN), together with the LAN ports on that VLAN. This enables service providers to add support for ethernet-based layer 2 services to the proven technology of their existing ATM and Frame Relay legacy networks. Customers can then use their current VLAN-based networks over the ATM or Frame Relay cloud. This also allows service providers to gradually update their core networks to the latest Gigabit Ethernet optical technologies, while still supporting their existing customer base. ATM interfaces use RFC 1483/RFC 2684 bridging, and Frame Relay interfaces use RFC 1490/RFC 2427 bridging, both of which provide an encapsulation method to allow the transport of Ethernet frames over each type of Layer 2 network. Beginning in Cisco IOS Release 12.2(33)SRA, MPB support is added on the Cisco 7600 SIP-400 to multiplex different VLANs that are configured across multiple Gigabit Ethernet subinterfaces into a single broadcast domain. Gigabit Ethernet interfaces can also reside on different Cisco 7600 SIP-400s and belong to the same bridge domain. 4-37 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Table 4-8 provides information about where the MPB features for SPA interfaces are supported. Table 4-8 MPB Feature Compatibility by SIP and SPA Combination Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 MPB—60 VCs or interfaces per VLAN globally in system In Cisco IOS Release 12.2(18)SXE and later: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA • 2-Port and 4-Port Channelized T3 SPA • 2-Port and 4-Port Clear Channel T3/E3 SPA • 8-Port Channelized T1/E1 SPA In Cisco IOS Release 12.2(18)SXE and later: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA • 1-Port OC-12c/STM-4 ATM S PA Not supported. MPB—112 VCs or interfaces per VLAN on each SIP Note If you are using Virtual Private LAN Service (VPLS), see the MPB configuration guidelines. In Cisco IOS Release 12.2(33)SRA: • 1-Port Channelized OC-3/STM-1 SPA • 2-Port and 4-Port OC-3c/STM-1 ATM SPA • 2-Port and 4-Port OC-3c/STM-1 POS SPA • 2-Port and 4-Port Channelized T3 SPA • 2-Port and 4-Port Clear Channel T3/E3 SPA • 8-Port Channelized T1/E1 SPA Not applicable. Not supported.4-38 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks MPB—120 VCs or interfaces per VLAN on each SIP Note If you are using VPLS, see the MPB bridging configuration guidelines. Not supported. In Cisco IOS Release 12.2(33)SRA: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA • 1-Port OC-12c/STM-4 ATM S PA • 1-Port OC-48c/STM-16 ATM SPA • 2-Port and 4-Port OC-3c/STM-1 POS SPA • 1-Port OC-12c/STM-4 POS SPA • 1-Port OC-48c/STM-16 POS SPA In Cisco IOS Release 15.2(1)S: • 1-Port Channelized OC12/STM-4 SPA • 2-Port and 4-Port T3/E3 SPA • 8-Port Channelized T1/E1 SPA • 1-Port Channelized OC-3/STM-1 SPA • 1-Port Channelized OC48/STM/16/DS3 SPA • 2 and 4-Port Clear Channel T3/E3 SPA Not supported. MPB on Gigabit Ethernet—Layer 2 bridging of frames between subinterfaces on different physical Gigabit Ethernet ports Not supported. In Cisco IOS Release 12.2(33)SRA: • 2-Port Gigabit Ethernet SPA Not supported. PIM snooping for MPB Not supported. Supported for all SPAs in Cisco IOS Release 12.2(33)SRA. Not supported. Table 4-8 MPB Feature Compatibility by SIP and SPA Combination (continued) Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-6004-39 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring MPB for ATM PVCs You can configure MPB manually on individual PVCs, or you can configure a range of PVCs to configure all of the PVCs at one time. ATM interfaces use RFC 1483/RFC 2684 bridging, which provides an encapsulation method to allow the transport of Ethernet frames over the Layer 2 network. Note RFC 1483 has been obsoleted and superseded by RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5. To avoid confusion, this document continues to refer to the original RFC numbers. MPB for ATM PVCs Configuration Guidelines • Only ATM permanent virtual circuits (PVCs) are supported. SVCs are not supported. • MPB is not supported on VLAN IDs 0, 1, 1002–1005, and 4095. • Refer to Table 4-8 for limitations on the number of supported VCs. • If you are using VPLS on a VC, then the total number of supported VC connection points for MPB (112 for the Cisco 7600 SIP-200, or 120 for the Cisco 7600 SIP-400) is reduced by one for each VPLS VC configured on that bridged VLAN. This reduces the total available number of VC connection points for MPB on that VLAN globally for that SIP. For example, if you configure 10 VPLS VCs on bridged VLAN 100, for a SPA on a Cisco 7600 SIP-200 in slot 4, then 10 connection points are allocated to the VPLS VCs for VLAN 100 across the SIP in slot 4. The total number of connection points available for MPB on VLAN 100 for the Cisco 7600 SIP-200 in slot 4 is 112 minus 10, or 102. A different VLAN (for example, VLAN 300) on that same Cisco 7600 SIP-200 in slot 4, without any VPLS VCs, will have the full 112 VCs available. • Routing and bridging is supported on the same interface or subinterface, but for security reasons, routing and bridging is not supported on any given PVC. Therefore, you should not configure an IP address on a point-to-point subinterface and then configure bridging on a PVC on that subinterface. • For a limited form of trunking on ATM PVCs supporting multiple VLANs to a single VC, you can configure dot1q tag. However, this configuration can lead to a performance penalty. When using this configuration, you can specify up to 32 bridge-domain command entries for a single PVC. The highest tag value in a group of bridge-domain commands must be greater than the first tag entered (but less than 32 greater than the first tag entered). SUMMARY STEPS Step 1 vlan vlan-id | vlan-range Step 2 interface atm slot/subslot/port Step 3 interface atm slot/subslot/port.subinterface point-to-point | multipoint Note All commands up till here must be executed at the global configutation mode. Herafter the commands will be executed at the sub-interface configuration mode Step 4 no ip address Step 5 pvc name vpi |vci or range range-name pvc start-vpi|start-vci end-vpi | end-vci 4-40 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Step 6 bridge-domain vlan-id access | dot1q tag| dot1q-tunnel ignore-bpdu-pid pvst-tlv CE-vlan increment split-horizon DETAILED STEPS To configure MPB for ATM PVCs, perform the following steps beginning in global configuration mode. Command Purpose Step 1 Router(config)# vlan vlan-id | vlan-range Adds the specified VLAN IDs to the VLAN database and enters VLAN configuration mode, where: • vlan-id—Specifies a single VLAN ID. The valid range is from 2 to 4094. • vlan-range—Specifies multiple VLAN IDs, as either a list or a range. The vlan-range can contain a list of the VLAN IDs, separated by a comma (,), dash (-), or both. Note Before you can use a VLAN for multipoint bridging, you must manually enter its VLAN ID into the VLAN database. Step 2 Router(config)# interface atm slot/subslot/port Specifies or creates an ATM interface, where: • slot—Specifies the chassis slot number where the SIP is installed. • subslot—Specifies the secondary slot number on a SIP where a SPA is installed. • port—Specifies the number of the interface port on the SPA. Step 3 Router(config)# interface atm slot/subslot/port.subinterface point-to-point | multipoint Specifies or creates a subinterface and enters subinterface configuration mode, where: • slot—Specifies the chassis slot number where the SIP is installed. • subslot—Specifies the secondary slot number on a SIP where a SPA is installed. • port—Specifies the number of the interface port on the SPA. • .subinterface—Specifies the number of the subinterface on the interface port. • point-to-point—Specifies a point-to-point subinterface. • multipoint—Specifies a multipoint subinterface that allows multiple PVCs to use the same subinterface. Step 4 Router(config-subif)# no ip address Disables IP processing on the subinterface by removing its IP address.4-41 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Use the following commands (pvc and bridge-domain) to create and configure PVCs individually. Repeat these commands as desired. Or, use the range pvc and bridge-domain command with the increment keyword to configure a range of PVCs. Step 5 Router(config-subif)# pvc [name] vpi/vci or Router(config-subif)# range [range-name] pvc start-vpi/start-vci end-vpi/end-vci Configures a new ATM PVC or range of ATM PVCs with the specified VPI and VCI numbers and enters VC configuration mode or PVC range configuration mode, where: • name—(Optional) Specifies the descriptive name to identify this PVC. • vpi/vci—Specifies the virtual path identifier (VPI) and virtual channel identifier (VCI) for this PVC. • range-name—(Optional) Specifies the descriptive name of the range, up to a maximum of 15 characters. • start-vpi/—Specifies the beginning value for the range of virtual path identifiers (VPIs). The valid range is from 0 to 255, with a default of 0. • start-vci—Specifies the beginning value for a range of virtual channel identifiers (VCIs). The valid range is from 32 to 65535. • end-vpi/—Specifies the end value for the range of VPIs. The valid range is from 0 to 255, with a default that is equal to the start-vpi value. • end-vci—Specifies the end value for a range of virtual channel identifiers (VCIs). The VCI value ranges from 32 to 65535. Command Purpose4-42 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Step 6 Router(config-if-atm-vc)# bridge-domain vlan-id access | dot1q tag| dot1q-tunnel ignore-bpdu-pid pvst-tlv CE-vlan increment split-horizon Enables RFC 1483 bridging to map a bridged VLAN to an ATM PVC, where: • vlan-id—Specifies the number of the VLAN to be used in this bridging configuration. The valid range is from 2 to 4094. The VLAN ID must have been previously added to the VLAN database in Step 1. • access—(Optional) Enables access-only bridging access mode, in which the bridged connection does not transmit or act upon bridge protocol data unit (BPDU) packets. • dot1q—(Optional) Enables IEEE 802.1Q tagging to preserve the class of service (CoS) information from the Ethernet frames across the ATM network. If not specified, the ingress side assumes a CoS value of 0 for QoS purposes. Using the dot1q keyword helps avoid misconfiguration because incoming untagged frames, or tagged frames that don’t match the specified vlan-id are dropped. • tag—(Optional—ATM PVCs only) Specifies the IEEE 802.1Q value in the range 1 to 4095. You can specify up to 32 bridge-domain command entries using dot1q tag for a single PVC. The highest tag value in a group of bridge-domain commands must be greater than the first tag entered (but less than 32 greater than the first tag entered). • dot1q-tunnel—(Optional) Enables IEEE 802.1Q tunneling mode, so that service providers can use a single VLAN to support customers who have multiple VLANs, while preserving customer VLAN IDs and keeping traffic in different customer VLANs segregated. Note The access, dot1q, and dot1q-tunnel options are mutually exclusive. If you do not specify any of these options, the connection operates in “raw” bridging access mode, which is similar to access, except that the connection processes and transmits BPDU packets. • ignore-bpdu-pid—(Optional—ATM PVCs only) Ignores the protocol-ID field in RFC 1497 bridge protocol data unit (BPDU) packets, to allow interoperation with ATM customer premises equipment (CPE) devices that do not distinguish BPDU packets from data packets. Command Purpose4-43 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Verifying MPB for ATM PVCs To display information about the PVCs that have been configured on ATM interfaces, use the following commands: • show atm pvc—Displays a summary of the PVCs that have been configured. • show atm vlan—Displays the connections between PVCs and VLANs. Note Use the show atm vlan command instead of the show interface trunk command to display information about ATM interfaces being used for multipoint bridging. The following shows an example of each command: Router# show atm pvc VCD / Peak Avg/Min Burst Interface Name VPI VCI Type Encaps SC Kbps Kbps Cells Sts 5/0/0 1 0 102 PVC SNAP UBR 599040 UP 5/0/0 2 0 103 PVC SNAP UBR 599040 UP 5/0/0 3 0 111 PVC SNAP UBR 599040 UP 5/0/0 3 0 111 PVC SNAP UBR 599040 UP 5/0/0 3 0 111 PVC SNAP UBR 599040 UP Router# show atm vlan Options Legend: DQ - dot1q; DT - dot1q-tunnel; MD - multi-dot1q; AC - access; SP - split-horizon; BR - broadcast; IB - ignore-bpdu-pid; DEF - default Interface VCD VPI Network Customer PVC Options /VCI Vlan ID Dot1Q-ID Status ATM5/0/0 1 0/102 102 1002 UP MD ATM5/0/0 2 0/103 103 1003 UP MD • pvst-tlv CE-vlan—(Optional) When transmitting, translates PVST+ BPDUs into IEEE BPDUs. When receiving, translates IEEE BPDUs into PVST+ BPDUs. CE-vlan specifies the customer-edge VLAN in the SSTP Tag-Length-Value (TLV) to be inserted in an IEEE BPDU to a PVST+ BPDU conversion. • increment—(Optional—PVC range configuration mode only) Increments the bridge domain number for each PVC in the range. This keyword is used when you are configuring a range of PVCs using the range pvc command. • split-horizon—(Optional) Drops egress traffic going out a VC or interface with split-horizon configured, that arrived on an interface with split-horizon configured. Command Purpose4-44 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks ATM5/0/0 3 0/111 111 1111 UP MD ATM5/0/0 3 0/111 112 1112 UP MD ATM5/0/0 3 0/111 113 1113 UP MD Verification Use these commands to verify operation. Configuring MPB for Frame Relay You can configure MPB for Frame Relay on individual DLCI circuits. You can optionally add 802.1Q tagging or 802.1Q tunneling. Frame Relay interfaces use RFC 1490/RFC 2427 bridging, which provides an encapsulation method to allow the transport of Ethernet frames over the Layer 2 network. Note RFC 1490 has been obsoleted and superseded by RFC 2427, Multiprotocol Interconnect over Frame Relay. To avoid confusion, this document continues to refer to the original RFC numbers. MPB for Frame Relay Configuration Guidelines • Multipoint bridging on Frame Relay interfaces supports only IETF encapsulation. Cisco encapsulation is not supported for MPB. • MPB is not supported on VLAN IDs 0, 1, 1002–1005, and 4095. • Refer to Table 4- 8 for limitations on the number of supported VCs. • If you are using VPLS, then the total number of supported DLCI connection points for MPB (112 for the Cisco 7600 SIP-200, or 120 for the Cisco 7600 SIP-400) is reduced by one for each VPLS instance configured on that bridged VLAN. This reduces the total available number of DLCI connection points for MPB on that VLAN globally for that SIP. For example, if you configure 10 VPLS instances on a bridged VLAN 100, for a SPA on a Cisco 7600 SIP-200 in slot 4, then 10 connection points are allocated to the VPLS instances for VLAN 100 across the SIP in slot 4. Command Purpose Router# show ethernet service evc [id evc-id | interface interface-id] [detail] Displays information pertaining to a specific EVC if an EVC ID is specified, or pertaining to all EVCs on an interface if an interface is specified. The detail option provides additional information on the EVC. Router# show ethernet service instance [id instance-id interface interface-id | interface interface-id] [detail] Displays information about one or more service instances: If a service instance ID and interface are specified, only data pertaining to that particular service instance is displayed. If only an interface ID is specified, displays data for all service instances on the given interface. Router# show ethernet service interface [interface-id] [detail] Displays information in the Port Data Block (PDB). Router# show ethernet service instance summary Displays overall EVC count as well as individual interface EVC count.4-45 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks The total number of connection points available for MPB on VLAN 100 for the Cisco 7600 SIP-200 in slot 4 is 112 minus 10, or 102. A different VLAN (for example, VLAN 300) on that same Cisco 7600 SIP-200 in slot 4, without any VPLS DLCIs, will have the full 112 DLCIs available. • Routing and bridging is supported on the same interface or subinterface, but for security reasons, routing and bridging is not supported on any given DLCI. Therefore, you should not configure an IP address on a point-to-point subinterface and then configure bridging on a DLCI on that subinterface. SUMMARY STEPS Step 1 vlan vlan-id | vlan-range Step 2 interface serial slot/subslot/port or interface pos slot/subslot/port Step 3 encapsulation frame-relay ietf Step 4 interface serial slot/subslot/port.subinterface point-to-point | multipoint OR interface serial slot/subslot/port/t1-number:channel-group.subinterface point-to-point | multipoint OR interface serial slot/subslot/port:channel-group.subinterface point-to-point | multipoint OR interface pos slot/subslot/port.subinterface point-to-point | multipoint OR interface serial address Note All commands up till here must be executed at the global configutation mode. Herafter the commands will be executed at the sub-interface configuration mode unless specifically mentioned otherwise Step 5 no ip address Step 6 frame-relay interface-dlci dlci ietf Step 7 bridge-domain vlan-id access | dot1q | dot1q-tunnel pvst-tlv CE-vlan split-horizon (This command is executed on the DLCI interface configuration mode) Note ChOC-12 does not support the bridge-domain command.4-46 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks DETAILED STEPS To configure MPB for Frame Relay on serial or POS SPAs, perform the following steps beginning in global configuration mode: Command Purpose Step 1 Router(config)# vlan vlan-id | vlan-range Adds the specified VLAN IDs to the VLAN database and enters VLAN configuration mode, where: • vlan-id—Specifies a single VLAN ID. The valid range is from 2 to 4094. • vlan-range—Specifies multiple VLAN IDs, as either a list or a range. The vlan-range can contain a list of the VLAN IDs, separated by a comma (,), dash (-), or both. Note Before you can use a VLAN for multipoint bridging, you must manually enter its VLAN ID into the VLAN database. Step 2 Router(config)# interface serial slot/subslot/port or Router(config)# interface pos slot/subslot/port Specifies or creates a serial or POS interface, where: • slot—Specifies the chassis slot number where the SIP is installed. • subslot—Specifies the secondary slot number on a SIP where a SPA is installed. • port—Specifies the number of the interface port on the SPA. Step 3 Router(config-if) encapsulation frame-relay ietf Enables Frame Relay encapsulation on the interface, using IETF encapsulation. You must specify the ietf keyword either here or in Step 6 for each individual DLCI. Note Multipoint bridging does not support Cisco encapsulation using the cisco keyword.4-47 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Step 4 2-Port and 4-Port Clear Channel T3/E3 SPA Router(config)# interface serial slot/subslot/port.subinterface point-to-point | multipoint 2-Port and 4-Port Channelized T3 SPA Router(config)# interface serial slot/subslot/port/t1-number:channel-group.subi nterface point-to-point | multipoint 8-Port Channelized T1/E1 SPA Router(config)# interface serial slot/subslot/port:channel-group.subinterface point-to-point | multipoint 1-Port Channelized OC-3/STM-1 SPA and 1-Port Channelized OC-12/STM-4 SPA Router(config)# interface serial address 1-Port OC-12c/STM-4 POS SPA or 2-Port and 4-Port OC-3c/STM-1 POS SPA Router(config)# interface pos slot/subslot/port.subinterface point-to-point | multipoint Specifies or creates a subinterface and enters subinterface configuration mode, where: • slot—Specifies the chassis slot number where the SIP is installed. • subslot—Specifies the secondary slot number on a SIP where a SPA is installed. • port—Specifies the number of the interface port on the SPA. • .subinterface—Specifies the number of the subinterface on the interface port. • t1-number—Specifies the logical T1 number in channelized mode. • address—For the different supported syntax options for the address argument for the 1-Port Channelized OC-3/STM-1 SPA or 1-Port Channelized OC-12/STM-4 SPA, see the “Interface Naming” section of the “Configuring the 1-Port Channelized OC-3/STM-1 SPA” chapter. • channel-group—Specifies the logical channel group assigned to the time slots within the T1 or E1 group. • point-to-point—Specifies a point-to-point subinterface. • multipoint—Allows multiple PVCs to use the same subinterface Step 5 Router(config-subif)# no ip address Disables IP processing on a particular interface by removing its IP address. Command Purpose4-48 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Step 6 Router(config-subif)# frame-relay interface-dlci dlci ietf Creates the specified DLCI on the subinterface and enters DLCI configuration mode, where: • dlci—Specifies the DLCI number to be used on the specified subinterface. • ietf—(Optional) Specifies IETF encapsulation. This option is required if you did not specify IETF encapsulation in Step 4. Note This command includes other options that are not supported when using multipoint bridging. Step 7 Router(config-fr-dlci)# bridge-domain vlan-id access | dot1q | dot1q-tunnel pvst-tlv CE-vlan split-horizon Enables RFC 1490 bridging to map a bridged VLAN to a Frame Relay DLCI, where: • vlan-id —Specifies the number of the VLAN to be used in this bridging configuration. The valid range is from 2 to 4094. The VLAN ID must have been previously added to the VLAN database in Step 1. • access—(Optional) Enables access-only bridging access mode, in which the bridged connection does not transmit or act upon bridge protocol data unit (BPDU) packets. • dot1q—(Optional) Enables IEEE 802.1Q tagging to preserve the class of service (CoS) information from the Ethernet frames across the Frame Relay network. If not specified, the ingress side assumes a CoS value of 0 for QoS purposes. Using the dot1q keyword helps avoid misconfiguration because incoming untagged frames, or tagged frames that do not match the specified vlan-id are dropped. • dot1q-tunnel—(Optional) Enables IEEE 802.1Q tunneling mode, so that service providers can use a single VLAN to support customers who have multiple VLANs, while preserving customer VLAN IDs and keeping traffic in different customer VLANs segregated. Command Purpose4-49 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Verifying MPB for Frame Relay To display information about the DLCIs that have been configured on Frame Relay interfaces, use the show frame-relay vlan command. Router# show frame-relay vlan Interface Bridge DLCI Domain POS3/1/0.100 100 100 Configuring MPB for Gigabit Ethernet Beginning in Cisco IOS Release 12.2(33)SRA, MPB support is added on the Cisco 7600 SIP-400 to multiplex different VLANs that are configured across multiple Gigabit Ethernet subinterfaces into a single broadcast domain. Gigabit Ethernet interfaces can also reside on different Cisco 7600 SIP-400s and belong to the same bridge domain. MPB for Gigabit Ethernet Configuration Guidelines • The Cisco 7600 SIP-400 can support a total of up to 4096 subinterfaces and bridge-domain instances per VLAN. For example, one subinterface with a configured VLAN using MPB will consume two of the available 4096 total allowable subinterfaces and bridge domains combined. • Up to 60 subinterfaces can be put into the same bridge domain on the Cisco 7600 SIP-400. Note The access, dot1q, and dot1q-tunnel options are mutually exclusive. If you do not specify any of these options, the connection operates in “raw” bridging access mode, which is similar to access, except that the connection processes and transmits BPDU packets. • pvst-tlv CE-vlan—(Optional) When transmitting, translates PVST+ BPDUs into IEEE BPDUs. When receiving, translates IEEE BPDUs into PVST+ BPDUs. CE-vlan specifies the customer-edge VLAN in the SSTP Tag-Length-Value (TLV) to be inserted in an IEEE BPDU to a PVST+ BPDU conversion. • split-horizon—(Optional) Drops egress traffic going out a VC or interface with split-horizon configured, that arrived on an interface with split-horizon configured. Note ChOC-12 does not support the bridge-domain command. Command Purpose4-50 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks To configure MPB for Gigabit Ethernet, perform the following steps beginning in global configuration mode: Command Purpose Step 1 Router(config)# vlan {vlan-id | vlan-range} Adds the specified VLAN IDs to the VLAN database and enters VLAN configuration mode, where: • vlan-id—Specifies a single VLAN ID. The valid range is from 2 to 4094. • vlan-range—Specifies multiple VLAN IDs, as either a list or a range. The vlan-range can contain a list of the VLAN IDs, separated by a comma (,), dash (-), or both. Note Before you can use a VLAN for multipoint bridging, you must manually enter its VLAN ID into the VLAN database. Step 2 Router(config)# interface gigabitethernet slot/subslot/port.subinterface Specifies or creates a Gigabit Ethernet subinterface and enters subinterface configuration mode, where: • slot—Specifies the chassis slot number where the SIP is installed. • subslot—Specifies the secondary slot number on a SIP where a SPA is installed. • port—Specifies the number of the interface port on the SPA. • .subinterface—Specifies the number of the subinterface on the interface port.4-51 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Step 3 Router(config-subif) encapsulation dot1q vlan-id Enables IEEE 802.1Q encapsulation on the interface, where vlan-id specifies the virtual LAN identifier. The allowed range is from 1 to 4095. Step 4 Router(config-subif)# bridge-domain vlan-id [dot1q | dot1q-tunnel] [bpdu {drop | transparent}] [split-horizon] Enables bridging of VLANs across Gigabit Ethernet subinterfaces, where: • vlan-id —Specifies the number of the VLAN to be used in this bridging configuration. The valid range is from 2 to 4094. The VLAN ID must have been previously added to the VLAN database in Step 1. • dot1q—(Optional) Enables IEEE 802.1Q tagging to preserve the class of service (CoS) information from the Ethernet frames across the ATM network. If not specified, the ingress side assumes a CoS value of 0 for QoS purposes. • dot1q-tunnel—(Optional) Enables IEEE 802.1Q tunneling mode, so that service providers can use a single VLAN to support customers who have multiple VLANs, while preserving customer VLAN IDs and keeping traffic in different customer VLANs segregated. Note The dot1q and dot1q-tunnel options are mutually exclusive. If you do not specify either of these options, the connection operates in “raw” bridging access mode, which is similar to access, except that the connection processes and transmits BPDU packets. • bpdu {drop | transparent}—(Optional) Specifies whether or not BPDUs are processed or dropped, where: – drop—Specifies BPDU packets are dropped on the subinterface. – transparent—Specifies BPDU packets are forwarded as data on the subinterface, but not processed. • split-horizon—(Optional) Drops egress traffic going out a VC or interface with split-horizon configured, that arrived on an interface with split-horizon configured. Command Purpose4-52 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring Private Hosts SVI (Interface VLAN) The Private Hosts feature allows automatic insertion of Router (SVI) MAC intothe Private Hosts configuration. Private Hosts track the L2 port that a server is connected to, and limit undesired traffic through MAC-layer ACLs. Hosts can carry multiple traffic types via trunk port, remain isolated from each other, and still communicate to a common server. Private hosts work at Layer 2 interface level. Port classification • Isolated ports: The hosts which need to be isolated will be directly or indirectly connected through DSLAMs to this type of ports. The unicast traffic received on these ports should be always destined towards specified upstream devices • Promiscuous ports: The ports facing the core network or devices like BRAS and multicast servers are called promiscuous ports. These ports can allow any unicast or broadcast traffic received from upstream devices. Private hosts traffic is treated as Layer 2 traffic and routing needs an external router to be configured. Instead of configuring a server MAC address into Private Hosts, you must configure the router MAC address. This featureadds the SVIs into the Private Host configuration, eliminating the need for the external router Configuration tasks To configure the private hosts SVI (Interface VLAN) feature, perform the following steps in the global configuration mode: Command Purpose Step 1 Router(config)# [no] private-hosts This command is used enable or disable private hosts feature on a Cisco 7600 device globally. A [no] form of the command disables the private hosts feature globally. This command is in disabled mode by default Step 2 Router(config)# [no] private-hosts mac-list This command is used to populate the MAC address list. A [no] form of the command is used to delete MAC address from the list. The list itself is deleted after the deletion of last MAC address Step 3 Router(config)# [no] private-hosts vlan-list This command is used to provide list of VLANs that need to be isolated. A [no] form will remove the given VLANs from the isolated VLAN list. Note This VLAN -list is also used to program the promiscuous devices' MAC addresses Step 4 Router(config)# [no] private-hosts promiscous [vlan-list ] This command is used to provide list of promiscuous MAC addresses and optional VLAN-list on which these devices might exist. If the VLAN-list is not given, the VLAN list is taken from the global isolated VLAN- list configured. This command can be executed multiple times with different MAC-list and vlan-list combination4-53 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Restrictions The following restrictions should be considered while configuring the private hosts SVI feature: • You cannot restrict Private Host SVIs to a configured subset of VLANs. If you want a subset of VLANs to use SVI's, you must ensure there are no SVIs on the VLANs that are not to be routed. • This feature is applicable only to native system. • This feature is not supported on hybrid systems. • This feature installs protocol independent PACLs and enables MAC classification on the VLAN. As a result features like RACLs do not work with it. • This feature is supported only PFC-3BXL or above cards. • This feature is not supported on EARL6 or below. Sample Configuration PE18_C7606#conf t Enter configuration commands, one per line. End with CNTL/Z. PE18_C7606(config)#private-hosts PE18_C7606(config)#private-hosts mac-list ML1 10de.aa0d.e2ad PE18_C7606(config)#private-hosts vlan-list? vlan-list PE18_C7606(config)#private-hosts vlan-list 1 PE18_C7606(config)#private-hosts promiscuous? promiscuous PE18_C7606(config)#private-hosts promiscuous ML1 Verifying the Private Hosts SVI (Interface VLAN) configuration Use the following show commands to verify the Private Hosts SVI (Interface VLAN) configuration: Command Purpose Router(config)# show private-hosts configuration Displays the global private hosts configuration Router(config)# show private-hosts access-lists Displays the private hosts related access lists Router(config)# show private-hosts interface configuration Displays the ports on which the feature is enabled with the configured mode Router(config)# show private-hosts mac-list Displays the configured mac-lists and their members4-54 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring Private Hosts over Virtual Private LAN Service (VPLS) The private host feature supports the redirection of broadcast and unicast from isolated ports over VPLS virtual circuit. The private host feature allows the addition of one VPLS enabled VLAN (cross-connect configured on a VLAN) in the private host vlan-list, along with the regular VLAN and SVI. Restrictions and Guidelines While configuring private hosts over VPLS, besides noting the private host SVI restrictions listed in Restrictions, page 4-165, keep the following additional guidelines in mind: • Private host limits VPLS support for only one VLAN. If the private host Vlan-list already has a VPLS VLAN (VLAN with cross-connect), the addtion of another VPLS VLAN will be blocked. • If any VLAN in the Vlan-list has cross-connect configured, configuring cross-connect on another VLAN in the Vlan-list will be blocked. Configuration Steps Use the following commands to configure private hosts over VPLS. SUMMARY STEPS 1. [no] private-hosts 2. private-hosts vlan-list vlan-ids 3. private-hosts promiscuous mac list name 4. private-hosts mac-list mac list name mac-id DETAILED STEPS Command Purpose Router(config)#[no] private-hosts Example: PE17_C7606(config)#private-hosts Globally enables or disables the Private Hosts SVI feature on a Cisco 7600 device. The ‘no’ form of the command disables this feature globally. By default, this command is in disabled mode. Router(config)#private-hosts vlan-list vlan-ids Example: PE17_C7606(config)#private-hosts vlan-list 10-15 Enables private hosts on the specified VLAN or range of VLAN IDs.4-55 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Verifying the Private Hosts on the VPLS Configuration Use the following show commands to verify the private hosts over VPLS configuration: Example PE17_C7606#show private-hosts ? access-lists Show the private hosts related access lists configuration Show private hosts global configuration interface Show private hosts interface related configuration mac-list Show the mac lists and their members Table 4-9 provides the troubleshooting solutions for the Private Host feature. Table 4-9 Troubleshooting Scenarios for Private Host feature Router(config)#private-hosts promiscuous mac list name Example: PE17_C7606(config)#private-hosts promiscuous maclist-1 Sets a name for a group of private hosts enabled with promiscuous MAC addresses. Router(config)#private-hosts mac-list mac list name mac-id Example: PE17_C7606(config)#private-hosts mac-list maclist-1 0000.1e11.00d1 Assigns MAC addresses to the MAC list. Command Purpose Command Purpose Router(config)# show private-hosts access-lists Displays access lists related to private hosts Router(config)#show private-hosts configuration Displays private hosts global configuration Router(config)# show private-hosts interface Displays configuation related to private hosts interface. Router(config)# show private-hosts mac-list Displays MAC lists and their members. Problem Solution To troubleshoot and view all the TCAM entries. Use the sh hw-mod su subslot tcam command to verify and troubleshoot issues related to the TCAM entries. To troubleshoot and view virtual VLAN IDs on a qinq subinterface. Use the test hw-mod su subslot command to troubleshoot issues related to virtual VLAN ID values on a QnQ subinterface.4-56 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring PPP Bridging Control Protocol Support The Bridging Control Protocol (BCP) feature on the SIPs and SPAs enables forwarding of Ethernet frames over serial and SONET networks, and provides a high-speed extension of enterprise LAN backbone traffic through a metropolitan area. The implementation of BCP on the SPAs includes support for IEEE 802.1D Spanning Tree Protocol, IEEE 802.1Q Virtual LAN (VLAN), and high-speed switched LANs. The Bridging Control Protocol (BCP) feature provides support for BCP to Cisco devices, as described in RFC 3518, Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP). The Cisco implementation of BCP is a VLAN infrastructure that does not require the use of subinterfaces to group Ethernet 802.1Q trunks and the corresponding PPP links. This approach enables users to process VLAN encapsulated packets without having to configure subinterfaces for every possible VLAN configuration. BCP operates in two different modes: • Trunk mode BCP (switchport)—A single BCP link can carry multiple VLANs. • Single-VLAN BCP (bridge-domain)—A single BCP link carries only one VLAN. In addition, in Cisco IOS Release 12.2(33)SRA, BCP is supported over dMLPPP links on the Cisco 7600 SIP-200 with the 2-Port and 4-Port Channelized T3 SPA and 8-Port Channelized T1/E1 SPA. BCP over dMLPPP is supported in trunk mode only. Effective from Cisco IOS release 15.2(1)S, BCP over dMLPPP is also supported on the Cisco 7600 SIP 400 with the following the following SPAs: • 2-Port and 4-Port Channelized T3 SPA • 8-Port Channelized T1/E1 SPA • 1-Port Channelized OC12/STM-4 SPA • 1-Port Channelized OC-3/STM-1 SPA • 1-Port Channelized OC48/STM/16/DS3 SPA • 2 and 4-Port Clear Channel T3/E3 SPA BCP Feature Compatibility Table 4-10 provides information about where the BCP features are supported. Incorrect VLAN ID is programmed. Use the command show hw-module subslot tcam all_entries vlan to confirm the correct VLAN IDs. Erroneous or disabled TCAM entries Use the show plat soft qos tcamfeature and show platform software qos tcam commands to correct the TCAM entries. Problem Solution4-57 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Table 4-10 BCP Feature Compatibility by SIP and SPA Combination Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Trunk mode BCP (switchport) In Cisco IOS Release 12.2(18)SXE and later: • 2-Port and 4-Port Channelized T3 SPA • 2-Port and 4-Port Clear Channel T3/E3 SPA • 8-Port Channelized T1/E1 SPA • 2-Port and 4-Port OC-3c/STM-1 POS SPA Support for the following SPA was added in Cisco IOS Release 12.2(33)SRA: • 1-Port Channelized OC-3/STM-1 SPA In Cisco IOS Release 12.2(18)SXE and later: • 1-Port OC-12c/STM-4 POS SPA • 2-Port and 4-Port OC-3c/STM-1 POS SPA • 1-Port OC-48c/STM-16 POS SPA In Cisco IOS release 15.2(1)S: • 1-Port Channelized OC12/STM-4 SPA • 2-Port and 4-Port T3/E3 SPA • 8-Port Channelized T1/E1 SPA • 1-Port Channelized OC-3/STM-1 SPA • 1-Port Channelized OC48/STM/16/DS3 SPA • 2 and 4-Port Clear Channel T3/E3 SPA Not supported.4-58 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Tag-native Mode for Trunk BCP (switchport) • In Cisco IOS 12.2SX releases—Not supported. • In Cisco IOS Release 12.2(33)SRA: – 2-Port and 4-Port Channelized T3 SPA – 2-Port and 4-Port Clear Channel T3/E3 SPA – 8-Port Channelized T1/E1 SPA – 2-Port and 4-Port OC-3c/STM-1 POS SPA – 1-Port Channelized OC-3/STM-1 SPA • In Cisco IOS 12.2SX releases—Not supported. • In Cisco IOS Release 12.2(33)SRA: – 1-Port OC-12c/STM-4 POS SPA – 2-Port and 4-Port OC-3c/STM-1 POS SPA – 1-Port OC-48c/STM-1 6 POS SPA • In Cisco IOS release 15.2(1)S: – 1-Port Channelized OC12/STM-4 SPA – 2-Port and 4-Port Channelized T3 SPA – 8-Port Channelized T1/E1 SPA – 1-Port Channelized OC-3/STM-1 SPA – 1-Port Channelized OC48/STM/16/DS3 SPA – 2 and 4-Port Clear Channel T3/E3 SPA Not supported. Table 4-10 BCP Feature Compatibility by SIP and SPA Combination (continued) Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-6004-59 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks BCP Configuration Guidelines When configuring BCP support for SPAs on the Cisco 7600 SIP-200 and Cisco 7600 SIP-400, consider the following guidelines: • Be sure to refer to Table 4-10 for feature compatibility information. • Beginning in Cisco IOS Release 12.2(33)SRA, QoS is supported on bridged interfaces. In Cisco IOS Release 12.2(18)SXF2 and earlier, QoS is not supported on bridged interfaces. Single-VLAN BCP (bridge-domain) In Cisco IOS Release 12.2(18)SXE and later: • 2-Port and 4-Port Channelized T3 SPA • 2-Port and 4-Port Clear Channel T3/E3 SPA • 8-Port Channelized T1/E1 SPA • 2-Port and 4-Port OC-3c/STM-1 POS SPA Support for the following SPA was added in In Cisco IOS Release 12.2(33)SRA: • 1-Port Channelized OC-3/STM-1 SPA In Cisco IOS Release 12.2(33)SRA: • 1-Port OC-12c/STM-4 POS SPA • 2-Port and 4-Port OC-3c/STM-1 POS SPA • 1-Port OC-48c/STM-16 POS SPA In Cisco IOS release 15.2(1)S: • 1-Port Channelized OC12/STM-4 SPA • 2-Port and 4-Port Channelized T3 SPA • 8-Port Channelized T1/E1 SPA • 1-Port Channelized OC-3/STM-1 SPA • 1-Port Channelized OC48/STM/16/DS3 SPA • 2 and 4-Port Clear Channel T3/E3 SPA Not supported. BCP over dMLPPP (trunk mode only) In Cisco IOS Release 12.2(33)SRA: • 2-Port and 4-Port Channelized T3 SPA • 8-Port Channelized T1/E1 SPA In Cisco IOS release 15.2(1)S: • 1-Port Channelized OC12/STM-4 SPA • 2-Port and 4-Port Channelized T3 SPA • 8-Port Channelized T1/E1 SPA • 1-Port Channelized OC-3/STM-1 SPA • 1-Port Channelized OC48/STM/16/DS3 SPA Not supported. Table 4-10 BCP Feature Compatibility by SIP and SPA Combination (continued) Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-6004-60 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • Although RFC 3518 specifies support for Token Ring and Fiber Distributed Data Interface (FDDI), BCP on the Cisco 7600 SIP-200 and Cisco 7600 SIP-400 supports only Ethernet currently. Configuring BCP in Trunk Mode When BCP is configured in trunk mode, a single BCP link can carry multiple VLANs. This usage of BCP is consistent with that of normal Ethernet trunk ports. Trunk Mode BCP Configuration Guidelines When configuring BCP support in trunk mode for SPAs on the Cisco 7600 SIP-200 and Cisco 7600 SIP-400, consider the following guidelines: • Be sure to refer to Table 4-10 for feature compatibility information. • There are some differences between the Ethernet trunk ports and BCP trunk ports. – Ethernet trunk ports support ISL and 802.1Q encapsulation, but BCP trunk ports support only 802.1Q. – Ethernet trunk ports support Dynamic Trunk Protocol (DTP), which is used to automatically determine the trunking status of the link. BCP trunk ports are always in trunk state and no DTP negotiation is performed. – The default behavior of Ethernet trunk ports is to allow all VLANs on the trunk. The default behavior of BCP trunks is to disallow all VLANs. This means that VLANs that need to be allowed have to be explicitly configured on the BCP trunk port. • Use the switchport command under the WAN interface when configuring trunk mode BCP. • The SIPs support the following maximum number of BCP ports on any given VLAN: – In Cisco IOS Release 12.2(18)SXE and later—Maximum of 60 BCP ports – In Cisco IOS Release 12.2(33)SRA—Maximum of 112 BCP ports on Cisco 7600 SIP-200 and maximum of 120 BCP ports on Cisco 7600 SIP-400. • To use VLANs in trunk mode BCP, you must use the vlan command to manually add the VLANs to the VLAN database. The default behavior for trunk mode BCP allows no VLANs. • Trunk mode BCP is not supported on VLAN IDs 0, 1006–1023, and 1025. • The native VLAN (VLAN1) has the following restrictions for trunk mode BCP: – In Cisco IOS Release 12.2SX—The native VLAN is not supported. – Beginning in Cisco IOS Release 12.2(33)SRA—The native VLAN is supported. • For trunk mode BCP (switchport), STP interoperability is the same as that of Ethernet switchports. This means that the STP path cost of WAN links can be changed and other STP functionality such as BPDU Guard and PortFast will work on the WAN links. However, it is not recommended to change the default values. • VLAN Trunking Protocol (VTP) is supported. Note The management VLAN, VLAN 1, must be explicitly enabled on the trunk to send VTP advertisements.4-61 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks To configure BCP in trunk mode, perform the following steps beginning in global configuration mode: Command Purpose Step 1 Router(config)# vlan dot1q tag native (Optional) Enables dot1q tagging for all VLANs in a trunk. By default, packets on the native VLAN are sent untagged. When you enable dot1q tagging, packets are tagged with the native VLAN ID. Step 2 1-Port Channelized OC-3/STM-1 SPA or 1-Port Channelized OC-12/STM-4 SPA Router(config)# interface serial address 2-Port and 4-Port Clear Channel T3/E3 SPA Router(config)# interface serial slot/subslot/port 2-Port and 4-Port Channelized T3 SPA Router(config)# interface serial slot/subslot/port/t1-number:channel-group 8-Port Channelized T1/E1 SPA Router(config)# interface serial slot/subslot/port:channel-group 1-Port OC-12c/STM-4 POS SPA or 2-Port and 4-Port OC-3c/STM-1 POS SPA Router(config)# interface pos slot/subslot/port Specifies an interface and enters interface configuration mode, where: • address—For the different supported syntax options for the address argument for the 1-Port Channelized OC-3/STM-1 SPA, refer to the “Interface Naming” section of the “Configuring the 1-Port Channelized OC-3/STM-1 SPA” chapter. • slot—Specifies the chassis slot number where the SIP is installed. • subslot—Specifies the secondary slot number on a SIP where a SPA is installed. • port—Specifies the number of the interface port on the SPA. • t1-number—Specifies the logical T1 number in channelized mode. • channel-group—Specifies the logical channel group assigned to the time slots within the T1 or E1 group. Step 3 Router(config-if)# switchport Puts an interface that is in Layer 3 mode into Layer 2 mode for Layer 2 configuration. PPP encapsulation is automatically configured, and the interface is automatically configured for trunk mode and nonegotiate status. Step 4 Router(config-if)# shutdown Disables the interface.4-62 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Step 5 Router(config-if)# no shutdown Restarts the disabled interface. Step 6 Router(config-if)# switchport trunk allowed vlan {all | {add | remove | except} vlan-list [,vlan-list...] | vlan-list [,vlan-list...]} (Optional) Controls which VLANs can receive and transmit traffic on the trunk, where: • all—Enables all applicable VLANs. • add vlan-list [,vlan-list...]—Appends the specified list of VLANs to those currently set instead of replacing the list. • remove vlan-list [,vlan-list...]—Removes the specified list of VLANs from those currently set instead of replacing the list. • except vlan-list [,vlan-list...]—Excludes the specified list of VLANs from those currently set instead of replacing the list. • vlan-list [,vlan-list...]—Specifies a single VLAN number from 1 to 4094, or a continuous range of VLANs that are described by two VLAN numbers from 1 to 4094. You can specify multiple VLAN numbers or ranges using a comma-separated list. To specify a range of VLANs, enter the smaller VLAN number first, separated by a hyphen and the larger VLAN number at the end of the range. Note Do not enable the reserved VLAN range (1006 to 1024) on trunks when connecting a Cisco 7600 series router running the Cisco IOS software on both the supervisor engine and the MSFC to a Cisco 7600 series router running the Catalyst operating system. These VLANs are reserved in Cisco 7600 series routers running the Catalyst operating system. If enabled, Cisco 7600 series routers running the Catalyst operating system may error-disable the ports if there is a trunking channel between these systems. Command Purpose4-63 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Verifying BCP in Trunk Mode Because the PPP link has to flap (be brought down and renegotiated), it is important that you run the following show commands after you configure BCP in trunk mode to confirm the configuration: The following output of the show interfaces commands provide an example of the information that is displayed when BCP is configured in trunk mode. Note When switchport is configured, the encapsulation is automatically changed to PPP. Router# show interfaces trunk Port Mode Encapsulation Status Native vlan PO4/1/0 on 802.1q trunking 1 Port Vlans allowed on trunk PO4/1/0 1-1005,1025-1026,1028-4094 Port Vlans allowed and active in management domain PO4/1/0 1,100,200 Port Vlans in spanning tree forwarding state and not pruned PO4/1/0 1,100,200 Router# show interfaces switchport Name: PO4/1/0 Command Purpose 1-Port Channelized OC-3/STM-1 SPA or 1-Port Channelized OC-12/STM-4 SPA Router# show interfaces [serial address] trunk [module number] 2-Port and 4-Port Channelized T3 SPA Router# show interfaces [serial slot/subslot/port/t1-number:channel-group] trunk [module number] 2-Port and 4-Port Clear Channel T3/E3 SPA Router# show interfaces [serial slot/subslot/port] trunk [module number] 8-Port Channelized T1/E1 SPA Router# show interfaces [serial slot/subslot/port:channel-group] trunk [module number] 1-Port OC-12c/STM-4 POS SPA or 2-Port and 4-Port OC-3c/STM-1 POS SPA Router# show interfaces [pos slot/subslot/port] trunk [module number] Displays the interface-trunk information, where: • address—For the different supported syntax options for the address argument for the 1-Port Channelized OC-3/STM-1 SPA, refer to the “Interface Naming” section of the “Configuring the 1-Port Channelized OC-3/STM-1 SPA” chapter. • slot—Specifies the chassis slot number where the SIP is installed. • subslot—Specifies the secondary slot number on a SIP where a SPA is installed. • port—Specifies the number of the interface port on the SPA. • t1-number—Specifies the logical T1 number in channelized mode. • channel-group—Specifies the logical channel group assigned to the time slots within the T1 or E1 group. • module number—(Optional) Specifies the chassis slot number of the SIP and displays information for all interfaces of the SPAs in that SIP.4-64 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Switchport: Enabled Administrative Mode: trunk Operational Mode: down Administrative Trunking Encapsulation: dot1q Negotiation of Trunking: Off Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: 100 Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Unknown unicast blocked: disabled Unknown multicast blocked: disabled Router# show interfaces pos4/1/0 POS4/1/0 is up, line protocol is up Hardware is Packet over Sonet MTU 4470 bytes, BW 155000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, crc 16, loopback not set Keepalive set (10 sec) Scramble disabled LCP Open Open: BRIDGECP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters 18:48:09 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 1000 bits/sec, 1 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 13161719 packets input, 1145463122 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 0 parity 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 1685 packets output, 620530 bytes, 0 underruns 0 output errors, 0 applique, 30 interface resets 0 output buffer failures, 0 output buffers swapped out 11 carrier transitions Configuring BCP in Single-VLAN Mode When BCP is configured in single-VLAN mode, a single BCP link carries only one VLAN. This is considered BCP in access mode. Single-VLAN Mode BCP Configuration Guidelines When configuring BCP support in single-VLAN mode for SPAs on the Cisco 7600 SIP-200 and Cisco 7600 SIP-400, consider the following guidelines: • Be sure to refer to Table 4-10 for feature compatibility information.4-65 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • Use the bridge-domain vlan-id dot1q form of the command under a WAN interface or an ATM PVC. The dot1q keyword is necessary. It indicates that all frames on the BCP link will be tagged with a 802.1Q header. Untagged frames received on a BCP link will be dropped. • For serial and POS SPA interfaces, the encapsulation of the interface must be PPP; otherwise, the bridge-domain command will not be accepted. • The ATM SPAs on the Cisco 7600 series router do not support single-VLAN BCP. • For single-VLAN BCP, you can configure the following maximum number of VCs per VLAN: – In Cisco IOS Release 12.2SX—60 VCs or interfaces per VLAN per chassis. – Beginning in Cisco IOS Release 12.2(33)SRA—112 VCs or interfaces per VLAN per Cisco 7600 SIP-200; 120 VCs or interfaces per VLAN per Cisco 7600 SIP-400. • VLANs must be manually added to the VLAN database, using the vlan command, to be able to use those VLANs in single-VLAN BCP. • BCP is not supported on VLAN IDs 0, 1 (native), 1006–1023, and 1025. • For single-VLAN BCP, only basic Spanning Tree Protocol (STP) interoperability is supported. This means that single-VLAN BCP interfaces will participate in the STP domain and the correct path cost of the links will be calculated; however, changing any STP parameters for the link is not supported. • VLAN Trunking Protocol (VTP) is not supported on single-VLAN BCP. To configure BCP in single-VLAN mode on serial or POS SPAs, perform the following steps beginning in global configuration mode: Command Purpose Step 1 1-Port Channelized OC-3/STM-1 SPA or 1-Port Channelized OC-12/STM-4 SPA Router(config)# interface serial address 2-Port and 4-Port Channelized T3 SPA Router(config)# interface serial slot/subslot/port/t1-number:channel-group 8-Port Channelized T1/E1 SPA Router(config)# interface serial slot/subslot/port:channel-group 1-Port OC-12c/STM-4 POS SPA or 2-Port and 4-Port OC-3c/STM-1 POS SPA Router(config)# interface pos slot/subslot/port 2-Port and 4-Port Clear Channel T3/E3 SPA Router(config)# interface serial slot/subslot/port Specifies an interface and enters interface configuration mode, where: • address—For the different supported syntax options for the address argument for the 1-Port Channelized OC-3/STM-1 SPA, refer to the “Interface Naming” section of the “Configuring the 1-Port Channelized OC-3/STM-1 SPA” chapter. • slot—Specifies the chassis slot number where the SIP is installed. • subslot—Specifies the secondary slot number on a SIP where a SPA is installed. • port—Specifies the number of the interface port on the SPA. • t1-number—Specifies the logical T1 number in channelized mode. • channel-group—Specifies the logical channel group assigned to the time slots within the T1 or E1 group. Step 2 Router(config-if)# no ip address Disables IP processing on a particular interface by removing its IP address. Step 3 Router(config-if)# encapsulation ppp Configures the interface for PPP encapsulation.4-66 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Verifying BCP in Single-VLAN Mode Because the PPP link has to flap (be brought down and renegotiated), it is important that you run the following show command after you configure BCP in single-VLAN mode to confirm the configuration: Router# show interfaces pos4/1/0 POS4/1/0 is up, line protocol is up Hardware is Packet over Sonet MTU 4470 bytes, BW 155000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, crc 16, loopback not set Keepalive set (10 sec) Scramble disabled LCP Open Open: BRIDGECP, CDPCP Last input 00:00:09, output 00:00:09, output hang never Last clearing of "show interface" counters 00:00:24 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 1000 bits/sec, 1 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 32 packets input, 1709 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 0 parity 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 17 packets output, 1764 bytes, 0 underruns 0 output errors, 0 applique, 3 interface resets 0 output buffer failures, 0 output buffers swapped out 1 carrier transitions Step 4 Router(config-if)# bridge-domain vlan-id [dot1q | dot1q-tunnel] Establishes a domain and tags all Ethernet frames on the BCP link with the 802.1Q header, where: • vlan-id—Specifies the number of the VLAN to be used in this bridging configuration. The valid range is from 2 to 4094. The VLAN ID must have been previously added to the VLAN database. • dot1q—(Optional) Enables IEEE 802.1Q tagging to preserve the class of service (CoS) information from the Ethernet frames across the WAN interface. If not specified, the ingress side assumes a CoS value of 0 for QoS purposes. Using the dot1q keyword helps avoid misconfiguration because incoming untagged frames, or tagged frames that do not match the specified vlan-id are dropped. • dot1q-tunnel—(Optional) Enables IEEE 802.1Q tunneling mode, so that service providers can use a single VLAN to support customers who have multiple VLANs, while preserving customer VLAN IDs and keeping traffic in different customer VLANs segregated. Step 5 Router(config-if)# shutdown Disables the interface. Step 6 Router(config-if)# no shutdown Restarts the disabled interface. Command Purpose4-67 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring BCP over dMLPPP Beginning in Cisco IOS Release 12.2(33)SRA, BCP is supported over dMLPPP links on the Cisco 7600 SIP-200 with the 2-Port and 4-Port Channelized T3 SPA and 8-Port Channelized T1/E1 SPA. BCP over dMLPPP is supported in trunk mode only. Effective from Cisco IOS release 15.2(1)S, BCP over dMLPPP is also supported on the Cisco 7600 SIP 400 with the following the following SPAs: • 2-Port and 4-Port Channelized T3 SPA • 8-Port Channelized T1/E1 SPA • 1-Port Channelized OC12/STM-4 SPA • 1-Port Channelized OC-3/STM-1 SPA • 1-Port Channelized OC48/STM/16/DS3 SPA For more information about configuring the BCP over dMLPPP feature, see Chapter 17, “Configuring the 8-Port Channelized T1/E1 SPA,” and Chapter 18, “Configuring the 2-Port and 4-Port Clear Channel T3/E3 SPAs.” Configuring Virtual Private LAN Service Virtual Private LAN Service (VPLS) enables geographically separate LAN segments to be interconnected as a single bridged domain over a packet switched network, such as IP, MPLS, or a hybrid of both. VPLS solves the network reconfiguration problems at the CE that are associated with Layer 2 Virtual Private Network (L2VPN) implementations. The current Cisco IOS software L2VPN implementation builds a point-to-point connection to interconnect the two attachment VCs of two peering customer sites. To communicate directly among all sites of an L2VPN network, a distinct emulated VC needs to be created between each pair of peering attachment VCs. For example, when two sites of the same L2VPN network are connected to the same PE, it requires that two separate emulated VCs be established towards a given remote site, instead of sharing a common emulated VC between these two sites. For a L2VPN customer who uses the service provider backbone to interconnect its LAN segments, the current implementation effectively turns its multiaccess broadcast network into a fully meshed point-to-point network, which requires extensive reconfiguration on the existing CE devices. VPLS is a multipoint L2VPN architecture that connects two or more customer devices using EoMPLS bridging techniques. VPLS with EoMPLS uses an MPLS-based provider core, where the PE routers have to cooperate to forward customer Ethernet traffic for a given VPLS instance in the core. VPLS uses the provider core to join multiple attachment circuits together to simulate a virtual bridge that connects the multiple attachment circuits together. From a customer point of view, there is no topology for VPLS. All of the CE devices appear to connect to a logical bridge emulated by the provider core. Hierarchical Virtual Private LAN Service with MPLS to the Edge In a flat or non-hierarchical VPLS configuration, a full mesh of pseudowires (PWs) is needed between all PE nodes. A pseudowire defines a VLAN and its corresponding pseudoport. Hierarchical Virtual Private LAN Service (H-VPLS) reduces both signaling and replication overhead by using a combination of full-mesh and hub-and-spoke configurations. Hub-and-spoke configurations operate with split horizon to allow packets to be switched between pseudowires (PWs), which effectively reduce the number of PWs between PEs. 4-68 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Figure 4-3 H-VPLS with MPLS to the Edge Network In the H-VPLS with MPLS to the edge architecture, Ethernet Access Islands (EAIs) work in combination with a VPLS core network, with MPLS as the underlying transport mechanism. EAIs operate like standard Ethernet networks. In Figure 4-3, devices CE1, CE2a and CE2b reside in an EAI. Traffic from any CE devices within the EAI are switched locally within the EAI by the user-facing provider edge (UPE) device along the computed spanning-tree path. Each user-facing provider edge device is connected to one or more network-facing provider edge devices using PWs. The traffic local to the UPE is not forward to any network-facing provider edge devices. VPLS Configuration Guidelines When configuring VPLS on a SIP, consider the following guidelines: • For support of specific VPLS features by SIP, see Table 4- 11. • The SIPs support up to 4000 VPLS domains per Cisco 7600 series router. • The SIPs support up to 60 VPLS peers per domain per Cisco 7600 series router. • The SIPs support up to 30,000 pseudowires, used in any combination of domains and peers up to the 4000-domain or 60-peer maximums. For example, support of up to 4000 domains with 7 peers, or up to 60 peers in 500 domains. • When configuring VPLS on a Cisco 7600 SIP-600, consider the following guidelines: – Q-in-Q (the ability to map a single 802.1Q tag or a random double tag combination into a VPLS instance, a Layer 3 MPLS VPN, or an EoMPLS VC) is not supported. – H-VPLS with Q-in-Q edge—Requires a Cisco 7600 SIP-600 in the uplink, and any LAN port or Cisco 7600 SIP-600 on the downlink. • H-VPLS with MPLS edge requires either an OSM module, Cisco 7600 SIP-600, or Cisco 7600 SIP-400 in both the downlink (facing UPE) and uplink (MPLS core). • The Cisco 7600 SIP-400 and Cisco 7600 SIP-600 provide Transparent LAN Services (TLS) and Ethernet Virtual Connection Services (EVCS). PE-PoP PE-PoP 158088 PE-CLE L2VPN router CE4 7600s 802.3 .1Q Full Mesh LDP AToM or L2TPv3 PSN CE1 400 401 CE2a CE2b Customer applied VLAN Tags for WG isolation (CE-VLAN) PE-PoP Data 401 EType SA DA 100 33 MPLS network SP applied VCLabel & Tunnel LSP VPLS functioning between participating PEs4-69 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • The Cisco 7600 SIP-400 does not support redundant PW links from a UPE to multiple NPEs. • For information about configuring VPLS on the SIPs, consider the guidelines in this document and then refer to the “Virtual Private LAN Services on the Optical Services Modules” section of the Optical Services Module Software Configuration Note for the Cisco 7600 series router at the following URL: http://www.cisco.com/en/US/docs/routers/7600/install_config/12.2SX_OSM_config/mpls.html4-70 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks VPLS Feature Compatibility Table 4-11 provides information about where the VPLS features are supported.4-71 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Table 4-11 VPLS Feature Compatibility by SIP and SPA Combination Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 H-VPLS with MPLS edge Not supported. In Cisco IOS Release 12.2(33)SRA: • 2-Port Gigabit Ethernet SPA • 2-Port and 4-Port OC-3c/STM-1 POS SPA • 1-Port OC-12c/STM-4 POS SPA • 1-Port OC-48c/STM-16 POS SPA In Cisco IOS release 15.2(1)S: • 1-Port Channelized OC12/STM-4 SPA • 2-Port and 4-Port Channelized T3 SPA • 8-Port Channelized T1/E1 SPA • 1-Port Channelized OC-3/STM-1 SPA • 1-Port Channelized OC48/STM/16/DS3 SPA • 2 and 4-Port Clear Channel T3/E3 SPA In Cisco IOS Release 12.2(18)SXF and later: • 1-Port 10-Gigabit Ethernet SPA • 5-Port Gigabit Ethernet SPA • 10-Port Gigabit Ethernet SPA • 1-Port OC-192c/STM-64 POS/RPR SPA • 2-Port and 4-Port OC-48c/STM-16 POS SPA Support for the following SPAs was added in Cisco IOS Release 12.2(33)SRA: • 2-Port and 4-Port OC-48c/STM-16 POS SPA4-72 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks H-VPLS with Q-in-Q edge Not supported. Not supported. In Cisco IOS Release 12.2(18)SXF and later: • 1-Port 10-Gigabit Ethernet SPA • 5-Port Gigabit Ethernet SPA • 10-Port Gigabit Ethernet SPA • 1-Port OC-192c/STM-64 POS/RPR SPA • 2-Port and 4-Port OC-48c/STM-16 POS SPA Support for the following SPAs was added in Cisco IOS Release 12.2(33)SRA: • 2-Port and 4-Port OC-48c/STM-16 POS SPA VPLS with point-to-multipoint EoMPLS and fully-meshed PE configuration Not supported. In Cisco IOS Release 12.2(33)SRA: • 2-Port Gigabit Ethernet SPA • 2-Port and 4-Port OC-3c/STM-1 POS SPA • 1-Port OC-12c/STM-4 POS SPA • 1-Port OC-48c/STM-16 POS SPA In Cisco IOS release 15.2(1)S: • 1-Port Channelized OC12/STM-4 SPA • 2-Port and 4-Port Channelized T3 SPA • 8-Port Channelized T1/E1 SPA • 1-Port Channelized OC-3/STM-1 SPA • 1-Port Channelized OC48/STM/16/DS3 SPA • 2 and 4-Port Clear Channel T3/E3 SPA In Cisco IOS Release 12.2(18)SXF and later: • 1-Port 10-Gigabit Ethernet SPA • 5-Port Gigabit Ethernet SPA • 10-Port Gigabit Ethernet SPA • 1-Port OC-192c/STM-64 POS/RPR SPA • 2-Port and 4-Port OC-48c/STM-16 POS SPA Support for the following SPAs was added in Cisco IOS Release 12.2(33)SRA: • 2-Port and 4-Port OC-48c/STM-16 POS SPA Table 4-11 VPLS Feature Compatibility by SIP and SPA Combination (continued) Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-6004-73 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring Asymmetric Carrier-Delay During redundant link deployments where the remote network element is enabled, a link or port may be displayed as UP before the port or link is ready to forward data. This leads to traffic loss during switchover, as UP events are notified faster than the DOWN events leading to traffic loss. Table 4-12 lists the differences between the conventional Carrier-Delay and Assymetric Carrier-Delay implementations. Table 4-12 Conventional Carrier-Delay versus Assymetric Carrier-Delay Restrictions and Usage Guidelines • The acceptable limit to configure Carrier-Delay DOWN time is eleven milliseconds and above for SIP-600 line cards. By default, Carrier-Delay is configured to 10 milliseconds during a card bootup. If you prefer to increase the default value of 10 milliseconds, you can manually configure and set the values on the SIP-600. The acceptable limit to configure carrier-delay UP time is 4 seconds and above for SIP-200 and SIP-400 cards only if there is a scaled EVC configuration. Otherwise you can configure carrier-delay UP time to less than 4 seconds. Conventional Carrier -Delay implementation Assymetric Carrier-Delay implementation You can configure Carrier-Delay on a main physical interface. You can configure Assymetric Carrier-Delay on a main physical interface. The acceptable limit to configure Carrier-Delay UP time is 4 seconds and above. The acceptable limit to configure Carrier-Delay DOWN time is 11 milliseconds and above for SIP-600. The acceptable limit to configure carrier-delay UP time is 4 seconds and above for SIP-200 and SIP-400 cards only if there is a scaled EVC configuration. Otherwise you can configure carrier-delay UP time to less than 4 seconds. You can configure a single delay value for UP and DOWN events on a link. You can configure separate delay values for each DOWN and UP events on a link. Traffic losses and timer optimization issues when the link is UP or DOWN. Delays are useful when the link is enabled or disabled (due to physical link failures/restoration or remote end events) before the actual link status is declared. To prevent traffic loss in the SIP -200/400/600 line cards, you can configure seperate notifications or carrier-delay values during card boot UP/DOWN event notifications. Erroneous cascading impact on other features in the SIP200/SIP400/SIP600 line cards. Example: An erroneous routing table convergence occurs where the link is available in the routing table. Dependent features such as Routing Convergence and FRR are delayed on the local end. Disruption of the fast readout links. Delays streamlined ensuring stable topologies.4-74 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • As the Fast Link feature and Carrier-Delay features are mutually exclusive, Fast Link feature is enabled by default. • If you configure Carrier-Delay values, Fast Link feature is disabled on a line card. • Though the Fast Link feature is configured by default in the card, the Carrier-Delay feature overwrites the Fast Link feature when configured. • If you have not configured the Carrier-Delay values, Fast link feature values are utilized for DOWN event notification. SUMMARY STEPS 1. enable 2. configure terminal 3. interface type slot/bay/port 4. carrier-delay [0-60] 5. carrier-delay [{up | down} [seconds]{msec| sec}] 6. end DETAILED STEPS Command or Action Purpose Step 1 enable Example: Router> enable Enables privileged EXEC mode. • Enter your password if prompted. Step 2 configure terminal Example: Router# configure terminal Enters global configuration mode. Step 3 config # interface type slot/bay/port Example: P19_C7609-S(config)#int gig8/0/1 Selects the maininterface to configure. Step 4 carrier-delay [0-60] Example: P19_C7609-S(config)#carrier-delay 20 Configures the conventional carrier-delay value in seconds. Note Ensure that the Carrier-Delay values are configured within the acceptable range of 0-60. If not, the router displays an error message.4-75 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Note Once you have configured assymetric carrier delay (ACD) UP timer, the link should come UP only after the configured delay. A situation where the remote end comes UP sooner than the local end(where ACD is configured) is expected, as the remote end does not have any asymetric carrier delay configured. SPA detects and then signals to the remote end that the PORT is UP. Whereas the local end (ACD configured), will come UP only after the UP timer is configured. Verification You can use the show run command to display the Carrier-Delay configurations on an SIP-200/400 physical interface. sh run int Fa2/0/0 Building configuration... Current configuration: 219 bytes ! interface FastEthernet2/0/0 ip address 32.0.0.1 255.255.255.0 logging event link-status carrier-delay up 10 carrier-delay down 5 end Configuring BFD over VCCV on SIP-400 BFD over VCCV is a mechanism for operation and management of pseudowires to enable fault detection and diagnostics.Bidirectional forwarding detection (BFD) is a protocol that detects faults in the bidirectional path between two forwarding engines. In pseudowires, BFD uses the virtual circuit connectivity verification (VCCV) for detecting data plane failures. VCCV provides a control channel that is associated with a pseudowire (PW) and the corresponding operations and management functions. MPLS pseudowires can dynamically signal or statically configure virtual circuit (VC) labels. VCCV control channel (CC) types define possible control channels that VCCV can support and connection verification (CV) types indicate the types of CV packets and protocols that can be sent on the specified control channel. In dynamically signalled pseudowires, the CC types and CV types are also signalled. In statically configured pseudowires, the CC and CV types must be configured on both ends of the pseudowire. Step 5 carrier-delay [{up | down} [seconds]{msec| sec}] Example: P19_C7609-S(config-if)#carrier-delay up 8 P19_C7609-S(config-if)#carrier-delay down 5 Configures the Assymetric Carrier-Delay up or down value in milliseconds or seconds. Note ‘Four seconds’ is the lower limit for the Assymmetric Carrier-Delay UP timer value, on a scaled EVC configuration. If you configure the UP timer to be lesser than 4secs the following message is displayed: Minimum carrier-delay for UP timer is 4secs if there is a scaled EVC configuration Step 6 end Exits the configuration mode. Command or Action Purpose4-76 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks The following BFD over VCCV modes are possible on pseudowires: • BFD over VCCV on static pseudowire with attachment circuit signaling • BFD over VCCV on static pseudowire with out attachment circuit signaling • BFD over VCCV on dynamic pseudowire with out attachment circuit signaling Configuration Restrictions Follow these restrictions while configuring BFD over VCCV on SIP-400. • Only BFD over VCCV Type1 without internet protocol (IP) /user datagram protocol (UDP) is supported. In VCCV Type1, traffic follows the same path as pseudowire data traffic and VCCV Type 1 can be used only for MPLS pseudowires with control word. • L2TPv3 is currently not supported. • Pseudowire redundancy is not supported. • Only ATM is supported as attachment circuit. • Up to 1200 pseudowires can be enabled for BFD over VCCV. • When BFD over VCCV is enabled on the pseudowire, switched virtual interface (SVI) based ethernet over multi protocol label switching (EoMPLS) is not supported. • When BFD over VCCV is enabled on the pseudowire, multipoint core-facing interface is not supported. • BFD over VCCV sessions are supported only on single-segment pseudowires between provider edge routers (PEs). • BFD over VCCV sessions between terminating PE routers (T-PEs) and switching PE routers (S-PEs) are not supported. • BFD over VCCV sessions are supported only on multi-segment pseudowires between terminating PE routers (T-PEs). • Only these SPAs are supported on the line card edge that faces the attachment circuit: – 2-Port OC-3c/STM-1 ATM SPA – 4-Port OC-3c/STM-1 ATM SPA – 1-Port OC-12c/STM-4 ATM SPA – 1-Port OC-48c/STM-16 ATM SPA Configuration Steps Perform these steps to configure BFD over VCCV. SUMMARY STEPS Step 1 enable Step 2 configure terminal Step 3 bfd-template single-hop bfd-template-name Step 4 interval min-tx msec min-rx msec multiplier number Step 5 exit4-77 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Step 6 pseudowire-class pseudowire-class-name Step 7 encapsulation mpls Step 8 vccv bfd template bfd-template-name Step 9 exit Step 10 interface atmslot/subslot/port Step 11 pvc vpi/vci l2transport Step 12 xconnect destination vc-id pseudowire-class pseudowire-class-name Step 13 exit DETAILED STEPS Command Purpose Step 1 Router> enable Enables privileged EXEC mode. Enter your password if prompted. Step 2 Router# configure terminal Enters global configuration mode. Step 3 Router(config)# bfd-template single-hop bfd-template-name Specifies the BFD template. Step 4 Router(config-bfd)# interval min-tx msec min-rx msec multiplier number Router(config-bfd)# interval min-tx 500 min-rx 500 multiplier 3 Specifies the following BFD VCCV parameters: • min-tx: Minimum transmission interval in milliseconds, that the local system uses when transmitting BFD control packets. The valid range is 50-999. • min-rx: Minimum receiving interval in milliseconds, between received control packets that this system is capable of supporting. The valid range is 50-999. • multiplier: The negotiated transmit interval, multiplied by this value, provides the detection time for the transmitting system in asynchronous mode. Step 5 Router(config-bfd)# exit Exits from the BFD template configuration mode. Step 6 Router(config)# pseudowire-class pseudowire-class-name Router(config)# pseudowire-class BFD Specifies the pseudowire class. Step 7 Router(config-pw-class)# encapsulation mpls Specifies the encapsulation method. Step 8 Router(config-pw-class)# vccv bfd template bfd-template-name Router(config-pw-class)# vccv bfd template bfd-template Applies the configured BFD interval timers to BFD VCCV pseudowire class. Step 9 Router(config-pw-class)# exit Exits from the pseudowire class configuration mode.4-78 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Note If you apply or remove a QoS service policy on the ATM PVC, then the configured BFD VCCV sessions are also renegotiated and a minimal drop in data traffic occurs. Verifying BFD VCCV Configuration Use the show mpls l2 vc command to verify the BFD VCCV configuration. RouterA# show mpls l2transport vc detail Local interface: AT3/0/0 up, line protocol up, ATM AAL5 2/101 up Destination address: 23.1.1.1, VC ID: 1, VC status: up Output interface: Gi5/1, imposed label stack {2559} Preferred path: not configured Default path: active Next hop: 9.1.1.2 Create time: 00:18:39, last status change time: 00:04:50 Signaling protocol: LDP, peer 23.1.1.1:0 up Targeted Hello: 22.1.1.1(LDP Id) -> 23.1.1.1, LDP is UP Status TLV support (local/remote) : enabled/supported LDP route watch : enabled Label/status state machine : established, LruRru Last local dataplane status rcvd: No fault Last local SSS circuit status rcvd: No fault Last local SSS circuit status sent: No fault Last local LDP TLV status sent: No fault Last remote LDP TLV status rcvd: No fault Last remote LDP ADJ status rcvd: No fault MPLS VC labels: local 16, remote 2559 Group ID: local 0, remote 0 MTU: local 4470, remote 4470 Remote interface description: ^M Sequencing: receive disabled, send disabled Control Word: On (configured: autosense) VCCV BFD protection active BFD Template - bfd CC Type - 1 CV Type - fault detection only with IP/UDP headers SSO Descriptor: 23.1.1.1/1, local label: 16 SSM segment/switch IDs: 8195/4097 (used), PWID: 12290 Step 10 Router(config)# interface atm slot/subslot/port Router(config)# interface atm3/0/0 Specifies an ATM interface and enters interface configuration mode. Step 11 Router(config-if)# pvc vpi/vci l2transport Router(config-if)# pvc 2/101 l2transport Assigns a virtual path identifier (VPI) and a virtual circuit identifier (VCI). The l2transport keyword indicates that the permanent virtual circuit (PVC) is a switched PVC instead of a terminated PVC. Step 12 Router(config-atm-pvc)# xconnect destination vc-id pseudowire-class pseudowire-class-name Router(config-atm-pvc)# xconnect 16.1.1.1 2 pseudowire-class BFD Specifies the virtual circuit (VC). • destination: Specifies the loopback address of the remote router. • vc-id: Identifies the virtual circuit between the PE routers at each end point of the VC. It must be unique for each VC. Step 13 Router(config-atm-pvc)# exit Exits from the ATM PVC configuration mode. Command Purpose4-79 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks VC statistics: transit packet totals: receive 225, send 89 transit byte totals: receive 13300, send 5340 transit packet drops: receive 0, seq error 0, send 0 Alternatively, you can also use the show bfd neighbors command from the destination router to verify the configuration. RouterB# show bfd neighbors mpls-pw 22.1.1.1 vcid 1 detail NeighAddr LD/RD RH/RS State Int 22.1.1.1 :1 1/1 Up Up N/A Session state is UP and not using echo function. OurAddr: 0.0.0.0 Local Diag: 0, Demand mode: 0, Poll bit: 0 MinTxInt: 500000, MinRxInt: 500000, Multiplier: 3 Received MinRxInt: 500000, Received Multiplier: 3 Holddown (hits): 1372(2), Hello (hits): 500(4051) Rx Count: 3200, Rx Interval (ms) min/max/avg: 1/488/91 last: 128 ms ago Tx Count: 3203, Tx Interval (ms) min/max/avg: 40/472/91 last: 128 ms ago Elapsed time watermarks: 0 0 (last: 0) Registered protocols: Xconnect Uptime: 00:04:49 Last packet: Version: 1 - Diagnostic: 0 State bit: Up - Demand bit: 0 Poll bit: 0 - Final bit: 1 Multiplier: 3 - Length: 24 My Discr.: 1 - Your Discr.: 1 Min tx interval: 500000 - Min rx interval: 500000 Min Echo interval: 0 Debugging the BFD Configuration Use these debug commands to troubleshoot the BFD VCCV configuration. Configuring MPLS Features on a SIP Many of the MPLS features supported on the FlexWAN and Enhanced FlexWAN modules on the Cisco 7600 series router are also supported by the SIPs. For a list of the supported MPLS features on the SIPs, see Chapter 3, “Overview of the SIPs and SSC.” This section describes those MPLS features that have SIP-specific configuration guidelines. After you review the SIP-specific guidelines described in this document, then refer to the following URL for more information about configuring MPLS features: Command Purpose debug condition xconnect peer ipaddress vcid vcid Allows conditional filtering of debug messages based on VC ID. debug mpls l2 vc vccv events Debugs any transport over MPLS (AToM) VCCV events. debug mpls l2 vc vccv bfd events Enables the debug event messages during the creation of a BFD session. This command enables debug event messages when BFD sends the data plane fault notification to L2VPN and also when L2VPN sends the attachment circuit signaling status to BFD.4-80 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks http://www.cisco.com/en/US/docs/routers/7600/install_config/flexwan_config/flexmpls.html This section includes the following topics: • Configuring Any Transport over MPLS on a SIP, page 4-80 • Configuring Hierarchical Virtual Private LAN Service (H-VPLS) with MPLS to the Edge, page 4-83 • Configuring MPLS Traffic Engineering Class-Based Tunnel Selection (CBTS) on the Cisco 7600 SIP-600, page 4-83 Configuring Any Transport over MPLS on a SIP Any Transport over MPLS (AToM) transports Layer 2 packets over a Multiprotocol Label Switching (MPLS) backbone. AToM uses a directed Label Distribution Protocol (LDP) session between edge routers for setting up and maintaining connections. Forwarding occurs through the use of two levels of labels, switching between the edge routers. The external label (tunnel label) routes the packet over the MPLS backbone to the egress Provider Edge (PE) at the ingress PE. The VC label is a demuxing label that determines the connection at the tunnel endpoint (the particular egress interface on the egress PE as well as the virtual path identifier [VPI]/virtual channel identifier [VCI] value for an ATM Adaptation Layer 5 [AAL5] protocol data unit [PDU], the data-link connection identifier [DLCI] value for a Frame Relay PDU, or the virtual LAN [VLAN] identifier for an Ethernet frame). For specific information about configuring AToM features, refer to the FlexWAN and Enhanced FlexWAN Module Installation and Configuration Note located at the following URL: http://www.cisco.com/en/US/docs/routers/7600/install_config/flexwan_config/flexmpls.html Note When referring to the FlexWAN documentation, be sure to note any SIP-specific configuration guidelines described in this document. Cisco 7600 SIP-200 AToM Features The Cisco 7600 SIP-200 supports the following AToM features: • ATM over MPLS (ATMoMPLS)—AAL5 VC mode • Ethernet over MPLS (EoMPLS)—(Single cell relay) VC mode • Frame Relay over MPLS (FRoMPLS) • FRoMPLS with dMLFR—Supported between the CE and PE devices. • High-Level Data Link Control (HDLC) over MPLS (HDLCoMPLS) • PPP over MPLS (PPPoMPLS)—Not supported with dMLPPP or dLFI • Hierarchical QoS for EoMPLS VCs Cisco 7600 SIP-200 AToM Configuration Guidelines When configuring AToM with a Cisco 7600 SIP-200, consider the following guidelines: • You cannot use a SIP-200 and an Ethernet SPA on the customer-facing side because the Ethernet SPA is a Layer 3 only interface. • Because the SIP-200 supports WAN interfaces, you can use the SIP-200 for non-Ethernet access (FR,HDLC,ATM,PPP) at the customer-facing side. • For VLAN-based xconnect (also called line card-based EoMPLS), the customer-facing port must be a Layer 2 port and the backbone-facing card must be a Layer 3 port. 4-81 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • The SIP-200 does not supportdot1q subinterface-based xconnect towards the edge. Cisco 7600 SIP-400 AToM Features The Cisco 7600 SIP-400 supports the following AToM features: • ATMoMPLS—AAL0 mode (single cell relay only. From 12.2(33) release onwards packed cell relay) • ATMoMPLS—AAL5 mode • ATMoMPLS— Port mode cell relay (from Cisco IOS 12.2(33) SRD release onwards) • EoMPLS—Port mode • EoMPLS—VLAN mode • FRoMPLS—DLCI mode • TDM over MPLS (Starting from Cisco IOS release 12.2(33) SRD onwards) • Beginning in Cisco IOS Release 12.2(33)SRA: – Hierarchical QoS for EoMPLS VCs – HDLCoMPLS – PPPoMPLS – ATM local switching Cisco 7600 SIP-400 AToM Configuration Guidelines When configuring AToM with a Cisco 7600 SIP-400, consider the following guidelines: • The Cisco 7600 SIP-400 is not supported with a Supervisor Engine 1, Supervisor Engine 1A, Supervisor Engine 2, or Supervisor Engine 720 PFC3A. • The Cisco 7600 SIP-400 is not supported with PFC-2-based systems. • For AToM in Cisco IOS 12.2SX releases, the Cisco 7600 SIP-400 does not support the following features when they are located in the data path. This means you should not configure the following features if the SIP is facing the customer edge (CE) or the MPLS core: – HDLCoMPLS – PPPoMPLS – VPLS • For AToM beginning in Cisco IOS Release 12.2(33)SRA, the Cisco 7600 SIP-400 supports the following features on CE-facing interfaces: – HDLCoMPLS – PPPoMPLS – VPLS • The Cisco 7600 SIP-400 supports EoMPLS with directly connected provider edge (PE) devices when the Cisco 7600 SIP-400 is on the MPLS core side of the network. • The Cisco 7600 SIP-400 does not support the ability to enable or disable tunneling of Layer 2 packets, such as for the VLAN Trunking Protocol (VTP), Cisco Discovery Protocol (CDP), and bridge protocol data unit (BPDU). The Cisco 7600 SIP-400 tunnels BPDUs, and always blocks VTP and CDP packets from the tunnel.4-82 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • In ATMoMPLS AAL5 and cell mode, the Cisco 7600 SIP-400 supports non-matching VPIs/VCIs between PEs if the Cisco 7600 SIP-400 is on both sides of the network. • The Cisco 7600 SIP-400 supports matching on FR-DE to set MPLS-EXP for FRoMPLS. • The Cisco 7600 SIP-400 does not support the following QoS classification features with AToM: – Matching on data-link connection identifier (DLCI) is unsupported. – Matching on virtual LAN (VLAN) is unsupported. – Matching on class of service (CoS) is unsupported in Cisco IOS Release 12.2(18)SXE and Cisco IOS Release 12.2(18)SXE2 only. Beginning in Cisco IOS Release 12.2(18)SXF, it is supported with the 2-Port Gigabit Ethernet SPA. – Matching on input interface is unsupported. – Matching on packet length is unsupported. – Matching on media access control (MAC) address is unsupported. – Matching on protocol type, including Border Gateway Protocol (BGP), is unsupported. Understanding MPLS Imposition on the Cisco 7600 SIP-400 to Set MPLS Experimental Bits The MPLS imposition function encapsulates non-MPLS frames (such as Ethernet, VLAN, Frame Relay, ATM, or IP) into MPLS frames. MPLS disposition performs the reverse function. An input QoS policy map is applied to ingress packets before MPLS imposition takes place. This means that the packets are treated as non-MPLS frames, so any MPLS-related matches have no effect. In the case of marking experimental (EXP) bits using the set mpls experimental command, the information is passed to the AToM or MPLS component to set the EXP bits. After imposition takes place, the frame becomes an MPLS frame and an output QoS policy map (if it exists) can apply MPLS-related criteria. On the egress side, an output QoS policy map is applied to the egress packets after MPLS disposition takes place. This means that packets are treated as non-MPLS frames, so any MPLS-related criteria has no effect. Before disposition, the frame is an MPLS frame and the input QoS policy map (if it exists) can apply MPLS-related criteria. The Encoded Address Recognition Logic (EARL) is a centralized processing engine for learning and forwarding packets based upon MAC address on the Cisco 7600 series router supervisor engines. The EARL stores the VLAN, MAC address, and port relationships. These relationships are used to make switching decisions in hardware. The EARL engine also performs MPLS imposition, and the MPLS EXP bits are copied either from the IP TOS field (using trust dscp or trust precedence mode), or from the DBUS header QoS field (using trust cos mode). When using the 2-Port Gigabit Ethernet SPA with the Cisco 7600 SIP-400 as the customer-side interface configured for 802.1Q encapsulation for IP imposition with MPLS, the Layer 2 CoS value is not automatically copied into the corresponding MPLS packet’s EXP bits. Instead, the value in the IP precedence bits is copied. To maintain the 802.1Q CoS values, classify the imposition traffic on the customer-facing Gigabit Ethernet interface in the input direction to match on CoS value, and then set the MPLS experimental action for that class as shown in the following example: Router(config)# class-map cos0 Router(config-cmap)# match cos 0 Router(config-cmap)# exit ! Router(config)# class-map cos1 Router(config-cmap)# match cos 1 Router(config-cmap)# exit !4-83 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Router(config)# policy-map policy1 Router(config-pmap)# class cos0 Router(config-pmap-c)# set mpls experimental imposition 0 Router(config-pmap-c)# exit Router(config-pmap)# class cos1 Router(config-pmap-c)# set mpls experimental imposition 1 Cisco 7600 SIP-600 AToM Features The Cisco 7600 SIP-600 supports the following AToM features: • Any Transport over MPLS (AToM) support—EoMPLS only (Encoded Address Recognition Logic [EARL]-based and SIP-based EoMPLS) Configuring Hierarchical Virtual Private LAN Service (H-VPLS) with MPLS to the Edge The Cisco 7600 SIP-400 and Cisco 7600 SIP-600 support the H-VPLS with MPLS to the Edge feature. For more information about VPLS support on the SIPs, see the “Configuring Virtual Private LAN Service” section on page 4-67. Configuring MPLS Traffic Engineering Class-Based Tunnel Selection (CBTS) on the Cisco 7600 SIP-600 Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Class-Based Tunnel Selection (CBTS) enables you to dynamically route and forward traffic with different class of service (CoS) values onto different TE tunnels between the same tunnel headend and the same tailend. The TE tunnels can be regular TE or DiffServ-aware TE (DS-TE) tunnels. The set of TE (or DS-TE) tunnels from the same headend to the same tailend that you configure to carry different CoS values is referred to as a “tunnel bundle.” Tunnels are “bundled” by creating a master tunnel and then attaching member tunnels to the master tunnel. After configuration, CBTS dynamically routes and forwards each packet into the tunnel that meets the following requirements: • Is configured to carry the CoS of the packet • Has the right tailend for the destination of the packet Because CBTS offers dynamic routing over DS-TE tunnels and requires minimum configuration, it greatly eases deployment of DS-TE in large-scale networks. CBTS can distribute all CoS values on eight different tunnels. CBTS also allows the TE tunnels of a tunnel bundle to exit headend routers through different interfaces. CTBS configuration involves performing the following tasks: • Creating multiple (DS-) TE tunnels withe same headend and tailend and indicating on each of these tunnels which CoSs are to be transported on the tunnel. • Creating a master tunnel, attaching the member tunnels to it, and making the master tunnel visible for routing.4-84 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks MPLS Traffic Engineering Class-Based Tunnel Selection (CBTS) Configuration Guidelines When configuring MPLS Traffic Engineering Class-Based Tunnel Selection (CBTS), consider the following guidelines: • CBTS has the following prerequisites: – MPLS enabled on all tunnel interfaces – Cisco Express Forwarding (CEF) or distributed CEF (dCEF) enabled in general configuration mode • CBTS has the following restrictions: – For a given destination, all CoS values are carried in tunnels terminating at the same tailend. Either all CoS values are carried in tunnels or no values are carried in tunnels. In other words, for a given destination, you cannot map some CoS values in a DS-TE tunnel and other CoS values in a Shortest Path First (SPF) Label Distribution Protocol (LDP) or SPF IP path. – No LSP is established for the master tunnel and regular traffic engineering attributes (bandwidth, path option, fast reroute) are irrelevant on a master tunnel. TE attributes (bandwidth, bandwidth pool, preemption, priorities, path options, and so on) are configured completely independently for each tunnel. – CBTS does not allow load-balancing of a given EXP value in multiple tunnels. If two or more tunnels are configured to carry a given experimental (EXP) value, CBTS picks one of these tunnels to carry this EXP value. – CBTS supports aggregate control of bumping (that is, it is possible to define default tunnels to be used if other tunnels go down. However, CBTS does not allow control of bumping if the default tunnel goes down. CBTS does not support finer-grain control of bumping. For example, if the voice tunnel goes down, redirect voice to T2, but if video goes down, redirect to T3. – The operation of CBTS is not supported with Any Transport over MPLS (AToM), MPLS TE Automesh, or label-controlled (LC)-ATM. Creating Multiple MPLS Member TE or DS-TE Tunnels from the Same Headend to the Same Tailend SUMMARY STEPS Step 1 interface tunnel number Step 2 ip unnumbered type number Step 3 tunnel destination {hostname | ip-address} Step 4 tunnel mode mpls traffic-eng Step 5 tunnel mpls traffic-eng bandwidth [sub-pool | global] bandwidth Step 6 tunnel mpls traffic-eng exp [list-of-exp-values] [default] Step 7 exit DETAILED STEPS Perform the following task to create multiple MPLS member TE or DS-TE tunnels with the same headend and same tailend and to configure EXP values to be carried by each of these tunnels. The procedure begins in global configuration mode.4-85 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Command Purpose Step 1 Router(config)# interface tunnel number Configures a tunnel interface type and enters interface configuration mode. • number—Number of the tunnel interface that you want to create or configure. Step 2 Router(config-if)# ip unnumbered type number Enables IP processing on an interface without assigning an explicit IP address to the interface. • type—Type of another interface on which the router has an assigned IP address. • number—Number of another interface on which the router has an assigned IP address. It cannot be another unnumbered interface. Step 3 Router(config-if)# tunnel destination {hostname | ip-address} Specifies the destination of the tunnel for this path option. • hostname—Name of the host destination. • ip-address—IP address of the host destination expressed in four-part, dotted decimal notation. Step 4 Router(config-if)# tunnel mode mpls traffic-eng Sets the mode of a tunnel to MPLS for TE. Step 5 Router(config-if)# tunnel mpls traffic-eng bandwidth [sub-pool | global] bandwidth Configures the bandwidth for the MPLS TE tunnel. If automatic bandwidth is configured for the tunnel, use the tunnel mpls traffic-eng bandwidth command to configure the initial tunnel bandwidth, which is adjusted by the auto-bandwidth mechanism. • sub-pool—(Optional) Indicates a subpool tunnel. • global—(Optional) Indicates a global pool tunnel. Entering this keyword is not necessary, for all tunnels are global pool in the absence of the sub-pool keyword. But if users of pre-DiffServ-aware Traffic Engineering (DS-TE) images enter this keyword, it is accepted. • bandwidth—Bandwidth, in kilobits per second, set aside for the MPLS traffic engineering tunnel. Range is between 1 and 4294967295. Note You can configure any existing mpls traffic-eng command on these TE or DS-TE tunnels. 4-86 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Creating a Master Tunnel, Attaching Member Tunnels, and Making the Master Tunnel Visible SUMMARY STEPS Step 1 interface tunnel number Step 2 ip unnumbered type number Step 3 tunnel destination {hostname | ip-address} Step 4 tunnel mode mpls traffic-eng exp-bundle master Step 5 tunnel mode mpls traffic-eng exp-bundle member tunnel-id Step 6 tunnel mpls traffic-eng autoroute announce Step 7 tunnel mpls traffic-eng autoroute metric absolute | relative value Step 6 Router(config-if)# tunnel mpls traffic-eng exp [list-of-exp-values] [default] Specifies an EXP value or values for an MPLS TE tunnel. • list-of-exp-values—EXP value or values that are are to be carried by the specified tunnel. Values range from 0 to 7. • default—The specified tunnel is to carry all EXP values that are: – Not explicitly allocated to another tunnel – Allocated to a tunnel that is currently down Step 7 Router(config-if)# exit Exits to global configuration mode. Step 8 Repeat steps 1 through 7 on the same headend router to create additional tunnels from this headend to the same tailend. Command Purpose4-87 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks DETAILED STEPS Perform the followings task to create a master tunnel, attach member tunnels to it, and make the master tunnel visible for routing. The procedure begins in global configuration mode. Command Purpose Step 1 Router(config)# interface tunnel number Configures a tunnel interface type and enters interface configuration mode. • number—Number of the tunnel interface that you want to create or configure. Step 2 Router(config-if)# ip unnumbered type number Enables IP processing on an interface without assigning an explicit IP address to the interface. • type—Type of another interface on which the router has an assigned IP address. • number—Number of another interface on which the router has an assigned IP address. It cannot be another unnumbered interface. Step 3 Router(config-if)# tunnel destination {hostname | ip-address} Specifies the destination of the tunnel for this path option. • hostname—Name of the host destination. • ip-address—IP address of the host destination expressed in four-part, dotted decimal notation. Step 4 Router(config-if)# tunnel mode mpls traffic-eng exp-bundle master Specifies this is the master tunnel for the CBTS configuration. Step 5 Router(config-if)# tunnel mode mpls traffic-eng exp-bundle member tunnel-id Attaches a member tunnel to the master tunnel. • tunnel-id—Number of the tunnel interface to be attached to the master tunnel. Repeat this command for each member tunnel.4-88 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Note Alternatively, static routing could be used instead of autoroute to make the TE or DS-TE tunnels visible for routing. Verifying That the MPLS TE or DS-TE Tunnels Are Operating and Announced to the IGP The following show commands can be used to verify that the MPLS TE or DS-TE tunnels are operating and announced to the IGP. The commands are all entered in privileged EXEC configuration mode. Step 6 Router(config-if)# tunnel mpls traffic-eng autoroute announce Specifies that the Interior Gateway Protocol (IGP) should use the tunnel (if the tunnel is up) in its enhanced SPF calculation. Step 7 Router(config-if)# tunnel mpls traffic-eng autoroute metric absolute | relative value (Optional) Specifies the MPLS TE tunnel metric that the IGP enhanced SPF calculation uses. • absolute—Indicates the absolute metric mode; you can enter a positive metric value. • relative—Indicates the relative metric mode; you can enter a positive, negative, or zero value. • value—Metric that the IGP enhanced SPF calculation uses. The relative value can be from –10 to 10. Note Even though the value for a relative metric can be from –10 to +10, configuring a tunnel metric with a negative value is considered a misconfiguration. If the metric to the tunnel tailend appears to be 4 from the routing table, then the cost to the tunnel tailend router is actually 3 because 1 is added to the cost for getting to the loopback address. In this instance, the lowest value that you can configure for the relative metric is -3. Command Purpose Command Purpose Router# show mpls traffic-eng topology {A.B.C.D | igp-id {isis nsap-address | ospf A.B.C.D} [brief] Shows the MPLS traffic engineering global topology as currently known at this node. • A.B.C.D—Specifies the node by the IP address (router identifier to interface address). • igp-id—Specifies the node by IGP router identifier. • isis nsap-address—Specifies the node by router identification (nsap-address) if you are using IS-IS. • ospf A.B.C.D—Specifies the node by router identifier if you are using OSPF. • brief—Provides a less detailed version of the topology. Router# show mpls traffic-eng exp Displays EXP mapping. 4-89 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks The show mpls traffic-eng topology command output displays the MPLS TE global topology: Router# show mpls traffic-eng topology 10.0.0.1 IGP Id: 10.0.0.1, MPLS TE Id:10.0.0.1 Router Node (ospf 10 area 0) id 1 link[0]: Broadcast, DR: 180.0.1.2, nbr_node_id:6, gen:18 frag_id 0, Intf Address:180.0.1.1 TE metric:1, IGP metric:1, attribute_flags:0x0 SRLGs: None physical_bw: 100000 (kbps), max_reservable_bw_global: 1000 (kbps) max_reservable_bw_sub: 0 (kbps) Global Pool Sub Pool Total Allocated Reservable Reservable BW (kbps) BW (kbps) BW (kbps) --------------- ----------- ---------- bw[0]: 0 1000 0 bw[1]: 0 1000 0 bw[2]: 0 1000 0 bw[3]: 0 1000 0 bw[4]: 0 1000 0 bw[5]: 0 1000 0 bw[6]: 0 1000 0 bw[7]: 100 900 0 link[1]: Broadcast, DR: 180.0.2.2, nbr_node_id:7, gen:19 frag_id 1, Intf Address:180.0.2.1 TE metric:1, IGP metric:1, attribute_flags:0x0 SRLGs: None physical_bw: 100000 (kbps), max_reservable_bw_global: 1000 (kbps) max_reservable_bw_sub: 0 (kbps) Global Pool Sub Pool Total Allocated Reservable Reservable BW (kbps) BW (kbps) BW (kbps) --------------- ----------- ---------- bw[0]: 0 1000 0 bw[1]: 0 1000 0 Router# show ip cef [type number] [detail] Displays entries in the forwarding information base (FIB) or displays a summary of the FIB. • type number —Identifies the interface type and number for which to display FIB entries. • detail—Displays detailed FIB entry information. Router# show mpls forwarding-table [network {mask | length} [detail] Displays the contents of the MPLS label forwarding information base (LFIB). • network—Identifies the destination network number. • mask—Identifies the network mask to be used with the specified network. • length—Identifies the number of bits in the destination mask. • detail—Displays information in long form (includes length of encapsulation, length of MAC string, maximum transmission unit [MTU], and all labels). Router# show mpls traffic-eng autoroute Displays tunnels that are announced to the Interior Gateway Protocol (IGP). Command Purpose4-90 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks bw[2]: 0 1000 0 bw[3]: 0 1000 0 bw[4]: 0 1000 0 bw[5]: 0 1000 0 bw[6]: 0 1000 0 bw[7]: 0 1000 0 The show mpls traffic-eng exp command output displays EXP mapping information about a tunnel: Router# show mpls traffic-eng exp Destination: 10.0.0.9 Master:Tunnel10Status: IP Members: StatusConf EXPActual EXP Tunnel1UP/ACTIVE55 Tunnel2UP/ACTIVEdefault0 1 2 3 4 6 7 Tunnel3UP/INACTIVE(T)2 Tunnel4DOWN3 Tunnel5UP/ACTIVE(NE) (T)=Tailend is different to master (NE)=There is no exp value configured on this tunnel. The show ip cef detail command output displays detailed FIB entry information for a tunnel: Router# show ip cef tunnel1 detail IP CEF with switching (Table Version 46), flags=0x0 31 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 2 2 instant recursive resolutions, 0 used background process 8 load sharing elements, 8 references 6 in-place/0 aborted modifications 34696 bytes allocated to the FIB table data structures universal per-destination load sharing algorithm, id 9EDD49E1 1(0) CEF resets Resolution Timer: Exponential (currently 1s, peak 1s) Tree summary: 8-8-8-8 stride pattern short mask protection disabled 31 leaves, 23 nodes using 26428 bytes Table epoch: 0 (31 entries at this epoch) Adjacency Table has 13 adjacencies 10.0.0.9/32, version 45, epoch 0, per-destination sharing 0 packets, 0 bytes tag information set, all rewrites inherited local tag: tunnel head via 0.0.0.0, Tunnel1, 0 dependencies traffic share 1 next hop 0.0.0.0, Tunnel1 valid adjacency tag rewrite with Tu1, point2point, tags imposed {12304} 0 packets, 0 bytes switched through the prefix tmstats: external 0 packets, 0 bytes internal 0 packets, 0 bytes The show mpls forwarding-table detail command output displays detailed information from the MPLS LFIB: Router# show mpls forwarding 10.0.0.9 detail Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface Tun hd Untagged 10.0.0.9/32 0 Tu1 point2point 4-91 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks MAC/Encaps=14/18, MRU=1500, Tag Stack{12304}, via Fa6/0 00027D884000000ED70178A88847 03010000 No output feature configured Per-exp selection: 1 Untagged 10.0.0.9/32 0 Tu2 point2point MAC/Encaps=14/18, MRU=1500, Tag Stack{12305}, via Fa6/1 00027D884001000ED70178A98847 03011000 No output feature configured Per-exp selection: 2 3 Untagged 10.0.0.9/32 0 Tu3 point2point MAC/Encaps=14/18, MRU=1500, Tag Stack{12306}, via Fa6/1 00027D884001000ED70178A98847 03012000 No output feature configured Per-exp selection: 4 5 Untagged 10.0.0.9/32 0 Tu4 point2point MAC/Encaps=14/18, MRU=1500, Tag Stack{12307}, via Fa6/1 00027D884001000ED70178A98847 03013000 No output feature configured Per-exp selection: 0 6 7 The show mpls traffic-eng autoroute command output displays tunnels that are announced to the Interior Gateway Protocol (IGP). Router# show mpls traffic-eng autoroute MPLS TE autorouting enabled destination 10.0.0.9, area ospf 10 area 0, has 4 tunnels Tunnel1 (load balancing metric 20000000, nexthop 10.0.0.9) (flags: Announce) Tunnel2 (load balancing metric 20000000, nexthop 10.0.0.9) (flags: Announce) Tunnel3 (load balancing metric 20000000, nexthop 10.0.0.9) (flags: Announce) Tunnel4 (load balancing metric 20000000, nexthop 10.0.0.9) (flags: Announce)4-92 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Troubleshooting This section describes how to troubleshoot common ATMoMPLS and EoMPLS issues. Scenarios/Problems Solution How do I list all the L2transport VCs and their status (whether up or down), and also the pseudowire destination IP address? Use the show mpls l2 vc command. This example displays detailed status for a specific VC: Router# show mpls l2 vc 1100 detail Local interface: VFI VPLS-1100 up MPLS VC type is VFI, internetworking type is Ethernet Destination address: 1.1.1.1,VC ID:1100, VC status: up Output interface: Tu0,imposed label stack {27 17} Preferred path: not configured Default path: active Next hop:point2point Create time:2d23h, last status change time: 2d23h Signaling protocol: LDP, peer 1.1.1.1:0 up MPLS VC labels: local 17, remote 17 Group ID: local 0, remote 0 MTU: local 1500, remote 1500 Remote interface description: Sequencing: receive disabled, send disabled VC statistics packet totals: receive 1146978, send 3856011 byte totals: receive 86579172, send 316899920 packet drops: receive 0, send 0 These examples show the status of the active and backup pseudowires before, during, and after a switchover: Router# show mpls l2 vc detail Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------- AT0/2/0.1 ATM VPC CELL 50 10.1.1.2 100 UP AT0/2/0.1 ATM VPC CELL 50 10.1.1.3 100 STANDBY 4-93 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks The show mpls l2 vc detail command on the backup PE router displays the status of the pseudowires as shown in this example. The active pseudowire on the backup PE router has the HOTSTANDBY status. Router-standby# show mpls l2 vc detail Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------- AT0/2/0.1 ATM VPC CELL 50 10.1.1.2 100 HOTSTANDBY AT0/2/0.1 ATM VPC CELL 50 10.1.1.3 100 DOWN During a switchover, the status of the active and backup pseudowires changes: Router# show mpls l2 vc detail Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------- AT0/2/0.1 ATM VPC CELL 50 10.1.1.2 100 RECOVERING AT0/2/0.1 ATM VPC CELL 50 10.1.1.3 100 DOWN After the switchover is complete, the recovering pseudowire shows a status of UP: Router# show mpls l2 vc detail Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------- AT0/2/0.1 ATM VPC CELL 50 10.1.1.2 100 UP AT0/2/0.1 ATM VPC CELL 50 10.1.1.3 100 STANDBY Scenarios/Problems Solution4-94 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring QoS Features on a SIP This section describes configuration of the SIP-specific QoS features using the Modular QoS command-line interface (CLI). Before referring to any other QoS documentation for the platform or in the Cisco IOS software, use this section to determine SIP-specific QoS feature support and configuration guidelines. For additional details about QoS concepts and features in Cisco IOS 12.2 releases, you can then refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2, at http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/fqos_c.html This section includes the following topics: • General QoS Feature Configuration Guidelines, page 4-95 • Configuring QoS Features Using MQC, page 4-96 • Configuring QoS Traffic Classes on a SIP, page 4-96 • Configuring QoS Class-Based Marking Policies on a SIP, page 4-102 • Configuring QoS Congestion Management and Avoidance Policies on a SIP, page 4-105 • Configuring Dual-Priority Queuing on a Cisco 7600 SIP-400, page 4-113 How do I verify whether the LDP neighborship is established between the PE routers? Use the show mpls ldp neighbor command. This example shows a sample output of the command: PE1#show mpls ldp neighbor Peer LDP Ident: 11.11.11.11:0; Local LDP Ident 10.10.10.10:0 TCP connection: 11.11.11.11.32784 - 10.10.10.10.646 State: Oper; Msgs sent/rcvd: 1073/1061; UPstream Up time: 14:53:49 LDP discovery sources: GigabitEthernet1/1, Src IP addr: 110.110.110.1 Targeted Hello 10.10.10.10 -> 11.11.11.11, active <<-- This should be 'active'. Addresses bound to peer LDP Ident: 11.11.11.11 7.23.8.20 120.120.120.2 110.110.110.1 How do I check locally generated LDP PDUs? Use the show mpls ldp discovery command. This example displays a sample output of the command: Router# show mpls ldp discovery Local LDP Identifier: 10.1.1.1:0 Discovery Sources: Interfaces: Ethernet1/1/3 (ldp): xmit/recv LDP Id: 172.23.0.77:0 LDP Id: 10.144.0.44:0 LDP Id: 10.155.0.55:0 ATM3/0.1 (ldp): xmit/recv LDP Id: 10.203.0.7:2 ATM0/0.2 (tdp): xmit/recv TDP Id: 10.119.0.1:1 Targeted Hellos: 10.8.1.1 -> 10.133.0.33 (ldp): active, xmit/recv LDP Id: 10.133.0.33:0 10.8.1.1 -> 192.168.7.16 (tdp): passive, xmit/recv TDP Id: 10.133.0.33:0Router# Scenarios/Problems Solution4-95 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • Configuring Priority Percent on a Policy-Map on a Cisco 7600 SIP-400, page 4-115 • Configuring Percent Priority and Percent Bandwidth Support on a Cisco 7600 SIP-400, page 4-116 • Configuring QoS Traffic Shaping Policies on a SIP, page 4-117 • Configuring QoS Traffic Policing Policies on a SIP, page 4-118 • Attaching a QoS Traffic Policy to an Interface, page 4-124 • Configuring Network-Based Application Recognition and Distributed Network-Based Application Recognition, page 4-124 • Configuring Hierarchical QoS on a SIP, page 4-126 • Configuring PFC QoS on a Cisco 7600 SIP-600, page 4-129 • Configuring IPv6 Hop-by-Hop Header Security, page 4-143 General QoS Feature Configuration Guidelines This section identifies some general QoS feature guidelines for certain types of SPAs. You can find other feature-specific SIP and SPA configuration guidelines and restrictions in the other QoS sections of this chapter. ATM SPA QoS Configuration Guidelines Follow these guidelines for the 2-Port and 4-Port OC-3c/STM-1 ATM SPA: • In the ingress direction, all QoS features are supported by the Cisco 7600 SIP-200. • In the egress direction: – All queueing-based features (such as class-based weighted fair queueing [CBWFQ], and ATM per-VC WFQ, WRED, and shaping) are implemented on the segmentation and reassembly (SAR) processor on the SPA. – Policing is implemented on the SIP. – Class queue shaping is not supported. Effective 15.1(2)S release onwards, all the QoS features for ATM SPA is applicable for CEoP SPA. For more information on configuring QoS Features on CEoP SPAs, see Chapter 10, “Configuring the CEoP and Channelized ATM SPAs”. Ethernet SPA QoS Configuration Guidelines For the Ethernet SPAs, the following QoS behavior applies: • In both the ingress and egress directions, all QoS features calculate packet size similarly to how packet size calculation is performed by the FlexWAN and Enhanced FlexWAN modules on the Cisco 7600 series router. • Specifically, all features consider the IEEE 802.3 Layer 2 headers and the Layer 3 protocol payload. The CRC, interframe gap, and preamble are not included in the packet size calculations. Note For Fast Ethernet SPAs, QoS cannot change the speed of an interface (for example, Fast Ethernet SPAs cannot change QoS settings whenever an interface speed is changed between 100 and 10 Mbps). When the speed is changed, the user must also adjust the QoS setting accordingly. 4-96 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring QoS Features Using MQC The Modular QoS CLI (MQC) is a CLI structure that allows users to create traffic policies and attach these policies to interfaces. A traffic policy contains a traffic class and one or more QoS features. A traffic class is used to select traffic, while the QoS features in the traffic policy determine how to treat the classified traffic. If you apply a traffic policy at a main interface that also contains subinterfaces, then all of the traffic that goes through the subinterfaces is processed according to the policy at the main interface. For example, if you configure a traffic shaping policy at the main interface, all of the traffic going through the subinterfaces is aggregated and shaped to the rate defined in the traffic shaping policy at the main interface. To configure QoS features using the Modular QoS CLI on the SIPs, complete the following basic steps: Step 1 Define a traffic class using the class-map command. Step 2 Create a traffic policy by associating the traffic class with one or more QoS features (using the policy-map command). Step 3 Attach the traffic policy to the interface using the service-policy command. MQC policy support existing on ATM VC is extended to the ATM PVP from Cisco IOS Release 12.2(33)SRE. For a complete discussion about MQC, refer to the Modular Quality of Service Command-Line Interface Overview Chapter of the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2 publication at: http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfmcli2.html Configuring QoS Traffic Classes on a SIP Use the QoS classification features to select your network traffic and categorize it into classes for further QoS processing based on matching certain criteria. The default class, named class-default, is the class to which traffic is directed for any traffic that does not match any of the selection criteria in the configured class maps. QoS Traffic Class Configuration Guidelines When configuring traffic classes on a SIP, consider the following guidelines: • You can define up to 256 unique class maps. • A single class map can contain up to 8 different match command statements. • For ATM bridging, Frame Relay bridging, MPB, and BCP features, the following matching features are supported on bridged frames beginning in Cisco IOS Release 12.2(33)SRA: – Matching on ATM CLP bit (input interface only) – Matching on CoS – Matching on Frame Relay DE bit (input interface only) – Matching on Frame Relay DLCI – Matching on inner CoS 4-97 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks – Matching on inner VLAN – Matching on IP DSCP – Matching on IP precedence – Matching on VLAN • The Cisco 7600 SIP-600 does not support combining matches on QoS group or input VLAN with other types of matching criteria (for example, access control lists [ACLs]) in the same class or policy map. • The Cisco 7600 SIP-400 supports matching on ACLs for routed traffic only. Matching on ACLs is not supported for bridged traffic. • The SIP-400 does not support dynamic, time-based, or tos-matching ACLs. The SIP-400 also does not support the log option in ACL. • When configuring hierarchical QoS on the Cisco 7600 SIP-600, if you configure matching on an input VLAN in a parent policy, then only matching on a QoS group is supported in the child policy. • For support of specific matching criteria by SIP, see Table 4-13. SUMMARY STEPS Step 1 class-map [match-all | match-any] class-name Step 2 match type DETAILED STEPS To create a user-defined QoS traffic class, use the following commands beginning in global configuration mode: Command Purpose Step 1 Router(config)# class-map [match-all | match-any] class-name Creates a traffic class, where: • match-all—(Optional) Specifies that all match criteria in the class map must be matched, using a logical AND of all matching statements defined under the class. This is the default. • match-any—(Optional) Specifies that one or more match criteria must match, using a logical OR of all matching statements defined under the class. • class-name—Specifies the user-defined name of the class. Note You can define up to 256 unique class maps. Step 2 Router(config-cmap)# match type Specifies the matching criterion to be applied to the traffic, where type represents one of the forms of the match command supported by the SIP as shown in Table 4-13. Note A single class-map can contain up to 8 different match command statements.4-98 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Table 4-13 provides information about which QoS classification features are supported for SIPs on the Cisco 7600 series router. For more information about most of the commands documented in this table, refer to the Cisco IOS Quality of Service Solutions Command Reference. Table 4-13 QoS Classification Feature Compatibility by SIP Feature (match command) Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Matching on access control list (ACL) number (match access-group command) Supported for all SPAs with the following types of ACLs: • Protocols—ICMP, IGMP, EIGRP, OSPF, PIM, and GRE • Source and destination port • TCP flags • ToS (DSCP and precedence) Supported for all SPAs with the following types of ACLs: • Source and destination port • TCP flag (IPv4 only) • IP address (IPv6 compress mode only) Supported for all SPAs with the following types of ACLs: • IPv4 and IPv6 • Protocols—ICMP, IGMP, UDP, and MAC • Source and destination ports • TCP flags • ToS Matching on ACL name (match access-group name command) Supported for all SPAs. Supported for all SPAs. Supported for all SPAs. Match on any packet (match any command) Note Not supported for user-defined class maps. Supported for all SPAs. Supported for all SPAs. Supported for all SPAs. Matching on ATM cell loss priority (CLP) (match atm clp command) • Supported for all ATM SPAs. • Cisco IOS Release 12.2(33)SRA—Support added for ATM CLP matching with RFC 1483 bridging features. • Supported for all ATM SPAs on ATM input interface only. • Cisco IOS Release 12.2(33)SRA—Support added for ATM CLP matching with RFC 1483 bridging features on ATM input interface only. Not supported. Matching on class map (match class-map command) Supported for all SPAs. Not supported. Not supported.4-99 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Matching on Class of Service (CoS) (match cos command) Supported in Cisco IOS Release 12.2(33)SRA on the 4-Port and 8-Port Fast Ethernet SPA using dot1q encapsulation. • Supported on Fast ethernet SPAs from 12.2(33) SRD onwards. • 2-Port Gigabit Ethernet SPA only—Input and output 802.1Q tagged frames. • Cisco IOS Release 12.2(33)SRA—Support added for inner CoS matching with bridging features. Supported in Cisco IOS Release 12.2(33)SRA for switchport queueing. Note CoS classification is available through PFC QoS using MAC address ACLs. Matching on inner CoS (match cos inner command) • Supported for all SPAs. • Cisco IOS Release 12.2(33)SRA—Supported added for inner CoS matching with bridging features. Supported in Cisco IOS Release 12.2(33)SRA on the 2-Port Gigabit Ethernet SPA and Fast ethernet SPA from 12.2(33) SRD: • Input and output interfaces • Inner CoS matching with bridging features Not supported. Match on Frame Relay discard eligibility (DE) bit (match fr-de command) • Supported for Frame Relay input and output interfaces. • Cisco IOS Release 12.2(33)SRA—Support added for Frame Relay DE matching with Frame Relay bridging features. • Supported for a Frame Relay input interface only. • Cisco IOS Release 12.2(33)SRA—Support added for Frame Relay DE matching with Frame Relay bridging features on input Frame Relay interface only. Note Because the Cisco 7600 SIP-400 acts as a Frame Relay data terminal equipment (DTE) device only, and not a data communications equipment (DCE) device, the Cisco 7600 SIP-400 does not support dropping of frames that match on FR DE bits; however, other QoS actions are supported. Not supported. Table 4-13 QoS Classification Feature Compatibility by SIP (continued) Feature (match command) Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-6004-100 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Match on Frame Relay data-link connection identifier (DLCI) (match fr-dlci command) • Supported for Frame Relay input and output interfaces. • Cisco IOS Release 12.2(33)SRA—Support added for Frame Relay DLCI matching with Frame Relay bridging features. Supported in Cisco IOS Release 12.2(33)SRA on Frame Relay input and output interfaces, and with Frame Relay bridging features. Not supported. Match on input VLAN (match input vlan command—Matches the VLAN from an input interface) Supported for EoMPLS interfaces. Supported in Cisco IOS Release 12.2(33)SRA—Output interface only, and with bridging features. Note Service policy is applied on the output interface of the Cisco 7600 SIP-400 to match the VLAN from the input interface. Supported in Cisco IOS Release 12.2(33)SRA—Output interface only for software-based EoMPLS. Note The service policy is applied on the output interface of the Cisco 7600 SIP-600 to match the VLAN from the input interface. If you configure matching on an input VLAN in a parent policy with hierarchical QoS, then only matching on QoS group is supported in the child policy. Match on IP DSCP (match ip dscp command) • Supported for all SPAs. • Cisco IOS Release 12.2(33)SRA—Support added for IP DSCP matching with bridging features on an input interface only. • Supported for all SPAs. • Cisco IOS Release 12.2(33)SRA—Support added for IP DSCP matching with bridging features. Supported for all SPAs. Match on DSCP (match dscp command) • Supported for all SPAs. • Supported for all SPAs. • Supported for all SPAs. Match on IP (match IP command) • Supported for all SPAs. • Supported for all SPAs. • Supported for all SPAs. Match on IP precedence (match ip precedence command) Supported for all SPAs. • Supported for all SPAs. • Cisco IOS Release 12.2(33)SRA—Support added for IP precedence matching with bridging features. Supported for all SPAs. Table 4-13 QoS Classification Feature Compatibility by SIP (continued) Feature (match command) Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-6004-101 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Match on IP Real-Time Protocol (RTP) (match ip rtp command) Supported for all SPAs. Not supported. Not supported. Match on MAC address for an ACL name (match mac address command) Not supported. Not supported. Not supported. Match on destination MAC address (match destination-address mac command) Not supported. Not supported. Not supported. Match on source MAC address (match source-address mac command) Not supported. Not supported. Not supported. Match on MPLS experimental (EXP) bit (match mpls experimental command) Supported for all SPAs. Supported for all SPAs. Supported for all SPAs. Match on Layer 3 packet length in IP header (match packet length command) Supported for all SPAs. Not supported. Not supported. Match on QoS group (match qos-group command) Supported in Cisco IOS Release 12.2(33)SRA—Output interface only. Not supported. Supported in software-based EoMPLS configurations only using hierarchical QoS, where the parent policy configures matching on input VLAN and the child policy configures matching on QoS group. Match on protocol (match protocol command) Not supported for NBAR. Not supported. Supports matching on IP and IPv6. Match on VLAN (match vlan command—Matches the outer VLAN of a Layer 2 802.1Q frame) Not supported. Supported in Cisco IOS Release 12.2(33)SRA: • Input and output interfaces • Outer VLAN ID matching for 802.1Q tagged frames Supported in Cisco IOS Release 12.2(33)SRA: • Output interface only • Outer VLAN ID matching for 802.1Q tagged frames Table 4-13 QoS Classification Feature Compatibility by SIP (continued) Feature (match command) Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-6004-102 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring QoS Class-Based Marking Policies on a SIP After you have created your traffic classes, you can configure traffic policies to configure marking features to apply certain actions to the selected traffic in those classes. In most cases, the purpose of a packet mark is identification. After a packet is marked, downstream devices identify traffic based on the marking and categorize the traffic according to network needs. This categorization occurs when the match commands in the traffic class are configured to identify the packets by the mark (for example, match ip precedence, match ip dscp, match cos, and so on). The traffic policy using this traffic class can then set the appropriate QoS features for the marked traffic. In some cases, the markings can be used for purposes besides identification. Distributed WRED, for instance, can use the IP precedence, IP DSCP, or MPLS EXP values to detect and drop packets. In ATM networks, the CLP bit of the packet is used to determine the precedence of packets in a congested environment. If congestion occurs in the ATM network, packets with the CLP bit set to 1 are dropped before packets with the CLP bit set to 0. Similarly, the DE bit of a Frame Relay frame is used to determine the priority of a frame in a congested Frame Relay network. In Frame Relay networks, frames with the DE bit set to 1 are dropped before frames with the DE bit set to 0. QoS Class-Based Marking Policy Configuration Guidelines When configuring class-based marking on a SIP, consider the following guidelines: • Packet marking is supported on interfaces, subinterfaces, and ATM virtual circuits (VCs). In an ATM PVC, you can configure packet marking in the same traffic policy where you configure the queueing actions, on a per-VC basis. However, only PVC configuration of service policies is supported for classes using multipoint bridging (MPB) match criteria. • For ATM bridging, Frame Relay bridging, MPB, and BCP features, the following marking features are supported on bridged frames beginning in Cisco IOS Release 12.2(33)SRA: – Set ATM CLP bit (output interface only) – Set Frame Relay DE bit (output interface only) – Set inner CoS Match on VLAN Inner (match vlan inner command—Matches the innermost VLAN of the 802.1Q tag in the Layer 2 frame) • Supported for all SPAs. • Cisco IOS Release 12.2(33)SRA—Support added for inner VLAN ID matching with bridging features. Supported in Cisco IOS Release 12.2(33)SRA: • Input and output interface • Inner VLAN ID matching with bridging features Not supported. Match ATM VCI (match atm-vci command) • Not supported Supported on ATM PVP Not supported No match on specified criteria (match not command) Supported for all SPAs. Supported for all SPAs. Not supported. Table 4-13 QoS Classification Feature Compatibility by SIP (continued) Feature (match command) Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-6004-103 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • If a service policy configures both class-based marking and marking as part of a policing action, then the marking using policing takes precedence over any class-based marking. • The Cisco 7600 SIP-600 supports marking on input interfaces only. • For support of specific marking criteria by SIP, see Table 4-14. SUMMARY STEPS Step 1 policy-map policy-map-name Step 2 class class-name | class-default Step 3 set type DETAILED STEPS To configure a QoS traffic policy with class-based marking, use the following commands beginning in global configuration mode: Command Purpose Step 1 Router(config)# policy-map policy-map-name Creates or modifies a traffic policy and enters policy map configuration mode, where: • policy-map-name—Specifies the name of the traffic policy to configure. Names can be a maximum of 40 alphanumeric characters. Step 2 Router (config-pmap)# class class-name | class-default Specifies the name of the traffic class to which this policy applies and enters policy-map class configuration mode, where: • class-name—Specifies that the policy applies to a user-defined class name previously configured. • class-default—Specifies that the policy applies to the default traffic class. Step 3 Router(config-pmap-c)# set type Specifies the marking action to be applied to the traffic, where type represents one of the forms of the set command supported by the SIP as shown in Table 4-14.4-104 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Table 4-14 provides information about which QoS class-based marking features are supported for SIPs on the Cisco 7600 series router. Table 4-14 QoS Class-Based Marking Feature Compatibility by SIP Marking Feature (set command) Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Set ATM CLP bit (set atm-clp command—Marks the ATM cell loss bit with value of 1) • Supported for ATM output interfaces only. • Cisco IOS Release 12.2(33)SRA—Support added for ATM CLP marking on output interfaces also with RFC 1483 bridging features. Supported for ATM SPA output interfaces only. Not supported. Set discard class (set discard-class command—Marks the packet with a discard class value for per-hop behavior) Not supported. Not supported. Not supported. Set Frame Relay DE bit (set fr-de command—Marks the Frame Relay discard eligibility bit with value of 1) • Supported for Frame Relay output interfaces only. • Cisco IOS Release 12.2(33)SRA—Support added for Frame Relay DE marking on output interfaces only with Frame Relay bridging features. Supported for Frame Relay output interfaces only. Not supported. Set DSCP Supported for all SPAs. Supported for all SPAs. Supported for all SPAs on an input interface. Set Precedence Supported for all SPAs. Supported for all SPAs. Supported for all SPAs on an input interface. Set IP DSCP (set ip dscp command—Marks the IP differentiated services code point [DSCP] in the type of service [ToS] byte with a value from 0 to 63) Supported for all SPAs. Supported for all SPAs. Supported for all SPAs on an input interface. Set IP precedence (set ip precedence command—Marks the precedence value in the IP header with a value from 0 to 7.) Supported for all SPAs. Supported for all SPAs. Supported for all SPAs on an input interface.4-105 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks For more detailed information about configuring class-based marking features, refer to the Class-Based Marking document located at the following URL: http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/cbpmark2.html Note When referring to other class-based marking documentation, be sure to note any SIP-specific configuration guidelines described in this document. Configuring QoS Congestion Management and Avoidance Policies on a SIP This section describes SIP- and SPA-specific information for configuring QoS traffic policies for congestion management and avoidance features. These features are generally referred to as queueing features. QoS Congestion Management and Avoidance Policy Configuration Guidelines When configuring queueing features on a SIP, consider the following guidelines: Set Layer 2 802.1Q CoS (set cos command—Marks the CoS value from 0 to 7 in an 802.1Q tagged frame) • Supported for all SPAs. • In Cisco IOS Release 12.2(33)SRA—Not supported with set cos-inner command on the same interface. Supported in Cisco IOS Release 12.2(33)SRA. Not supported. Set Layer 2 802.1Q CoS (set cos-inner command—Marks the inner CoS field from 0 to 7 in a bridged frame) Supported in Cisco IOS Release 12.2(33)SRA with bridging features on the 4-Port and 8-Port Fast Ethernet SPA. Supported in Cisco IOS Release 12.2(33)SRA with bridging features. Not supported. Set MPLS experimental (EXP) bit on label imposition (set mpls experimental imposition command) Supported for all SPAs. Supported for all SPAs. Note The table keyword is not supported. Supported for all SPAs on an input interface. Set MPLS EXP on topmost MPLS label (set mpls experimental topmost command) Supported for all SPAs. Supported for all SPAs. Not supported. Set QoS group (set qos-group command—Marks the packet with a QoS group association) Not supported. Not supported. Supported only for software-based EoMPLS on an input SPA switchport interface. Table 4-14 QoS Class-Based Marking Feature Compatibility by SIP (continued) Marking Feature (set command) Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-6004-106 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • The Cisco 7600 series router supports different forms of queueing features. See Table 4-15 to determine which queueing features are supported by SIP type. • When configuring queueing on the Cisco 7600 SIP-400, consider the following guidelines: – A queue on the Cisco 7600 SIP-400 is not assured any minimum bandwidth. – You cannot configure bandwidth or shaping with queueing under the same class in a service policy on the Cisco 7600 SIP-400. – If you want to define bandwidth parameters and priority under different classes in the same service policy on the Cisco 7600 SIP-400, then you can only use the bandwidth remaining percent command. The Cisco 7600 SIP-400 does not support other forms of the bandwidth command with priority in the same service policy. • You can use policing with queueing to limit the traffic rate. • On the Cisco 7600 SIP-400, WRED is supported on bridged VCs with classification on precedence and DSCP values. On other SIPs, WRED does not work on bridged VCs (for example, VCs that implement MPB). • When configuring WRED on the Cisco 7600 SIP-400, consider the following guidelines: – WRED is supported on bridged VCs with classification on precedence and DSCP values. – WRED explicit congestion notification (ECN) is not supported for output traffic on ATM SPAs. – ECN is supported for IP traffic on output POS interfaces only. – You can use the low-order TOS bits in the IP header for explicit congestion notification (ECN) for WRED. If you configure random-detect ecn in a service policy and apply it to either a POS interface or a VC on a POS interface, then if at least one of the ECN bits is set and the packet is a candidate for dropping, the Cisco 7600 SIP-400 marks both ECN bits. If either one of the ECN bits is set, the Cisco 7600 SIP-400 will not drop the packet. – WRED ECN is not support for MPLS packets. • On the Cisco 7600 SIP-400, the default queue limit is calculated on the following basis: – As of Cisco IOS 12.2(33) SRB Release, the default queue limit is calculated based on the number of 250-byte packets that the SIP can transmit in one half of a second. For example, for an OC-3 SPA with a rate of 155 Mbps, the default queue limit is 38,750 packets (155000000 x 0.5 / 250 x 8). As of Cisco IOS 12.2(33)SRB Release, configurable values for queue-limit and WRED thresholds are in units of 250-byte buffers when configuring these parameters on a SIP-400. – When configured in Cisco IOS 12.2(33) SXF Release and Cisco IOS 12.2(33)SRA Release, the configured queue-limit and WRED thresholds on the SIP-400 are in units of packets, regardless of the packet size. • For more detailed information about configuring congestion management features, refer to the Cisco IOS Quality of Service Solutions Configuration Guide document corresponding to your Cisco IOS software release.4-107 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Table 4-15 provides information about which QoS queueing features are supported for SIPs on the Cisco 7600 series router. Note Effective with Cisco IOS Release 15.0(1)S, the fair-queue (WFQ) command is not available on Cisco IOS Software. Use the MQC equivalent fair-queue (WFQ) command in the Legacy QoS Command Deprecation feature document at: http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/legacy_qos_cli_deprecation_xe. html Table 4-15 QoS Congestion Management and Avoidance Feature Compatibility by SIP and SPA Combination Congestion Management and Avoidance Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Aggregate Weighted Random Early Detection (random-detect aggregate, random-detect dscp (aggregate), and random-detect precedence (aggregate) commands) Supported for ATM SPA PVCs only—Cisco IOS Release 12.2(18)SXE and later and in Cisco IOS Release 12.2(33)SRA Supported for ATM SPA PVCs only—Cisco IOS Release 12.2(18)SXE and later and in Cisco IOS Release 12.2(33)SRA. Supported for all SPAs. For more information on configuring aggregate WRED, see the “Configuring Aggregate WRED for PVCs” section on page 7-30. Class-based Weighted Fair Queueing (CBWFQ) (bandwidth, queue-limit commands) Supported for all SPAs. Supported for all SPAs. Supported for all SPAs. Dual-Queue Support (priority and priority level commands) Not supported. Supported for all SPAs—Cisco IOS Release 12.2(33)SRB and later. Not supported. Flow-based Queueing (fair queueing/WFQ) (fair-queue command) Supported for all SPAs. Not supported. Not supported. Low Latency Queueing (LLQ)/ Queueing (priority command) Supported for all SPAs. Supported for all SPAs. Supported for all SPAs.4-108 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Random Early Detection (RED) (random-detect commands) Supported for all SPAs. • ATM SPAs—Up to 106 unique WRED minimum threshold (min-th), maximum threshold (max-th), and mark probability profiles supported. • Other SPAs—Up to 128 unique WRED min-th, max-th, and mark probability profiles supported. Supported for all SPAs. • ATM SPAs—Up to 106 unique WRED minimum threshold (min-th), maximum threshold (max-th), and mark probability profiles supported. • Other SPAs—Up to 128 unique WRED min-th, max-th, and mark probability profiles supported. Not supported. Weighted RED (WRED) Supported for all SPAs, with the following exception: • WRED is not supported on bridged VCs. Supported for all SPAs, with the following restriction: • WRED is supported on bridged VCs with classification on precedence and DSCP values. Not supported. Priority percent on Policy Map Supported Note Priority percent is not supported in ATM SPAs for both SIP200 and SIP400. Supported Note Priority percent is not supported in ATM SPAs for both SIP200 and SIP400. Not Supported All QoS features in ingress Supported Supported Supported Strict priorityand Ingress, no queueing Supported Supported Supported Table 4-15 QoS Congestion Management and Avoidance Feature Compatibility by SIP and SPA Combination Congestion Management and Avoidance Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-6004-109 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Policing, classification, policing and marking in egress Supported Supported Supported Oversubscription Supported Supported Note In Cisco IOS 12.2(33)SRB Release, oversubscription is only supported for two 2-Port Copper and Optical Gigabit Ethernet SPAs. Note In the Cisco IOS 12.2(33)SRC Release support for oversubscription is extended to the 1-Port 10-Gigabit Ethernet SPA. Ingress oversubscription is only supported on Ethernet SPAs. Note Cisco IOS 12.2(33)SRC Release supports the following specific SPA combinations: Any combination of POS, ATM, CEoPs, and serial or channelized SPAs up to OC-48 aggregate bandwidth One 2-Port Gigabit Ethernet SPA or 2-Port Copper and Optical Gigabit Ethernet SPA and up to OC-24 equivalents of POS, ATM, CEoPs, and serial or channelized SPAs. One2-Port Copper and Optical Gigabit Ethernet SPA or two 2-Port 5GEv2 SPAs. (These are the ingress oversubscription combinations. This is the only case where the SIP-400 is oversubscribed on ingress. Supported Table 4-15 QoS Congestion Management and Avoidance Feature Compatibility by SIP and SPA Combination Congestion Management and Avoidance Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-6004-110 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks SUMMARY STEPS Step 1 policy-map policy-map-name Step 2 class class-name | class-default Step 3 bandwidth bandwidth-kbps | percent percent Step 4 queue-limit number-of-packets DETAILED STEPS To configure a QoS CBWFQ policy, use the following commands beginning in global configuration mode: Command Purpose Step 1 Router(config)# policy-map policy-map-name Creates or modifies a traffic policy and enters policy map configuration mode, where: • policy-map-name—Specifies the name of the traffic policy to configure. Names can be a maximum of 40 alphanumeric characters. Step 2 Router (config-pmap)# class class-name | class-default Specifies the name of the traffic class to which this policy applies and enters policy-map class configuration mode, where: • class-name—Specifies that the policy applies to a user-defined class name previously configured. • class-default—Specifies that the policy applies to the default traffic class.4-111 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Sample Configuration Scenario Router#show policy-map interface GigabitEthernet3/3/0 Service-policy output: policy_map_1 Counters last updated 00:00:02 ago queue stats for all priority classes: Queueing queue limit 25000 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 Class-map: classmap_1 (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: ip precedence 1 Priority: Strict, b/w exceed drops: 0 Strict priority Class-map: class-default (match-any) 4 packets, 240 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Step 3 Router(config-pmap-c)# bandwidth bandwidth-kbps | percent percent Specifies the bandwidth allocated to a class belonging to a policy map. Note The amount of bandwidth configured should be large enough to also accommodate Layer 2 overhead. • bandwidth-kbps—Specifies the amount of bandwidth, in number of kbps, to be assigned to a class. • percent—Specifies the amount of guaranteed bandwidth, based on the absolute percent of available bandwidth. • percentage—Used in conjunction with the percent keyword, the percentage of the total available bandwidth to be set aside for the priority classes. Note If strict priority is assigned to a class in the parent policy, and control packets do not fall in that class, the interface may flap between the UP and DOWN states as the strict priority consumes the entire bandwidth. See Sample Configuration Scenario, page 111 for a sample scenaio illustrating this effect. Step 4 Router(config-pmap-c)# queue-limit number-of-packets Specifies the maximum number of packets the queue can hold for a class policy configured in a policy map. • number-of-packets—A number in the range 1-65536 specifying the maximum number of packets that the queue for this class can accumulate. Command Purpose4-112 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Match: any queue limit 2 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 4/240 Router# Router# Router#show policy-map interface GigabitEthernet3/3/0 Service-policy output: policy_map_1 Counters last updated 00:00:02 ago queue stats for all priority classes: Queueing queue limit 25000 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 Class-map: classmap_1 (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: ip precedence 1 Priority: Strict, b/w exceed drops: 0 Strict priority Class-map: class-default (match-any) 4 packets, 240 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: any queue limit 2 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 4/240 Router# Router#show interface GigabitEthernet3/3/0 GigabitEthernet3/3/0 is up, line protocol is up Hardware is GigEther SPA, address is 0023.33c5.dc40 (bia 0023.33c5.dc40) Internet address is 9.30.65.47/16 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, BW=100000 kbps (interface bandwidth) reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not supported Full Duplex, 100Mbps, media type is T output flow-control is unsupported, input flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/274/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: Class-based queueing Output queue: 0/40 (size/max) 5 minute input rate 2000 bits/sec, 4 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 983112 packets input, 71000650 bytes, 0 no buffer Received 73032 broadcasts (0 IP multicasts)4-113 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks 0 runts, 0 giants, 0 throttles 274 input errors, 17 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 514955 multicast, 0 pause input 6856 packets output, 519181 bytes, 0 underruns 0 output errors, 0 collisions, 4 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out Router# Router# Configuring Dual-Priority Queuing on a Cisco 7600 SIP-400 When configuring Dual-Priority Queuing, consider the following guidelines: • Only two priority levels are supported. • Level 1 is higher than level 2. • Propagation is supported on both levels. • A priority without a level is mapped to level 1. • The police rate includes a Layer 2 header but not cyclic redundancy check (CRC), preamble, or interframe gap. • Dual-priority queuing is not supported on ATM SPAs. SUMMARY STEPS Step 1 priority Step 2 priority leve Step 3 priority y ms Step 4 priority x kbps y bytes Step 5 priority percent x% | y ms DETAILED STEPS To configure dual-priority queuing, use the following commands: Command or Action Purpose Router(config-pmap-c)# priority Gives priority to a class of traffic belonging to a policy map. Router(config-pmap-c)# priority level Configures multiple priority queues. • level—A range of priority levels. Valid values are from 1 (high priority) to 4 (low priority). The default is 1.4-114 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring Hierarchical Queuing Framework on a Cisco 7600 SIP-400 Hierarchical Queuing Framework configuration involves two modules residing on the SIP-400 line card - the HQF client and the HQF mapper functions. The HQF client processes requests from the mapper. The role of the mapper module is primarily to create, update, and delete queues. While configuring the HQF, use the following guidelines: • Only two priority levels are supported. • Level 1 is higher than level 2. • Propagation is supported on both levels. • A priority without a level is mapped to level 1. • The sum of bandwidth percentage and another queue’s bandwidth reservation must not exceed 100% bandwidth. • The police rate includes a Layer 2 header but not cyclic redundancy check (CRC), preamble, or interframe gap. • Dual-priority queuing is not supported on ATM SPAs. SUMMARY STEPS Step 1 policy-map policy-name Step 2 class class-name Step 3 priority y ms Step 4 priority x kbps y bytes Step 5 priority percent x% | y ms Step 6 police rate DETAILED STEPS To configure dual-priority queuing, use the following commands: Router(config-pmap-c)# priority y ms • ms—Specifies the burst size in bytes. The burst size configures the network to accommodate temporary bursts of traffic. Router(config-pmap-c)# priority x kbps y bytes • x kbps—Specifies the burst size in kbps. • y bytes—Specifies the burst size in bytes. Router(config-pmap-c)# priority percent x% | y ms Enables conditional policing rate (kbps or link percent). Conditional policing is used if the logical or physical link is congested. Command or Action Purpose4-115 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring Priority Percent on a Policy-Map on a Cisco 7600 SIP-400 SUMMARY STEPS Step 1 class-map name Step 2 match ip precedence 0-7 Step 3 policy-map name Step 4 class voip Step 5 priority percent 1-100 DETAILED STEPS To configure priority percent on a policy-map, use the following commands: Command or Action Purpose Router(config)# policy-map policy-name Specifies the name of the policy map to be created or modified. Router(config-pmap)# class class-name • Specifies the name of a predefined class included in the service policy. Router(config-pmap-c)# priority y ms • ms—Specifies the burst size in bytes. The burst size configures the network to accommodate temporary bursts of traffic. Router(config-pmap-c)# priority x kbps y bytes • x kbps—Specifies the burst size in kbps. • y bytes—Specifies the burst size in bytes. Router(config-pmap-c)# priority percent x% | y ms Enables conditional policing rate (kbps or link percent). Conditional policing is used if the logical or physical link is congested. Router(config-pmap-c)# police rate Sets the policing rate (in bps) Command or Action Purpose Router(config-pmap-c)# class-map name Example: Router(config-pmap-c)# class-map voip Specifies a class belonging to a policy map. Router(config-pmap-c)# match ip precedence 0-7 Example: Router(config-pmap-c)# match ip precedence 3 Matches the precedence value in the IP header with a value from 0 to 7.4-116 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Note Queuing for QoS features like CBWFQ, LLQ, WRED, happens on the ATM-SPA itself (SPA-ATM-OC3/OC12/OC48 on SIP200/SIP400). Because of hardware limitations, a policy-map with priority percent, can not work on SPA-ATM-OC3/OC12/OC48. So while configuring dLFIoATM on SPA-ATM-OC3/OC12/OC48 on SIP200/SIP400, a Virtual-Template interface configured with a policy-map having priority percent command can not be associated to a PVC Configuring Percent Priority and Percent Bandwidth Support on a Cisco 7600 SIP-400 SUMMARY STEPS Step 1 bandwidth x kbps Step 2 bandwidth percent x% Step 3 bandwidth remaining percent x% DETAILED STEPS To configure percent priority and percent bandwidth, use the following commands: Router(config-pmap-c)# policy-map name Example: Router(config-pmap-c)# policy-map llq Specifies the name of the policy map. Router(config-pmap-c)# class name Example: Router(config-pmap-c)# class voip Specifies the traffic class to which the policy applies Router(config-pmap-c)# priority percent 1-100 Example: Router(config-pmap-c)# priority percent 23 Enables specified conditional policing rate on the policy map Command or Action Purpose Command or Action Purpose Router(config-pmap-c)# bandwidth x kbps Specifies or modifies the bandwidth allocated for a class belonging to a policy map. Router(config-pmap-c)# bandwidth percent x% Specifies the amount of guaranteed bandwidth, based on an absolute percent of available bandwidth. Router(config-pmap-c)# bandwidth remaining percent x% Specifies the remaining percent—Amount of guaranteed bandwidth, based on a relative percent of available bandwidth.4-117 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring QoS Traffic Shaping Policies on a SIP This section describes SIP- and SPA-specific information for configuring QoS traffic policies for shaping traffic. QoS Traffic Shaping Policy Configuration Guidelines When configuring queueing features on a SIP, consider the following guidelines: • The Cisco 7600 series router supports different forms of queueing features. See Table 4-16 to determine which traffic shaping features are supported by SIP type. • Use a hierarchical policy if you want to achieve minimum bandwidth guarantees using CBWFQ with a Frame Relay map class. First, configure a parent policy to shape to the total bandwidth required (on the Cisco 7600 SIP-400, use the class-default in Cisco IOS Release 12.2(18)SXF, or a user-defined class beginning in Cisco IOS Release 12.2(33)SRA). Then, define a child policy using CBWFQ for the minimum bandwidth percentages. • ATM SPAs do not support MQC-based traffic shaping. You need to configure traffic shaping for ATM interfaces using ATM Layer 2 VC shaping. • For more detailed information about configuring congestion management features, refer to the Cisco IOS Quality of Service Solutions Configuration Guide document corresponding to your Cisco IOS software release. Table 4-16 provides information about which QoS traffic shaping features are supported for SIPs on the Cisco 7600 series router. Table 4-16 QoS Traffic Shaping Feature Compatibility by SIP and SPA Combination Traffic Shaping Feature (shape command) Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Adaptive shaping for Frame Relay (shape adaptive command) Supported for all SPAs. Not supported. Not supported. Class-based shaping (shape average, shape peak commands) Supported for all SPAs. Shape average is supported for all SPAs with the following exceptions: • Committed burst (bc)—Not supported. • Excess burst (be)—Not supported. Supports only shape average for all SPAs. Policy-map class shaping of average-rate of traffic by percentage of bandwidth (shape average percent command) Not supported. Not supported. Not supported. Policy-map class shaping with adaptation to backward explicit congestion notification (BECN) (shape adaptive command) Supported for all SPAs. Not supported. Not supported.4-118 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring QoS Traffic Policing Policies on a SIP This section describes SIP- and SPA-specific information for configuring QoS traffic policing policies. QoS Traffic Policing Policy Configuration Guidelines When configuring traffic policing on a SIP, consider the following guidelines: • The Cisco 7600 series router supports different forms of policing using the police command. See Table 4-17 to determine which policing features are supported by SIP type. • When configuring policing on the Cisco 7600 SIP-600, consider the following guidelines: – The Cisco 7600 SIP-600 supports conform-action policing on input interfaces only, unless it is being implemented with queueing. – The Cisco 7600 SIP-600 does not support any policing actions (shown in Table 4-18) using the exceed-action or violate-action keywords on an input interface. – The Cisco 7600 SIP-600 supports exceed-action policing on an output interface with a drop action only, when the policing is being implemented with queueing. – The Cisco 7600 SIP-600 supports marking for exceed-action policing only using the set-dscp-transmit command. • When configuring a policing service policy and specifying the CIR in bits per second without specifying the optional conform (bc) or peak (be) burst in bytes, the Cisco 7600 SIP-400 calculates the burst size based on the number of bytes that it can transmit in 250 ms using the CIR value. For example, a CIR of 1 Mbps (or 1,000,000 bps) is equivalent to 125,000 bytes per second, which is 125 bytes per millisecond. The calculated burst is 250 x 125 = 31250 bytes. If the calculated burst is less than the interface maximum transmission unit (MTU), then the interface MTU is used as the burst size. This behaviour remains till SRE Release. From Release 15.0(1)S onwards, if the calculated burst size is less than the MTU, SIP 400 will not increment the burst size to the MTU. • You can use policing with queueing to limit the traffic rate. • If a service policy configures both class-based marking and marking as part of a policing action, then the marking using policing takes precedence over any class-based marking. Policy-map class shaping with reflection of forward explicit congestion notification (FECN) as BECN (shape fecn-adapt command) Supported for all SPAs. Not supported. Not supported. Policy-map class shaping of peak-rate of traffic by percentage of bandwidth (shape peak percent command) Not supported. Not supported. Not supported. Table 4-16 QoS Traffic Shaping Feature Compatibility by SIP and SPA Combination (continued) Traffic Shaping Feature (shape command) Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-6004-119 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • When configuring policing with MPB features on the Cisco 7600 SIP-200 and Cisco 7600 SIP-400, the set-cos-inner-transmit action is supported beginning in Cisco IOS Release 12.2(33)SRA. • SIP-400 line cards do not support multiple marking actions in one police class of traffic. For example - set-cos-inner-transmit and set-cos-transmit both cannot be configured together as below: class accPriority priority police cir percent 40 pir percent 100 conform-action set-cos-inner-transmit 5 conform-action set-cos-transmit 5 • Set-mpls-experimental-topmost-transmit command configuration guidelines on SIP-400. Refer Table 4-18 for QoS Policing Action Compatibility by SIP and SPA Combination. The set-mpls-experimental-topmost-transmit is valid for ingress side only. The set-mpls-experimental-topmost-transmit command is only effective when the SIP-400 receives a packet from line with the MPLS tag. The set-mpls-experimental-imposition-transmit is effective when the imposition is done on the ingress side. If SIP-400 does the imposition it inserts the EXPERIMENTAL bit(s) directly otherwise it copies the EXP bit to DBUS COS. EARL will then copy the DBUS COS to EXP while doing the imposition. This is expected behaviour. So even though set-mpls-experimental-topmost-transmit is supported on SIP-400, it works differently in the L3VPN case where the packet coming in from line is not an MPLS tagged packet. Note For any policer command, the minimum policer configuration value is 8kbps. Table 4-17 provides information about which policing features are supported for SIPs on the Cisco 7600 series router. Table 4-17 QoS Policing Feature Compatibility by SIP and SPA Combination Policing Feature (police command) Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Policing by aggregate policer (police aggregate command) Not supported. Not supported. Supported for all SPAs. Policing by bandwidth using token bucket algorithm (police command) Supported for all SPAs. Supported for all SPAs. Supported for all SPAS. Policing by committed information rate (CIR) percentage (police (percent) command—police cir percent form) Supported for all SPAs. Supported for all SPAs. Not supported. Policing with 2-color marker (CIR and peak information rate [PIR]) (police (two rates) command—police cir pir form) Supported for all SPAs. Supported for all SPAs. Supported for all SPAs.4-120 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks To create QoS traffic policies with policing, use the following commands beginning in global configuration mode: Policing by flow mask (police flow mask command) Not supported. Not supported. Supported for all SPAs. Policing by microflow (police flow command) Not supported. Not supported. Supported for all SPAs. Table 4-17 QoS Policing Feature Compatibility by SIP and SPA Combination (continued) Policing Feature (police command) Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Command Purpose Step 1 Router(config)# policy-map policy-map-name Creates or modifies a traffic policy and enters policy map configuration mode, where: • policy-map-name—Specifies the name of the traffic policy to configure. Names can be a maximum of 40 alphanumeric characters. Step 2 Router (config-pmap)# class {class-name | class-default} Specifies the name of the traffic class to which this policy applies and enters policy-map class configuration mode, where: • class-name—Specifies that the policy applies to a user-defined class name previously configured. • class-default—Specifies that the policy applies to the default traffic class. Use one of the following forms of police commands to evaluate traffic for the specified class. See Table 4-17 to determine which SIPs support the different policing features. Step 3 Router(config-pmap-c)# police bps [burst-normal] [burst-max] conform-action action exceed-action action violate-action action Specifies a maximum bandwidth usage by a traffic class through the use of a token bucket algorithm, where: • bps—Specifies the average rate in bits per second. Valid values are 8000 to 200000000. • burst-normal—(Optional) Specifies the normal burst size in bytes. Valid values are 1000 to 51200000. The default normal burst size is 1500 bytes. • burst-max—(Optional) Specifies the excess burst size in bytes. Valid values are 1000 to 51200000. • action—Specifies the policing command (as shown in Table 4-18) for the action to be applied to the corresponding conforming, exceeding, or violating traffic.4-121 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Step 4 Router(config-pmap-c)# police cir percent percentage [burst-in-msec] [bc conform-burst-in-msec] [pir percent percentage] [be peak-burst-in-msec] [conform-action action [exceed-action action [violate-action action]]] Configures traffic policing on the basis of a percentage of bandwidth available on an interface, where: • cir percent percentage—Specifies the committed information rate (CIR) bandwidth percentage. Valid values are 1 to 100. • burst-in-msec—(Optional) Burst in milliseconds. Valid values are 1 to 2000. • bc conform-burst-in-msec—(Optional) Specifies the conform burst (bc) size used by the first token bucket for policing traffic in milliseconds. Valid values are 1 to 2000. • pir percent percentage—(Optional) Specifies the peak information rate (PIR) bandwidth percentage. Valid values are 1 to 100. • be peak-burst-in-msec—(Optional) Specifies the peak burst (be) size used by the second token bucket for policing traffic in milliseconds. Valid values are 1 to 2000. • action—Specifies the policing command (as shown in Table 4-18) for the action to be applied to the corresponding conforming, exceeding, or violating traffic. Step 5 Router(config-pmap-c)# police {cir cir} [bc conform-burst] {pir pir} [be peak-burst] [conform-action action [exceed-action action [violate-action action]]] Configures traffic policing using two rates, the committed information rate (CIR) and the peak information rate (PIR), where: • cir cir—Specifies the CIR at which the first token bucket is updated as a value in bits per second. Valid values are 8000 to 200000000. • bc conform-burst—(Optional) Specifies the conform burst (bc) size in bytes used by the first token bucket for policing. Valid values are 1000 to 51200000. • pir pir—Specifies the PIR at which the second token bucket is updated as a value in bits per second. Valid values are 8000 to 200000000. • be peak-burst—(Optional) Specifies the peak burst (be) size in bytes used by the second token bucket for policing. The size varies according to the interface and platform in use. • action—(Optional) Specifies the policing command (as shown in Table 4-18) for the action to be applied to the corresponding conforming, exceeding, or violating traffic. Command Purpose4-122 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Step 6 Router(config-pmap-c)# police flow {bits-per-second [normal-burst-bytes] [maximum-burst-bytes] [pir peak-rate-bps]} | [conform-action action] [exceed-action action] [violate-action action] Configures a microflow policer, where: • bits-per-second—Specifies the CIR in bits per second. Valid values are from 32000 to 4000000000 bits per second. • normal-burst-bytes—(Optional) Specifies the CIR token bucket size. Valid values are from 1000 to 512000000 bytes. • maximum-burst-bytes—(Optional) Specifies the PIR token-bucket size. Valid values are from 1000 to 32000000 bytes. • pir peak-rate-bps—(Optional) Specifies the PIR in bits per second. Valid values are from 32000 to 4000000000 bits per second. • action—Specifies the policing command (as shown in Table 4-18) for the action to be applied to the corresponding conforming, exceeding, or violating traffic. Step 7 Router(config-pmap-c)# police flow mask {dest-only | full-flow | src-only} {bits-per-second [normal-burst-bytes] [maximum-burst-bytes]} [conform-action action] [exceed-action action] Configures a flow mask to be used for policing, where: • dest-only—Specifies the destination-only flow mask. • full-flow—Specifies the full-flow mask. • src-only—Specifies the source-only flow mask. • bits-per-second—Specifies the CIR in bits per second. Valid values are from 32000 to 4000000000 bits per second. • normal-burst-bytes—(Optional) Specifies the CIR token bucket size. Valid values are from 1000 to 512000000 bytes. • maximum-burst-bytes—(Optional) Specifies the PIR token bucket size. Valid values are from 1000 to 32000000 bytes. • action—Specifies the policing command (as shown in Table 4-18) for the action to be applied to the corresponding conforming or exceeding traffic. Step 8 Router(config-pmap-c)# police aggregate name Specifies a previously defined aggregate policer name and configures the policy-map class to use the specified name of the aggregate policer. Command Purpose4-123 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Table 4-18 provides information about which policing actions are supported for SIPs on the Cisco 7600 series router. Note For restrictions on use of certain marking features with different types of policing actions (conform, exceed, or violate actions), be sure to see the “QoS Traffic Policing Policy Configuration Guidelines” section on page 4-118. Table 4-18 QoS Policing Action Compatibility by SIP and SPA Combination Policing Action (set command) Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Drop the packet (drop command) Supported for all SPAs. Supported for all SPAs. Supported for all SPAs—Input interface only. Set the ATM CLP bit to 1 and transmit (set-clp-transmit command) Supported only for ATM SPAs . Supported only for CeoP and ATM S PAs . Not supported. Set the inner CoS value and transmit (set-cos-inner-transmit command) Supported in Cisco IOS Release 12.2(33)SRA with bridging features. Supported in Cisco IOS Release 12.2(33)SRA with bridging features. Not supported. Set the Frame Relay DE bit to 1 and transmit (set-frde-transmit command) Supported for all SPAs. Supported for all SPAs. Not supported. Set the IP precedence and transmit (set-prec-transmit command) Supported for all SPAs. Supported for all SPAs. Supported for all SPAs —Input interface only. Set the IP DSCP and transmit (set-dscp-transmit command) Supported for all SPAs. Supported for all SPAs. Supported for all SPAs—Input interface only. Set the MPLS EXP bit (0–7) on imposition and transmit (set-mpls-experimental-impositiontransmit command Supported for all SPAs. Supported for all SPAs. Supported for all SPAs. Set the MPLS EXP bit in the topmost label and transmit (set-mpls-experimental-topmost-tr ansmit command) Supported for all SPAs. Supported for all SPAs. Refer to QoS Traffic Class Configuration Guidelines, page 4-96 Supported for all SPAs. Transmit all packets without alteration (transmit command) Supported for all SPAs. Supported for all SPAs Supported for all SPAs.4-124 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Attaching a QoS Traffic Policy to an Interface Before a traffic policy can be enabled for a class of traffic, it must be configured on an interface. A traffic policy also can be attached to an ATM permanent virtual circuit (PVC) subinterface, Frame Relay data-link connection identifier (DLCI), and Ethernet subinterfaces. Traffic policies can be applied for traffic coming into an interface (input), and for traffic leaving that interface (output). Attaching a QoS Traffic Policy for an Input Interface When you attach a traffic policy to an input interface, the policy is applied to traffic coming into that interface. To attach a traffic policy for an input interface, use the following command beginning in interface configuration mode: Attaching a QoS Traffic Policy to an Output Interface When you attach a traffic policy to an output interface, the policy is applied to traffic leaving that interface. To attach a traffic policy to an output interface, use the following command beginning in interface configuration mode: Configuring Network-Based Application Recognition and Distributed Network-Based Application Recognition Note Network-Based Application Recognition (NBAR) and Distributed Network-Based Application Recognition (dNBAR) are supported on the Cisco 7600 SIP-200 only. NBAR feature is not supported in Release 15.0(1)S and later Releases. The purpose of IP quality of service (QoS) is to provide appropriate network resources (bandwidth, delay, jitter, and packet loss) to applications. QoS maximizes the return on investments on network infrastructure by ensuring that mission-critical applications get the required performance and noncritical applications do not hamper the performance of critical applications. Command Purpose Router(config-if)# service-policy input policy-map-name Attaches a traffic policy to the input direction of an interface, where: • policy-map-name—Specifies the name of the traffic policy to configure. Command Purpose Router(config-if)# service-policy output policy-map-name Attaches a traffic policy to the output direction of an interface, where: • policy-map-name—Specifies the name of the traffic policy to configure. 4-125 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks IP QoS can be deployed by defining classes or categories of applications. These classes are defined by using various classification techniques available in Cisco IOS software. After these classes are defined and attached to an interface, the desired QoS features, such as marking, congestion management, congestion avoidance, link efficiency mechanisms, or policing and shaping can then be applied to the classified traffic to provide the appropriate network resources amongst the defined classes. Classification, therefore, is an important first step in configuring QoS in a network infrastructure. NBAR is a classification engine that recognizes a wide variety of applications, including web-based and other difficult-to-classify protocols that utilize dynamic TCP/UDP port assignments. When an application is recognized and classified by NBAR, a network can invoke services for that specific application. NBAR ensures that network bandwidth is used efficiently by classifying packets and then applying QoS to the classified traffic. Some examples of class-based QoS features that can be used on traffic after the traffic is classified by NBAR include: • Class-based marking (the set command) • Class-based weighted fair queueing (the bandwidth and queue-limit commands) • Low latency queueing (the priority command) • Traffic policing (the police command) • Traffic shaping (the shape command) Note The NBAR feature is used for classifying traffic by protocol. The other class-based QoS features determine how the classified traffic is forwarded and are documented separately from NBAR. Furthermore, NBAR is not the only method of classifying network traffic so that QoS features can be applied to classified traffic. For information on the class-based features that can be used to forward NBAR-classified traffic, see the individual feature modules for the particular class-based feature as well as the Cisco IOS Quality of Service Solutions Configuration Guide. Many of the non-NBAR classification options for QoS are documented in the “Modular Quality of Service Command-Line Interface” section of the Cisco IOS Quality of Service Solutions Configuration Guide. These commands are configured using the match command in class map configuration mode. NBAR introduces several new classification features that identify applications and protocols from Layer 4 through Layer 7: • Statically assigned TCP and UDP port numbers • Protocols that are non-UDP and non-TCP • Dynamically assigned TCP and UDP port numbers. Classification of such applications requires stateful inspection; that is, the ability to discover the data connections to be classified by parsing the connections where the port assignments are made. • Sub-port classification or classification based on deep packet inspection; that is, classification by looking deeper into the packet. NBAR can classify static port protocols. Although access control lists (ACLs) can also be used for this purpose, NBAR is easier to configure and can provide classification statistics that are not available when using ACLs. 4-126 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks NBAR includes a Protocol Discovery feature that provides an easy way to discover application protocols that are transversing an interface. The Protocol Discovery feature discovers any protocol traffic supported by NBAR. Protocol Discovery maintains the following per-protocol statistics for enabled interfaces: total number of input and output packets and bytes, and input and output bit rates. The Protocol Discovery feature captures key statistics associated with each protocol in a network that can be used to define traffic classes and QoS policies for each traffic class. For specific information about configuring NBAR and dNBAR, refer to the Network-Based Application Recognition and Distributed Network-Based Application Recognition feature documentation located at the following URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm Configuring Hierarchical QoS on a SIP Table 4-19 provides information about where the hierarchical QoS features for SPA interfaces are supported. Configuring Hierarchical QoS with Tiered Policy Maps Hierarchical QoS with tiered policy maps is a configuration where the actions associated with a class contain a queuing action (such as shaping) and a nested service policy, which in itself is a policy map with classes and actions. This hierarchy of the QoS policy map is then translated into a corresponding hierarchy of queues. Hierarchical QoS with Tiered Policy Maps Configuration Guidelines When configuring hierarchical QoS with tiered policy maps on a SIP, consider the following guidelines: • For information about where hierarchical QoS with tiered policy maps is supported, see Table 4-19 on page 4-126. • You can configure up to three levels of hierarchy within the policy maps. Table 4-19 Hierarchical QoS Feature Compatibility by SIP and SPA Combination Feature Cisco 7600 SIP-200 Cisco 7600 SIP-400 Cisco 7600 SIP-600 Hierarchical QoS for EoMPLS VCs Supported for all SPAs in Cisco IOS Release 12.2(18)SXE and later, and in Cisco IOS Release 12.2(33)SRA. Supported for all SPAs beginning in Cisco IOS Release 12.2(33)SRA. Supported for all SPAs in Cisco IOS Release 12.2(18)SXF and later, and in Cisco IOS Release 12.2(33)SRA. Hierarchical QoS—Tiered policy maps with parent policy using class-default only on the main interface. Not applicable. Supported for all SPAs in Cisco IOS Release 12.2(18)SXF and later. Supported in Cisco IOS Release 12.2(18)SXF and later, and in Cisco IOS Release 12.2(33)SRA using match vlan command in parent policy. Hierarchical QoS—Tiered policy maps with parent policy in user-defined or class-default classes on the main interface. Supported for all SPAs in Cisco IOS Release 12.2(18)SXF and later, and in Cisco IOS Release 12.2(33)SRA. Supported for all SPAs in Cisco IOS Release 12.2(33)SRA. Not supported.4-127 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • The parent policy map has the following restrictions on a main interface: – In Cisco IOS Release 12.2(18)SXF and later—Supports the shape queueing action in the default class (class-default) only. – In Cisco IOS Release 12.2(33)SRA—Supports VLAN or ACL matching, and shape or bandwidth queueing actions in any class, user-defined and class-default. • When configuring hierarchical QoS for software-based EoMPLS on the Cisco 7600 SIP-600, if you configure match input vlan in the parent policy, then you can only configure match qos-group in the child policy. • In hierarchical QoS, you cannot configure just a set command in the parent policy. The set command works only if you configure other commands in the policy. • The child policy map supports shape, bandwidth, LLQ, queue limit, and WRED QoS features. • With hierarchical QoS on a subinterface, the parent policy map supports hierarchical QoS using the shape average command as a queueing action in the default class (class-default) only. • If you configure service policies at the main interface, subinterface, and VC levels, then the policy applied at the VC level takes precedence over a policy at the interface. • In a Frame Relay configuration, if you need to define service policies at the interface, subinterface, and PVC at the same time, then you can use a map class. • For a POS subinterface with a Frame Relay PVC, a service policy can be applied either at the subinterface or at the PVC, but not both. • Use a hierarchical policy if you want to achieve minimum bandwidth guarantees using CBWFQ with a map class. First, configure a parent policy to shape to the total bandwidth required (use the class-default in Cisco IOS Release 12.2(18)SXF, or a user-defined class beginning in Cisco IOS Release 12.2(33)SRA). Then, define a child policy using CBWFQ for the minimum bandwidth percentages. • You can configure hierarchical QoS up to the following limits, according to the current Cisco IOS software limits: – Up to 1024 class maps – Up to 1024 policy maps – Up to 256 classes within a policy map – Up to 8 match statements per class • If a hierarchical policy-map is applied on the SIP-400 interface , the child policy will only receive the packets which are not dropped by its parent. In other words, packets which are dropped in parent policy-map in a particular class because of some qos action are not visible to child policy-maps attached to that class and thus will not be classified. An example is illustrated: Class-map: voip (match-any) 16894 packets, 4375196 bytes 30 second offered rate 116000 bps, drop rate 108000 bps Match: any Priority: 32 kbps, burst bytes 1500, b/w exceed drops: 889 police: cir 100000 bps, bc 3125 bytes conformed 968 packets, 250362 bytes; actions: Only these are passed and the rest are dropped transmit exceeded 15926 packets, 4124834 bytes; actions:4-128 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks drop conformed 100000 bps, exceed 1649000 bps Service-policy : out Counters last updated 00:00:01 ago Class-map: prec0 (match-any) 966 packets, 250194 bytes Only those packets which are not dropped in parent pmap are seen by this child policy-map. 30 second offered rate 8000 bps, drop rate 7000 bps Match: ip precedence 0 QoS Set precedence 2 Packets marked 966 police: cir 8000 bps, bc 1500 bytes conformed 77 packets, 19943 bytes; actions: transmit exceeded 889 packets, 230251 bytes; actions: drop conformed 8000 bps, exceed 91000 bps Configuring Hierarchical QoS for EoMPLS VCs The Hierarchical Quality of Service (HQoS) for EoMPLS VCs feature extends support for hierarchical, parent and child relationships in QoS policy maps. This feature also provides EoMPLS per-VC QoS for point-to-point VCs. The new feature adds the ability to match the virtual LAN (VLAN) IDs that were present on a packet when the packet was originally received by the router. It also supports the ability to match on a QoS group that is set to the same value of the IP precedence or 802.1P class of service (CoS) bits that are received on the incoming interface. This allows service providers to classify traffic easily for all or part of a particular EoMPLS network, as well as to preserve the customer’s original differentiated services (DiffServ) QoS values. In EoMPLS applications, the parent policy map typically specifies the maximum or the minimum bandwidth for a group of specific VCs in an EoMPLS network. Then child policy maps in the policy can implement a different bandwidth or perform other QoS operations (such as traffic shaping) on a subset of the selected VCs. This feature enables service providers to provide more granular QoS services to their customers. It also gives service providers the ability to preserve customer IP precedence or CoS values in the network. Note For information about where hierarchical QoS for EoMPLS VCs is supported, see Table 4-19 on page 4-126.4-129 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks For more information about configuring hierarchical QoS for EoMPLS VCs, refer to the Optical Services Module Configuration Note located at the following URL: http://www.cisco.com/en/US/docs/routers/7600/install_config/12.2SR_OSM_config/OSM.pdf Configuring PFC QoS on a Cisco 7600 SIP-600 The Cisco 7600 SIP-600 supports most of the same QoS features as those supported by the Policy Feature Card on the Cisco 7600 series router. This section describes those QoS features that have SIP-specific configuration guidelines. After you review the SIP-specific guidelines described in this document, then refer to the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SR located at the following URL: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/swcg.html PFC QoS on a Cisco 7600 SIP-600 Configuration Guidelines • Output policing is not supported. Configuring NAT This section describes guidelines for configuring Network Address Translation (NAT). Developed by Cisco, NAT allows a single device, such as a router, to act as agent between the Internet public network and a local private network. For details on NAT refer to Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide, 2.2 located at the following URL: http://www.cisco.com/en/US/docs/security/fwsm/fwsm22/configuration/guide/nat.html For NAT configuration commands refer to the Cisco IOS IP Addressing Services Command Reference located at the following URL: http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html As a general restriction, while configuring NAT make sure nat pool size is limited to 15 bits. If you configure the nat pool size to more than 15 bits the following error message is displayed on the system: Error Message pool size should be maximum 15 bits long. Configuring Lawful Intercept on a Cisco 7600 SIP-400 This section describes configuring Lawful Intercept on a Cisco 7600 SIP-400. For initial configuration of the Lawful Intercept feature, see the Cisco 7600 Lawful Intercept Configuration Guide at the following URL: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/lawful_intercept/76licfg.htm l4-130 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks SUMMARY STEPS • snmp-server view viewA ciscoTap2MIB included OR snmp-server view viewA ciscoIpTapMIB included • snmp-server group groupA v3 auth read viewA write viewA notify viewA • snmp-server user user1 groupA v3 auth md5 cisco DETAILED STEPS To configure Lawful Intercept on a Cisco 7600 SIP-400, use the following commands: Command Purpose Router(config)# snmp-server view viewA ciscoTap2MIB included Router(config)# snmp-server view viewA ciscoIpTapMIB included Creates a view having access to the MIBS. Router(config)# snmp-server group groupA v3 auth read viewA write viewA notify viewA Creates a group having access to this view. Router(config)# snmp-server user user1 groupA v3 auth md5 cisco Creates a user who is a member of groupA.4-131 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring Security ACLs on an Access Interface on a Cisco 7600 SIP-400 This section describes configuration of the SIP-specific ACL features on access interfaces. Before referring to any other ACL documentation for the platform or in the Cisco IOS software, use this section to determine SIP-specific ACL feature support and configuration guidelines. An Access Control List (ACL) is a collection of ordered permit and deny statements, referred to as Access Control Entries (ACEs), which determine whether a particular packet will be forwarded or dropped. An ACL offers application layer awareness, providing operational staff with some flexibility in the level of isolation of a host. For instance, an ACL may be applied to enforce complete host isolation, denying all traffic to and from that particular host or, alternately, to just filter certain traffic flows, while permitting all others. For additional details about ACL concepts and features in Cisco IOS Release 12.2, refer to the Cisco IOS Security Configuration Guide, Release 12.2, at the following URL: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/fsecur_c.html This section includes the following topics: • Security ACL Configuration Guidelines, page 4-131 • Configuring Security ACL, page 4-131 Security ACL Configuration Guidelines • Up to 100 unique ACLs are recommended per chassis, with a maximum of 24 ACEs per ACL for Security ACL. • Up to one input ACL and one output ACL are recommended for all 8K subinterfaces on the SIP. • Source and Destination IPv4 Address, Port Number, ToS/DSCP, Protocol type, and TCP flags can be specified in the ACEs. As of Cisco IOS Release 12.2(33)SRB, IPV6 is not supported. • Template Security ACL is not supported as of Cisco IOS Release 12.2(33)SRB. • Security ACLs are only supported on a Route Switch Processor 720 (RSP720) with a Cisco 7600 SIP-400. • Standard, extended, and named ACLs are supported; other ACL types such as reflexive and time-based ACLs are not supported. Configuring Security ACL SUMMARY STEPS Step 1 access-list access list number permit ip host ip address any Step 2 interface gigabitethernet slot/subslot/port access Step 3 ip address address Step 4 encapsulation dot1q vlan-id Step 5 ip access-group access-list-number in Step 6 ip access-group access-list-number out4-132 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks DETAILED STEPS Verifying ACL Configuration Use the following command to verify ACL configuration: Configuring CoPP on the Cisco 7600 SIP-400 This section describes the configuration of Control Plane Policing (CoPP) on the Cisco 7600 SIP-400. Because the majority of control plane processing is done on the CPU, a malicious user can attack a router by simply pumping control plane traffic to the router. On an unprotected router, this results in the CPU utilization nearing 100%, resource exhaustion, and the command line console being locked, intensifying the problem because the user is not able to apply any rectifying action on the router. Using CoPP protects the control plane against these denial-of-service (DoS) attacks, ensuring routing stability, reachability, and packet delivery by providing filtering and rate-limiting capabilities for control plane packets. Command or Action Purpose Step 1 Router(config)# access-list access list number permit ip host ip address any Configures an access list. Step 2 Router(config-int)# interface gigabitethernet slot/subslot/port access Selects the gigabitethernet interface. Step 3 Router(config-int)# ip address address Specifies the IP address. Step 4 Router(config-int)# encapsulation dot1q vlan-id Enables traffic encapsulation. • vlan-id—Virtual LAN identifier; valid values are from 1 to 4094. Step 5 Router(config-int)# ip access-group access-list-number in Sets filtering method. • access-list-number—Number of an access list. This is a decimal number from 1 to 199 or 1300 to 2699. • in—Filters on inbound packets. Step 6 Router(config-int)# ip access-group access-list-number out Sets filtering method. • access-list-number—Number of an access list. This is a decimal number from 1 to 199 or 1300 to 2699. • out—Filters on outbound packets. Command or Action Purpose Router# show access-list [access-list-number | name] Displays access list configuration. • access-list-number—(Optional) Access list number to display. The range is 0 to 1199. The system displays all access lists by default. • name—(Optional) Name of the IP access list to display. 4-133 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks For additional information regarding DoS and CoPP, refer to the Cisco 7600 Series Router Cisco IOS Software Configuration Guide. This section contains the following topics: • Configuring Per-Subscriber/Per-Protocol CoPP on Access Interfaces on a Cisco 7600 SIP-400, page 4-134 • Configuring Per-Subinterface CoPP on Access Interfaces on a Cisco 7600 SIP-400, page 4-1364-134 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring Per-Subscriber/Per-Protocol CoPP on Access Interfaces on a Cisco 7600 SIP-400 This section describes the configuration of Per-Subscriber/Per-Protocol CoPP on a Cisco 7600 SIP-400. Per-Subscriber/Per-Protocol CoPP Configuration Guidelines • The Cisco 7600 CoPP feature is supported with a Route Switch Processor 720 (RSP720) and Cisco 7600 SIP-400 combination only. • When enabling the RP-based aggregate CoPP functionality, the required class maps should be configured for each of the protocol-matching criteria. The CoPP policy maps should be created for all the protocols that need to be policed. • Once the router processor decides to install a rate-limiter on an interface, there will be a delay for actually installing the rate-limiter on the Cisco 7600 SIP-400. During this interval, it is possible that the aggregate rate-limiter would start dropping good user packets, if the per-interface rates are not chosen carefully. For example, consider that there are 10 interfaces and 100 pps is used as the aggregate rate and 15 pps as the per-interface rate. If there are seven attacks on the router at a time, the aggregate limit would be exceeded and user traffic would be affected. • As of Cisco IOS Release 12.2(33)SRB, the CoPP Per-subscriber/Per-Protocol feature is only supported for DHCP, ARP, and ICMP protocols. DHCP and ARP policing are performed on the SPA, while ICMP policing is performed at the router processor level. SUMMARY STEPS • class-map arp-peruser • match protocol arp • match subscriber access • class-map dhcp-peruser • match protocol dhcp • match subscriber access • policy-map copp-peruser • class arp-peruser • police rate units pps burst burst-in-packets packets • control-plane user-type access • service-policy input copp-peruser • platform copp observation-period time • platform copp interface arp off DETAILED STEPS To configure Per-Subscriber/Per-Protocol CoPP support, use the following commands: Command or Action Purpose Router(config)# class-map arp-peruser Creates a class map for ARP. Router(config-cmap)# match protocol arp Matches ARP traffic. Router(config-cmap)# match subscriber access Defines the class map for access interfaces.4-135 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Verifying Per-Subscriber/Per-Protocol CoPP To verify Per-Subscriber/Per-Protocol CoPP configuration, use the following commands: Router(config)# class-map dhcp-peruser Creates a class map for DHCP. Router(config-cmap)# match protocol dhcp Configures the match criterion for a DHCP class map. Router(config-cmap) match subscriber access Defines the class map for access interfaces. Router(config)# policy-map copp-peruser Specifies CoPP as the policy map. Router(config-pmap)# class arp-peruser Creates an ARP peruser class. Router(config-pmap-c)# police rate units pps burst burst-in-packets packets Specifies the burst rate. • units—Rate at which traffic is policed in packets per second. Valid values are 1 to 2000000 pps. • burst-in-packets—(Optional) Specifies the burst rate that is used for policing traffic. Valid values are 1 to 512000 packets. Router(config-pmap-c)# class dhcp-peruser Creates a DHCP peruser class. Router(config-pmap-c)# police rate units pps burst burst-in-packets packets Specifies the burst rate. • units—Rate at which traffic is policed in packets per second. Valid values are 1 to 2000000 pps. • burst-in-packets—(Optional) Specifies the burst rate that is used for policing traffic. Valid values are 1 to 512000 packets. Router(config)# control-plane user-type access Applies the policy on control-plane-user interface. Router(config-cp-user)# service-policy input copp-peruser Configures the per-user policy map. Router(config)# platform copp observation-period time Configures the observation window. • time—Amount of time in minutes. Router# platform copp interface arp off Clears a per-subinterface rate-limiter for ARP on an interface. • interface—Defines interface. Command or Action Purpose4-136 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring Per-Subinterface CoPP on Access Interfaces on a Cisco 7600 SIP-400 This section describes the configuration of Per-Subinterface CoPP on a Cisco 7600 SIP-400. Per-Subinterface CoPP Configuration Guidelines This section describes guidelines to consider when configuring Per-Subinterface CoPP. • Per-Subinterface CoPP is supported on Cisco 7600 series routers with Supervisor 720, SIP-400, and Ethernet SPAs. • The following packet types can be rate-limited on the SIP-400: – DHCP packets – ARP packets – ATM OAM packets – Ethernet OAM packets – PPPoE discovery packets Note DHCP and ARP packets are supported in Cisco IOS Release 12.2(33)SRB and later. ATM OAM, Ethernet OAM, and PPPoE discovery packets are supported in Cisco IOS Release 12.2(33)SRC and later. • If there is a normal QoS policy installed on an interface, the SIP-400 first applies the QoS policy, then the Security ACL, then the CoPP rate-limiter on a packet. • During a switchover, all dynamic rate-limiters on the router are turned off. • During online insertion and removal (OIR) of a line card, the rate-limiters on the interfaces are reset. Configuring Per-Subinterface CoPP SUMMARY STEPS • class-map class-map-name • match protocol protocol-name [arp | dhcp | atm-oam | ethernet-oam | pppoe-discovery] • match subscriber access • policy-map policy-map-name Command or Action Purpose Router# show platform copp rate-limit [arp | dhcp | all] Displays configuration settings. • arp—Displays ARP information. • dhcp—Displays DHCP information. • all—Displays ARP and DHCP information. Router# show policy-map policy-map-name Verifies that packets match the desired class. • policy-map-name—(Optional) Name of the policy map.4-137 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • class class-map-name • police rate units [pps burst burst-in-packets packets | bps burst burst-in-bytes bytes] • control-plane user-type access • service-policy input policy-map-name • platform copp observation-period time • platform copp interface protocol-name off DETAILED STEPS To configure Per-Subinterface CoPP support, use the following commands: Command or Action Purpose Router(config)# class-map class-map-name Creates a class map for the packet protocol. Router(config-cmap)# match protocol protocol-name [arp | dhcp | atm-oam | ethernet-oam | pppoe-discovery] Matches packet protocol traffic. Router(config-cmap)# match subscriber access Defines the class map for access interfaces. Router(config)# policy-map policy-map-name Specifies CoPP as the policy map. Router(config-pmap)# class class-map-name Creates a class map for the packet protocol. Router(config-pmap-c)# police rate units [pps burst burst-in-packets packets | bps burst burst-in-bytes bytes] Specifies the burst rate. • units—Rate at which traffic is policed in packets per second. Valid values are 1 to 2000000. • burst-in-packets—(Optional) Specifies the burst rate (in packets per second) that is used for policing traffic. Valid values are 1 to 512000 packets. • burst-in-bytes—(Optional) Specifies the burst rate (in bytes per second) that is used for policing traffic. Valid values are 100 to 1000 bytes. Router(config)# control-plane user-type access Applies the policy on the control-plane user interface. Router(config-cp-user)# service-policy input policy-map-name Configures the policy map. Router(config)# platform copp observation-period time Configures the observation window. • time—Amount of time in minutes. Router# platform copp interface protocol-name off Clears a per-subinterface limiter for the packet protocol on an interface. • interface—Defines the interface. • protocol-name—Defines the packet protocol.4-138 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Verifying Per-Subinterface CoPP To verify Per-Subinterface CoPP configuration, use the following commands: Configuring DBUS COS Queuing on SIP-400 Packets coming from the Hyperion ASIC to the SIP-400 switch are buffered in two queues - High Priority (HP) and Low Priority (LP). Packets with the Bridge Protocol Data Unit (BPDU) bit or certain Class-of-Service (CoS) values set, are sent as high-priority. When the BPDU bit is not set, egress packets on the SIP-400 switch are placed in an internal low or high priority queue. This feature provides a CLI to allow the user to specify the DBUS CoS values in the SIP-400 switch's high priority queue. Note The CoS values can only be set in the internally generated DBUS header and not in headers that exist prior to the packet entering the Cisco 7600 router or those on packets leaving the Cisco 7600 router. The configuration is available per slot and not in the global configuration mode. This is so that any line card can be configured to use hardware configuration values stored for that slot independent of any other line card in the chassis. If no values are specified using the command, then SIP-400 cards use the default DBUS CoS values of 5, 6, and 7. The CoS values input from the command are stored in the running configuration. These configured values are set whenever there is a line card Online Insertion or Removal (OIR). If the SIP-400 card is physically removed from the chassis, the configured CoS values are removed from the running configuration. If the SIP-400 is reinserted in the chassis, the default CoS values are used until the configuration is modified. This feature has a minimal impact on memory and bandwidth. Configuration Guidelines and Restrictions Keep the following guidelines in mind while configuring this feature: • DBUS COS Queuing is supported only on the SIP-400. • The DBUS COS Queuing command allow the end user to only control the CoS value queuing behavior. The command does not allow the user to specify queuing behavior for the BPDU bit. • For the SIP-400, a warning message is displayed if the values 6 and 7 do not map to the priority queue. Command or Action Purpose Router# show platform copp rate-limit protocol-name [arp | dhcp | atm-oam | ethernet-oam | pppoe-discovery | all] Displays configuration settings for the selected packet protocol or all protocols. Router# show platform np copp [ifnum] [detail] Displays debug information for a given session or for all sessions. • ifnum—Identifies a specific session ID. • detail—Shows full rate-limiting values.4-139 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuration Steps Use the commands described in the following sections to configure the DBUS COS Queuing on SIP-400: SUMMARY STEPS Step 1 Router# hw-module slot slot queue priority switch-fpga output cos values |none Step 2 Router# no hw-module slot slot queue priority switch-fpga output DETAILED STEPS Sample configuration The following is an example of the feature configuration: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ! Map only CoS values 4, 5, 6, and 7 to the high priority queue Command or Action Purpose Router# hw-module slot slot queue priority switch-fpga output cos values |none Example: Router# hw-module slot 5 queue priority switch-fpga output none S pecifies the CoS values that are placed in the SIP-400 switch high priority queue. slot is the slot being configured in the chassis cos values are in the range of 0-7. If the none keyword is specified, all the CoS values go to the SIP-400 switch's low priority queue. Note If CoS values 6 and 7 are not set to the SIP-400 switch's high priority queue by the CLI, then the terminal displays a SIP-400 specific warning message, since not prioritizing the valuescan severely affect performance. The each individual cos value should be formatted with a space in between like 4 5 6 7. You can configure non-consecutive values example 3 5 6 7 as long as 6 and 7 are included in the list. This command replaces any values that were previously set. Router# no hw-module slot slot queue priority switch-fpga output Example: Router# no hw-module slot 5 queue priority switch-fpga output Sets the CoS values back to the defaults4-140 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Router(config)# hw-module slot 5 queue priority switch-fpga output 4 5 6 7 Router(config)# ! Map only CoS values 6 and 7 to the high priority queue Router(config)# ! Note that this un-maps 4 and 5 from the high priority queue Router(config)# hw-module slot 5 queue priority switch-fpga output 6 7 Router(config)# do show running-config | include qos-priority Router(config)# hw-module slot 5 queue priority switch-fpga output 6 7 Router(config)# ! Remove all CoS values from the high priority queue Router(config)# hw-module slot 5 queue priority switch-fpga output none WARNING: CoS values 6 and 7 are typically considered high priority. Setting these values to low priority may cause service disturbances during traffic congestion. Router(config)# do show running-config | include switch-fpga Router(config)# hw-module slot 5 queue priority switch-fpga output none HELP Messages You can access command line help to view command options and allowed arguments, while configuring the feature. Some examples are illustrated below: Router(config)#hw-module slot 5 ? queue Linecard internal queueing configuration Router(config)#hw-module slot 5 queue ? priority Specify priority values Router(config)#hw-module slot 5 queue priority ? switch-fpga Switch FPGA internal queueing configuration Router(config)#hw-module slot 5 queue priority switch-fpga ? output Output policy Router(config)#hw-module slot 5 queue priority switch-fpga output ? <0-7> Up to 8 class of service values separated by spaces none No priority values Verifying the DBUS COS Queuing Configuration Use the following show commands to verify the DBUS COS Queuing configuration:4-141 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Verification Examples SIP-400-5#show platform hardware bonham counters Bonham Packet Counters: AEFC A S Packets (offset 0x00A2) 0 AEFC B S Packets (offset 0x00A6) 0 AEFC A BG Packets (offset 0x00AA) 0 AEFC B BG Packets (offset 0x00AE) 0 SPI Tx Packets (offset 0x018C) 305473085 SPI Rx Packets (offset 0x0212) 851791536 DDR Tx Hi Packets (offset 0x028C) 1 DDR Tx Low Packets (offset 0x0290) 851785180 DDR Rx Packets (offset 0x030A) 306352642 CP FIFO Tx Packets (offset 0x0388) 6446 CP FIFO Rx Packets (offset 0x0408) 6455 INP to ENP Packets (offset 0x0488) 0 PKT BUF HP Packets (offset 0x050C) 30000000 PKT BUF LP Packets (offset 0x0510) 275466630 AEFC A Good Notify (offset 0x00CA) 0 AEFC A Bad Notify (offset 0x00CE) 1 AEFC B Good Notify (offset 0x00D2) 0 AEFC B Bad Notify (offset 0x00D6) 1 AEFC A Sent Msg (offset 0x00DA) 0 AEFC A Drop Msg (offset 0x00DE) 0 AEFC B Sent Msg (offset 0x00E2) 0 AEFC B Drop Msg (offset 0x00E6) 0 Error Counters: SPI Rx Addr Errors (offset 0x0204) 0 DDR Rx Hdr CRC Err (offset 0x030E) 0 DDR Rx Pkt CRC Err (offset 0x0312) 0 DDR Rx Seq Errors (offset 0x0316) 0 DDR Rx Len Errors (offset 0x031A) 0 DDR Tx HP Errors (offset 0x0294) 0 DDR Tx LP Errors (offset 0x0298) 0 CP FIFO Tx Errors (offset 0x038C) 0 CP FIFO Rx Errors (offset 0x040C) 0 CP FIFO Rx Seq Err (offset 0x0410) 0 INP to ENP Errors (offset 0x048C) 0 Pkt buf HP pkt drops (offset 0x0534) 0 Pkt buf LP pkt drops (offset 0x0538) 886012 Pkt buf LLQ pkt drops(offset 0x0546) 0 Show Command Description SIP-400#show platform hardware bonham counters Displays the aggregate counters for both low and high priority packets dropped by the SIP-400 switch due to egress oversubscription. Note The SIP-400 switch does not maintain per-interface counters for these dropped packets but aggregates them. SIP-400# show platform hardware bonham register | inc Priority Shows the setting in hardware The first bit is CoS 0 and the ninth bit is BPDU. SIP-400# show platform hardware bonham counters | inc PKT BUF Shows the total packet count through high-priority and low-priority queues4-142 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Packets which are classified as high priority in the egress path are reflected in the 'PKT BUF HP Packets' counter. Low priority packets are reflected in the 'PKT BUF LP Packets" counter. High priority packets that have been dropped by the SIP-400 switch because of backpressure from the egress network processor, are reflected in the 'Pkt buf HP pkt drops' counter. Low priority drops are reflected in the 'Pkt buf LP pkt drops' counter. Configuring IPv6 Hop-by-Hop Header Security on SIP-200 or SIP-400 IPv6 Hop-by-Hop (HBH) extension header is part of the original specification of the IPv6 protocol (RFC 2460). An IPv6 packet Hop-by-Hop extension header is identified by the header type 0, and when present, this extension header must always be the first extension header (EH) to follow the main header. Because a node must process any received packet that has an HBH extension header, forwarding packets containing the HBH header can represent a security threat. This can happen when a large number of IPv6 packets with Hop-by-Hop (HBH) extension headers are sent, creating a possibility of Denial of Service (DoS) attacks. The IPv6 - Hop-by-Hop Rate Limiter feature provides protection from Denial of Service (DoS) attacks. This feature allows IPv6 traffic with Hop-by-Hop headers to be rate-limited on the 7600 SIP-400 and SIP-200 line cards. Cisco IOS Release 12.2(33)SRD1 introduces support for configuring IPv6 Hop-by-Hop policing on SIP-400 and Cisco IOS Release 12.2(33)SRD3 introduces support for this feature on SIP-200. The Cisco 7600 routers treat IPv6 packets with HBH extension headers as Layer 2 packets. Layer 3 ACLs cannot be applied to these packets; hence a way to rate-limit these on the line card is needed. For Cisco IOS Releases 12.2(33)SRD1 and 12.2(33)SRE, only the first extension header of type Hop-by-Hop is rate-limited by the line card. The SIP-200 and SIP-400 line cards support this feature on SUP720, SUP32, RSP720-1GE and RSP720-10GE supervisors. The policer is a Packets-Per-Second (PPS) policer and is per network processor. rate-limits can be configured up to and including 25600 pps. The default police rate is 21.36 k pps, and ROMMON variable is IPv6_policer_rate. Setting the policer rate to zero drops all the IPv6 HBH packets. Usage Guidelines The following factors need to be considered while configuring the IPv6 Hop-By-Hop Policing feature: • Setting the police rate to 0 drops all the IPv6 HBH packets. • After setting the police rate, the setting will remain on the line card even if the line card is moved to another chassis running Cisco IOS Release 12.2(33)SRD3 or later. • IPv6 packets with HBH and EH will bypass other QoS configured on the line card. Supported Supervisor Engines and SPAs The Cisco 7600 supports IPv6 Hop-By-Hop Policing rate limit on the following : • Supervisor engines: – Supervisor Engine 720 4-143 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks – Supervisor Engine 32 – RSP720-1GE – RSP720-10GE • SIP-400 supporting the following SPAs: – SPA-2x1GE-V2 – SPA-5x1GE-V2 – SPA-2xOC3-POS – SPA-4xOC3-POS – SPA-1xOC12-POS – SPA-1xOC48-POS – SPA-1CHOC3-CE-ATM – SPA-24CHT1-CE-ATM – SPA-2xOC3-ATM – SPA-4xOC3-ATM – SPA-1xOC12-ATM – SPA-1xOC48-ATM • SIP-200supporting the following SPAs: – SPA-2xOC3-POS – SPA-4xOC3-POS – SPA-1xOC12-POS – SPA-2xOC3-ATM – SPA-4xOC3-ATM – SPA-1xOC12-ATM Configuring IPv6 Hop-by-Hop Header Security To connect to a specific line card for the purpose of executing the test platform police ipv6 set command, test platform police ipv6 get command, or test platform police ipv6 disable use the attach command in privileged EXEC mode. You can then set the IPv6 internal police rate by using the test platform police ipv6 set command in privileged EXEC mode from the line card console. SUMMARY STEPS Use the following summary of commands to configure the IPv6 Hop-by-Hop feature on a SIP-400 or a SIP-200. Step 1 Router # attach slot Step 2 SIP-400-slot> enable 4-144 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Step 3 SIP-400-slot# test platform police ipv6 set rate Step 4 SIP-400-slot# test platform police ipv6 disable DETAILED STEPS Command or Action Purpose Router# attach slot Example: Router# attach 3 Allows you to log in to the specified interface of the SIP-400 or SIP-200 console. SIP-400-slot> enable Example: SIP-400-3> enable Enables privileged EXEC mode. 4-145 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Note To exit the slot, type Control+C three times from the attach console slot. The ^C^C^C key sequence ends the session. This tip is also displayed as you enter the console slot. Sample Configuration To set the policer on the SIP-400 and use the get command to display the configured police rate PE17_C7606# attach 2 Entering CONSOLE for slot 2 Type "^C^C^C" to end this session SIP-400-2> enable SIP-400-2# test platform police ipv6 set ? <0-25600> pps, 0 to drop all the IPv6 HBH packets SIP-400-2# test platform police ipv6 set 1000 SIP-400-2# test platform police ipv6 get For SIP-400: SIP-400-3# test platform police ipv6 set rate Example: SIP-400-3# test platform police ipv6 set 1022 For SIP-200: SIP-200-3# test platform police ipv6 set rate Example: SIP-200-3# test platform police ipv6 set 300 Sets the IPv6 internal police rate, in packets per second (pps), on the SIP-400 interface. Sets the IPv6 internal police rate, in packets per second (pps), on the SIP-200 interface. SIP-400-3# test platform police ipv6 disable Example: SIP-400-3# test platform police ipv6 disable Disables the IPv6 internal policer. Note On a SIP-400, rate=65535 indicates that the policer is disabled. Command or Action Purpose 4-146 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks IPv6 with HBH header is policed at 1001.35 pps OR SIP-400-8# test platform police ipv6 set ? <0-25600> pps, 0 drop all the IPv6 HBH packets SIP-400-8# test platform police ipv6 set 300 SIP-400-8# test platform police ipv6 get IPv6 with HBH header is policed at 292.6 pps To disable the IPv6 internal policer on the SIP-400: SIP-400-8# test platform police ipv6 disable SIP-400-8# test platform police ipv6 get IPv6 with HBH header is not policed. To set the policer on the SIP-200 and use the get command to display the configured police rate SIP-200-2# test platform police ipv6 set 0 Dropping all the IPv6 HBH Policer SIP-200-2# test platform police ipv6 set 1000 IPv6 HBH packet policer rate = 1000 pps SIP-200-2# test platform police ipv6 get IPv6 HBH packet policer rate = 1000 pps, Rate in rommon = 1000 pps To disable the IPv6 internal policer on the SIP-200: SIP-200-2# test platform police ipv6 disable SIP-200-2# test platform police ipv6 get IPv6 with HBH header is not policed. SIP-200-2# show platform software ipv6-policer IPv6 HBH packet policer rate = 1000 pps Rate in rommon = 1000 pps Packets dropped = 297850, Packets punted to RP = 37424 Verifying the IPv6 Hop-By-Hop Policing Configuration To verify the configuration of the IPv6 Hop-by-Hop policing feature, use the following show commands: Command or Action Purpose SIP-400-slot# test platform police ipv6 get OR SIP-200-slot# test platform police ipv6 get Displays the IPv6 internal police rate on the line card. SIP-400-slot# show platform np rppp rate Displays information about all the internal policers, where: • np refers to the Network Processor. • rppp stands for Routing Punt Path Policer. • rate signifies the aggregate policer speed at which packets are routed to the RP.4-147 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Verification Examples To view the policer rate limit: SIP-400-4# test platform police ipv6 get IPv6 with HBH header is policed at 0.0 pps To view the packets rate-limited : SIP-400-4# show platform np rppp rate | inc HBH IPv6 HBH packet policer rate = 0.0pps,x = 0,y2 = 0,tokens = 10240, SIP-400-4# SIP-400-3# show platform np rppp rate RPPP NP Client Rate Information: Default RPPP rate = 1335.14pps,x = 1,y2 = 6,tokens = 10240, pkts=0 Priority RPPP rate = 1335.14pps,x = 1,y2 = 6,tokens = 10240, pkts=0 L4R/PBHK configs RPPP rate = 21362.30pps,x = 1,y2 = 2,tokens = 10240, pkts=0 Broadband FSOL RPPP rate = 10681.15pps,x = 1,y2 = 3,tokens = 10240, pkts=0 CFM RPPP rate = 1335.14pps,x = 1,y2 = 6,tokens = 4194304, pkts=0 IPv6 HBH packet policer rate = 21362.30pps,x = 1,y2 = 2,tokens = 10240, pkts=0 SIP-200-1# show platform software ipv6-policer IPv6 HBH packet policer rate = 21000 pps, Rate in rommon = 21000 pps Packets dropped = 0 packets, Packets punted to RP = 0. Note The values for setting and getting may not match exactly and are approximated. Triple Nesting QoS Support on SIP400 Beginning with the Cisco IOS Release 12.2(33)SRE, SIP-400 extends configuration support for three levels of policy on the SIP-400 line card, from the existing support for two levels of queuing. The third level of user-defined QoS policy maps will support non-queuing features. Triple nesting QoS on SIP-400 allows you to define an MQC policy with parent, child and grand-child (Three nested policies). Queuing classes are supported for parent and child while the third grandchild level supports only non-queuing actions like policing and marking. SIP-200-slot#show platform software ipv6-policer Displays full details of the policer rate limit and rate-limited packets. Note All the commands listed above can be run on the SIP-400 and SIP-200 line cards. Command or Action Purpose4-148 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks The Triple Nesting QoS feature is not expected to have any significant change in memory or CPU utilization on the SIP-400 This policy-map can be applied to following interfaces: • PPP Main Interface • Sub Interfaces • EVC (either on the main interface or on the subinterface configured with dot1q). • FR DLCI • ATM VC The following con depicts that a policy with a third-level grandchild non-queing policy is currently not supported on SIP-400. Pseudo Policy: parent queuing child queuing grand-child Policing (No queuing allowed) This feature is applicable on both ingress and egress QoS policy maps. The following table shows the Triple Nesting QoS support over the various interfaces: FLAT Policy Parent Policy Child Policy Grandchild Policy Ingress Egress Ingress Egress Ingress Egress Ingress Egress UDC CD UDC CD UDC CD UDC CD UDC CD UDC CD UDC CD UDC CD GIG main interface shape - - Yes Yes No No Yes Yes Yes Yes Yes Yes No No No No priority No No Yes Yes No No No No Yes Yes Yes Yes No No No No band width No No Yes Yes No No Yes Yes No No Yes Yes No No No No p olicy Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes ip prec marking Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes GIG dot1Q/QinQ sub interface shape - - Yes Yes - - - - Yes Yes Yes Yes No No No No priority No No Yes Yes No No No No Yes Yes Yes Yes No No No No band width No No Yes Yes No No Yes Yes No No Yes Yes No No No No p olicy Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes ip prec marking Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes4-149 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks EVC shape Yes Yes Yes Yes - - - - Yes Yes Yes Yes No No No No priority No No Yes Yes No No No No Yes Yes Yes Yes No No No No band width No No Yes Yes No No Yes Yes No No Yes Yes No No No No p olicy Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes ip prec marking Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes ISG shape No No No Yes No No No Yes No No Yes Yes No No No No priority No No No Yes No No No No No No Yes Yes No No No No band width No No No Yes No No No Yes No No Yes Yes No No No No p olicy Yes Yes No Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes ip prec marking Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Channelized interface (SONET/SDH such as the 1-Port Channelized OC-3/STM-1 SPA) shape No No Yes Yes No No Yes Yes No No Yes Yes No No No No priority No No Yes Yes No No No No No No Yes Yes No No No No band width No No Yes Yes No No Yes Yes No No Yes Yes No No No No p olicy Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes ip prec marking Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes POS with FR shape No No Yes Yes No No Yes Yes No No Yes Yes No No No No priority No No Yes Yes No No No No No No Yes Yes No No No No band width No No Yes Yes No No Yes Yes No No Yes Yes No No No No p olicy Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes ip prec marking Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes ATM PVC shape No No No No No No No No No No No No No No No No priority No No Yes Yes No No No No No No No No No No No No band width No No Yes Yes No No No No No No No No No No No No FLAT Policy Parent Policy Child Policy Grandchild Policy Ingress Egress Ingress Egress Ingress Egress Ingress Egress UDC CD UDC CD UDC CD UDC CD UDC CD UDC CD UDC CD UDC CD4-150 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuration and Restrictions • Queuing Support on third level policy map • ATM SPA doesn't support Hierarchical queuing • Any service-policy supporting existing features on eother the ingress or the egress side, can have an extra level of policer in ingress or egress side too. This policer can be applied on a user-defined class or class-default in the third level of policy-map. • If a hierarchical policy-map is applied to subniterface, then the parent class has to be class-default Configuration procedure SUMMARY STEPS Step 1 service-policy output Parent Step 2 service-policy ingress_policy Step 3 service-policy input third ingress_policy_level DETAILED STEPS p olicy Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes ip prec marking Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes FLAT Policy Parent Policy Child Policy Grandchild Policy Ingress Egress Ingress Egress Ingress Egress Ingress Egress UDC CD UDC CD UDC CD UDC CD UDC CD UDC CD UDC CD UDC CD Command Purpose Router(config-if)# service-policy output Parent Example: Router(config-if)# service-policy output Parent-155M Applies this service-policy to an interface on the egress side4-151 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuration Samples Example of Third Level User Defined Egress QoS Policy-Map policy-map NMC_POLICING class NMC_RP police 8000 8000 8000 conform-action set-dscp-transmit cs6 exceed-action set-dscp-transmit cs6 class NMC_SNMP police cir 8000 bc 8000 be 8000 conform-action set-dscp-transmit af21 exceed-action set-dscp-transmit af21 policy-map CE_EGRESS_QUEUING class NMC bandwidth remaining percent 1 service-policy NMC_POLICING Level THREE Policy-map - Only policing policy-map Parent-155M Level ONE Policy-map class class-default shape average 147712000 service-policy CE_EGRESS_QUEUING <<<< Level TWO Policy-map Router(config-if)#service-policy ingress_policy Example: Router(config-if)#service-policy ingress_policy Applies this service-policy to an interface on the ingress side Router(config-if)#service-policy input third ingress_policy_level Example: Router(config-if)# service-policy input ingress-three Specifies that the service-policy applied on the ingress side is a grandchild level policy Command Purpose4-152 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Applying this service-policy to a Main interface interface GigabitEthernet1/3/0 service-policy output Parent-155M Applying this service-policy to a Sub interface interface GigabitEthernet1/2/1.100 encapsulation dot1Q 456 service-policy output Parent-155M Applying this service-policy to FR DLCI interface Serial7/3/0/1:10 encapsulation frame-relay IETF frame-relay interface-dlci 20 service-policy output Parent-155M Applying this service-policy to EVC interface GigabitEthernet1/3/0 service instance 51 ethernet encapsulation dot1q 51 service-policy output Parent-155M Example of Third Level User Defined Ingress QoS Policy-Map policy-map ingress-one class COS3 police cir 10240000 bc 1280000 conform-action set-dscp-transmit af21 exceed-action set-dscp-transmit af22 policy-map ingress-two class NMC shape average 10000000 service-policy ingress-one policy-map ingress-three class COS1 shape average 10000 service-policy ingress-two4-153 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Applying this service-policy to a Main interface interface GigabitEthernet1/2/0 no ip address negotiation auto service-policy input ingress-three Example of Third Level User Defined QoS Policy-Map for ATM policy-map tnq2 class class-default police 400000 policy-map tnq1 class video police 300000 service-policy tnq2 policy-map tnq class tnq police 10000000 service-policy tnq1 Applying this service-policy to a ATM PVC interface ATM1/0/0 no ip address no atm enable-ilmi-trap pvc 10/100 service-policy out tnq Configuring IGMP Snooping on a SIP-200 IGMP snooping constrains the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast devices. As the name implies, IGMP snooping requires the LAN router to snoop on the IGMP transmissions between the host and the router and to keep track of multicast groups and member ports. When the router receives an IGMP report from a host for a particular multicast group, the router adds the host port number to the forwarding table entry; when it receives an IGMP Leave Group message from a host, it removes the host port from the table entry. It also periodically deletes entries if it does not receive IGMP membership reports from the multicast clients.4-154 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks The multicast router sends out periodic general queries to all VLANs. All hosts interested in this multicast traffic send join requests and are added to the forwarding table entry. The router creates one entry per VLAN in the IGMP snooping IP multicast forwarding table for each group from which it receives an IGMP join request. For more information and configuration instructions, see the Cisco 7600 Series Router IOS Software Configuration Guide, Release 12.2SR. Configuring ACFC and PFC Support on Multilink Interfaces About ACFC and PFC Using the Address and Control Field Compression (ACFC) and PPP Protocol Field Compression (PFC) Support on Multilink Interfaces feature, you can control the negotiation and application of the Link Control Protocol (LCP) configuration options for ACFC and PFC. If ACFC is negotiated during Point-to-Point Protocol (PPP) negotiation, Cisco routers may omit the High-Level Data Link Control (HDLC) header on links using HDLC encapsulation. IF PFC is negotiated during PPP negotiation, Cisco routers may compress the PPP protocol field from two bytes to one byte. The PPP commands described in this section provide options to control PPP negotiation, allowing the HDLC framing and the protocol field to remain uncompressed. These commands allow the system administrator to control when PPP negotiates the ACFC and PFC options during initial LCP negotiations and how the results of the PPP negotiation are applied. Note Address and control field compression is only applicable to links that use PPP in HDLC-like framing as described by RFC 1662. Restrictions and Usage Guidelines ACFC and PFC should be configured with the link shut down. Note When Multilink PPP is configured in hardware, ACFC and PFC are active only when all links in the bundle have ACFC and PFC configured. Using ACFC and PFC can result in gains in effective bandwidth because they reduce the amount of framing overhead for each packet. However, using ACFC or PFC changes the alignment of the network data in the frame, which in turn can impair the switching efficiency of the packets both at the local and remote ends of the connection. For these reasons, it is generally recommended that ACFC and PFC not be enabled without carefully considering the potential results. ACFC and PFC options are supported only when the serial interfaces are multilink member interfaces. ACFC and PFC configured on MLP interfaces do not have any effect during PPP negotiation or during packet transmission.4-155 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Supported Platforms SIP-200/SPA This feature is supported on SIP-200 for the following SPAs: • 2-Port and 4-Port Channelized T3 SPA • 8-Port Channelized T1/E1 SPA • 1-Port Channelized OC3/STM-1 SPA Configuring ACFC and PFC Support The following sections list the configuration tasks for ACFC and PFC handling. Configuring ACFC Support SUMMARY STEPS Use the following summary of commands to configure the ACFC. Step 1 enable Step 2 configure terminal Step 3 interface serial slot/subslot/port:channel-group Step 4 shutdown Step 5 ppp acfc remote {apply | reject | ignore} Step 6 ppp acfc local {request | forbid} Step 7 no shutdown DETAILED STEPS To configure ACFC support, perform the following tasks in interface configuration mode: Command Purpose Step 1 Router> enable Enables privileged EXEC mode. • Enter your password if prompted. Step 2 Router# configure terminal Enables global configuration mode.4-156 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks ACFC Configuration Example The following example configures the interface to accept ACFC requests from a remote peer and perform ACFC on frames sent to the peer, and include the ACFC option in its outbound configuration in its outbound configuration requests: Router> enable Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface serial 4/1/1/1:0 Router(config-if)# shutdown Router(config-if)# ppp acfc remote apply Router(config-if)# ppp acfc local request Router(config-if)# no shutdown Configuring PFC Support SUMMARY STEPS Use the following summary of commands to configure the PFC. Step 3 Router(config)# interface serial slot/subslot/port:channel-group Example: Router(config)# interface serial 2/1/0:2 Selects the interface to configure. • slot/subslot/port:channel-group—Specifies the location of the interface. Step 4 Router(config-if)# shutdown Shuts down the interface. Step 5 Router(config-if)# ppp acfc remote {apply | reject | ignore} Example: Router(config-if)# ppp acfc remote apply Configures how the router handles the ACFC option in configuration requests received from a remote peer. • apply—ACFC options are accepted and ACFC may be performed on frames sent to the remote peer. • reject—ACFC options are explicitly ignored. • ignore—ACFC options are accepted, but ACFC is not performed on frames sent to the remote peer. Step 6 Router(config-if)# ppp acfc local {request | forbid} Example: Router(config-if)# ppp acfc local request Configures how the router handles ACFC in its outbound configuration requests. • request—The ACFC option is included in outbound configuration requests. • forbid—The ACFC option is not sent in outbound configuration requests, and requests from a remote peer to add the ACFC option are not accepted. Step 7 Router(config-if)# no shutdown Reenables the interface. Command Purpose4-157 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Step 1 enable Step 2 configure terminal Step 3 interface serial slot/subslot/port:channel-group Step 4 shutdown Step 5 ppp pfc remote {apply | reject | ignore} Step 6 ppp pfc local {request | forbid} Step 7 no shutdown DETAILED STEPS To configure PFC support, perform the following tasks in interface configuration mode: : Command Purpose Step 1 Router> enable Enables privileged EXEC mode. • Enter your password if prompted. Step 2 Router# configure terminal Enables global configuration mode. Step 3 Router(config)# interface serial slot/subslot/port:channel-group Example: Router(config)# interface serial 3/0/0:0 Selects the interface to configure. • slot/subslot/port:channel-group—Specifies the location of the interface. Step 4 Router(config-if)# shutdown Shuts down the interface Step 5 Router(config-if)# ppp pfc remote {apply | reject | ignore} Example: Router(config-if)# ppp pfc remote apply Configures how the router handles the PFC option in configuration requests received from a remote peer. • apply—PFC options are accepted and PFC may be performed on frames sent to the remote peer. • reject—PFC options are explicitly ignored. • ignore—PFC options are accepted, but PFC is not performed on frames sent to the remote peer. Step 6 Router(config-if)# ppp pfc local {request | forbid} Example: Router(config-if)# ppp pfc local forbid Configures how the router handles PFC in its outbound configuration requests. • request—The PFC option is included in outbound configuration requests. • forbid—The PFC option is not sent in outbound configuration requests, and requests from a remote peer to add the PFC option are not accepted. Step 7 Router(config-if)# no shutdown Reenables the interface.4-158 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks PFC Configuration Example The following example configures the interface to explicitly ignore the PFC option received from a remote peer, and exclude the PFC option from its outbound configuration requests and reject any request from a remote peer to add the PFC option: Router> enable Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface serial 4/1/1/1:0 Router(config-if)# shutdown Router(config-if)# ppp pfc remote reject Router(config-if)# ppp pfc local forbid Router(config-if)# no shutdown4-159 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring PPPoEoE on a Cisco 7600 SIP-400 Point-to-Point Protocol (PPP) provides a standard method of communicating to peers over a point-to-point link. An Ethernet link provides multipoint communication between multiple peers. PPP over Ethernet (PPPoE) allows point-to-point communication across multipoint Ethernet links. The PPPoE over Ethernet interface (PPPoEoE) enables the Cisco 7600 series router with Cisco 7600 SIP-400 to terminate Ethernet PPP sessions over Ethernet links. The PPPoE over IEEE 802.1Q VLANs feature enables the router to terminate Ethernet PPP sessions across VLAN links. IEEE 802.1Q encapsulation is used to interconnect a VLAN-capable router with another VLAN-capable networking device. The packets on the 802.1Q link contain a standard Ethernet frame and the VLAN information associated with that frame. Supported Features PPPoEoE on the Cisco 7600 SIP-400 supports the following features: • PPPoE discovery packets (rate-limited), PPPoE PPP control packets, and PPPoE PPP IP data packets provide a per-user session on an Ethernet interface. • PPPoE is supported on main interfaces, 802.1Q and QinQ access interfaces, and VLAN ranges (802.1Q ranges and QinQ inner ranges). • 8 K PPPoE sessions are supported. • PPPoE and IP sessions can be configured on the same subinterface. Limitations and Restrictions PPPoEoE on the Cisco 7600 SIP-400 has the following limitations and restrictions: • PPP over ATM (PPPoA) is not supported. • Tunneling of PPPoE sessions (Level 2 Tunneling Protocol) is not supported. • Ambiguous VLANs and a range of VLANs for IP session interfaces are not supported. However, a range of VLANs is supported for PPPoE-configured interfaces. • Negotiated maximum transmission unit (MTU) value can only be 1492 or 1500 bytes. • If the ip tcp adjust-mss command is used, the only value supported is 1468. • PPPoE can only be configured on subinterfaces using the access keyword. Configuration Tasks for PPPoE over Ethernet To configure PPPoE over Ethernet, perform the following tasks: • Configuring a Virtual Template Interface, page 4-160 • Creating an Ethernet Interface and Enabling PPPoE, page 4-161 • Configuring PPPoE in a BBA Group, page 4-162 • Configuring PPPoE over 802.1Q VLANs on a Cisco 7600 SIP-400, page 4-1634-160 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring a Virtual Template Interface Configure a virtual template before you configure PPPoE on an Ethernet interface. The virtual template interface is a logical entity that is applied dynamically as needed to an incoming PPP session request. SUMMARY STEPS Step 1 interface virtual-template number Step 2 ip unnumbered ethernet number Step 3 mtu bytes Step 4 ppp authentication chap Step 5 ppp ipcp ip address required DETAILED STEPS To create and configure a virtual template interface, enter the following commands beginning in global configuration mode: The following example shows the configuration of a virtual template interface: Router(config)# interface virtual-template 1 Router(config-if)# ip unnumbered ethernet 21 Router(config-if)# no peer default ip address Router(config-if)# ppp authentication chap Router(config-if)# ppp authorization vpn1 Router(config-if)# ppp accounting vpn1 Note The PPP commands shown in these examples are typical of virtual template configurations. Not all PPP commands are required. Refer to the PPP documentation for more information. Command or Action Purpose Step 1 Router(config)# interface virtual-template number Creates a virtual template interface and enters interface configuration mode. Step 2 Router(config-if)# ip unnumbered ethernet number Enables IP without assigning a specific IP address on the LAN. Step 3 Router(config-if)# mtu bytes (Optional) Sets the maximum MTU size for the interface. Note MTU size can be set only to 1492 or 1500. Step 4 Router(config-if)# ppp authentication chap Enables PPP authentication on the virtual template interface. Step 5 Router(config-if)# ppp ipcp ip address required Required for legacy dial-up and DSL networks. Prevents a PPP session from being set up with 0.0.0.0 remote ip address.4-161 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Monitoring and Maintaining a Virtual Access Interface When a virtual template interface is applied dynamically to an incoming user session, a virtual access interface (VAI) is created. You cannot use the command line interface (CLI) to directly create or configure a VAI, but you can display and clear the VAI by using the following commands in privileged EXEC mode. SUMMARY STEPS Step 1 clear interface virtual-access number DETAILED STEPS The following example shows how to display the active VAI configuration: Router# show interfaces virtual-access 1.1 configuration ! interface virtual-access1.1 if vrf forwarding vrf-1 ip unnumbered Loopback1 no ip proxy-arp peer default ip address pool vrf-1 ppp authentication chap end Note Virtual-access 1.1 is a PPPoE subinterface. The following example shows how to clear a live session: Router# clear interface virtual-access 1.1 Router# Creating an Ethernet Interface and Enabling PPPoE SUMMARY STEPS Step 1 interface gigabitethernet number Step 2 protocol pppoe group group-name Command or Action Purpose Router# show interfaces virtual-access number configuration Displays the configuration of the active VAI that was created using a virtual template interface. The configuration keyword restricts output to configuration information. Router# clear interface virtual-access number Tears down the live sessions and frees the memory for other client users.4-162 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks DETAILED STEPS To create an Ethernet interface and enable PPPoE on it, enter the following commands beginning in global configuration mode: Configuring PPPoE in a BBA Group Note Cisco IOS Release 12.2(33)SRC does not support the configuration of BBA groups using RADIUS. You must configure BBA groups manually. SUMMARY STEPS Step 1 bba-group pppoe name Step 2 virtual-template template-number Step 3 pppoe limit per-mac per-mac-limit Step 4 pppoe limit max-sessions number Step 5 pppoe limit per-vc per-vc-limit Step 6 exit Step 7 interface type number access Step 8 encapsulation dot1q vlan-id Step 9 pppoe enable group group-name DETAILED STEPS To configure a broadband aggregation (BBA) group for PPPoE and link it to the appropriate virtual template interface, enter the following commands beginning in global configuration mode: Command or Action Purpose Step 1 Router(config)# interface gigabitethernet number Creates an Ethernet interface and enters interface configuration mode. Step 2 Router(config-if)# protocol pppoe group group-name Enables PPPoE and allows PPPoE sessions to be created through that interface. Command or Action Purpose Step 1 Router(config)# bba-group pppoe name Configures a BBA group to be used to establish PPPoE sessions. name identifies the BBA group. You can have multiple BBA groups. Step 2 Router(config-bba)# virtual-template template-number Specifies the virtual template interface to use to clone VA I s . Step 3 Router(config-bba)# pppoe limit per-mac per-mac-limit (Optional) Specifies the maximum number of sessions per MAC address for each PPPoE port that uses the group.4-163 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Configuring PPPoE over 802.1Q VLANs on a Cisco 7600 SIP-400 PPPoE over IEEE 802.1Q VLANs enables the Cisco 7600 series router with the SIP-400 to support PPPoE over IEEE 802.1Q encapsulated VLAN interfaces. IEEE 802.1Q encapsulation is used to interconnect a VLAN-capable router with another VLAN-capable networking device. The packets on the 802.1Q link contain a standard Ethernet frame and the VLAN information associated with that frame. Note PPPoE is disabled by default on a VLAN. Configuring a Virtual Template Before configuring PPPoE on an IEEE 802.1Q VLAN interface, configure a virtual template and a BBA group. See the “Configuring a Virtual Template Interface” section on page 4-160, and the “Configuring PPPoE in a BBA Group” section on page 4-162. Creating an Ethernet IEEE 802.1Q Encapsulated Subinterface and Enabling PPPoE SUMMARY STEPS Step 1 interface gigabitethernet slot/subslot/port.number access Step 2 encapsulation dot1q vlan-id [second-dot1q inner-vlan-id] Step 3 pppoe enable group group-name DETAILED STEPS To create an Ethernet 802.1Q interface and enable PPPoE on it, enter the following commands beginning in global configuration mode. Step 4 Router(config-bba)# pppoe limit max-sessions number (Optional) Specifies the maximum number of PPPoE sessions that can be terminated on this router from all interfaces. Step 5 Router(config-bba)# pppoe limit per-vc per-vc-limit (Optional) Specifies the maximum number of PPPoE sessions for each VC that uses the group. Step 6 Router(config-bba)# exit Returns to global configuration mode. Step 7 Router(config)# interface type number access Specifies the type of interface to which you want to attach the BBA group and enters interface configuration mode. Note The access keyword is required on subinterfaces, but must not be used for main interfaces. Step 8 Router(config-if)# encapsulation dot1q vlan-id Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN. Specify the VLAN identifier. Note This step is required only for 802.1Q and QinQ interfaces. Step 9 Router(config-if)# pppoe enable group group-name Attaches the BBA group to the VLAN. Command or Action Purpose4-164 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Verifying PPPoE over Ethernet and IEEE 802.1Q VLAN To verify PPPoEoE and IEEE 802.1Q VLAN, enter the following commands in privileged EXEC mode: Clearing PPPoE Sessions To clear PPPoE sessions, enter the following commands in privileged EXEC mode: Configuring Source IPv4 and Source MAC Address Binding on the SIP-400 The Source IPv4 and Source MAC Address Binding feature is used in conjunction with the DHCP Authorized ARP and Secure ARP features to provide a check of the source IPv4 and source MAC address binding information before a packet can proceed to a higher level of processing. If the binding information does not exist, the packet is dropped. Configuration Guidelines When configuring source IPv4 and source MAC address binding, follow these guidelines: Command or Action Purpose Step 1 Router(config)# interface gigabitethernetslot/subslot/port.number access Creates a Gigabit Ethernet subinterface and enters subinterface configuration mode. Step 2 Router(config-subif) # encapsulation dot1q vlan-id [second-dot1q inner-vlan-id] Enables IEEE 802.1Q encapsulation on a specified subinterface in VLANs. Step 3 Router(config-subif)# pppoe enable group group-name Enables PPPoE and allows PPPoE sessions to be created through the specified subinterface. Command or Action Purpose Router# show pppoe session all Displays PPPoE session information for each session ID. Router# show pppoe session packets Displays PPPoE session statistics. Router# show pppoe summary Displays PPPoE summary statistics. Command or Action Purpose Router# clear pppoe all Clears all PPPoE sessions. Router# clear pppoe interface Clears all PPPoE sessions on a physical interface or subinterface. Router# clear pppoe rmac Clears PPPoE sessions from a client host MAC address. Router# pppoe interface interface vlan vlan-number Clears sessions on a per-VLAN basis in ambiguous VLAN cases.4-165 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks • Supports access subinterfaces on the Cisco 7600 series routers in DHCP and non-DHCP environments. Note Static entry of the MAC and IP address is required in a non-DHCP environment. • Supports IPv4 unicast packets only. • Supports Ethernet interfaces, subinterfaces, and routed Switched Virtual Interfaces (SVIs). • Supports interface/subinterface and intelligent edge (iEdge) IP sessions. • Supports up to 128000 IPv4 and MAC address bindings (subscriber entries) for the Cisco 7600 series router, and 8000 MAC address subscriber entries for each Cisco 7600 SIP-400. • This feature is recommended primarily for access-facing interfaces and subinterfaces. • Supports Cisco 7600 series router with RSP720, SUP720, or SUP 32. • Supports on Cisco 7600 SIP-400 for the following Ethernet SPAs: – 2-Port Gigabit Ethernet SPA – 5-Port Gigabit Ethernet SPA – 10-Port Gigabit Ethernet SPA • Supports only Ethernet and Ethernet logical interfaces. This feature can be supported on other interfaces provided they have Ethernet encapsulations underneath their primary encapsulation (for example, RBE or routed bridged PVC or EVC). • If you are using EVC, this feature must be configured for bridge domain. Restrictions When configuring source IPv4 and source MAC address binding, note these restrictions: • This feature cannot be used if multiple clients are using the same MAC address and they are on the same logical interfaces (VLAN). • This feature does not support native LAN cards on the Cisco 7600 series router. • This feature supports only one EVC per SVI. Configuring Source IPv4 and Source MAC Address Binding To configure this feature, perform the following tasks: • Securing ARP Table Entries to DHCP Leases, page 4-165 • Configuring the Interfaces for Source IPv4 and Source MAC Address Binding, page 4-166 • Configuring DHCP Authorized ARP, page 4-168 • Showing the Number of Dropped Packets, page 4-169 Securing ARP Table Entries to DHCP Leases This task describes how to secure ARP table entries to DHCP leases, starting in global configuration mode.4-166 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks SUMMARY STEPS Step 1 configure terminal Step 2 ip dhcp pool pool-name Step 3 network network-number Step 4 update arp Step 5 exit DETAILED STEPS Example: Router# configure terminal Router(config)# ip dhcp pool tc10 Router(dhcp-config)# network 10.0.0.0 255.255.255.0 Router(dhcp-config)# update arp Router(dhcp-config)# exit Configuring the Interfaces for Source IPv4 and Source MAC Address Binding This task describes how to enable source IPv4 and source MAC address binding in interface configuration mode. SUMMARY STEPS Step 1 configure terminal Step 2 interface vlan vlan-number Step 3 ip address ip-address mask Command Purpose Step 1 Router# configure terminal Enters global configuration mode. Step 2 Router(config)# ip dhcp pool pool-name Configures a DHCP address pool and enters DHCP pool configuration mode. pool-name—Name of the pool. Can either be a symbolic string or an integer. Step 3 Router(dhcp-config)# network network-number Configures the network number and mask for a DHCP address pool. network-number—IP address of the primary DHCP address pool. Note Use the network command to configure the Cisco 7600 series router as a DHCP server. Otherwise, the Cisco 7600 acts as a DHCP relay agent and gets the address from an outside server. Step 4 Router(dhcp-config)# update arp Secures insecure ARP table entries to the corresponding DHCP leases. Step 5 Router(dhcp-config)# exit Exits DHCP pool configuration mode.4-167 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Step 4 ip verify unicast source reachable-via rx l2-src Step 5 no shutdown DETAILED STEPS Command Purpose Step 1 Router# configure terminal Enters global configuration mode. Step 2 Router(config)# interface vlan vlan-number Specifies interface and VLAN number and enters interface configuration mode. vlan-number—Range is from 1 to 4094. Note To configure a main interface, use the interface type slot/subslot/port command in global configuration mode. Step 3 Router(config-if)# ip address ip-address mask Sets an IP address for an interface. ip-address—IP address. mask—Mask for the associated subnet. Step 4 Router(config-if)# ip verify unicast source reachable-via rx l2-src Enables source IPv4 and source MAC address binding. Step 5 Router(config-if)# no shutdown Enables the interface.4-168 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Example: Router# configure terminal Router(config)# interface vlan 10 Router(config-if)# ip address 10.0.0.1 255.255.255.0 Router(config-if)# ip verify unicast source reachable-via rx l2-src Router(config-if)# no shutdown Configuring DHCP Authorized ARP This task describes how to disable dynamic ARP learning on an interface, starting in interface configuration mode. SUMMARY STEPS Step 1 configure terminal Step 2 interface type slot/subslot/port Step 3 arp authorized Step 4 arp timeout seconds Step 5 service instance id ethernet Step 6 encapsulation dot1q vlan-id Step 7 rewrite ingress tag pop {1 | 2} symmetric Step 8 bridge-domain bridge-id Step 9 no shutdown Step 10 exit DETAILED STEPS Command Purpose Step 1 Router# configure terminal Enters global configuration mode. Step 2 Router(config)# interface type slot/subslot/port Configures an interface type and enters interface configuration mode. type slot/subslot/port—Specifies the type and location of the interface. Step 3 Router(config-if)# arp authorized Disables dynamic ARP learning on an interface. Step 4 Router(config-if)# arp timeout seconds Configures how long an entry remains in the ARP cache. seconds—Time (in seconds) that an entry remains in the ARP cache. A value of 0 means that entries are never cleared from the cache. Step 5 Router(config-if)# service instance id ethernet Configures an Ethernet service instance on an interface and enters Ethernet service configuration mode. id—Integer in the range of 1 to 4294967295 that uniquely identifies a service instance on an interface.4-169 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Tasks Example: Router# configure terminal Router(config)# interface gigabitethernet 8/0/1 Router(config-if)# arp authorized Router(config-if)# arp timeout 60 Router(config-if)# service instance 101 ethernet Router(config-if-srv)# encapsulation dot1q 101 Router(config-if-srv)# rewrite ingress tag pop 1 symmetric Router(config-if-srv)# bridge-domain 10 Router(config-if-srv)# no shutdown Router(config-if-srv)# end Showing the Number of Dropped Packets This task describes how to display the number of packets dropped when the source IPv4 and source MAC address binding check has failed. Example” Router# attach 8 Entering CONSOLE for slot 8 Type “^C^C^C” to end this session SIP-400-8# show platform drops detail Global drops: Drops for all interfaces: Gi8/0/0 ENP ifixp 16 Source masking (normal occurrence) Gi8/0/1 INP ifixp 3 BPDUs are not supported on this i/f Step 6 Router(config-if-srv)# encapsulation dot1q vlan-id Defines the matching criteria to map 802.1Q frames ingress on an interface to the appropriate service instance. vlan-id—VLAN ID, an integer in the range 1 to 4094. Step 7 Router(config-if-srv)# rewrite ingress tag pop {1 | 2} symmetric Specifies the encapsulation adjustment to be performed on the frame ingress to the service instance. pop {1 | 2}—One or two tags are removed from the packet. symmetric—(Optional) Specifies tagging on the packets in the reverse direction (egress). Step 8 Router(config-if-serv)# bridge-domain bridge-id Binds the service instance to a bridge domain instance. bridge-id—Identifier for the bridge domain instance, an integer in the range of 1 to a platform-specific upper limit. Step 9 Router(config-if-srv)# no shutdown Enables the interface. Step 10 Router(config-if-srv)# end Ends the current configuration session and returns to privileged EXEC mode. Command Purpose Command Purpose Step 1 Router# attach slot-number Attaches to the SIP-400. slot-number—location of SIP-400. Step 2 SIP-400-8# show platform drops detail (Router prompt changes to SIP-400 prompt.) Shows statistics regarding dropped packets.4-170 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Examples Gi8/0/1 ENP ifixp 2008 Source masking (normal occurrence) Gi8/0/1 INP ifixp 2000 Src IP/MAC check failed Gi8/0/1 ENP ifixp 13 Source masking (normal occurrence) SIP-400-8# Resetting a SIP To reset a SIP, use the following command in privileged EXEC configuration mode: Configuration Examples This section includes the following examples for configuring SIPs installed in a Cisco 7600 series router: • Layer 2 Interworking Configuration Examples, page 4-170 • MPLS Configuration Examples, page 4-172 • QoS Configuration Examples, page 4-173 • Private Hosts SVI (Interface VLAN) Configuration Example, page 4-178 Layer 2 Interworking Configuration Examples This section includes the following Layer 2 interworking configuration examples: • BCP in Trunk Mode Configuration Example, page 4-170 • BCP in Single-VLAN Mode Configuration Example, page 4-171 BCP in Trunk Mode Configuration Example The following example shows how to configure BCP in trunk mode: ! Enter global configuration mode. ! Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. ! ! Specify the interface address. ! Router(config)# interface pos4/1/0 ! ! Put the interface in Layer 2 mode for Layer 2 configuration. Router(config-if)# switchport %Please shut/no shut POS4/1/0 to bring up BCP ! Command Purpose Router# hw-module module slot reset Turns power off and on to the SIP in the specified slot, where: • slot—Specifies the chassis slot number where the SIP is installed.4-171 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Examples ! When the switchport command is configured, the interface is automatically configured for ! trunk mode and nonegotiate status. ! Restart the interface to enable BCP. ! Router(config-if)# shutdown Router(config-if)# no shutdown ! ! Enable all VLANs for receiving and transmitting traffic on the trunk. ! Router(config-if)# switchport trunk allowed vlan all %Internal vlans not available for bridging:1006-1018,1021 The following example shows sample output from the show running-config command for this configuration. The switchport mode trunk and switchport nonegotiate commands are automatically NVgened when the switchport command is configured: Router# show running-config interface pos4/1/0 Building configuration... Current configuration : 191 bytes ! interface POS4/1/0 switchport switchport trunk allowed vlan all switchport mode trunk switchport nonegotiate no ip address encapsulation ppp clock source internal end BCP in Single-VLAN Mode Configuration Example The following example shows how to configure BCP in single-VLAN mode: ! Enter global configuration mode. ! Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. ! ! Specify the interface address ! Router(config)# interface pos4/1/0 ! ! Disable IP processing on the interface. This is recommended for BCP interfaces. ! Router(config-if)# no ip address ! ! Configure PPP encapsulation. You must configure PPP encapsulation before using the ! bridge-domain command. ! Router(config-if)# encapsulation ppp ! ! Configure the bridging domain tag all Ethernet frames on the BCP link with the 802.1Q ! header. ! Router(config-if)# bridge-domain 100 dot1q %Please shut/no shut POS4/1/0 to bring up BCP ! ! Restart the interface to enable BCP. ! Router(config-if)# shutdown Router(config-if)# no shutdown4-172 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Examples The following example shows sample output from the show running-config command for this configuration: Router# show running-config interface pos4/1/0 Building configuration... Current configuration : 122 bytes ! interface POS4/1/0 no ip address encapsulation ppp bridge-domain 100 dot1q clock source internal end The following example shows an example of the message that is sent if you attempt to configure the bridge-domain command without configuring PPP encapsulation: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface pos4/1/0 Router(config-if)# bridge-domain 100 dot1q Must set encapsulation to PPP before using hw bridging over PPP MPLS Configuration Examples This section includes the following MPLS configuration examples: • Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Class-Based Tunnel Selection (CBTS) Configuration Example, page 4-172 Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Class-Based Tunnel Selection (CBTS) Configuration Example The following example shows how to configure Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Class-Based Tunnel Selection (CBTS). Tunnel1, Tunnel2, and Tunnel3 are member tunnels, and Tunnel4 is the master tunnel. Router(config)# interface Tunnel1 Router(config-if)# ip unnumbered loopback0 Router(config-if)# interface destination 24.1.1.1 Router(config-if)# tunnel mode mpls traffic-eng Router(config-if)# tunnel mpls traffic-eng bandwidth sub-pool 30000 Router(config-if)# tunnel mpls traffic-eng exp 5 Router(config)# interface Tunnel2 Router(config-if)# ip unnumbered loopback0 Router(config-if)# interface destination 24.1.1.1 Router(config-if)# tunnel mode mpls traffic-eng Router(config-if)# tunnel mpls traffic-eng bandwidth 50000 Router(config-if)# tunnel mpls traffic-eng exp 3 4 Router(config)# interface Tunnel3 Router(config-if)# ip unnumbered loopback0 Router(config-if)# interface destination 24.1.1.1 Router(config-if)# tunnel mode mpls traffic-eng Router(config-if)# tunnel mpls traffic-eng bandwidth 10000 Router(config-if)# tunnel mpls traffic-eng exp default Router(config)# interface Tunnel4 Router(config-if)# interface destination 24.1.1.14-173 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Examples Router(config-if)# tunnel mpls traffic-eng exp-bundle master Router(config-if)# tunnel mpls traffic-eng exp-bundle member Tunnel1 Router(config-if)# tunnel mpls traffic-eng exp-bundle member Tunnel2 Router(config-if)# tunnel mpls traffic-eng exp-bundle member Tunnel3 Router(config-if)# tunnel mpls traffic-eng autoroute enable QoS Configuration Examples This section includes the following QoS configuration examples: • QoS with Multipoint Bridging Configuration Examples, page 4-173 • Hierarchical QoS with 2-Level Policy Map Configuration Examples, page 4-177 QoS with Multipoint Bridging Configuration Examples The SIPs and SPAs support a subset of QoS features with MPB configurations. • For ATM bridging, Frame Relay bridging, MPB, and BCP features on the Cisco 7600 SIP-200 and Cisco 7600 SIP-400, these matching features are supported on bridged frames beginning in Cisco IOS Release 12.2(33)SRA: – Matching on ATM CLP bit – Matching on Frame Relay DE bit – Matching on Frame Relay DLCI – Matching on inner VLAN – Matching on inner CoS – Matching on IP DSCP (input interface only) • For ATM bridging, Frame Relay bridging, MPB, and BCP features on the Cisco 7600 SIP-200 and Cisco 7600 SIP-400, these marking features are supported on bridged frames beginning in Cisco IOS Release 12.2(33)SRA: – Set ATM CLP bit (output interface only) – Set Frame Relay DE bit (output interface only) – Set inner CoS • For ATM bridging, Frame Relay bridging, MPB, and BCP features on the Cisco 7600 SIP-200 and Cisco 7600 SIP-400, the following marking features with policing are supported on bridged frames beginning in Cisco IOS Release 12.2(33)SRA: – Set inner CoS For more information about configuring QoS on SIPs and SPAs, see the “Configuring QoS Features on a SIP” section on page 4-94. This section includes the following QoS with MPB configuration examples: • Matching All Traffic on an Inner VLAN Tag with MPB on SIPs and SPAs on the Cisco 7600 Series Router Example, page 4-174 • Marking the Inner CoS Value with MPB on SIPs and SPAs on the Cisco 7600 Series Router Example, page 4-174 • Configuring QoS Matching, Shaping, and Marking with MPB on SIPs and SPAs on the Cisco 7600 Series Router Example, page 4-1754-174 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Examples • Setting the Inner CoS Value as a Policing Action for SIPs and SPAs on the Cisco 7600 Series Router Example, page 4-176 Matching All Traffic on an Inner VLAN Tag with MPB on SIPs and SPAs on the Cisco 7600 Series Router Example You can match traffic on an inner VLAN ID of a packet when you are using bridging features on a SPA. The following example shows configuration of a QoS class that filters all bridged traffic for VLAN 100 into a class named “vlan-inner-100.” An output service policy is then applied to the SPA interface that bridges all outgoing traffic for the vlan-inner-100 class into VLAN 100. ! Configure the class maps with your matching criteria. ! Router(config)# class-map match-all vlan-inner-100 Router(config-cmap)# match vlan inner 100 ! ! Apply the service policy to an input or output bridged interface or VC. ! Router(config)# interface atm3/0/0 Router(config-if)# pvc 100/100 Router(config-if-atm-vc)# bridge-domain 100 dot1q Router(config-if-atm-vc)# service-policy output vlan-inner-100 Router(config-if)# end Marking the Inner CoS Value with MPB on SIPs and SPAs on the Cisco 7600 Series Router Example The following example shows configuration of a QoS class that filters all traffic matching on VLAN 100 into a class named “vlan-inner-100.” The configuration shows the definition of a policy-map (also named “vlan-inner-100”) that marks the inner CoS with a value of 3 for traffic in the vlan-inner-100 class. Since marking of the inner CoS value is only supported with bridging features, the configuration also shows the service policy being applied as an output policy to a serial SPA interface that bridges traffic into VLAN 100 using the bridge-domain command. ! Configure the class maps with your matching criteria. ! Router(config)# class-map match-all vlan-inner-100 Router(config-cmap)# match vlan inner 100 Router(config-cmap)# exit ! ! Configure the policy map to mark all traffic in a class. ! Router(config)# policy-map vlan-inner-100 Router(config-pmap)# class vlan-inner-100 Router(config-pmap-c)# set cos-inner 3 Router(config-pmap-c)# exit Router(config-pmap)# exit ! ! Apply the service policy to an input or output bridged interface or VC. ! Router(config)# interface serial3/0/0 Router(config-if)# no ip address Router(config_if)# encapsulation ppp Router(config-if)# bridge-domain 100 dot1q Router(config-if)# service-policy output vlan-inner-100 Router(config-if)# shutdown Router(config-if)# no shutdown Router(config-if)# end4-175 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Examples Configuring QoS Matching, Shaping, and Marking with MPB on SIPs and SPAs on the Cisco 7600 Series Router Example The following example shows a complete QoS configuration of matching, shaping, and marking with MPB on SIPs and SPAs. ! Configure the class maps with your matching criteria. ! The following class maps configure matching on the inner VLAN ID. ! Router(config)# class-map match-all vlan100 Router(config-cmap)# match vlan inner 100 Router(config-cmap)# exit Router(config)# class-map match-all vlan200 Router(config-cmap)# match vlan inner 200 Router(config-cmap)# exit Router(config)# class-map match-all vlan300 Router(config-cmap)# match vlan inner 300 Router(config-cmap)# exit ! ! The following class maps configure matching on the inner CoS value. ! Router(config)# class-map match-all cos0 Router(config-cmap)# match cos inner 0 Router(config-cmap)# exit Router(config)# class-map match-all cos1 Router(config-cmap)# match cos inner 1 Router(config-cmap)# exit Router(config)# class-map match-all cos2 Router(config-cmap)# match cos inner 2 Router(config-cmap)# exit Router(config)# class-map match-all cos7 Router(config-cmap)# match cos inner 7 Router(config-cmap)# exit ! ! Configure a policy map for the defined classes. ! The following policies define shaping characteristics for classes ! on different VLANs ! Router(config)# policy-map vlan100 Router(config-pmap)# class cos1 Router(config-pmap-c)# bandwidth percent 10 Router(config-pmap-c)# exit Router(config-pmap)# class cos2 Router(config-pmap-c)# bandwidth percent 20 Router(config-pmap-c)# exit Router(config-pmap)# class cos7 Router(config-pmap-c)# percent 30 Router(config-pmap-c)# exit Router(config-pmap)# exit Router(config)# policy-map vlan200 Router(config-pmap)# class cos1 Router(config-pmap-c)# bandwidth percent 10 Router(config-pmap-c)# exit Router(config-pmap)# class cos2 Router(config-pmap-c)# bandwidth percent 20 Router(config-pmap-c)# exit Router(config-pmap)# class cos7 Router(config-pmap-c)# percent 30 Router(config-pmap-c)# exit Router(config-pmap)# exit ! ! The following policy map defines criteria for an output interface using MPB ! Router(config)# policy-map egress_mpb Router(config-pmap)# class vlan1004-176 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Examples Router(config-pmap-c)# bandwidth percent 30 Router(config-pmap-c)# service-policy vlan100 Router(config-pmap-c)# exit Router(config-pmap)# class vlan200 Router(config-pmap-c)# bandwidth percent 40 Router(config-pmap-c)# service-policy vlan200 ! ! The following policy map defines criteria for an input interface using MPB ! Router(config)# policy-map ingress_mpb Router(config-pmap)# class vlan100 Router(config-pmap-c)# set cos-inner 5 Router(config-pmap-c)# exit Router(config-pmap)# class vlan200 Router(config-pmap-c)# set cos-inner 3 ! ! The following policy map defines criteria for an ATM output interface using MPB ! Note: You can only mark ATM CLP on an ATM output interface with MPB ! Router(config)# policy-map atm_clp Router(config-pmap)# class cos1 Router(config-pmap-c)# set atm-clp Router(config-pmap-c)# exit Router(config-pmap)# class cos2 Router(config-pmap-c)# set atm-clp Router(config-pmap-c)# exit Router(config-pmap)# exit ! ! Configure an interface for MPB and apply the service policies. ! The following example configures a POS interface in BCP trunk mode and applies two ! different service policies for the output and input traffic on the interface. ! Router(config)# interface POS3/0/0 Router(config-if)# switchport Router(config-if)# shutdown Router(config-if)# no shutdown Router(config-if)# switchport trunk allowed vlan 100,200,300 Router(config-if)# service-policy output egress_mpb Router(config-if)# service-policy input ingress_mpb ! ! The following example configures an ATM interface with bridging on VLAN 100 ! and applies a service policy for setting the ATM CLP for the output traffic. ! Router(config)# interface ATM 4/1/0 Router(config-if)# pvc 1/100 Router(config-if-atm-vc)# bridge-domain 100 Router(config-if-atm-vc)# service-policy output atm-clp Setting the Inner CoS Value as a Policing Action for SIPs and SPAs on the Cisco 7600 Series Router Example The following example shows configuration of a QoS class that filters all traffic for virtual LAN (VLAN) 100 into a class named “vlan-inner-100,” and establishes a traffic shaping policy for the vlan-inner-100 class. The service policy limits traffic to a CIR of 20 percent and a PIR of 40 percent, with a conform burst (bc) of 300 ms, and peak burst (be) of 400 ms, and sets the inner CoS value to 3. Because setting of the inner CoS value is only supported with bridging features, the configuration also shows the service policy being applied as an output policy for an ATM SPA interface permanent virtual circuit (PVC) that bridges traffic into VLAN 100 using the bridge-domain command. ! Configure the class maps with your matching criteria ! Router(config)# class-map match-all vlan-inner-100 Router(config-cmap)# match vlan inner 1004-177 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Examples Router(config-cmap)# exit ! ! Configure the policy map to police all traffic in a class and mark conforming traffic ! (marking traffic whose rate is less than the conform burst) ! Router(config)# policy-map vlan-inner-100 Router(config-pmap-c)# police cir percent 20 bc 300 ms be 400 ms pir percent 40 conform-action set-cos-inner-transmit 3 Router(config-pmap-c)# exit Router(config-pmap)# exit ! ! Apply the service policy to an input or output bridged interface or VC. ! Router(config)# interface atm3/0/0 Router(config-if)# pvc 100/100 Router(config-if-atm-vc)# bridge-domain 100 dot1q Router(config-if-atm-vc)# service-policy output vlan-inner-100 Router(config-if)# end Hierarchical QoS with 2-Level Policy Map Configuration Examples The following example shows configuration of hierarchical QoS that maps to two levels of hierarchical queues (you can configure up to three levels). The first-level policy (the parent policy) configures the aggregated data rate to be shaped to 1 Mbps for the class-default class. The second-level policy (the child policy) configures the traffic in User-A class for 40 percent of the bandwidth and traffic in User-B class for 60 percent of the bandwidth. Because this example shows the parent policy applying to the class-default class, it is supported in Cisco IOS Release 12.2(33)SXF and later, as well as in Cisco IOS Release 12.2(33)SRA. ! Configure the class maps with your matching criteria ! Router(config)# class-map match-any User-A Router(config-cmap)# match access-group A Router(config-cmap)# exit Router(config)# class-map match-any User-B Router(config-cmap)# match access-group B Router(config-cmap)# exit ! ! Configure the parent policy for class-default to shape ! all traffic in that class and apply a second-level policy. ! Router(config)# policy-map parent Router(config-pmap)# class class-default Router(config-pmap-c)# shape 1000000 Router(config-pmap-c)# service-policy child Router(config-pmap-c)# exit Router(config-pmap)# exit ! ! Configure the child policy to allocate different percentages of ! bandwidth by class. ! Router(config)# policy-map Child Router(config-pmap)# class User-A Router(config-pmap-c)# bandwidth percent 40 Router(config-pmap-c)# exit Router(config-pmap)# class User-B Router(config-pmap-c)# bandwidth percent 60 Router(config-pmap-c)# exit Router(config-pmap)# exit ! ! Apply the parent service policy to an input or output interface.4-178 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Configuration Examples ! Router(config)# interface GigabitEthernet 2/0/0 Router(config-if)# service-policy output parent The following example shows configuration of hierarchical QoS that maps to two levels of hierarchical queues, where the parent policy configures average traffic shaping rates on both user-defined classes as well as the class-default class, which is supported beginning in Cisco IOS Release 12.2(33)SRA. This configuration does not show the corresponding class map configuration, which also are required to support these policy maps. ! Configure the parent policy for user-defined and class-default classes to shape ! traffic in those classes and apply a second-level policy. ! Router(config)# policy-map parent Router(config-pmap)# class input-vlan100 Router(config-pmap-c)# shape average 100000 Router(config-pmap-c)# service-policy child-pm Router(config-pmap-c)# exit Router(config-pmap)# class input-vlan200 Router(config-pmap-c)# shape average 100000 Router(config-pmap-c)# service-policy child-pm Router(config-pmap-c)# exit Router(config-pmap)# class class-default Router(config-pmap-c)# shape average 200000 Router(config-pmap-c)# service-policy child-pm Router(config-pmap-c)# exit Router(config-pmap)# exit ! ! Configure the child policy to allocate different percentages of ! bandwidth by class. ! Router(config)# policy-map child-pm Router(config-pmap)# class cos0 Router(config-pmap-c)# bandwidth percent 10 Router(config-pmap-c)# exit Router(config-pmap)# class cos1 Router(config-pmap-c)# bandwidth percent 10 Router(config-pmap-c)# exit Router(config-pmap)# exit ! ! Apply the parent service policy to an input or output interface. ! Router(config)# interface gigabitethernet 2/0/0 Router(config-if)# service-policy output parent-pm Private Hosts SVI (Interface VLAN) Configuration Example The following example shows a typical configuration of the private hosts SVI (Interface VLAN) feature. Note New feature-related commands are highlighted. Router(config)#private-hosts vlan-list 200-202,204-205 Router(config)#private-hosts promiscuous maclist-1 Router(config)#private-hosts promiscuous maclist-2 Router(config)#private-hosts mac-list maclist-1 0000.1111.9991 Router(config)#private-hosts mac-list maclist-2 0000.1111.99924-179 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Troubleshooting Router(config)#private-hosts layer3 Router(config)#private-hosts ! ! Router(config)#interface GigabitEthernet3/0/1 Router(config-if)# switchport Router(config-if)#switchport access vlan 201 Router(config-if)#switchport mode access Router(config-if)#private-hosts mode promiscuous ! Router(config-if)#interface GigabitEthernet3/0/2 Router(config-if)#switchport Router(config-if)#switchport trunk encapsulation dot1q Router(config-if)#switchport trunk allowed vlan 200-205 Router(config-if)#switchport mode trunk Router(config-if)#private-hosts mode isolated ! ''The following example shows another configuration of the private hosts SVI: PE17_C7606(config)# PE17_C7606(config)#private-hosts PE17_C7606(config)#private-hosts mac-list ? WORD mac list name PE17_C7606(config)#private-hosts mac-list ml1 ? H.H.H 48-bit MAC address PE17_C7606(config)#private-hosts mac-list ml1 000a.001e.000d PE17_C7606(config)#private-hosts vlan-list 1 PE17_C7606(config)# private-hosts ? Private hosts configuration subcommands: layer3 enable layer 3 routing with private hosts mac-list MAC addresses list promiscuous MAC addresses list vlan-list Enables private hosts feature on a set of vlans PE17_C7606(config)# private-hosts promiscuous ml1 vlan-list 1 PE17_C7606(config)# Troubleshooting Table 4-20 lists some of the QoS troubleshooting scenarios in a SIP-400. Table 4-20 QoS Troubleshooting on a SIP-400 Problem Solution Error message on applying service-policy on any interface Check if you have configured the service-policy correctly. If not, re-apply the service policy on the interface. If the issue persists, contact TAC. No drop in priority queues despite excessive traffic flow To troubleshoot priority queues, configure the explicit policer value for the priority traffic. If the issue persists, contact TAC.4-180 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 4 Configuring the SIPs and SSC Troubleshooting No drops in class bandwidth when the offered rate crosses the configured bandwidth 1. Use the bandwidth command to ensure that a minimum bandwidth and not the maximum bandwidt exists. 2. Use the shape average command instead of the bandwidth command to assign a maximum bandwidth. 3. If the issue persists, contact TAC. Drops in some classes and no drops in others The traffic drops depend on the traffic pattern. Reserved bandwidth is forced when there is a congestion on the parent shaper or physical link that completely depends on the traffic pattern. If the issue persists, contact TAC. Problem SolutionC H A P T E R 5-1 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 5 Troubleshooting the SIPs and SSC This chapter describes techniques that you can use to troubleshoot the operation of your SIPs. It includes the following sections: • General Troubleshooting Information, page 5-1 • Using the Cisco IOS Event Tracer to Troubleshoot Problems, page 5-2 • Troubleshooting Oversubscription on the Cisco 7600 SIP-400, page 5-3 • Preparing for Online Insertion and Removal of SIPs, SSCs, and SPAs, page 5-3 The first section provides information about basic interface troubleshooting. If you are having a problem with your SPA, use the steps in the “Using the Cisco IOS Event Tracer to Troubleshoot Problems” section to begin your investigation of a possible interface configuration problem. To perform more advanced troubleshooting, see the other sections in this chapter. General Troubleshooting Information This section describes general information for troubleshooting SIPs, SSCs, and SPAs. It includes the following sections: • Interpreting Console Error Messages, page 5-1 • Using debug Commands, page 5-2 • Using show Commands, page 5-2 Interpreting Console Error Messages To view the explanations and recommended actions for Cisco 7600 series router error messages, including messages related to Cisco 7600 series router SIPs and SSCs, refer to the following documents: • Cisco 7600 Series Cisco IOS System Message Guide, 12.2SX (for error messages in Release 12.2SX) • System Error Messages for Cisco IOS Release 12.2S (for error messages in Release 12.2S) System error messages are organized in the documentation according to the particular system facility that produces the messages. The SIP and SSC error messages use the following facility names: • Cisco 7600 SIP-200—C7600_SIP200 • Cisco 7600 SIP-400—SIP4005-2 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 5 Troubleshooting the SIPs and SSC Using the Cisco IOS Event Tracer to Troubleshoot Problems • Cisco 7600 SIP-600—SIP600 • Cisco 7600 SSC-400—C7600_SSC400 Note Rate limit SIP200_MP-4-PAUSE ensures that one pause message is logged per unique occurrence across the SIP200 reloads and the subsequent occurrences are only statistically accounted. This is applicable only for SIP 200 and not for SIP 400 and SIP 600. Using debug Commands Along with the other debug commands supported on the Cisco 7600 series router, you can obtain specific debug information for SIPs and SSCs on the Cisco 7600 series router using the debug hw-module privileged EXEC command. The debug hw-module command is intended for use by Cisco Systems technical support personnel. Caution Because debugging output is assigned high priority in the CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use. For more information about other debug commands that can be used on a Cisco 7600 series router, refer to the Cisco 7600 Series Cisco IOS Command Reference, 12.2 SXand to the Cisco IOS Debug Command Reference, Release 12.2 SR. Using show Commands There are several show commands that you can use to monitor and troubleshoot the SIPs and SSCs on the Cisco 7600 series router. This chapter describes using the show hw-module slot command to perform troubleshooting of your SPA. For more information about show commands to verify and monitor SIPs and SSCs, see the following chapters of this guide: • Chapter 4, “Configuring the SIPs and SSC” Using the Cisco IOS Event Tracer to Troubleshoot Problems Note This feature is intended for use as a software diagnostic tool and should be configured only under the direction of a Cisco Technical Assistance Center (TAC) representative. The Event Tracer feature provides a binary trace facility for troubleshooting Cisco IOS software. This feature gives Cisco service representatives additional insight into the operation of the Cisco IOS software and can be useful in helping to diagnose problems in the unlikely event of an operating system malfunction or, in the case of redundant systems, Route Processor switchover. 5-3 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 5 Troubleshooting the SIPs and SSC Troubleshooting Oversubscription on the Cisco 7600 SIP-400 Event tracing works by reading informational messages from specific Cisco IOS software subsystem components that have been preprogrammed to work with event tracing, and by logging messages from those components into system memory. Trace messages stored in memory can be displayed on the screen or saved to a file for later analysis. The SPAs currently support the “spa” component to trace SPA OIR-related events. Troubleshooting Oversubscription on the Cisco 7600 SIP-400 As of Cisco IOS Release 12.2(18)SXF, when using the Cisco 7600 SIP-400 with the 2-Port Gigabit Ethernet SPA or the 1-Port OC-48c/STM-16 ATM SPA, consider the following oversubscription guidelines: • The Cisco 7600 SIP-400 only supports installation of one 1-Port OC-48c/STM-16 ATM SPA without any other SPAs installed in the SIP. • The Cisco 7600 SIP-400 supports installation of up to two 2-Port Gigabit Ethernet SPAs without any other SPAs installed in the SIP. • The Cisco 7600 SIP-400 supports installation of any combination of OC-3 or OC-12 POS or ATM SPAs, up to a combined ingress bandwidth of OC-48 rates. • The Cisco 7600 SIP-400 supports installation of any combination of OC-3 or OC-12 POS or ATM SPAs up to a combined ingress bandwidth of OC-24 rates, when installed with a single 2-Port Gigabit Ethernet SPA. Configurations on the Cisco 7600 SIP-400 with an unsupported aggregate SPA bandwidth greater than OC-48 rates generates the following error message: SLOT 3: 00:00:05: %SIPSPA-4-MAX_BANDWIDTH: Total SPA bandwidth exceeds line card capacity of 2488 Mbps Preparing for Online Insertion and Removal of SIPs, SSCs, and SPAs The Cisco 7600 series router supports online insertion and removal (OIR) of the SPA interface processor (SIP) or SPA services card (SSC), in addition to each of the shared port adapters (SPAs). Therefore, you can remove a SIP or SSC with its SPAs still intact, or you can remove a SPA independently from the SIP or SSC, leaving the SIP or SSC installed in the router. This section includes the following topics on OIR support: • Preparing for Online Removal of a SIP or SSC, page 5-4 • Verifying Deactivation and Activation of a SIP or SSC, page 5-5 • Preparing for Online Removal of a SPA, page 5-6 • Verifying Deactivation and Activation of a SPA, page 5-7 • Deactivation and Activation Configuration Examples, page 5-8 Note For simplicity, any reference to “SIP” in this section also applies to the SSC.5-4 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 5 Troubleshooting the SIPs and SSC Preparing for Online Insertion and Removal of SIPs, SSCs, and SPAs Preparing for Online Removal of a SIP or SSC The Cisco 7600 series router supports OIR of the SIP and the SSC. To do this, you can power down a SIP (which automatically deactivates any installed SPAs) and remove the SIP with the SPAs still intact. Although graceful deactivation of a SIP is preferred using the no power enable module command, the Cisco 7600 series router does support removal of the SIP without deactivating it first. If you plan to remove a SIP, you can deactivate the SIP first, using the no power enable module global configuration command. When you deactivate a SIP using this command, it automatically deactivates each of the SPAs that are installed in that SIP. Therefore, it is not necessary to deactivate each of the SPAs prior to deactivating the SIP. Either a blank filler plate or a functional SPA should reside in every subslot of a SIP during normal operation. For more information about the recommended procedures for physical removal of the SIP, refer to the Cisco 7600 Series Router SIP, SSC, and SPA Hardware Installation Guide. Deactivating a SIP or SSC To deactivate a SIP or SSC and its installed SPAs prior to removal of the SIP, use the following command in global configuration mode: For more information about chassis slot numbering, refer to the “Identifying Slots and Subslots for SIPs, SSCs, and SPAs” section in this guide. Reactivating a SIP or SSC Once you deactivate a SIP or SSC, whether or not you have performed an OIR, you must use the power enable module global configuration command to reactivate the SIP. If you did not issue a command to deactivate the SPAs installed in a SIP, but you did deactivate the SIP using the no power enable module command, then you do not need to reactivate the SPAs after an OIR of the SIP. The installed SPAs automatically reactivate upon reactivation of the SIP in the router. For example, consider the case where you remove a SIP from the router to replace it with another SIP. You reinstall the same SPAs into the new SIP. When you enter the power enable module command on the router, the SPAs will automatically reactivate with the new SIP. Command Purpose Router(config)# no power enable module slot Shuts down any installed interfaces, and deactivates the SIP in the specified slot, where: • slot—Specifies the chassis slot number where the SIP is installed.5-5 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 5 Troubleshooting the SIPs and SSC Preparing for Online Insertion and Removal of SIPs, SSCs, and SPAs To activate a SIP and its installed SPAs after the SIP has been deactivated, use the following command in global configuration mode: For more information about chassis slot numbering, refer to the “Identifying Slots and Subslots for SIPs, SSCs, and SPAs” section in this guide. Verifying Deactivation and Activation of a SIP or SSC To verify the deactivation of a SIP or SSC, enter the show module command in privileged EXEC configuration mode. Observe the Status field associated with the SIP that you want to verify. The following example shows that the Cisco 7600 SIP-400 located in slot 13 is deactivated. This is indicated by its “PwrDown” status. Router# show module 13 Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 13 0 4-subslot SPA Interface Processor-400 7600-SIP-400 JAB0851042X Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------- 13 00e0.aabb.cc00 to 00e0.aabb.cc3f 0.525 12.2(PP_SPL_ 12.2(PP_SPL_ Ok Mod Online Diag Status --- ------------------- 13 PwrDown To verify activation and proper operation of a SIP, enter the show module command and observe “Ok” in the Status field as shown in the following example: Router# show module 2 Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 2 0 4-subslot SPA Interface Processor-200 7600-SIP-200 JAB074905S1 Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------- 2 0000.0000.0000 to 0000.0000.003f 0.232 12.2(2004082 12.2(2004082 Ok Mod Online Diag Status --- ------------------- 2 Pass Command Purpose Router(config)# power enable module slot Activates the SIP in the specified slot and its installed SPAs, where: • slot—Specifies the chassis slot number where the SIP is installed.5-6 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 5 Troubleshooting the SIPs and SSC Preparing for Online Insertion and Removal of SIPs, SSCs, and SPAs Preparing for Online Removal of a SPA The Cisco 7600 series router supports OIR of a SPA independently of removing the SIP or SSC. This means that a SIP can remain installed in the router with one SPA remaining active, while you remove another SPA from one of the SIP subslots. If you are not planning to immediately replace a SPA into the SIP, then be sure to install a blank filler plate in the subslot. The SIP should always be fully installed with either functional SPAs or blank filler plates. The interface configuration is retained (recalled) if a SIP or SPA is removed and then replaced with one of the same type. This is not the case if you replace a Cisco 7600 SIP-200 with a Cisco 7600 SIP-400 or vice versa. If you are planning to remove a SIP along with its SPAs, then you do not need to follow the instructions in this section. To remove a SIP, see the “Preparing for Online Removal of a SIP or SSC” section on page 5-4. Note If you move the SPA (SPA-8XTE1/ SPA-4xCT3/DS0 / SPA-2xCT3/DS0/SPA-1xCHSTM1/OC3) from one LC to another type of LC in the same bay and same slot, the system will not retain the configuration of the old interface. Deactivating a SPA Although graceful deactivation of a SPA is preferred using the hw-module subslot shutdown command, the Cisco 7600 series router does support removal of the SPA without deactivating it first. Before deactivating a SPA, ensure that the SIP is seated securely into the slot before pulling out the SPA itself. Note If you are preparing for an OIR of a SPA, it is not necessary to independently shut down each of the interfaces prior to deactivation of the SPA. The hw-module subslot shutdown command automatically stops traffic on the interfaces and deactivates them along with the SPA in preparation for OIR. In similar fashion, you do not need to independently restart any interfaces on a SPA after OIR of a SPA or SIP. To deactivate a SPA and all of its interfaces prior to removal of the SPA, use the following command in global configuration mode: Command Purpose Router(config)# hw-module subslot slot/subslot shutdown [powered | unpowered] Deactivates the SPA in the specified slot and subslot of the SIP, where: • slot—Specifies the chassis slot number where the SIP is installed. • subslot—Specifies subslot number on a SIP where a SPA is installed. • powered—(Optional) Shuts down the SPA and all of its interfaces, and leaves them in an administratively down state with power enabled. This is the default state. • unpowered—(Optional) Shuts down the SPA and all of its interfaces, and leaves them in an administratively down state without power.5-7 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 5 Troubleshooting the SIPs and SSC Preparing for Online Insertion and Removal of SIPs, SSCs, and SPAs For more information about chassis slot and SIP subslot numbering, refer to the “Identifying Slots and Subslots for SIPs, SSCs, and SPAs” section in this guide. Reactivating a SPA Note You do not need to reactivate a SPA after an OIR of either the SIP or a SPA if you did not deactivate the SPA prior to removal. If the router is running, then the SPAs automatically start upon insertion into the SIP or with insertion of a SIP into the router. If you deactivate a SPA using the hw-module subslot shutdown global configuration command and need to reactivate it without performing an OIR, you need to use the no hw-module subslot shutdown global configuration command to reactivate the SPA and its interfaces. To activate a SPA and its interfaces after the SPA has been deactivated, use the following command in global configuration mode: Verifying Deactivation and Activation of a SPA When you deactivate a SPA, the corresponding interfaces are also deactivated. This means that these interfaces will no longer appear in the output of the show interface command. To verify the deactivation of a SPA, enter the show hw-module subslot all oir command in privileged EXEC configuration mode. Observe the Operational Status field associated with the SPA that you want to verify. In the following example, the SPA located in subslot 1 of the SIP in slot 2 of the router is administratively down from the hw-module subslot shutdown command: Router# show hw-module subslot all oir Module Model Operational Status -------------- ------------------ ------------------------- subslot 2/0 SPA-4XOC3-POS ok subslot 2/1 SPA-4XOC3-ATM admin down To verify activation and proper operation of a SPA, enter the show hw-module subslot all oir command and observe “ok” in the Operational Status field as shown in the following example: Router# show hw-module subslot all oir Module Model Operational Status -------------- ------------------ ------------------------- subslot 2/0 SPA-4XOC3-POS ok subslot 2/1 SPA-4XOC3-ATM ok Command Purpose Router(config)# no hw-module subslot slot/subslot shutdown Activates the SPA and its interfaces in the specified slot and subslot of the SIP, where: • slot—Specifies the chassis slot number where the SIP is installed. • subslot—Specifies subslot number on a SIP where a SPA is installed. 5-8 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 5 Troubleshooting the SIPs and SSC Preparing for Online Insertion and Removal of SIPs, SSCs, and SPAs Deactivation and Activation Configuration Examples This section provides the following examples of deactivating and activating SIPs and SPAs: • Deactivation of a SIP Configuration Example, page 5-8 • Activation of a SIP Configuration Example, page 5-8 • Deactivation of a SPA Configuration Example, page 5-8 • Activation of a SPA Configuration Example, page 5-8 Deactivation of a SIP Configuration Example Deactivate a SIP when you want to perform OIR of the SIP. The following example deactivates the SIP that is installed in slot 5 of the router, its SPAs, and all of the interfaces. The corresponding console messages are shown: Router# configure terminal Router(config)# no power enable module 5 1w4d: %OIR-6-REMCARD: Card removed from slot 5, interfaces disabled 1w4d: %C6KPWR-SP-4-DISABLED: power to module in slot 5 set off (admin request) Activation of a SIP Configuration Example Activate a SIP if you have previously deactivated it. If you did not deactivate the SPAs, the SPAs automatically reactivate with reactivation of the SIP. The following example activates the SIP that is installed in slot 5 of the router, its SPA, and all of the interfaces (as long as the hw-module subslot shutdown command was not issued to also deactivate the SPA): Router# configure terminal Router(config)# power enable module 5 Notice that there are no corresponding console messages shown with activation. If you re-enter the power enable module command, a message is displayed indicating that the module is already enabled: Router(config)# power enable module 5 % module is already enabled Deactivation of a SPA Configuration Example Deactivate a SPA when you want to perform OIR of that SPA. The following example deactivates the SPA (and its interfaces) that is installed in subslot 0 of the SIP located in slot 2 of the router and removes power to the SPA. Notice that no corresponding console messages are shown: Router# configure terminal Router(config)# hw-module subslot 2/0 shutdown unpowered Activation of a SPA Configuration Example Activate a SPA if you have previously deactivated it. If you have not deactivated a SPA and its interfaces during OIR of a SIP, then the SPA is automatically reactivated upon reactivation of the SIP. The following example activates the SPA that is installed in slot 2 of the router and all of its interfaces. 5-9 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 5 Troubleshooting the SIPs and SSC Preparing for Online Insertion and Removal of SIPs, SSCs, and SPAs Router# configure terminal Router(config)# no hw-module subslot 2/0 shutdown Router#5-10 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 5 Troubleshooting the SIPs and SSC Preparing for Online Insertion and Removal of SIPs, SSCs, and SPAs P A R T 3 ATM Shared Port Adapters C H A P T E R 6-1 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 6 Overview of the ATM SPAs This chapter provides an overview of the release history, features, and MIB support for the 1-Port OC-48c/STM-16 ATM SPA, 1-Port OC-12c/STM-4 ATM SPA, and the 2-Port and 4-Port OC-3c/STM-1 ATM SPA. This chapter includes the following sections: • Release History, page 6-2 • Overview, page 6-3 • Supported Features, page 6-7 • Unsupported Features, page 6-15 • Prerequisites, page 6-16 • Restrictions, page 6-16 • Supported MIBs, page 6-17 • SPA Architecture, page 6-18 • Displaying the SPA Hardware Type, page 6-206-2 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Release History Release History Release Modification 15.0(1)S • Network Clocking and SSM functionality support was added. • Support for the following ATM SPAs introduced: – 1-Port Clear Channel OC-3 ATM SPA Version 2 – 3-Port Clear Channel OC-3 ATM SPA Version 2 – 1-Port Clear Channel OC-12 ATM SPA Version 2 12.2(33)SRE • Support for the following features has been added for the ATM SPAs: – VC QoS on VP-PW – QoS support on Access Circuit Redundancy – Access Circuit Redundancy for ATM clients in single APS (SR APS ) environment. 12.2(33)SRD • Support for the following features was introduced for ATM SPAs on the Cisco 7600 SIP-400: – Port mode cell relay (single cell relay) – Port mode cell relay (packed cell relay) – Bridged Routed Encapsulation (BRE) 12.2(33)SRC • Support for Phase 2 Local Switching Redundancy 12.2(33)SRA • Some restrictions for QoS and MLPPP bundles were added. • Support for the following features was introduced for ATM SPAs on the Cisco 7600 SIP-200: – AToM VP Mode Cell Relay – MPLS over RBE – Multi-VC to VLAN scalability – QoS support on bridging features • Support for the following features was introduced for ATM SPAs on the Cisco 7600 SIP-400: – AToM VP Mode Cell Relay – Multi-VC to VLAN scalability – Multi-VLAN to VC – QoS support on bridging features 6-3 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Overview Overview The ATM SPAs are single-width, double-height, cross-platform Optical Carrier (OC) ATM adapter cards that provide OC-3c/STM-1c (155.52 Mbps), OC-12c/STM-4c (622.080 Mbps), or OC-48/STM-16 (2488 Mbps) connectivity and can be used in a Cisco 7600 series router. The ATM SPAs come in the following models: • 2-Port and 4-Port OC-3c/STM-1 ATM SPA (SPA-2XOC3-ATM=, SPA-4XOC3-ATM=) • 1-Port OC-12c/STM-4 POS SPA (SPA-1XOC12-ATM=) • 1-Port OC-48c/STM-16 ATM SPA (SPA-1XOC48-ATM=) • 1-Port and 3-port Clear Channel OC-3 ATM SPA Version 2 (SPA-1xOC3-ATM-V2=, SPA-3xOC3-ATM-V2) • 1-Port Clear Channel OC-12 ATM SPA Version 2 (SPA-1xOC12-ATM-V2=) The OC-3c ATM SPAs must be installed in a Cisco 7600 SIP-200 or Cisco 7600 SIP-400 SPA interface processor (SIP) before they can be used in the Cisco 7600 series router. The 1-Port OC-12c/STM-4 ATM SPA and 1-Port OC-48c/STM-16 ATM SPA must be installed in a Cisco 7600 SIP-400 before they can be used in the Cisco 7600 series router. You can install the SPA in the SIP before or after you insert the SIP into the router chassis. This allows you to perform online insertion and removal (OIR) operations either by removing individual SPAs from the SIP, or by removing the entire SIP (and its contained SPAs) from the router chassis. The ATM SPAs provide cost-effective wide-area network (WAN) connectivity for service providers across their existing ATM networks. Using a highly modular approach, the SPA and SIP form factors maximize the flexibility of an existing Cisco 7600 series router, allowing service providers to mix and match SPAs to more easily meet evolving port-density and networking media needs. The ATM SPAs also use small form-factor pluggable (SFP) optical transceivers, giving service providers port-level flexibility for different types of optical media (such as single mode and multimode). Changing the type of optical network involves simply replacing the transceiver, not the SPAs or SIP. 12.2(18)SXE • Support was introduced for the 2-Port and 4-Port OC-3c/STM-1 ATM SPAs on the Cisco 7600 SIP-200 and Cisco 7600 SIP-400 SPA interface processors (SIPs) on the Cisco 7600 series router and Catalyst 6500 series switch. • Support was introduced for the 1-Port OC-12c/STM-4 ATM SPA on the Cisco 7600 SIP-400 on the Cisco 7600 series router and Catalyst 6500 series switch. 12.2(18)SXF • Support was introduced for the 1-Port OC-48c/STM-16 ATM SPA on the Cisco 7600 SIP-400 on the Cisco 7600 series router and Catalyst 6500 series switch. 12.2(18)SXF2 • Support for the “Enhancements to RFC 1483 Spanning Tree Interoperability” feature was added for ATM SPAs on the Cisco 7600 series router and Catalyst 6500 series switch. • Documentation of a workaround for ATM SPA configuration on the Cisco 7600 SIP-200 has been added in Chapter 7, “Configuring the ATM S PAs ” to address a Routed Bridge Encapsulation (RBE) limitation where only one remote MAC address is supported.6-4 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Overview Note A maximum of two ATM SPAs can be installed in each SIP, and these SPAs can be different models (such as a 2-Port OC-3c/STM-1 ATM SPA and a 1-Port OC-12c/STM-4 ATM SPA). You can also mix SPAs of different types, such as ATM and POS, in a SIP, depending on the space requirements of the SIPs. An exception is that only one 1-Port OC-48c/STM-16 ATM SPA can be installed in a SIP; the other slot should be left empty. See the following sections for more information about the ATM SPAs: • ATM Overview, page 6-4 • PVC and SVC Encapsulations, page 6-4 • PVC and SVC Service Classes, page 6-5 • Advanced Quality of Service, page 6-6 ATM Overview Asynchronous Transfer Mode (ATM) uses cell-switching and multiplexing technology that combines the benefits of circuit switching (constant transmission delay and guaranteed capacity) with those of packet switching (flexibility and efficiency for intermittent traffic). ATM transmits small cells (53 bytes) with minimal overhead (5 bytes of header and checksum, with 48 bytes for data payload), allowing for very quick switching times between the input and output interfaces on a router. ATM is a connection-oriented environment, in which each ATM endpoint (or node) must establish a separate connection to the specific endpoints in the ATM network with which it wants to exchange traffic. This connection (or channel) between the two endpoints is called a virtual circuit (VC). Each VC is uniquely identified by the combination of a virtual path identifier (VPI) and a virtual channel identifier (VCI). The VC is treated as a point-to-point mechanism to another router or host and is capable of supporting bidirectional traffic. In an ATM network, a VC can be either a permanent virtual circuit (PVC) or a switched virtual circuit (SVC). A network operator must manually configure a PVC, which remains in force until it is manually torn down. An SVC is set up and torn down using an ATM signaling mechanism. On the ATM SPAs, this signaling is based on the ATM Forum User-Network Interface (UNI) specification V3.x and V4.0. PVC and SVC Encapsulations PVCs and SVCs are configured with an ATM encapsulation type that is based upon the ATM Adaptation Layer (AAL). The following types are supported: • AAL5CISCOPPP—AAL5 Cisco PPP encapsulation, which is Cisco’s proprietary PPP over ATM encapsulation. • AAL5MUX—ATM Adaptation Layer 5 MUX encapsulation, also known as null encapsulation, that supports a single protocol (IP or IPX). • AAL5NLPID—(Supported on ATM SPAs in a Cisco 7600 SIP-200 only) AAL5 Network Layer Protocol Identification (NLPID) encapsulation, which allows ATM interfaces to interoperate with High-Speed Serial Interfaces (HSSIs) that are using an ATM data service unit (ADSU) and running ATM-Data Exchange Interface (DXI).6-5 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Overview • AAL5SNAP—AAL5 Logical Link Control/Subnetwork Access Protocol (LLC/SNAP) encapsulation, which supports Inverse ARP and incorporates the LLC/SNAP that precedes the protocol datagram. This allows the use of multiple protocols over the same VC, and is particularly well–suited for encapsulating IP packets. Note The 1-Port OC-48c/STM-16 ATM SPA supports only AAL5MUX and AAL5SNAP encapsulations. PVC and SVC Service Classes ATM was designed with built-in quality of service capabilities to allow it to efficiently multiplex different types of traffic over the same links. To accomplish this, each PVC or SVC is configured with a service class that defines the traffic parameters, such as maximum cell rate or burst rate, for the circuit. The following service classes are available in ATM networks: • Constant Bit Rate (CBR)—The ATM router transmits ATM cells in a continuous bit-stream that is suitable for real-time traffic, such as voice and video. CBR is typically used for VCs that need a static amount of bandwidth (constant bit rate or average cell rate) that is continuously available for the duration of the active connection. The ATM router guarantees that a VC with a CBR service class can send cells at the peak cell rate (PCR) at any time, but the VC is also free to use only part of the allocated bandwidth, or none of the bandwidth, as well. • Unspecified Bit Rate (UBR)—The ATM router does not make any quality of service (QoS) commitment at all to the PVC or SVC, but instead uses a best-effort attempt to send the traffic transmitted by the PVC or SVC. UBR typically is the default configuration and is used for non-critical Internet connectivity, including e–mail, file transfers, web browsing, and so forth. The ATM router enforces a maximum peak cell rate (PCR) for the VC, to prevent the VC from using all the bandwidth that is available on the line. • Unspecified Bit Rate Plus (UBR+)—UBR+ is a special ATM service class developed by Cisco Systems. UBR+ uses MCR (Minimum Cell Rate) along with PCR (Peak Cell Rate). In UBR+, the MCR is a “soft guarantee” of minimum bandwidth. A router signals the MCR value at call setup time when a switched VC is created. The ATM router is then responsible for the guarantee of the bandwidth specified in the MCR parameter. A UBR+ VC is a UBR VC for which the MCR is signaled by the router and guaranteed by the ATM router. Therefore, UBR+ affects connection admission control and resource allocation on ATM routers. The UBR+ service class is supported only on SVCs for an ATM SPA. It is not supported on PVCs for an ATM SPA. Note UBR+ is not supported on the 1-Port OC-48c/STM-16 ATM SPA. • Variable Bit Rate–Non-Real Time (VBR–nrt)—The ATM router attempts to guarantee a minimum burst size (MBS) and sustainable cell rate (SCR) for non-real-time traffic that is bursty in nature, such as database queries or aggregation of large volumes of traffic from many different sources. The ATM router also enforces a maximum peak cell rate (PCR) for the VC, to prevent the VC from using all of the bandwidth that is available on the line. • Variable Bit Rate–Real Time (VBR–rt)—The ATM router guarantees a maximum burst size (MBS) and sustainable cell rate (SCR) for real-time traffic that is bursty in nature, such as voice, video conferencing, and multiplayer gaming. VBR-rt traffic has a higher priority than VBR-nrt traffic, allowing the real-time traffic to preempt the non-real-time traffic, if necessary. The ATM router also enforces a maximum peak cell rate (PCR) for the VC, to prevent the VC from using all the bandwidth that is available on the line. 6-6 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Overview Note The ATM SPAs do not support the Available Bit Rate (ABR) service class, which uses a minimum cell rate (MCR). Advanced Quality of Service In addition to the integrated QoS capabilities that are provided by the standard ATM service classes, the ATM SPA cards support a number of advanced QoS features. These features include the following: • Per-VC and Per-VP Traffic Shaping—Enables service providers to control the bandwidth provided at the VC or VP level. You cannot shape a VC that is part of a shaped VP. You can however enable both VC and VP shaping simultaneously (as long as shaped VCs use a different VPI value than the shaped VP). • Layer 3 (IP) QoS at the Per-VC Level—Allows marking and classifying traffic at the IP layer, for each VC, enabling service providers to control the individual traffic flows for a customer, so as to meet the customer’s particular QoS needs. The IP QoS can use the IP type of service (ToS) bits, the RFC 2475 Differentiated Services Code Point (DSCP) bits, and the MPLS EXP bits. WRED, LLQ, CBWFQ, policing, classification, and marking are supported. • Multiprotocol Label Switching (MPLS)—Allows service providers to provide cost-effective virtual private networks (VPNs) to their customers, while simplifying load balancing and QoS management, without incurring the overhead of extensive Layer 3 routing. • IP to ATM Mapping—Creates a mapping between the Cell Loss Priority (CLP) bit in ATM cell headers and the IP precedence or IP Differentiated Services Code Point (DSCP) bits. • VC Bundling—Selects the output VC on the basis of the IP Class of Service (CoS) bits. (Supported only when using the Cisco 7600 SIP-200 and not the Cisco 7600 SIP-400.) • MQC policy support existing on ATM VC is extended to the ATM PVP from Cisco IOS Release 12.2(33)SRE. An existing CLI is configurable under ATM L2 PVP mode. See Chapter 4, “Configuring the SIPs and SSC”, section Configuring QoS Features Using MQC, page 4-96 for details on the configuration command. The following example briefly depicts the modular QoS CLI configuration on the ATM PVC : interface atm slot/bay/port atm pvp 10 l2transport service-policy [input/output] For a complete discussion about MQC, refer to the Modular Quality of Service Command-Line Interface Overview Chapter of the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2 publication at: http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/12_2sr/qos_12_2sr_book.html Note Additional QoS features are expected to be added with each Cisco IOS software release. Please see the release notes for each release for additional features that might be supported and for the restrictions that might affect existing features. 6-7 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Supported Features Supported Features This section provides a list of some of the primary features supported by the ATM hardware and software: • SIP-Dependent Features, page 6-7 • Basic Features, page 6-8 • SONET/SDH Error, Alarm, and Performance Monitoring, page 6-9 • Layer 2 Features, page 6-10 • Layer 3 Features, page 6-11 • High-Availability Features, page 6-12 • Enhancements to RFC 1483 Spanning Tree Interoperability, page 6-12 • Supported Supervisor Engines and Line Cards, page 6-13 • Interoperability Problem, page 6-13 • BPDU Packet Formats, page 6-13 SIP-Dependent Features Most features for the ATM SPAs are supported on both the Cisco 7600 SIP-200 and Cisco 7600 SIP-400, but some features are supported only on a particular model of SIP. Table 6-1 lists the features that are supported on only one model of SIP. Any supported features for the ATM SPAs that are not listed in this table are supported on both SIPs. Table 6-1 SIP-Dependent Feature Support Feature Supported on Cisco 7600 SIP-200 Supported on Cisco 7600 SIP-400 AAL5NLPID encapsulation and Routed-NLPID-PDUs Yes No ATM VC Access Trunk Emulation (multi-VLAN to VC) Yes Yes Bridging of Routed Encapsulations (BRE) Yes Yes Frame Relay to ATM (FR-ATM) internetworking No No RFC-1483 ATM Half-Bridging and Routed Bridged Encapsulation (RBE) Yes No VC Bundling (Selects the output VC on the basis of the IP CoS bits) Yes No RFC 1483, Multiprotocol Encapsulation over ATM Adaptation Layer 5, Multipoint Bridging (MPB) (also known as multi-VC to VLAN) on the 2-Port and 4-Port OC-3c/STM-1c ATM SPA Yes Yes Aggregate WRED Yes Yes Access Circuit Redundancy (ACR) No Yes QoS support on ACR interface No Yes VC QoS on VP pseudowire No Yes Network Clock and SSM support No Yes6-8 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Supported Features Basic Features • Bellcore GR-253-CORE SONET/SDH compliance (ITU-T G.707, G.783, G.957, G.958) • Interface-compatible with other Cisco ATM adapters Note The ATM SPA is functionally similar to other ATM port adapters on the Cisco 7600 series router, but because it is a different card type, the configuration for the slot is lost when you replace an existing ATM port adapter with an ATM SPA in a SIP. • Supports both permanent virtual circuits (PVCs) and switched virtual circuits (SVCs) • An absolute maximum of 16,384 (16K) configured VCs per ATM SPA (4,096 [4K] per interface) with the following recommended limitations: – On a Cisco 7600 SIP-400, 8000 PVCs are supported on multipoint subinterfaces. The limit of 16,384 PVCs only applies to the Cisco 7600 SIP-200. – A recommended maximum number of 2,048 PVCs on all point-to-point subinterfaces for all ATM SPAs in a SIP. – A recommended maximum number of 16,380 PVCs on all multipoint subinterfaces for all ATM SPAs in a SIP, and a recommended maximum number of 200 PVCs per each individual multipoint subinterface. – A recommended maximum number of 400 SVCs for all ATM SPAs in a SIP. – A recommended maximum number of 1,024 PVCs using service policies for all ATM SPAs in a SIP. • Up to 4,096 simultaneous segmentations and reassemblies (SARs) per interface • Supports a maximum number of 200 PVCs or SVCs using Link Fragmentation and Interleaving (LFI) for all ATM SPAs (or other ATM modules) in a Cisco 7600 series router • Supports a maximum number of 1024 PVCs or 400 SVCs configured with Modular QoS CLI (MQC) policy maps • Up to 1,000 maximum virtual templates per router • ATM adaptation layer 5 (AAL5) for data traffic • Hardware switching of multicast packets for point-to-point subinterfaces • SONET/SDH (software selectable) optical fiber (2-Port and 4-Port OC-3c/STM-1 ATM SPA, 1-Port OC-48c/STM-16 ATM SPA, or 1-Port OC-12c/STM-4 ATM SPA), depending on the model of ATM SPA • Uses small form-factor pluggable (SFP) optical transceivers, allowing the same ATM SPA hardware to support multimode (MM), single-mode intermediate (SMI), or single-mode long (SML) reach, depending on the capabilities of the SPA • ATM section, line, and path alarm indication signal (AIS) cells, including support for F4 and F5 flows, loopback, and remote defect indication (RDI) • Operation, Administration, and Maintenance (OAM) cells except OAM Emulation • Online insertion and removal (OIR) of individual ATM SPAs from the SIP, as well as OIR of the SIPs with ATM SPAs installed • Supports the Network Clocking and the Synchronization Status Message(SSM) functionality. (ATM SPAs in a Cisco 7600 SIP-400 only). The supported ATM SPAs are:6-9 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Supported Features – SPA-2xOC3-ATM – SPA-4xOC3-ATM – SPA-1xOC12-ATM – SPA-1xOC48-ATM – SPA-1xOC3-ATM-V2 – SPA-2xOC3-ATM-V2 – SPA-3xOC3-ATM-V2 – SPA-1xOC12-ATM-V2 For information on configuring the network clock see, Configuring Boundary Clock for 2-Port Gigabit Synchronous Ethernet SPA on Cisco 7600 SIP-400, page 12-29 SONET/SDH Error, Alarm, and Performance Monitoring • Fiber removed and reinserted • Signal failure bit error rate (SF-BER) • Signal degrade bit error rate (SD-BER) • Signal label payload construction (C2) • Path trace byte (J1) • Section Diagnostics: – Loss of signal (SLOS) – Loss of frame (SLOF) – Error counts for B1 – Threshold crossing alarms (TCA) for B1 (B1-TCA) • Line Diagnostics: – Line alarm indication signal (LAIS) – Line remote defect indication (LRDI) – Line remote error indication (LREI) – Error counts for B2 – Threshold crossing alarms for B2 (B2-TCA) • Path Diagnostics: – Path alarm indication signal (PAIS) – Path remote defect indication (PRDI) – Path remote error indication (PREI) – Error counts for B3 – Threshold crossing alarms for B3 (B3-TCA) – Loss of pointer (PLOP) – New pointer events (NEWPTR) – Positive stuffing event (PSE)6-10 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Supported Features – Negative stuffing event (NSE) • The following loopback tests are supported: – Network (line) loopback – Internal (diagnostic) loopback • Supported SONET/SDH synchronization: – Local (internal) timing (for inter-router connections over dark fiber or wavelength division multiplexing [WDM] equipment) – Loop (line) timing (for connecting to SONET/SDH equipment) – +/– 4.6 ppm clock accuracy over full operating temperature Layer 2 Features • Supports the following encapsulation types: – AAL5SNAP (LLC/SNAP) – LLC encapsulated bridged protocol – AAL5MUX (VC multiplexing) – AAL5NLPID and Routed-NLPID-PDUs (ATM SPAs in a Cisco 7600 SIP-200 only) – AAL5CISCOPPP • Supports the following ATM traffic classes and per-VC traffic shaping modes: – Constant bit rate (CBR) with peak rate – Unspecified bit rate (UBR) with peak cell rate (PCR) – Non-real-time variable bit rate (VBR-nrt) – Variable bit rate real-time (VBR-rt) – Unspecified bit rate plus (UBR+) on SVCs Note ATM shaping is supported, but class queue-based shaping is not. • ATM point-to-point and multipoint connections • Explicit Forward Congestion Indication (EFCI) bit in the ATM cell header • Frame Relay to ATM (FR-ATM) internetworking (ATM SPAs in a Cisco 7600 SIP-200 only) • Integrated Local Management Interface (ILMI) operation, including keepalive, PVC discovery, and address registration and deregistration • Link Fragmentation and Interleaving (LFI) performed in hardware • VC–to–VC local switching and cell relay • VP–to–VP local switching and cell relay • AToM VP Mode Cell Relay support • RFC 1755, ATM Signaling Support for IP over ATM • ATM User-Network Interface (UNI) signalling V3.0, V3.1, and V4.0 only • RFC 2225, Classical IP and ARP over ATM (obsoletes RFC 1577) 6-11 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Supported Features • Unspecified bit rate plus (UBR+) traffic service class on SVCs Post 15.0(1)S release, information for support to the static PWs using Point-to-Multipoint TE or RSVP, refer to http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_te_p2mp_static.html. Layer 3 Features • ATM VC Access Trunk Emulation (multi-VLAN to VC) (ATM SPAs in a Cisco 7600 SIP-200 only) • ATM over MPLS (AToM) in AAL5 mode (except for AToM cell packing) • ATM over MPLS (AToM) in AAL5/AAL0 VC mode • Bridging of Routed Encapsulations (BRE) (ATM SPAs in a Cisco 7600 SIP-200 and Cisco 7600 SIP-400 only) • Distributed Link Fragmentation and Interleaving (dLFI) for ATM (dLFI packet counters are supported, but dLFI byte counters are not supported) • LFI with dCRTP • No limitation on the maximum number of VCs per VPI, up to the maximum number of 4,096 total VCs per interface (so there is no need to configure this limit using the atm vc-per-vp command, which is required on other ATM SPAs) • OAM flow connectivity using OAM ping for segment or end-to-end loopback • PVC multicast (Protocol Independent Multicast [PIM] dense and sparse modes) • Quality of Service (QoS): – Policing – IP-to-ATM class of service (IP precedence and DSCP) – Per-VC class-based weighted fair queueing (CBWFQ) – Per-VC Layer 3 queueing – VC Bundling (Cisco 7600 SIP-200 only) – Weighted Random Early Detection (WRED) – Aggregate WRED • RFC 1483, Multiprotocol Encapsulation over ATM Adaptation Layer 5: – Routed Bridge Encapsulation (RBE) (ATM SPAs in a Cisco 7600 SIP-200 only) – Half-bridging (ATM SPAs in a Cisco 7600 SIP-200 only) – PVC bridging (full-bridging) on Cisco 7600 SIP-200 and Cisco 7600 SIP-400 • Supports oversubscription by default • Routing protocols: – Border Gateway Protocol (BGP) – Enhanced Interior Gateway Routing Protocol (EIGRP) – Interior Gateway Routing Protocol (IGRP) – Integrated Intermediate System-to-Intermediate System (IS-IS) – Open Shortest Path First (OSPF) – Routing Information Protocol version 1 and version 2 (RIPv1 and RIPv2) 6-12 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Supported Features High-Availability Features • 1+1 Automatic Protection Switching (APS) redundancy (PVC circuits only) • Route Processor Redundancy (RPR) • RPR Plus (RPR+) • OSPF Nonstop Forwarding (NSF) • Stateful Switchover (SSO) Enhancements to RFC 1483 Spanning Tree Interoperability This section describes an interoperability feature for the various spanning tree implementations across 1483 Bridge Mode ATM PVCs. Historically, vendors have not implemented spanning tree across RFC 1483 encapsulation consistently; furthermore, some Cisco IOS releases may not support the full range of spanning tree options. This feature attempts to smooth some of the practical challenges of interworking common variations of spanning tree over RFC 1483 Bridge Mode encapsulation. Note This feature set is only supported on RFC 1483 Bridge Mode ATM permanent virtual circuits (PVCs). Some basic terms include the following: • IEEE 802.1D is a standard for interconnecting LANs through media access control (MAC) bridges. IEEE 802.1D uses the Spanning Tree Protocol to eliminate loops in the bridge topology, which cause broadcast storms. • Spanning Tree Protocol (STP) as defined in IEEE 802.1D is a link-management protocol that provides path redundancy while preventing undesirable loops in the network. An IEEE 802.1D spanning tree makes it possible to have one spanning tree instance for the whole switch, regardless of the number of VLANs configured on the switch. • Bridge Protocol Data Unit (BPDU) is the generic name for the frame used by the various spanning tree implementations. The Spanning Tree Protocol uses the BPDU information to elect the root switch and root port for the switched network, as well as the root port and designated port for each switched segment. • Per VLAN Spanning Tree (PVST) is a Cisco proprietary protocol that allows a Cisco device to support multiple spanning tree topologies on a per-VLAN basis. PVST uses the BPDUs defined in IEEE 802.1D (see Figure 6-2 on page 6-14), but instead of one STP instance per switch, there is one STP instance per VLAN. • PVST+ is a Cisco proprietary protocol that creates one STP instance per VLAN (as in PVST). However, PVST+ enhances PVST and uses Cisco proprietary BPDUs with a special 802.2 Subnetwork Access Protocol (SNAP) Organizational Unique Identifier (OUI) 1 (see Figure 6-2 on page 6-14) instead of the standard IEEE 802.1D frame format used by PVST. PVST+ BPDUs are also known as Simple Symmetric Transmission Protocol (SSTP) BPDUs. Note RFC 1483 is referenced throughout this section, although it has been superseded by RFC 2684. 1. The Organizational Unique Identifier (OUI) portion of the MAC address often identifies the vendor of the upper layer protocol or the manufacturer of the Ethernet adapter. The OUI value of 00-00-0C identifies Cisco Systems as the manufacturer of the Ethernet adapter.6-13 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Supported Features Supported Supervisor Engines and Line Cards The Cisco 7600 series routers support PVST to PVST+ BPDU interoperability with the Cisco 7600 SIP-200. Interoperability Problem The current interoperability problem can be summarized as follows: • When transmitting STP BPDUs, many vendors’ implementations of ATM-to-Ethernet bridging are not fully compliant with the specifications of RFC 1483, Appendix B. The most common variation of the standard is to use an ATM Common Part Convergence Sublayer (CPCS) SNAP protocol data unit (PDU) with OUI: 00-80-C2 and PID: 00-07. Appendix B reserved this OUI/PID combination for generic Ethernet frames without BPDUs. Appendix B specifies OUI: 00-80-C2 and protocol identifier (PID): 00-0E for frames with BPDU contents. • There are several varieties of the Spanning Tree Protocol used by Cisco products on ATM interfaces. The Catalyst 5000 series supports only PVST on ATM interfaces. The Cisco 7600 series router and Catalyst 6500 series switches support only PVST+ on ATM interfaces. Most other Cisco routers implement classic IEEE 802.1D on ATM interfaces. When the Cisco 7600 series router and the Catalyst 6500 series switch first implemented RFC 1483 Bridging (on Cisco IOS Release 12.1E) on the Cisco 7600 FlexWAN module, the platform used OUI: 00-80-C2 and PID: 00-0E to maximize interoperability with all other Cisco IOS products. However, there are so many implementations that do not send PVST or IEEE 802.1D BPDUs with PID: 00-0E that the Cisco 7600 series routers and the Catalyst 6500 series switches reverted to the more common implementation of RFC 1483 (with PID: 00-07) in Cisco IOS Release 12.2SX. This spanning tree interoperability feature provides the option of encapsulating BPDUs across RFC 1483 with either PID: 00-07 or PID: 00-0E. BPDU Packet Formats The various BPDU packet formats are described in this section. Figure 6-1 shows the generic IEEE 802.2/802.3 frame format, which is used by PVST+, but is not used by PVST. Figure 6-1 IEEE 802.2/802.3 SNAP Encapsulation Frame Format Destination Addr 146310 Source Addr Length DSAP AA 802.3 MAC SSAP AA Cntl 03 OUI Type Data CRC 6 6 2 1 1 1 2 4 3 38-1492 802.2 LLC 802.2 SNAP6-14 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Supported Features In an Ethernet SNAP frame, the SSAP and DSAP fields are always set to AA. These codes identify it as a SNAP frame. The Control field always has a value of 03, which specifies connectionless logical link control (LLC) services. The Type field identifies the upper layer protocol to which data should be passed. For example, a Type field of hex 0800 represents IP, while a value of 8137 indicates that data is meant for IPX. Catalyst 5000 PVST BPDU Packet Format The Catalyst 5000 series switches send and receive BPDUs in PVST format on ATM interfaces (see Figure 6-2). Figure 6-2 BPDU PVST Frame Format Used by the Catalyst 5000 Switch • BPDUs sent by the Catalyst 5000 series switch use a PID of 0x00-07, which does not comply with RFC 1483. The Cisco 7600 series router also has the ability to send BPDUs in this data format. • The PAD portion of the ATM encapsulation varies from 0 to 47 bytes in length to ensure complete ATM cell payloads. • By using the bridge-domain command’s ignore-bpdu-pid optional keyword, the Catalyst 5000 series switch sends this frame by default. • The Catalyst 5000 series switch cannot accept the PVST+ BPDUs and blocks the ATM port, giving the following error messages: %SPANTREE-2-RX_1QNON1QTRUNK: Rcved 1Q-BPDU on non-1Q-trun port 6/1 vlan 10 %SPANTREE-2-RX_BLKPORTPVID: Block 6/1 on rcving vlan 10 for inc peer vlan 0 Cisco 7200 and Cisco 7500 Series Routers IEEE 802.1D BPDU Frame Format Figure 6-3 shows the Cisco 7200 and Cisco 7500 series routers IEEE 802.1D BPDU frame format. Figure 6-3 Frame Format for the Cisco 7200 and Cisco 7500 Series Routers IEEE 802.1D BPDU LLC AA-AA-03 146220 OUI 00-00-0C PID 00-07 PAD 00-00 01-80-C2-00-00-00 ATM Encapsulation 802.3 Encapsulation LEN LLC 42-42-03 BPDU Payload LLC AA-AA-03 146221 OUI 00-00-0C PID 00-0E BPDU 6-15 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Unsupported Features Cisco 7600 Router PVST+ BPDU Frame Format The Cisco 7600 series router PVST+ BPDU packet format is shown in Figure 6-4. These BPDUs are not IEEE 802.1D BPDUs, but Cisco proprietary SSTP BPDUs. Figure 6-4 Cisco 7600 Router PVST+ BPDU Frame Format (1483 Bridge Mode) Cisco L2PT BPDU Frame Format Figure 6-5 shows the Cisco Layer 2 Protocol Tunneling (L2PT) BPDU SNAP frame format. Figure 6-5 L2PT BPDU SNAP Frame Format Unsupported Features • The following High Availability features are not supported: – APS N+1 redundancy is not supported. – APS redundancy is not supported on SVCs. – APS reflector mode (aps reflector interface configuration command) is not supported. • The atm bridge-enable command, which was used in previous releases on other ATM interfaces to enable multipoint bridging on PVCs, is not supported on ATM SPA interfaces. Instead, use the bridge option with the encapsulation command to enable RFC 1483 half-bridging on PVCs. See the “Configuring ATM Routed Bridge Encapsulation” section on page 7-23. • PVC autoprovisioning (create on-demand VC class configuration command) is not supported. • Creating SVCs with UNI signalling version 4.1 is not supported (UNI signalling v 3.0, v 3.1, and v 4.0 are supported). • Enhanced Remote Defect Indication–Path (ERDI-P) is not supported. • Fast Re-Route (FRR) over ATM is not supported. • LAN Emulation (LANE) is not supported. • Multicast SVCs are not supported. • Available Bit Rate (ABR) traffic service class is not supported. • Unspecified bit rate plus (UBR+) traffic service class is not supported on PVCs. • AAL2 is not supported 146222 DA (SSTP DA MAC) 01-00-0C-CC-CC-CD SA LEN LLC AA-AA-03 OUI 00-00-0C Type (SSTP) 01-0B BPDU LLC AA-AA-03 OUI 00-80-C2 PID 00-07 PAD 00-00 ATM Encapsulation 146223 DA (L2PTDA MAC) 01-00-0C-CD-CD-D0 SA LEN LLC AA-AA-03 OUI 00-00-0C Type (SSTP) 01-0B BPDU 6-16 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Prerequisites Prerequisites • The 2-Port and 4-Port OC-3c/STM-1 ATM SPAs must use either the Cisco 7600 SIP-200 or Cisco 7600 SIP-400. • The 1-Port OC-12c/STM-4 ATM SPA must use the Cisco 7600 SIP-400. • The 1-Port OC-48c/STM-16 ATM SPA must use the Cisco 7600 SIP-400. • The Cisco 7600 SIP-200 requires a Cisco 7600 series router using a SUP-720 3B and above processor that is running Cisco IOS Release 12.2(18)SXE or later release. • The Cisco 7600 SIP-400 requires a Cisco 7600 series router using a SUP-720 processor that is running Cisco IOS Release 12.2(18)SXE or later release. • Before beginning to configure the ATM SPA, have the following information available: – Protocols you plan to route on the new interfaces. – IP addresses for all ports on the new interfaces, including subinterfaces. – Bridging encapsulations you plan to use. Restrictions • The 1-Port OC-48c/STM-16 ATM SPA does not support the following features: AToM, BRE, LFI, RBE, SVCs, UBR+, RFC 2225 (formerly RFC 1577), or bridging. • The ATM SPAs in the Cisco 7600 series router do not support APS reflector and reflector channel modes. (These modes require a facing path terminating element [PTE], which is typically a Cisco ATM switch.) • The ATM SPA is functionally similar to other ATM port adapters on the Cisco 7600 series router, such as the PA-A3, but it is a different card type, so the slot’s previous configuration is lost when you replace an existing ATM port adapter with an ATM SPA. • The following restrictions apply to the operation of QoS on the ATM SPAs: – The ATM SPAs do not support bandwidth-limited priority queueing, but support only strict priority policy maps (that is, the priority command without any parameters). – A maximum of one priority command is supported in a policy map. – You cannot use the match input interface command in policy maps and class maps that are being used for ATM SPAs. – Hierarchical traffic shaping (traffic shaping on both the VC and VP for a circuit) is not supported. Traffic shaping can be configured only on the VC or on the VP, but not both. – ATM (Layer 2) output shaping is supported, but IP (Layer 3) shaping on an output (egress) interface is not supported. In particular, this means that you cannot use any shape class-map configuration commands in policy maps that are being used in the output direction. This includes the shape adaptive, shape average, shape fecn-adapt, and shape peak commands. – The ATM SPA interfaces support a maximum of six configured precedences (using the random-detect aggregate command) in each class map in a policy map. The maximum number of configurable subclass groups is seven. – STP is not supported in ATM Multi-Vlan-to-VC mode.6-17 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Supported MIBs • For best performance, we recommend the following maximums: – A maximum number of 2,048 PVCs on all point-to-point subinterfaces for all ATM SPAs in a SIP. – A maximum number of 16,380 PVCs on all multipoint subinterfaces for all ATM SPAs in a SIP. – A maximum number of 400 SVCs for all ATM SPAs in a SIP. – A maximum number of 1024 PVCs or SVCs s using service policies for all ATM SPAs in a router. – A maximum number of 200 PVCs or SVCs using Link Fragmentation and Interleaving (LFI) for all ATM SPAs in a router. – A maximum number of 200 PVCs on each multipoint subinterface being used on an ATM SPA. Note These limits are flexible and depend on all factors that affect performance in the router, such as processor card, type of traffic, and so on. • In the default configuration of the transmit path trace buffer, the ATM SPA does not support automatic updates of remote host name and IP address (as displayed by the show controllers atm command). This information is updated only when the interface is shut down and reactivated (using the shutdown and no shutdown commands). Information for the received path trace buffer, however, is automatically updated. • The show ppp multilink command displays only the packet counters, and not byte counters, for a dLFI configuration on an ATM SPA interface. • MLPPP is supported, but not MLPPP bundles. • Concurrent configuration of RFC-1483 bridging and Bridged Routing Encapsulation is not allowed on SIP 200 or SIP 400 Restrictions for SPA-1xOC3-ATM-V2, SPA-3xOC3-ATM-V2, and SPA-1xOC12-ATM-V2 • These are the restrictions for the 1-Port Clear Channel OC-3, 3-Port Clear Channel OC-3, and 1-Port Clear Channel OC-12 ATM SPA Version 2(SPA-1xOC3-ATM-V2, SPA-3xOC3-ATM-V2, and SPA-1xOC12-ATM-V2): – A MQC service-policy having only class-default is not supported. – The maximum mark-probablility in a WRED policy is 31. – An MQC policy with more than six user-defined queueing classes is not supported. • Ingress classification feature is not enabled on the Cisco 7600 Series router. Supported MIBs The following MIBs are supported in Cisco IOS Release 12.2(18)SXE and later releases for the ATM SPAs on the Cisco 7600 series router. Common MIBs • ENTITY-MIB 6-18 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs SPA Architecture • IF-MIB • MIB-II • MPLS-CEM-MIB Cisco-Specific Common MIBs • CISCO-ENTITY-EXT-MIB • OLD-CISCO-CHASSIS-MIB • CISCO-CLASS-BASED-QOS-MIB • CISCO-ENTITY-FRU-CONTROL-MIB • CISCO-ENTITY-ASSET-MIB • CISCO-ENTITY-SENSOR-MIB • CISCO-MQC-MIB • CISCO-AAL5-MIB • CISCO-ATM-MIB • CISCO-CLASS-BASED-QOS-MIB Cisco-Specific MPLS MIBs • CISCO-IETF-PW-MIB • CISCO-IETF-PW-MPLS-MIB For more information about MIB support on a Cisco 7600 series router, refer to the Cisco 7600 Series Internet Router MIB Specifications Guide. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://tools.cisco.com/ITDIT/MIBS/servlet/index If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. SPA Architecture This section provides an overview of the data path for the ATM SPAs, for use in troubleshooting and monitoring. Figure 6-6 shows the data path for ATM traffic as it travels between the ATM optical connectors on the front panel of the ATM SPA to the backplane connector that connects the SPA to the SIP. 6-19 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs SPA Architecture Figure 6-6 ATM SPA Data Architecture Path of Cells in the Ingress Direction The following steps describe the path of an ingress cell as it is received from the ATM network and converted to a data packet before transmission through the SIP to the router’s processors for switching, routing, or further processing: 1. The SONET/SDH framer device receives incoming cells on a per-port basis from the SPA’s optical circuitry. (The ATM SPA supports 1, 2, or 4 optical ports, depending on the model of SPA.) 2. The SONET/SDH framer removes the SONET overhead information, performs any necessary clock and data recovery, and processes any SONET/SDH alarms that might be present. The framer then extracts the 53-byte ATM cells from the data stream and forwards each cell to the ATM segmentation and reassembly (SAR) engine. 3. The SAR engine receives the cells from the framer and reassembles them into the original packets, temporarily storing them in a per-port receive buffer until they can be forwarded to the LFI field-programmable gate array (FPGA). The SAR engine discards any packets that have been corrupted in transit. 4. The LFI FPGA receives the packets from the SAR engine and forwards them to the host processor for further routing, switching, or additional processing. The FPGA also performs LFI reassembly as needed, and collects the traffic statistics for the packets that it passes. Path of Packets in the Egress Direction The following steps describe the path of an egress packet as the SPA receives it from the router through the SIP and converts it to ATM cells for transmission on the ATM network: 1. The LFI FPGA receives the packets from the host processor and stores them in its packet buffers until the SAR engine is ready to receive them. The FPGA also performs any necessary LFI processing on the packets before forwarding them to the SAR engine. The FPGA also collects the traffic statistics for the packets that it passes. 2. The SAR engine receives the packets from the FPGA and supports multiple CBWFQ queues to store the packets until they can be fully segmented. The SAR engine performs the necessary WRED queue admission and CBWFQ QoS traffic scheduling on its queues before segmenting the packets into ATM cells and shaping the cells into the SONET/SDH framer. Catalyst 5500 switch mer N Cus L Catalyst 6500 switch Cisco 7600 router L2PT ATM 6/1/0 interface (Layer 2 protocol tunneling enabled) Gig2/1 interface (L2PT enabled) Service provider ATM network Service provider ATM network6-20 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Displaying the SPA Hardware Type 3. The SONET/SDH framer receives the packets from the SAR engine and inserts each cell into the SONET data stream, adding the necessary clocking, SONET overhead, and alarm information. The framer then outputs the data stream out the appropriate optical port. 4. The optical port conveys the optical data onto the physical layer of the ATM network. Displaying the SPA Hardware Type To verify the SPA hardware type that is installed in your Cisco 7600 series router, use the show interfaces, show diag, or show controllers commands. A number of other show commands also provide information about the SPA hardware. Table 6-2 shows the hardware description that appears in the show interfaces and show diag command output for each type of ATM SPA that is supported on the Cisco 7600 series router. Example of the show interfaces Command The following example shows output from the show interfaces atm command on a Cisco 7600 series router with an ATM SPA installed in the first subslot of a SIP that is installed in slot 5: Router# show interfaces atm 5/0/0 ATM5/0/0 is up, line protocol is up Hardware is SPA-4XOC3-ATM, address is 000d.2959.d780 (bia 000d.2959.d78a) MTU 4470 bytes, sub MTU 4470, BW 149760 Kbit, DLY 80 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ATM, loopback not set Encapsulation(s): AAL5 4095 maximum active VCs, 1 current VCCs VC idle disconnect time: 300 seconds 0 carrier transitions Last input 00:00:09, output 00:00:09, output hang never Last clearing of "show interface" counters 00:01:26 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 5 packets input, 540 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles Table 6-2 ATM SPA Hardware Descriptions in show Commands SPA Description in show interfaces Command Description in show diag Command SPA-2XOC3-ATM Hardware is SPA-2XOC3-ATM SPA-2XOC3-ATM (0x046E) SPA-4XOC3-ATM Hardware is SPA-4XOC3-ATM SPA-4XOC3-ATM (0x3E1) SPA-1XOC12-ATM Hardware is SPA-1XOC12-ATM SPA-1XOC12-ATM (0x03E5) SPA-1XOC48-ATM Hardware is SPA-1XOC48-ATM SPA-1XOC48-ATM (0x3E6) SPA-1xOC3-ATM-V2 Hardware is SPA-1xOC3-ATM-V2 SPA-1xOC3-ATM-V2 SPA-3xOC3-ATM-V2 Hardware is SPA-3xOC3-ATM-V2 SPA-3xOC3-ATM-V2 SPA-1xOC12-ATM-V2 Hardware is SPA-1xOC12-ATM-V2 SPA-1xOC12-ATM-V26-21 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Displaying the SPA Hardware Type 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 5 packets output, 720 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out Note The value for “packets output” in the default version of the show interfaces atm command includes the bytes used for ATM AAL5 padding, trailer and ATM cell header. To see the packet count without the padding, header, and trailer information, use the show interfaces atm statistics or show atm pvc commands. Example of the show diag Command The following example shows output from the show diag command on a Cisco 7600 series router with two ATM SPAs installed in a Cisco 7600 SIP-400 that is installed in slot 4: Router# show diag 4 Slot 4: Logical_index 8 4-adapter SIP-400 controller Board is analyzed ipc ready HW rev 0.300, board revision 08 Serial Number: Part number: 73-8272-03 Slot database information: Flags: 0x2004 Insertion time: 0x1961C (01:16:54 ago) Controller Memory Size: 384 MBytes CPU Memory 128 MBytes Packet Memory 512 MBytes Total on Board SDRAM IOS (tm) cwlc Software (sip1-DW-M), Released Version 12.2(17)SX [BLD-sipedon2 107] SPA Information: subslot 4/0: SPA-4XOC3-ATM (0x3E1), status: ok subslot 4/1: SPA-1XOC12-ATM (0x3E5), status: ok Example of the show controllers Command The following example shows output from the show controllers atm command on a Cisco 7600 series router with an ATM SPA installed in the second subslot of a SIP that is installed in slot 5: Router# show controllers atm 5/1/0 Interface ATM5/1/0 (SPA-4XOC3-ATM[4/0]) is up Framing mode: SONET OC3 STS-3c SONET Subblock: SECTION LOF = 0 LOS = 0 BIP(B1) = 603 LINE AIS = 0 RDI = 2 FEBE = 2332 BIP(B2) = 1018 PATH AIS = 0 RDI = 1 FEBE = 28 BIP(B3) = 228 LOP = 0 NEWPTR = 0 PSE = 1 NSE = 2 Active Defects: None Active Alarms: None6-22 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Displaying the SPA Hardware Type Alarm reporting enabled for: SF SLOS SLOF B1-TCA B2-TCA PLOP B3-TCA ATM framing errors: HCS (correctable): 0 HCS (uncorrectable): 0 APS not configured PATH TRACE BUFFER : STABLE BER thresholds: SF = 10e-3 SD = 10e-6 TCA thresholds: B1 = 10e-6 B2 = 10e-6 B3 = 10e-6 Clock source: line The following are the actions performed on the peer end of a SPA on the Cisco 7600 Router: Remote SPA Cable Removal: Active Defects: SLOS Active Alarms: SLOS Alarm reporting enabled for: SF SLOS SLOF B1-TCA B2-TCA PLOP B3-TCA Remote SPA removal: Active Defects: SLOS PRDI PLOP Active Alarms: SLOS Alarm reporting enabled for: SF SLOS SLOF B1-TCA B2-TCA PLOP B3-TCA On a MCP with actions performed on the peer end of a Barbarian SPA: =================================================== Remote SPA Cable Removal: Active Defects: SLOF SLOS PLOP Active Alarms: SLOS Alarm reporting enabled for: SF SLOS SLOF B1-TCA B2-TCA PLOP B3-TCA ATM framing errors: HCS (correctable): 823 HCS (uncorrectable): 361 Putting the cable back: Intermediate state: Active Defects: SD SLOS B1-TCA B2-TCA PRDI PLOP Active Alarms: SLOS SD B1-TCA B2-TCA Alarm reporting enabled for: SF SLOS SLOF B1-TCA B2-TCA PLOP B3-TCA ATM framing errors: HCS (correctable): 1145 HCS (uncorrectable): 516 Final state: Active Defects: None Active Alarms: None6-23 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Displaying the SPA Hardware Type Alarm reporting enabled for: SF SLOS SLOF B1-TCA B2-TCA PLOP B3-TCA ATM framing errors: HCS (correctable): 1145 HCS (uncorrectable): 516 Remote SPA removal: Active Defects: SLOS PRDI PLOP Active Alarms: SLOS Alarm reporting enabled for: SF SLOS SLOF B1-TCA B2-TCA PLOP B3-TCA ATM framing errors: HCS (correctable): 1145 HCS (uncorrectable): 523 Remote SPA insertion: Intermediate state: Active Defects: SLOS B1-TCA LAIS PAIS PRDI Active Alarms: SLOS B1-TCA Alarm reporting enabled for: SF SLOS SLOF B1-TCA B2-TCA PLOP B3-TCA ATM framing errors: HCS (correctable): 1145 HCS (uncorrectable): 523 Final state: Active Defects: None Active Alarms: None Alarm reporting enabled for: SF SLOS SLOF B1-TCA B2-TCA PLOP B3-TCA ATM framing errors: HCS (correctable): 1145 HCS (uncorrectable): 5236-24 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 6 Overview of the ATM SPAs Displaying the SPA Hardware TypeC H A P T E R 7-1 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 7 Configuring the ATM SPAs This chapter provides information about configuring the ATM SPAs on the Cisco 7600 series router. It includes the following sections: • Configuration Tasks, page 7-1 • Verifying the Interface Configuration, page 7-108 • Configuration Examples, page 7-111 For information about managing your system images and configuration files, refer to the Cisco IOS Configuration Fundamentals Configuration Guide and Cisco IOS Configuration Fundamentals Command Reference publications that correspond to your Cisco IOS software release. For more information about the commands used in this chapter, refer to the Cisco IOS Software Releases 15.0SR Command References and to the Cisco IOS Software Releases 12.2SX Command References. Also refer to the related Cisco IOS Release 12.2 software command reference and master index publications. For more information, see the “Related Documentation” section on page xlvii. Configuration Tasks This section describes the most common configurations for the ATM SPAs on a Cisco 7600 series router. It contains procedures for the following configurations: • Required Configuration Tasks, page 7-2 • Specifying the Interface Address on a SPA, page 7-3 • Modifying the Interface MTU Size, page 7-3 • Creating a Permanent Virtual Circuit, page 7-8 • Creating a PVC on a Point-to-Point Subinterface, page 7-10 • Configuring a PVC on a Multipoint Subinterface, page 7-12 • Configuring RFC 1483 Bridging for PVCs, page 7-14 • Configuring Layer 2 Protocol Tunneling Topology, page 7-17 • Configuring Layer 2 Tunneling Protocol Version 3 (L2TPv3), page 7-17 • Configuring RFC 1483 Bridging for PVCs with IEEE 802.1Q Tunneling, page 7-18 • Configuring ATM RFC 1483 Half-Bridging, page 7-20 • Configuring ATM Routed Bridge Encapsulation, page 7-23 • Configuring RFC 1483 Bridging of Routed Encapsulations, page 7-257-2 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks • Verifying the Bridged Routed Encapsulation within an Automatic Protection Switching Group Configuration, page 7-29 • Configuring the Bridged Routed Encapsulation within an Automatic Protection Switching Group, page 7-28 • Configuring Aggregate WRED for PVCs, page 7-30 • Configuring Non-aggregate WRED, page 7-36 • Configuring Traffic Parameters for PVCs or SVCs, page 7-46 • Configuring Virtual Circuit Classes, page 7-50 • Configuring Virtual Circuit Bundles, page 7-51 • Configuring Multi-VLAN to VC Support, page 7-54 • Configuring Link Fragmentation and Interleaving with Virtual Templates, page 7-54 • Configuring the Distributed Compressed Real-Time Protocol, page 7-58 • Configuring Automatic Protection Switching, page 7-60 • Configuring SONET and SDH Framing, page 7-76 • Configuring for Transmit-Only Mode, page 7-78 • Configuring AToM Cell Relay VP Mode, page 7-79 • Configuring QoS Features on ATM SPAs, page 7-87 • Saving the Configuration, page 7-88 • Shutting Down and Restarting an Interface on a SPA, page 7-105 • Shutting Down an ATM Shared Port Adapter, page 7-107 Required Configuration Tasks The ATM SPA interface must be initially configured with an IP address to allow further configuration. Some of the required configuration commands implement default values that might or might not be appropriate for your network. If the default value is correct for your network, then you do not need to configure the command. To perform the basic configuration of each interface, use the following procedure beginning in global configuration mode: Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port Enters interface configuration mode for the indicated port on the specified ATM SPA. Step 2 Router(config-if)# ip address address mask [secondary] (Optional in some configurations) Assigns the specified IP address and subnet mask to the interface. Repeat the command with the optional secondary keyword to assign additional, secondary IP addresses to the port. Step 3 Router(config-if)# description string (Optional) Assigns an arbitrary string, up to 80 characters long, to the interface. This string can identify the purpose or owner of the interface, or any other information that might be useful for monitoring and troubleshooting. Step 4 Router(config-if)# no shutdown Enables the interface. 7-3 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Specifying the Interface Address on a SPA Two ATM SPAs can be installed in a SIP. SPA interface ports begin numbering with “0” from left to right. Single-port SPAs use only the port number 0. To configure or monitor SPA interfaces, you need to specify the physical location of the SIP, SPA, and interface in the CLI. The interface address format is slot/subslot/port, where: • slot—Specifies the chassis slot number in the Cisco 7600 series router where the SIP is installed. • subslot—Specifies the secondary slot of the SIP where the SPA is installed. • port—Specifies the number of the individual interface port on a SPA. The following example shows how to specify the first interface (0) on a SPA installed in the first subslot of a SIP (0) installed in chassis slot 3: Router(config)# interface serial 3/0/0 This command shows a serial SPA as a representative example, however the same slot/subslot/port format is similarly used for other SPAs (such as ATM and POS) and other non-channelized SPAs. For more information about identifying slots and subslots, see the “Identifying Slots and Subslots for SIPs, SSCs, and SPAs” section on page 4-2. Modifying the Interface MTU Size The maximum transmission unit (MTU) values might need to be reconfigured from their defaults on the ATM SPAs to match the values used in your network. Interface MTU Configuration Guidelines When configuring the interface MTU size on an ATM SPA, consider the following guidelines. The Cisco IOS software supports several types of configurable MTU options at different levels of the protocol stack. You should ensure that all MTU values are consistent to avoid unnecessary fragmentation of packets. These MTU values are the following: • Interface MTU—Configured on a per-interface basis and defines the maximum packet size (in bytes) that is allowed for traffic received on the network. The ATM SPA checks traffic coming in from the network and drops packets that are larger than this maximum value. Because different types of Layer 2 interfaces support different MTU values, choose a value that supports the maximum possible packet size that is possible in your particular network topology. • IP MTU—Configured on a per-interface or per-subinterface basis and determines the largest maximum IP packet size (in bytes) that is allowed on the IP network without being fragmented. If an IP packet is larger than the IP MTU value, the ATM SPA fragments it into smaller IP packets before forwarding it on to the next hop. Note Repeat Step 1 through Step 4 for each port on the ATM SPA to be configured. Step 5 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. Command or Action Purpose7-4 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks • Multiprotocol Label Switching (MPLS) MTU—Configured on a per-interface or per-subinterface basis and defines the MTU value for packets that are tagged with MPLS labels or tag headers. When an IP packet that contains MPLS labels is larger than the MPLS MTU value, the ATM SPA fragments it into smaller IP packets. When a non-IP packet that contains MPLS labels is larger than the MPLS MTU value, the ATM SPA drops it. All devices on a particular physical medium must have the same MPLS MTU value to allow proper MPLS operation. Because MPLS labels are added on to the existing packet and increase the packet’s size, choose appropriate MTU values so as to avoid unnecessarily fragmenting MPLS-labeled packets. If the IP MTU or MPLS MTU values are currently the same size as the interface MTU, changing the interface MTU size also automatically sets the IP MTU or MPLS MTU values to the new value. Changing the interface MTU value does not affect the IP MTU or MPLS MTU values if they are not currently set to the same size as the interface MTU. Different encapsulation methods and the number of MPLS MTU labels add additional overhead to a packet. For example, Subnetwork Access Protocol (SNAP) encapsulation adds an 8-byte header, IEEE 802.1Q encapsulation adds a 2-byte header, and each MPLS label adds a 4-byte header. Consider the maximum possible encapsulations and labels that are to be used in your network when choosing the MTU values. Tip The MTU values on the local ATM SPA interfaces must match the values being used in the ATM network and remote ATM interface. Changing the MTU values on an ATM SPA does not reset the local interface, but be aware that other platforms and ATM SPAs do reset the link when the MTU value changes. This could cause a momentary interruption in service, so we recommend changing the MTU value only when the interface is not being used. Note The interface MTU value on the ATM SPA also determines which packets are recorded as “giants” in the show interfaces atm command. The interface considers a packet to be a giant packet when it is more than 24 bytes larger than the interface MTU size. For example, if using an MTU size of 1500 bytes, the interface increments the giants counter when it receives a packet larger than 1524 bytes.7-5 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Interface MTU Configuration Task To change the MTU values on the ATM SPA interfaces, use the following procedure beginning in global configuration mode: Verifying the MTU Size This example verifies the MTU sizes for an interface. Use the show interface, show ip interface, and show mpls interface commands for 2-Port and 4-Port OC-3c/STM-1 ATM SPA: Router# show interface atm 4/1/0 ATM4/1/0 is up, line protocol is up Hardware is SPA-4XOC3-ATM, address is 000d.2959.d5ca (bia 000d.2959.d5ca) MTU 4470 bytes, sub MTU 4470, BW 149760 Kbit, DLY 80 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ATM, loopback not set Encapsulation(s): AAL5 4095 maximum active VCs, 0 current VCCs VC idle disconnect time: 300 seconds 0 carrier transitions Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/0 (size/max) 30 second input rate 0 bits/sec, 0 packets/sec 30 second output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port Enters interface configuration mode for the indicated port on the specified ATM SPA. Step 2 Router(config-if)# mtu bytes (Optional) Configures the maximum transmission unit (MTU) size for the interface. The valid range for bytes is from 64 to 9216 bytes, with a default of 4470 bytes. As a general rule, do not change the MTU value unless you have a specific application need to do so. Note If the IP MTU or MPLS MTU values are currently the same size as the interface MTU, changing the interface MTU size also automatically sets the IP MTU or MPLS MTU values to the same value. Step 3 Router(config-if)# ip mtu bytes (Optional) Configures the MTU value, in bytes, for IP packets on this interface. The valid range for an ATM SPA is 64 to 9288, with a default value equal to the MTU value configured in Step 2. Step 4 Router(config-if)# mpls mtu bytes (Optional) Configures the MTU value, in bytes, for MPLS-labeled packets on this interface. The valid range for an ATM SPA is 64 to 9216 bytes, with a default value equal to the MTU value configured in Step 2. Note Repeat Step 1 through Step 4 for each interface port on the ATM SPA to be configured. Step 5 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. 7-6 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out Router# show ip interface atm 4/1/0 ATM4/1/0 is up, line protocol is up Internet address is 200.1.0.2/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 4470 bytes Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP Feature Fast switching turbo vector IP Null turbo vector VPN Routing/Forwarding "vpn2600-2" IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled WCCP Redirect outbound is disabled WCCP Redirect exclude is disabled BGP Policy Mapping is disabled Router# show mpls interface atm 4/1/0 detail Interface ATM3/0: IP labeling enabled (ldp) LSP Tunnel labeling not enabled MPLS operational MPLS turbo vector MTU = 4470 ATM labels: Label VPI = 1 Label VCI range = 33 - 65535 Control VC = 0/32 To view the maximum possible size for datagrams passing out the interface using the configured MTU value, use the show atm interface atm command: Router# show atm interface atm 4/1/0 Interface ATM4/1/0: AAL enabled: AAL5, Maximum VCs: 4096, Current VCCs: 2 Maximum Transmit Channels: 0 7-7 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Max. Datagram Size: 4528 PLIM Type: SONET - 155000Kbps, TX clocking: LINE Cell-payload scrambling: ON sts-stream scrambling: ON 8359 input, 8495 output, 0 IN fast, 0 OUT fast, 0 out drop Avail bw = 155000 Config. is ACTIVE This example verifies the MTU size for an interface. Use the show interface, show ip interface, and show mpls interface commands for 3-Port Clear Channel OC-3 ATM SPA. Router# show interface atm 0/2/2 ATM0/2/2 is up, line protocol is up Hardware is SPA-3XOC3-ATM-V2, address is 001a.3044.7522 (bia 001a.3044.7522) MTU 4470 bytes, sub MTU 4470, BW 149760 Kbit, DLY 80 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ATM, loopback not set Keepalive not supported Encapsulation(s): AAL5 AAL0 4095 maximum active VCs, 1 current VCCs VC Auto Creation Disabled. VC idle disconnect time: 300 seconds 4 carrier transitions Last input never, output 00:04:11, output hang never Last clearing of "show interface" counters never Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 5 packets input, 540 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 5 packets output, 540 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 output buffer failures, 0 output buffers swapped out Router# show ip interface atm 0/2/2.1 ATM0/2/2.1 is up, line protocol is up Internet address is 10.4.0.2/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 4470 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is disabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP Flow switching is disabled IP CEF switching is enabled IP Distributed switching is disabled IP CEF switching turbo vector IP Null turbo vector Associated unicast routing topologies: Topology "base", operation state is UP IP multicast fast switching is enabled IP multicast distributed fast switching is disabled7-8 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled BGP Policy Mapping is disabled Input features: MCI Check WCCP Redirect outbound is disabled WCCP Redirect inbound is disabled WCCP Redirect exclude is disabled Router# show mpls interface atm 0/3/2.1 Interface IP Tunnel BGP Static Operational ATM0/3/2.1 Yes (ldp) No No No Yes CE1#show mpls interface atm0/3/2.1 det Interface ATM0/3/2.1: IP labeling enabled (ldp): Interface config LSP Tunnel labeling not enabled BGP labeling not enabled MPLS operational MTU = 4470 To view the maximum possible size for datagrams passing out the interface using the configured MTU value, use the show atm interface atm command: Router# show atm interface atm 0/2/2 Interface ATM0/2/2: AAL enabled: AAL0 , Maximum VCs: 4095, Current VCCs: 1 Max. Datagram Size: 4528 PLIM Type: SONET - 155000Kbps, TX clocking: LINE Cell-payload scrambling: ON sts-stream scrambling: ON 5 input, 5 output, 0 IN fast, 0 OUT fast, 0 out drop Avail bw = 149760 Config. is ACTIVE Creating a Permanent Virtual Circuit To use a permanent virtual circuit (PVC), configure the PVC in both the router and the ATM switch. PVCs remain active until the circuit is removed from either configuration. To create a PVC on the ATM interface and enter interface ATM VC configuration mode, perform the following procedure beginning in global configuration mode: Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port or Router(config)# interface atm slot/subslot/port.subinterface Enters interface or subinterface configuration mode for the indicated port on the specified ATM SPA. Step 2 Router(config-if)# ip address address mask Assigns the specified IP address and subnet mask to the interface or subinterface. 7-9 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Step 3 Router(config-if)# atm tx-latency milliseconds (Optional) Configures the default transmit latency for VCs on this ATM SPA interface. The valid range for milliseconds is from 1 to 200, with a default of 100 milliseconds. Step 4 Router(config-if)# pvc [name] vpi/vci [ilmi | qsaal] Configures a new ATM PVC by assigning its VPI/VCI numbers and enters ATM VC configuration mode. The valid values for vpi/vci are: • vpi—Specifies the VPI ID. The valid range is 0 to 255. • vci—Specifies the VCI ID. The valid range is 1 to 65535. Values 1 to 31 are reserved and should not be used, except for 5 for the QSAAL PVC and 16 for the ILMI PVC. You can also configure the following options: • name—(Optional) An arbitrary string that identifies this PVC. • ilmi—(Optional) Configures the VC to exclusively carry ILMI protocol traffic (default). • qsaal—(Optional) Configures the VC to exclusively carry QSAAL protocol traffic. Note When using the pvc command, remember that the vpi/vci combination forms a unique identifier for the interface and all of its subinterfaces. If you specify a vpi/vci combination that has been used on another subinterface, the Cisco IOS software assumes that you want to modify that PVC’s configuration and automatically switches to its parent subinterface. Step 5 Router(config-if-atm-vc)# protocol protocol {protocol-address | inarp} [[no] broadcast] Configures the PVC for a particular protocol and maps it to a specific protocol-address. • protocol—Typically set to either ip or ppp, but other values are possible. • protocol-address—Destination address or virtual interface template for this PVC (if appropriate for the protocol). • inarp—Specifies that the PVC uses Inverse ARP to determine its address. • [no] broadcast—(Optional) Specifies that this mapping should (or should not) be used for broadcast packets. Step 6 Router(config-if-atm-vc)# inarp minutes (Optional) If using Inverse ARP, configures how often the PVC transmits Inverse ARP requests to confirm its address mapping. The valid range is 1 to 60 minutes, with a default of 15 minutes. Step 7 Router(config-if-atm-vc)# encapsulation aal5snap (Optional) Configures the ATM adaptation layer (AAL) and encapsulation type. The default and only supported type is aal5snap. Step 8 Router(config-if-atm-vc)# tx-limit buffers (Optional) Specifies the number of transmit buffers for this VC. The valid range is from 1 to 57343, with a default value that is based on the current VC line rate and on the latency value that is configured with the atm tx-latency command. Command or Action Purpose7-10 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Verifying a PVC Configuration To verify the configuration of a particular PVC, use the show atm pvc command: Router# show atm pvc 1/100 ATM3/0/0: VCD: 1, VPI: 1, VCI: 100 UBR, PeakRate: 149760 AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0 OAM frequency: 0 second(s), OAM retry frequency: 1 second(s) OAM up retry count: 3, OAM down retry count: 5 OAM Loopback status: OAM Disabled OAM VC status: Not Managed ILMI VC status: Not Managed InARP frequency: 15 minutes(s) Transmit priority 6 InPkts: 94964567, OutPkts: 95069747, InBytes: 833119350, OutBytes: 838799016 InPRoc: 1, OutPRoc: 1, Broadcasts: 0 InFast: 0, OutFast: 0, InAS: 94964566, OutAS: 95069746 InPktDrops: 0, OutPktDrops: 0 CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0, LengthViolation: 0, CPIErrors: 0 Out CLP=1 Pkts: 0 OAM cells received: 0 F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0 F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0 OAM cells sent: 0 F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutRDI: 0 F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0 OAM cell drops: 0 Status: UP VC 1/100 doesn't exist on 7 of 8 ATM interface(s) Tip To verify the configuration and current status of all PVCs on a particular interface, you can also use the show atm vc interface atm command. Creating a PVC on a Point-to-Point Subinterface Use point-to-point subinterfaces to provide each pair of routers with its own subnet. When you create a PVC on a point-to-point subinterface, the router assumes it is the only point-to-point PVC that is configured on the subinterface, and it forwards all IP packets with a destination IP address in the same subnet to this VC. To configure a point-to-point PVC, perform the following procedure beginning in global configuration mode: Note Repeat Step 4 through Step 8 for each PVC to be configured on this interface. Step 9 Router(config-if-atm-vc)# end Exits ATM VC configuration mode and returns to privileged EXEC mode. Command or Action Purpose7-11 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port.subinterface point-to-point Creates the specified point-to-point subinterface on the given port on the specified ATM SPA, and enters subinterface configuration mode. Step 2 Router(config-subif)# ip address address mask Assigns the specified IP address and subnet mask to this subinterface. Step 3 Router(config-subif)# pvc [name] vpi/vci [ilmi | qsaal] Configures a new ATM PVC by assigning its VPI/VCI numbers and enters ATM VC configuration mode. The valid values for vpi/vci are: • vpi—Specifies the VPI ID. The valid range is 0 to 255. • vci—Specifies the VCI ID. The valid range is 1 to 65535. Values 1 to 31 are reserved and should not be used, except for 5 for the QSAAL PVC and 16 for the ILMI PVC. You can also configure the following options: • name—(Optional) An arbitrary string that identifies this PVC. • ilmi—(Optional) Configures the PVC to use ILMI encapsulation (default). • qsaal—(Optional) Configures the PVC to use QSAAL encapsulation. Note When using the pvc command, remember that the vpi/vci combination forms a unique identifier for the interface and all of its subinterfaces. If you specify a vpi/vci combination that has been used on another subinterface, the Cisco IOS software assumes that you want to modify that PVC’s configuration and automatically switches to its parent subinterface. Step 4 Router(config-if-atm-vc)# protocol protocol protocol-address [[no] broadcast] Configures the PVC for a particular protocol and maps it to a specific protocol-address. • protocol—Typically set to ppp for point-to-point subinterfaces, but other values are possible. • protocol-address—Destination address or virtual template interface for this PVC (as appropriate for the specified protocol). • [no] broadcast—(Optional) Specifies that this mapping should (or should not) be used for broadcast packets. The protocol command also has an inarp option, but this option is not meaningful on point-to-point PVCs that use a manually configured address. Step 5 Router(config-if-atm-vc)# encapsulation aal5snap (Optional) Configures the ATM adaptation layer (AAL) and encapsulation type. The default and only supported type is aal5snap. Note Repeat Step 1 through Step 5 for each point-to-point subinterface to be configured on this ATM SPA. Step 6 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. 7-12 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Verifying a Point-to-Point PVC Configuration To verify the configuration of a particular PVC, use the show atm pvc command: Router# show atm pvc 3/12 ATM3/1/0.12: VCD: 3, VPI: 3, VCI: 12 UBR, PeakRate: 149760 AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0 OAM frequency: 0 second(s), OAM retry frequency: 1 second(s) OAM up retry count: 3, OAM down retry count: 5 OAM Loopback status: OAM Disabled OAM VC status: Not Managed ILMI VC status: Not Managed InARP frequency: 15 minutes(s) Transmit priority 6 InPkts: 3949645, OutPkts: 3950697, InBytes: 28331193, OutBytes: 28387990 InPRoc: 1, OutPRoc: 1, Broadcasts: 0 InFast: 0, OutFast: 0, InAS: 3949645, OutAS: 3950697 InPktDrops: 0, OutPktDrops: 0 CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0, LengthViolation: 0, CPIErrors: 0 Out CLP=1 Pkts: 0 OAM cells received: 0 F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0 F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0 OAM cells sent: 0 F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutRDI: 0 F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0 OAM cell drops: 0 Status: UP Tip To verify the configuration and current status of all PVCs on a particular interface, you can also use the show atm vc interface atm command. Configuring a PVC on a Multipoint Subinterface Creating a multipoint subinterface allows you to create a point-to-multipoint PVC that can be used as a broadcast PVC for all multicast requests. To create a PVC on a multipoint subinterface, use the following procedure beginning in global configuration mode: Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port.subinterface multipoint Creates the specified point-to-multipoint subinterface on the given port on the specified ATM SPA, and enters subinterface configuration mode. Step 2 Router(config-subif)# ip address address mask Assigns the specified IP address and subnet mask to this subinterface. Step 3 Router(config-subif)# no ip directed-broadcast (Optional) Disables the forwarding of IP directed broadcasts, which are sometimes used in denial of service (DOS) attacks. 7-13 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Step 4 Router(config-subif)# pvc [name] vpi/vci [ilmi | qsaal] Configures a new ATM PVC by assigning its VPI/VCI numbers and enters ATM VC configuration mode. The valid values for vpi/vci are: • vpi—Specifies the VPI ID. The valid range is 0 to 255. • vci—Specifies the VCI ID. The valid range is 1 to 65535. Values 1 to 31 are reserved and should not be used, except for 5 for the QSAAL PVC and 16 for the ILMI PVC. You can also configure the following options: • name—(Optional) An arbitrary string that identifies this PVC. • ilmi—(Optional) Configures the PVC to use ILMI encapsulation (default). • qsaal—(Optional) Configures the PVC to use QSAAL encapsulation. Note When using the pvc command, remember that the vpi/vci combination forms a unique identifier for the interface and all of its subinterfaces. If you specify a vpi/vci combination that has been used on another subinterface, the Cisco IOS software assumes that you want to modify that PVC’s configuration and automatically switches to its parent subinterface. Step 5 Router(config-if-atm-vc)# protocol protocol {protocol-address | inarp} broadcast Configures the PVC for a particular protocol and maps it to a specific protocol-address. • protocol—Typically set to ip for multipoint subinterfaces, but other values are possible. • protocol-address—Destination address or virtual template interface for this PVC (if appropriate for the protocol). • inarp—Specifies that the PVC uses Inverse ARP to determine its address. • broadcast— Specifies that this mapping should be used for multicast packets. Step 6 Router(config-if-atm-vc)# inarp minutes (Optional) If using Inverse ARP, configures how often the PVC transmits Inverse ARP requests to confirm its address mapping. The valid range is 1 to 60 minutes, with a default of 15 minutes. Step 7 Router(config-if-atm-vc)# encapsulation aal5snap (Optional) Configures the ATM adaptation layer (AAL) and encapsulation type. The default and only supported type is aal5snap. Note Repeat Step 1 through Step 7 for each multipoint subinterface to be configured on this ATM SPA. Step 8 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. Command or Action Purpose7-14 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Verifying a Multipoint PVC Configuration To verify the configuration of a particular PVC, use the show atm pvc command: Router# show atm pvc 1/120 ATM3/1/0.120: VCD: 1, VPI: 1, VCI: 120 UBR, PeakRate: 149760 AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0 OAM frequency: 0 second(s), OAM retry frequency: 1 second(s) OAM up retry count: 3, OAM down retry count: 5 OAM Loopback status: OAM Disabled OAM VC status: Not Managed ILMI VC status: Not Managed InARP frequency: 15 minutes(s) Transmit priority 6 InPkts: 1394964, OutPkts: 1395069, InBytes: 1833119, OutBytes: 1838799 InPRoc: 1, OutPRoc: 1, Broadcasts: 0 InFast: 0, OutFast: 0, InAS: 94964, OutAS: 95062 InPktDrops: 0, OutPktDrops: 0 CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0, LengthViolation: 0, CPIErrors: 0 Out CLP=1 Pkts: 0 OAM cells received: 0 F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0 F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0 OAM cells sent: 0 F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutRDI: 0 F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0 OAM cell drops: 0 Status: UP Note To verify the configuration and current status of all PVCs on a particular interface, you can also use the show atm vc interface atm command. Configuring RFC 1483 Bridging for PVCs RFC 1483, Multiprotocol Encapsulation over ATM Adaptation Layer 5, specifies the implementation of point-to-point bridging of Layer 2 protocol data units (PDUs) from an ATM interface. Figure 7-1 shows an example in which the two routers receive VLANs over their respective trunk links and then forward that traffic out through the ATM interfaces into the ATM cloud. Figure 7-1 Example of RFC 1483 Bridging Topology Note RFC 1483 has been updated and superseded by RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5. Switch 1 Router 1 Router 2 Switch 2 117341 Trunk ports Trunk ports RFC 1483 ports ATM7-15 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks RFC 1483 Bridging for PVCs Configuration Guidelines When configuring RFC 1483 bridging for PVCs, consider the following guidelines: • PVCs must use AAL5 Subnetwork Access Protocol (SNAP) encapsulation. • To use the Virtual Trunking Protocol (VTP), ensure that each main interface has a subinterface that has been configured for the management VLANs (VLAN 1 and VLANs 1002 to 1005). VTP is not supported on bridged VCs on a Cisco 7600 SIP-200. • RFC 1483 bridging in a switched virtual circuit (SVC) environment is not supported. • The 1-Port OC-48c/STM-16 ATM SPA does not support RFC 1483 bridging. RFC 1483 Bridging for PVCs Configuration Task To configure RFC 1483 bridging for PVCs, perform the following procedure beginning in global configuration mode: Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port.subinterface point-to-point (Optional) Creates the specified point-to-point subinterface on the given port on the specified ATM SPA, and enters subinterface configuration mode. Note Although it is most common to create the PVCs on subinterfaces, you can also omit this step to create the PVCs for RFC 1483 bridging on the main interface. Step 2 Router(config-subif)# pvc [name] vpi/vci [ilmi | qsaal] Configures a new ATM PVC by assigning its VPI/VCI numbers and enters ATM VC configuration mode. The valid values for vpi/vci are: • vpi—Specifies the VPI ID. The valid range is 0 to 255. • vci—Specifies the VCI ID. The valid range is 1 to 65535. Values 1 to 31 are reserved and should not be used, except for 5 for the QSAAL PVC and 16 for the ILMI PVC. You can also configure the following options: • name—(Optional) An arbitrary string that identifies this PVC. • ilmi—(Optional) Configures the PVC to use ILMI encapsulation (default). • qsaal—(Optional) Configures the PVC to use QSAAL encapsulation. 7-16 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Verifying the RFC 1483 Bridging Configuration To verify the RFC 1483 bridging configuration and status, use the show interface atm command: Router# show interface atm 6/1/0.3 ATM6/1/0.3 is up, line protocol is up Hardware is SPA-4XOC3-ATM Internet address is 10.10.10.13/24 MTU 4470 bytes, BW 149760 Kbit, DLY 80 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ATM 5 packets input, 566 bytes 5 packets output, 566 bytes 1445 OAM cells input, 1446 OAM cells output Step 3 Router(config-if-atm-vc)# bridge-domain vlan-id [access | dot1q tag | dot1q-tunnel] [ignore-bpdu-pid] | {pvst-tlv CE-vlan} [increment] [split-horizon] Binds the PVC to the specified vlan-id. You can optionally specify the following keywords: • dot1q—(Optional) Includes the IEEE 802.1Q tag, which preserves the VLAN ID and class of service (CoS) information across the ATM cloud. • dot1q-tunnel—(Optional) Enables tunneling of IEEE 802.1Q VLANs over the same link. See the “Configuring RFC 1483 Bridging for PVCs with IEEE 802.1Q Tunneling” section on page 7-18. • ignore-bpdu-pid—(Optional) Ignores bridge protocol data unit (BPDU) packets, to allow interoperation with ATM customer premises equipment (CPE) devices that do not distinguish BPDU packets from data packets. Without this keyword, IEEE BPDUs are sent out using a PID of 0x00-0E, which complies with RFC 1483. With this keyword, IEEE BPDUs are sent out using a PID of 0x00-07, which is normally reserved for RFC 1483 data. • pvst-tlv—When transmitting, the pvst-tlv keyword translates PVST+ BPDUs into IEEE BPDUs. When receiving, the pvst-tlv keyword translates IEEE BPDUs into PVST+ BPDUs. • split-horizon—(Optional) Enables RFC 1483 split horizon mode to globally prevent bridging between PVCs in the same VLAN. Step 4 Router(config-if-atm-vc)# encapsulation aal5snap (Optional) Configures the ATM adaptation layer (AAL) and encapsulation type. The default and only supported type is aal5snap. Note Repeat Step 1 through Step 4 for each interface on the ATM SPA to be configured. Step 5 Router(config-if-atm-vc)# end Exits ATM VC configuration mode and returns to privileged EXEC mode. Command or Action Purpose7-17 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Configuring Layer 2 Protocol Tunneling Topology To enable BPDU translation for the Layer 2 Protocol Tunneling (L2PT) topologies, use the following command line: bridge-domain PE vlan dot1q-tunnel ignore-bpdu-pid pvst-tlv CE vlan Configuring Layer 2 Tunneling Protocol Version 3 (L2TPv3) Complete the following steps to configure ATM L2TPv3: Verifying L2TPv3 Configuration To verify the configuration of a PVP, use the show atm vp command in EXEC mode. Router# show atm vp 5 ATM4/1/0 VPI: 5, Cell-Relay, PeakRate: 155000, CesRate: 0, DataVCs: 0, CesVCs: 0, Status: ACTIVE VCD VCI Type InPkts OutPkts AAL/Encap Status Command or Action Purpose Step 1 Router# enable Enables privileged EXEC mode. • Enter your password if prompted. Step 2 Router# configure terminal Enters global configuration mode. Step 3 Router(config)# interface ATM type slot/port Specifies the interface by type, slot, and port number, and enters interface configuration mode. Step 4 Router(config-if)# atm pvp vpi l2transport Specifies that the PVP is dedicated to transporting ATM cells. • vpi—ATM network virtual path identifier (VPI) of the VC to multiplex on the permanent virtual path. The range is from 0 to 255. Note The l2transport keyword indicates that the PVP is for cell relay. Once you enter this command, you can enter l2transport PVP configuration mode. This configuration mode is for Layer 2 transport only; it is not for terminated PVPs. Step 5 Router(config-if)# xconnect peer-ip-address vcid pw-class pw-class-name Specifies the IP address of the peer PE router and the 32-bit virtual circuit identifier shared between the PEs at each end of the control channel. • The peer router ID (IP address) and virtual circuit ID must be a unique combination on the router. • pw-class-name—The pseudowire class configuration from which the data encapsulation type (L2TPv3) is taken. The pseudowire class parameter binds the cross-connect statement to a specific pseudowire class. The pseudowire class then serves as the template configuration for all attachment circuits bound to it.7-18 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks 8 3 PVC 0 0 F4 OAM ACTIVE 9 4 PVC 0 0 F4 OAM ACTIVE TotalInPkts: 0, TotalOutPkts: 0, TotalInFast: 0, TotalOutFast: 0, TotalBroadcasts: 0 Configuring RFC 1483 Bridging for PVCs with IEEE 802.1Q Tunneling RFC 1483 bridging (see the “Configuring RFC 1483 Bridging for PVCs” section on page 7-14) can also include IEEE 802.1Q tunneling, which allows service providers to aggregate multiple VLANs over a single VLAN, while still keeping the individual VLANs segregated and preserving the VLAN IDs for each customer. This tunneling simplifies traffic management for the service provider, while keeping the customer networks secure. Also, the IEEE 802.1Q tunneling is configured only on the service provider routers, so it does not require any additional configuration on the customer-side routers. The customer side is not aware of the configuration. Note For complete information on IEEE 802.1Q tunneling on a Cisco 7600 series router, see the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SX Note RFC 1483 has been updated and superseded by RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5. RFC 1483 Bridging for PVCs with IEEE 802.1Q Tunneling Configuration Guidelines When configuring RFC 1483 bridging for PVCs with IEEE 802.1Q tunneling, consider the following guidelines: • Customer equipment must be configured for RFC 1483 bridging with IEEE 802.1Q tunneling using the bridge-domain dot1q ATM VC configuration command. See the “Configuring RFC 1483 Bridging for PVCs” section on page 7-14 for more information. • PVCs must use AAL5 encapsulation. • RFC 1483 bridged PVCs must terminate on the ATM SPA, and the traffic forwarded over this bridged connection to the edge must be forwarded through an Ethernet port. • To use the Virtual Trunking Protocol (VTP), each main interface should have a subinterface that has been configured for the management VLANs (VLANs 1 and 1002–1005). • RFC 1483 bridging in a switched virtual circuit (SVC) environment is not supported. 7-19 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks RFC 1483 Bridging for PVCs with IEEE 802.1Q Tunneling Configuration Task To configure RFC 1483 bridging for PVCs with IEEE 802.1Q tunneling, perform the following procedure beginning in global configuration mode: Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port.subinterface point-to-point (Optional) Creates the specified point-to-point subinterface on the given port on the specified ATM SPA, and enters subinterface configuration mode. Note Although it is most common to create the PVCs on subinterfaces, you can also omit this step to create the PVCs for RFC 1483 bridging on the main interface. Step 2 Router(config-subif)# pvc [name] vpi/vci [ilmi | qsaal] Configures a new ATM PVC by assigning its VPI/VCI numbers and enters ATM VC configuration mode. The valid values for vpi/vci are: • vpi—Specifies the VPI ID. The valid range is 0 to 255. • vci—Specifies the VCI ID. The valid range is 1 to 65535. Values 1 to 31 are reserved and should not be used, except for 5 for the QSAAL PVC and 16 for the ILMI PVC. You can also configure the following options: • name—(Optional) An arbitrary string that identifies this PVC. • ilmi—(Optional) Configures the PVC to use ILMI encapsulation (default). • qsaal—(Optional) Configures the PVC to use QSAAL encapsulation. Note When using the pvc command, remember that the vpi/vci combination forms a unique identifier for the interface and all of its subinterfaces. If you specify a vpi/vci combination that has been used on another subinterface, the Cisco IOS software assumes that you want to modify that PVC’s configuration and automatically switches to its parent subinterface. Step 3 Router(config-if-atm-vc)# bridge-domain vlan-id dot1q-tunnel Binds the PVC to the specified vlan-id and enables the use of IEEE 802.1Q tunneling on the PVC. This preserves the VLAN ID information across the ATM cloud. Step 4 Router(config-if-atm-vc)# encapsulation aal5snap (Optional) Configures the ATM adaptation layer (AAL) and encapsulation type. The default and only supported type is aal5snap. Note Repeat Step 1 through Step 4 for each interface on the ATM SPA to be configured. Step 5 Router(config-if-atm-vc)# end Exits ATM VC configuration mode and returns to privileged EXEC mode. 7-20 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Verifying the RFC 1483 for PVCs Bridging with IEEE 802.1Q Tunneling Configuration To verify the IEEE 802.1Q tunneling on an ATM SPA, use the show 12-protocol-tunnel command: Router# show l2protocol-tunnel CoS for Encapsulated Packets: 5 Port Protocol Shutdown Drop Encapsulation Decapsulation Drop Threshold Threshold Counter Counter Counter ------- -------- --------- --------- ------------- ------------- ------------- Gi4/2 cdp ---- ---- 0 0 0 stp ---- ---- 0 0 0 vtp ---- ---- 0 0 0 ATM6/2/1 cdp ---- ---- n/a n/a n/a stp ---- ---- n/a n/a n/a vtp ---- ---- n/a n/a n/a Note The counters in the output of the show l2protocol-tunnel command are not applicable for ATM interfaces when IEEE 802.1Q tunneling is enabled. Use the following command to display the interfaces that are configured with an IEEE 802.1Q tunnel: Router# show dot1q-tunnel LAN Port(s) ----------- Gi4/2 ATM Port(s) ----------- ATM6/2/1 Configuring ATM RFC 1483 Half-Bridging The ATM SPA supports ATM RFC 1483 half-bridging, which routes IP traffic from a stub-bridged Ethernet LAN over a bridged RFC 1483 ATM interface, without using integrated routing and bridging (IRB). This allows bridged traffic that terminates on an ATM PVC to be routed on the basis of the destination IP address. For example, Figure 7-2 shows a remote bridged Ethernet network connecting to a routed network over a device that bridges the Ethernet LAN to the ATM interface. Figure 7-2 ATM RFC 1483 Half-Bridging When half-bridging is configured, the ATM interface receives the bridged IP packets and routes them according to each packet’s IP destination address. Similarly, when packets are routed to this ATM PVC, it then forwards them out as bridged packets on its bridge connection. 117339 ATM 4/1/0.100 172.31.5.9 Ethernet subnet 172.31.5.07-21 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks This use of a stub network topology offers better performance and flexibility over integrated routing and bridging (IRB). This also helps to avoid a number of issues such as broadcast storms and security risks. In particular, half-bridging reduces the potential security risks that are associated with normal bridging configurations. Because the ATM interface allocates a single virtual circuit (VC) to a subnet (which could be as small as a single IP address), half-bridging limits the size of the nonsecured network that can be allowed access to the larger routed network. This makes half-bridging configurations ideally suited for customer access points, such digital subscriber lines (DSL). Note RFC 1483 has been updated and superseded by RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5. However, to avoid confusion, this document continues to use the previously-used terminology of “RFC 1483 ATM half-bridging.” To configure a point-to-multipoint ATM PVC for ATM half-bridging, use the configuration task in the following section. Note Use the following configuration task when you want to configure point-to-multipoint PVCs for half-bridging operation. Use the configuration task in the “Configuring ATM Routed Bridge Encapsulation” section on page 7-23 to configure a point-to-point PVC for similar functionality. ATM RFC 1483 Half-Bridging Configuration Guidelines When configuring ATM RFC 1483 half-bridging, consider the following guidelines: • Supports only IP traffic and access lists. • Supports only fast switching and process switching. • Supports only PVCs that are configured on multipoint subinterfaces. SVCs are not supported for half-bridging. • A maximum of one PVC can be configured for half-bridging on each subinterface. Other PVCs can be configured on the same subinterface, as long as they are not configured for half-bridging as well. • The same PVC cannot be configured for both half-bridging and full bridging. ATM RFC 1483 Half-Bridging Configuration Task To configure ATM RFC 1483 half-bridging, perform the following procedure beginning in global configuration mode: Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port.subinterface multipoint Creates the specified point-to-point subinterface on the given port on the specified ATM SPA, and enters subinterface configuration mode. Step 2 Router(config-subif)# ip address address mask [secondary] Assigns the specified IP address and subnet mask to this subinterface. This IP address should be on the same subnet as the remote bridged network (the Ethernet network). 7-22 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Verifying the ATM RFC 1483 Half-Bridging Configuration To verify the ATM RFC 1483 half-bridging configuration, use the show atm vc command: Router# show atm vc 20 ATM4/0/0.20: VCD: 20, VPI: 1, VCI: 20 UBR, PeakRate: 149760 AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0 OAM frequency: 0 second(s) InARP frequency: 15 minutes(s), 1483-half-bridged-encap Transmit priority 6 InPkts: 2411, OutPkts: 2347, InBytes: 2242808, OutBytes: 1215746 InPRoc: 226, OutPRoc: 0 InFast: 0, OutFast: 0, InAS: 2185, OutAS: 2347 InPktDrops: 1, OutPktDrops: 0 InByteDrops: 0, OutByteDrops: 0 CrcErrors: 139, SarTimeOuts: 0, OverSizedSDUs: 0, LengthViolation: 0, CPIErrors: 0 Out CLP=1 Pkts: 0 OAM cells received: 0 OAM cells sent: 0 Status: UP Step 3 Router(config-subif)# pvc [name] vpi/vci [ilmi | qsaal] Configures a new ATM PVC by assigning its VPI/VCI numbers and enters ATM VC configuration mode. The valid values for vpi/vci are: • vpi—Specifies the VPI ID. The valid range is 0 to 255. • vci—Specifies the VCI ID. The valid range is 1 to 65535. Values 1 to 31 are reserved and should not be used, except for 5 for the QSAAL PVC and 16 for the ILMI PVC. You can also configure the following options: • name—(Optional) An arbitrary string that identifies this PVC. • ilmi—(Optional) Configures the PVC to use ILMI encapsulation (default). • qsaal—(Optional) Configures the PVC to use QSAAL encapsulation. Note When using the pvc command, remember that the vpi/vci combination forms a unique identifier for the interface and all of its subinterfaces. If you specify a vpi/vci combination that has been used on another subinterface, the Cisco IOS software assumes that you want to modify that PVC’s configuration and automatically switches to its parent subinterface. Step 4 Router(config-if-atm-vc)# encapsulation aal5snap bridge (Optional) Configures the ATM adaptation layer (AAL) and encapsulation type, and specifies that half-bridging should be used. Step 5 Router(config-if-atm-vc)# end Exits ATM VC configuration mode and returns to privileged EXEC mode. Command or Action Purpose7-23 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Configuring ATM Routed Bridge Encapsulation The ATM SPAs support ATM Routed Bridge Encapsulation (RBE), which is similar in functionality to RFC 1483 ATM half-bridging, except that ATM half-bridging is configured on a point-to-multipoint PVC, while RBE is configured on a point-to-point PVC (see the “Configuring ATM RFC 1483 Half-Bridging” section on page 7-20). Note The 1-Port OC-48c/STM-16 ATM SPA does not support RBE. Use the following configuration task to configure a point-to-point subinterface and PVC for RBE bridging. Note RFC 1483 has been updated and superseded by RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5. ATM Routed Bridge Encapsulation Configuration Guidelines When configuring ATM RBE, consider the following guidelines: • Supported only on ATM SPAs in a Cisco 7600 SIP-200. RBE is not supported when using a Cisco 7600 SIP-400. • Supports only AAL5SNAP encapsulation. • Supports only IP access lists, not MAC-layer access lists. • Supports only fast switching and process switching. • Supports distributed Cisco Express Forwarding (dCEF). • Supports only PVCs on point-to-point subinterfaces. SVCs are not supported for half-bridging. • The bridge-domain command cannot be used on any PVC that is configured for RBE, because an RBE PVC acts as the termination point for bridged packets. • The atm bridge-enable command, which was used in previous releases on other ATM interfaces, is not supported on ATM SPA interfaces. • The IS-IS protocol is not supported with point-to-point PVCs that are configured for RBE bridging. RBE Configuration Limitation Supports Only One Remote MAC Address On the Cisco 7600 series router with a Supervisor Engine 720 or Route Switch Processor 720 (RSP720) and the following SPA, an ATM PVC with an RBE configuration can send packets to only a single MAC address: • ATM SPA on the Cisco 7600 SIP-200 This restriction occurs because the Cisco 7600 series router keeps only one MAC address attached to an RBE PVC. The MAC address-to-PVC mapping is refreshed when a packet is received from the host. If there are multiple hosts connected to the PVC, the mapping is not stable and traffic forwarding is affected. 7-24 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks The solution to this problem is as follows: 1. Configure the ATM PVC for RFC 1483 bridging using the bridge domain vlan x command line interface. 2. Configure an interface vlan vlan x with the IP address of the RBE subinterface. ATM Routed Bridge Encapsulation Configuration Task To configure ATM routed bridge encapsulation, perform the following procedure beginning in global configuration mode: Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port.subinterface point-to-point Creates the specified multipoint subinterface on the given port on the specified ATM SPA, and enters subinterface configuration mode. Step 2 Router(config-subif)# atm route-bridge ip Enables ATM RFC 1483 half-bridging (RBE bridging). Note The atm route-bridge ip command can be issued either before or after you create the PVC. Step 3 Router(config-subif)# ip address address mask [secondary] Assigns the specified IP address and subnet mask to this subinterface. This IP address should be on the same subnet as the remote bridged network (the Ethernet network). Step 4 Router(config-subif)# pvc [name] vpi/vci [ilmi | qsaal] Configures a new ATM PVC by assigning its VPI/VCI numbers and enters ATM VC configuration mode. The valid values for vpi/vci are: • vpi—Specifies the VPI ID. The valid range is 0 to 255. • vci—Specifies the VCI ID. The valid range is 1 to 65535. Values 1 to 31 are reserved and should not be used, except for 5 for the QSAAL PVC and 16 for the ILMI PVC. You can also configure the following options: • name—(Optional) An arbitrary string that identifies this PVC. • ilmi—(Optional) Configures the PVC to use ILMI encapsulation (default). • qsaal—(Optional) Configures the PVC to use QSAAL encapsulation. Note When using the pvc command, remember that the vpi/vci combination forms a unique identifier for the interface and all of its subinterfaces. If you specify a vpi/vci combination that has been used on another subinterface, the Cisco IOS software assumes that you want to modify that PVC’s configuration and automatically switches to its parent subinterface. Step 5 Router(config-if-atm-vc)# encapsulation aal5snap (Optional) Configures the ATM adaptation layer (AAL) and encapsulation type. The only supported encapsulation for an RBE PVC is aal5snap. Step 6 Router(config-if-atm-vc)# end Exits ATM VC configuration mode and returns to privileged EXEC mode. 7-25 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Note The atm route-bridge ip command, like other subinterface configuration commands, is not automatically removed when you delete a subinterface. If you want to remove a subinterface and re-create it without the half-bridging, be sure to manually remove the half-bridging configuration, using the no atm route-bridge ip command. Verifying the ATM Routed Bridge Encapsulation Configuration To verify the RBE bridging configuration, use the show ip cache verbose command: Router# show ip cache verbose IP routing cache 3 entries, 572 bytes 9 adds, 6 invalidates, 0 refcounts Minimum invalidation interval 2 seconds, maximum interval 5 seconds, quiet interval 3 seconds, threshold 0 requests Invalidation rate 0 in last second, 0 in last 3 seconds Last full cache invalidation occurred 00:30:34 ago Prefix/Length Age Interface Next Hop 10.1.0.51/32-24 00:30:10 Ethernet3/1/0 10.1.0.51 14 0001C9F2A81D00600939BB550800 10.8.100.50/32-24 00:00:04 ATM1/1/0.2 10.8.100.50 28 00010000AA030080C2000700000007144F5D201C0800 10.8.101.35/32-24 00:06:09 ATM1/1/0.4 10.8.101.35 28 00020000AA030080C20007000000E01E8D3F901C0800 Note The show IP cache command is not supported in the RBE feature Configuring RFC 1483 Bridging of Routed Encapsulations When RFC 1483 routed ATM-based packets come into the Cisco 7600 series router through a PVC, there is no Ethernet payload header on them. Bridging of routed encapsulations (BRE) enables the router to receive RFC 1483 routed encapsulated packets and forward them as Layer 2 frames. In a BRE configuration, the PVC receives the routed PDUs, removes the RFC 1483 routed encapsulation header, and adds an Ethernet MAC header to the packet. The Layer 2 encapsulated packet is then switched by the forwarding engine to the Layer 2 interface determined by the VLAN number and destination MAC address. BRE is supported on all SIP-200 and SIP-400 ATM SPAs. The PVCs must be AAL5 encapsulated. Note The 1-Port OC-48c/STM-16 ATM SPA does not support bridging. Figure 7-3 shows a topology where an interface on an ATM SPA receives routed PDUs from the ATM cloud and encapsulates them as Layer 2 frames. It then forwards the frames to the Layer 2 customer device. 7-26 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Figure 7-3 Example of BRE Topology RFC 1483 Bridging of Routed Encapsulations Configuration Guidelines When configuring RFC 1483 bridging of routed encapsulations, consider the following guidelines: • BRE requires that the ATM SPAs are installed in a Cisco 7600 SIP-200. • PVCs must use AAL5 encapsulation. • RFC 1483 bridged PVCs must terminate on the ATM SPA, and the traffic forwarded over this bridged connection to the edge must be forwarded through an Ethernet port. • To use the Virtual Trunking Protocol (VTP), each main interface should have a subinterface that has been configured for the management VLANs (VLAN 1 and VLANs 1002 to 1005). • Concurrent configuration of RFC 1483 bridging and BRE on the same PVC and VLAN is not supported. • Bridging between RFC 1483 bridged PVCs is not supported. • RFC 1483 bridging in a switched virtual circuit (SVC) environment is not supported. • You should not use the same VLAN in BRE and bridge-domain. Note While configuring BRE on an ATM interface, the BRE end does not have an ip address configured (L2) whereas at the non BRE end, an ip address is configured (L3). RFC 1483 Bridging of Routed Encapsulations Configuration Task To configure RFC 1483 bridging of routed encapsulations, perform the following procedure beginning in global configuration mode: ATM CPE1 Cisco 7600 CPE2 Ethernet frames RFC 1483 Routed Encapsulated ATM PDUs 117340 Edge router CE Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port Enters interface configuration mode for the indicated port on the specified ATM SPA. Step 2 Router(config-if)# no ip address Assigns no IP address to the interface. Step 3 Router(config-if)# spanning-tree bpdufilter enable (Optional) Blocks all Spanning Tree BPDUs on the ATM interface. This command should be used if this ATM interface is configured only for BRE VLANs. Note If this ATM interface is configured for both BRE and RFC 1483 bridged VLANs, do not enter this command unless you want to explicitly block BPDUs on the interface. 7-27 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Verifying the RFC 1483 Bridging of Routed Encapsulations Configuration Use the following commands to verify the RFC 1483 bridging of routed encapsulations configuration: Router# show running-config interface atm Step 4 Router(config-if)# no shutdown Enables the interface. Step 5 Router(config-if)# interface atm slot/subslot/port.subinterface point-to-point Creates the specified point-to-point subinterface on the given port on the specified ATM SPA, and enters subinterface configuration mode. Step 6 Router(config-subif)# no ip address Assigns no IP address to the subinterface. Step 7 Router(config-subif)# pvc [name] vpi/vci [ilmi | qsaal] Configures a new ATM PVC by assigning its VPI/VCI numbers and enters ATM VC configuration mode. The valid values for vpi/vci are: • vpi—Specifies the VPI ID. The valid range is 0 to 255. • vci—Specifies the VCI ID. The valid range is 1 to 65535. Values 1 to 31 are reserved and should not be used, except for 5 for the QSAAL PVC and 16 for the ILMI PVC. You can also configure the following options: • name—(Optional) An arbitrary string that identifies this PVC. • ilmi—(Optional) Configures the PVC to use ILMI encapsulation (default). • qsaal—(Optional) Configures the PVC to use QSAAL encapsulation. Note When using the pvc command, remember that the vpi/vci combination forms a unique identifier for the interface and all of its subinterfaces. If you specify a vpi/vci combination that has been used on another subinterface, the Cisco IOS software assumes that you want to modify that PVC’s configuration and automatically switches to its parent subinterface. Step 8 Router(config-if-atm-vc)# bre-connect vlan-id [mac mac-address] Enables BRE bridging on the PVC, where: • mac mac-address—(Optional) Specifies the hardware (MAC) address of the destination customer premises equipment (CPE) device at the remote end of the VLAN connection. Step 9 Router(config-if-atm-vc)# interface gigabitethernet slot/port Enters interface configuration mode for the specified Gigabit Ethernet interface. Step 10 Router(config-if)# switchport Configures the Gigabit Ethernet interface for Layer 2 switching. Step 11 Router(config-if)# switchport access vlan vlan-id (Optional) Specifies the default VLAN for the interface. This should be the same VLAN ID that was specified in the bre-connect command in Step 8. Step 12 Router(config-if)# switchport mode access Puts the interface into nontrunking mode. Step 13 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. Command or Action Purpose7-28 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks 10/0/3.111 Building configuration... Current configuration : 149 bytes ! interface ATM10/0/3.111 point-to-point no atm enable-ilmi-trap no snmp trap link-status pvc 11/101 bre-connect 11 mac 0100.1234.1234 Router# show running-config interface gigabitethernet 1/2 interface GigabitEthernet1/2 no ip address switchport switchport access vlan 100 no cdp enable ! Router# show vlan id 100 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 100 VLAN0100 active Gi1/2, AT5/0/2 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 100 enet 100100 1500 - - - - - 0 0 Router# show atm vlan Interface Bridge VCD Vlan ID ATM4/5/0/2.1 1 100 Configuring the Bridged Routed Encapsulation within an Automatic Protection Switching Group You can configure only one VC on the same VLAN. To configure more than one VC, customers configure two different VLANS on the protected and working interface of the Automatic Protection Switching (APS) group. This workaround is not a viable long-term solution because it results in high convergence time and an inefficient use of VLANS. To resolve these limitations, you can use the BRE+APS feature to configure two VCs for the same VLAN, provided their parent interfaces too belong to the same Automatic Protection Switching (APS) group. The show atm vlan bre command is used to reflect the status of the PVCs configured. Supported Line Cards This feature is supported on the SIP-200 and SIP-400 line cards. Requirements and Restrictions Follow these requirements and restrictions when you configure the BRE+APS feature: • You can configure BRE-connect VLANS for two different VCs if the new VC: – belongs to the same APS group to which the first VC belongs. – does not belong to the same ATM interface as the first VC.7-29 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks • Before you change the APS parameters of an interface (changing the APS group or removing the APS configurations), first ensure that the BRE configurations on the interface are removed. Note To configure APS on an ATM interface, refer Configuring APS, page 15-9 Verifying the Bridged Routed Encapsulation within an Automatic Protection Switching Group Configuration This example shows how to verify the configuration of BRE ATM VLAN: Router# show atm vlan bre Interface Bre VCD VPI/VCI Vlan Learned MAC Virtual MAC State ATM3/0/0.1 1 0/11 100 0000.0000.0000 0000.0300.0001 UP ATM3/0/0.2 2 1/13 200 0000.0000.0000 0000.0300.0002 UP ATM4/0/0.2 2 1/13 300 0000.0000.0000 0000.0400.0002 DN Warning Messages Consider instances where you have configured APS on the main interface, and have configured BRE within a main interface and subinterface. The warning message “%ATM2/0/0 - Remove BRE configs on this interface before changing APS configs"appears when you attempt to modify the APS configurations in the main interface, without removing the BRE configurations first. Configuring MPLS over RBE The ATM SPAs support MLPS over RBE on a Cisco 7600 SIP-200. For more information on routed bridged encapsulation (RBE), see the “Configuring ATM Routed Bridge Encapsulation” section on page 7-23. To use this feature, configure both RBE and MPLS on the ATM subinterface using the following procedure: Verifying MPLS over RBE Configuration Use the following commands to verify MPLS over RBE configuration: Router# show running interfaces a4/1/0.200 interface ATM4/1/0.200 point-to-point Command or Action Purpose Step 1 Router(config)# show atm vlan bre Verifies the configuration and displays the status of the PVC. An active VC is displayed as UP and an inactive VC as DN (down). Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port Enters interface configuration mode for the indicated port on the specified ATM SPA. Step 2 Router(config-if)# ip address Assigns an IP address to the interface. Step 3 Router(config-if)# atm route-bridge ip Configures RBE. Step 4 Router(config-if)# mpls ip Configures MPLS.7-30 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks ip address 3.0.0.2 255.255.0.0 atm route-bridged ip tag-switching ip pvc 10/200 ! Router# show mpls interfaces Interface IP Tunnel Operational ATM4/1/0.200 Yes (ldp) No Yes Router# show mpls ldp bindings tib entry: 5.0.0.0/16, rev 2 local binding: tag: imp-null tib entry: 6.0.0.0/16, rev 4 local binding: tag: imp-null remote binding: tsr: 3.0.0.1:0, tag: imp-null Router# show mpls ldp neighbor Peer LDP Ident: 3.0.0.1:0; Local LDP Ident 3.0.0.2:0 TCP connection: 3.0.0.1.646 - 3.0.0.2.11001 State: Oper; Msgs sent/rcvd: 134/131; Downstream Up time: 01:51:08 LDP discovery sources: ATM4/1/0.200, Src IP addr: 6.0.0.1 Addresses bound to peer LDP Ident: 6.0.0.1 Router# show mpls forwarding Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 16 Pop tag 3.0.0.0/16 0 AT4/1/0.200 6.0.0.1 17 Pop tag 16.16.16.16/32 0 AT4/1/0.200 6.0.0.1 18 19 13.13.13.13/32 134 AT4/1/0.200 6.0.0.1 <<<<< 19 Pop tag 17.17.17.17/32 0 PO8/0/0.1 point2point Configuring Aggregate WRED for PVCs Weighted Random Early Detection (WRED) is the Cisco implementation of Random Early Detection (RED) for standard Cisco IOS platforms. RED is a congestion-avoidance technique that takes advantage of the congestion-control mechanism of TCP to anticipate and avoid congestion before it occurs. By dropping packets prior to periods of high congestion, RED tells the packet source (usually TCP) to decrease its transmission rate. When configured, WRED can selectively discard lower priority traffic and provide differentiated performance characteristics for different classes of service. The Aggregate WRED feature provides a means to overcome limitations of WRED implementations that can only support a limited number of unique subclasses. When an interface enables support for aggregate WRED, subclasses that share the same minimum threshold, maximum threshold, and mark probability values can be configured into one aggregate subclass based on their IP precedence value or differentiated services code point (DSCP) value. (The DSCP value is the first six bits of the IP type of service [ToS] byte.) You can also define a default aggregate subclass for all subclasses that have not been explicitly defined. For more complete information on WRED, refer to the Cisco IOS Quality of Service Solutions Configuration Guide.7-31 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Aggregate WRED Configuration Guidelines When configuring aggregate WRED on an ATM SPA interface, consider the following guidelines: • The Aggregate WRED feature requires that the ATM SPAs are installed in a Cisco 7600 SIP-200 or a Cisco 7600 SIP-400. • With the Aggregate WRED feature, the previous configuration limitation of a maximum of 6 precedence values per class per WRED policy map is no longer in effect. • When you configure a policy map class for aggregated WRED on an ATM interface, then you cannot also configure the standard random-detect commands in interface configuration or policy-map class configuration mode. • Specifying the precedence-based keyword is optional, precedence-based is the default form of aggregate WRED. • The set of subclass values (IP precedence or DSCP) defined on a random-detect precedence (aggregate) or random-detect dscp (aggregate) CLI will be aggregated into a single hardware WRED resource. The statistics for these subclasses will also be aggregated. • Defining WRED parameter values for the default aggregate class is optional. If defined, WRED parameters applied to the default aggregate class will be used for all subclasses that have not been explicitly configured. If all possible IP precedence or DSCP values are defined as subclasses, a default specification is unnecessary. If the optional parameters for a default aggregate class are not defined and packets with an unconfigured IP precedence or DSCP value arrive at the interface, these undefined subclass values will be set based on interface (VC) bandwidth. • After aggregate WRED has been configured in a service policy map, the service policy map must be applied at the ATM VC level (as shown in Step 5 through Step 8 of “Configuring Aggregate WRED Based on IP Precedence”). • The Aggregate WRED feature is not supported in a switched virtual circuit (SVC) environment. Configuring Aggregate WRED Based on IP Precedence To configure aggregate WRED to drop packets based on IP precedence values, use the following commands beginning in global configuration mode: Command Purpose Step 1 Router(config)# policy-map policy-map-name Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. • policy-map-name—Name of a service policy map to be created. The name can be a maximum of 40 alphanumeric characters. Step 2 Router(config-pmap)# class {class-name | class-default} Specifies the class policy to be configured. • class-name—Name of class you want to configure. Note that WRED can be defined for a user-defined class only if the class has the bandwidth/shape feature enabled. • class-default—Default class.7-32 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Step 3 Router(config-pmap-c)# random-detect [precedence-based] aggregate [minimum-thresh min-thresh maximum-thresh max-thresh mark-probability mark-prob] Enables aggregate WRED based on IP precedence values. If optional parameters for a default aggregate class are not defined, these parameters will be set based on interface (VC) bandwidth. • precedence-based—(Optional) Specifies that aggregate WRED is to drop packets based on IP precedence values. This is the default. • min-thresh—(Optional) Minimum threshold in number of packets. The value range of this argument is from 1 to 12288. • max-thresh—(Optional) Maximum threshold in number of packets. The value range of this argument is from the value of the minimum threshold argument to 12288. • mark-prob—(Optional) Denominator for the fraction of packets dropped when the average queue depth is at the maximum threshold. The value range is from 1 to 255. Step 4 Router(config-pmap-c)# random-detect precedence values sub-class-val1 [...[sub-class-val8]] minimum-thresh min-thresh maximum-thresh max-thresh [mark-probability mark-prob] Configures the WRED parameters for packets with one or more specific IP precedence values. • sub-class-val1 [...[sub-class-val8]]—One or more specific IP precedence values to which the following WRED profile parameter specifications are to apply. A maximum of 8 subclasses (IP precedence values) can be specified per CLI entry. The IP precedence value can be a number from 0 to 7. • min-thresh—Minimum threshold in number of packets. The value range of this argument is from 1 to 12288. • max-thresh—Maximum threshold in number of packets. The value range of this argument is from the value of the minimum threshold argument to 12288. • mark-prob—Denominator for the fraction of packets dropped when the average queue depth is at the maximum threshold. The value range is from 1 to 255. Repeat this command for each set of IP precedence values that share WRED parameters. Command Purpose7-33 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Verifying the Precedence-Based Aggregate WRED Configuration To verify a precedence-based aggregate WRED configuration, use the show policy-map interface command. Note that the statistics for IP precedence values 0 through 3 and 4 and 5 have been aggregated into one line each. Router# show policy-map interface a4/1/0.10 ATM4/1/0.10: VC 10/110 - Service-policy output: prec-aggr-wred Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any Exp-weight-constant: 9 (1/512) Step 5 Router(config-pmap-c)# interface atm slot/subslot/port.subinterface point-to-point Creates the specified point-to-point subinterface on the given port on the specified ATM SPA, and enters subinterface configuration mode. • slot—Chassis slot number where the SIP is installed. • subslot—Secondary slot of the SIP where the SPA is installed. • port —Number of the individual interface port on the SPA. • .subinterface—Subinterface number. The number that precedes the period must match the number to which this subinterface belongs. The range is 1 to 4,294,967,293. Step 6 Router(config-subif)# ip address address mask Assigns the specified IP address and subnet mask to the interface. • address—IP address. • mask—Subnet mask. Step 7 Router(config-subif)# pvc [name] vpi/vci [ilmi | qsaal] Configures a new ATM PVC by assigning an optional name and its VPI/VCI numbers. • name—(Optional) An arbitrary string that identifies this PVC. • vpi—VPI ID. The range is 0 to 255. • vci—VCI ID. The valid range is 1 to 65535. Values 1 to 31 are reserved and should not be used, except 5 for the QSAAL PVC and 16 for the ILMI PVC. Step 8 Router(config-subif)# service-policy output policy-map-name Attaches the specified policy map to the subinterface. • policy-map-name—Name of a service policy map to be attached. The name can be a maximum of 40 alphanumeric characters. Command Purpose7-34 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Mean queue depth: 0 class Transmitted Random drop Tail drop Minimum Maximum Mark pkts/bytes pkts/bytes pkts/bytes thresh thresh prob 0 1 2 3 0/0 0/0 0/0 10 100 1/10 4 5 0/0 0/0 0/0 40 400 1/10 6 0/0 0/0 0/0 60 600 1/10 7 0/0 0/0 0/0 70 700 1/10 Configuring Aggregate WRED Based on DSCP To configure aggregate WRED to drop packets based on the differentiated services code point (DSCP) value, use the following commands beginning in global configuration mode: Command Purpose Step 1 Router(config)# policy-map policy-map-name Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. • policy-map-name—Name of a service policy map to be created. The name can be a maximum of 40 alphanumeric characters. Step 2 Router(config-pmap)# class {class-name | class-default} Specifies the class policy to be configured. • class-name—Name of class you want to configure. Note that WRED can be defined for a user-defined class only if the class has the bandwidth/shape feature enabled. • class-default—Default class. Step 3 Router(config-pmap-c)# random-detect dscp-based aggregate [minimum-thresh min-thresh maximum-thresh max-thresh mark-probability mark-prob] Enables aggregate WRED based on DSCP values. If optional parameters for a default aggregate class are not defined, these parameters will be set based on interface (VC) bandwidth. • min-thresh—(Optional) Minimum threshold in number of packets. The value range of this argument is from 1 to 12288. • max-thresh—(Optional) Maximum threshold in number of packets. The value range of this argument is from the value of the minimum threshold argument to 12288. • mark-prob—(Optional) Denominator for the fraction of packets dropped when the average queue depth is at the maximum threshold. The value range is from 1 to 255. 7-35 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Step 4 Router(config-pmap-c)# random-detect dscp values sub-class-val1 [...[sub-class-val8]] minimum-thresh min-thresh maximum-thresh max-thresh [mark-probability mark-prob] Configures the WRED parameters for packets with one or more specific DSCP values. • sub-class-val1 [...[sub-class-val8]]—One or more DSCP values to which the following WRED parameter specifications are to apply. [A maximum of 8 subclasses (IP precedence values) can be specified per CLI entry.] The DSCP value can be a number from 0 to 63, or it can be one of the following keywords: ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, or cs7 • min-thresh—Specifies the minimum threshold in number of packets. The value range of this argument is from 1 to 12288. • max-thresh—Specifies the maximum threshold in number of packets. The value range of this argument is from the value of the minimum threshold argument to 12288. • mark-prob—Specifies the denominator for the fraction of packets dropped when the average queue depth is at the maximum threshold. The value range is from 1 to 255. Repeat this command for each set of DSCP values that share WRED parameters. Step 5 Router(config-pmap-c)# interface atm slot/subslot/port.subinterface point-to-point Creates the specified point-to-point subinterface on the given port on the specified ATM SPA, and enters subinterface configuration mode. • slot—Chassis slot number where the SIP is installed. • subslot—Secondary slot of the SIP where the SPA is installed. • port—Number of the individual interface port on the SPA. • .subinterface—subinterface number. The number that precedes the period must match the number to which this subinterface belongs. The range is 1 to 4,294,967,293. Step 6 Router(config-subif)# ip address address mask Assigns the specified IP address and subnet mask to the interface. • address—IP address. • mask—Subnet mask. Command Purpose7-36 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Verifying the DSCP-Based Aggregate WRED Configuration To verify a DSCP-based aggregate WRED configuration, use the show policy-map interface command. Note that the statistics for DSCP values 0 through 3, 4 through 7, and 8 through 11 have been aggregated into one line each. Router# show policy-map interface a4/1/0.11 ATM4/1/0.11: VC 11/101 - Service-policy output: dscp-aggr-wred Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any Exp-weight-constant: 0 (1/1) Mean queue depth: 0 class Transmitted Random drop Tail drop Minimum Maximum Mark pkts/bytes pkts/bytes pkts/bytes thresh thresh prob default 0/0 0/0 0/0 1 10 1/10 0 1 2 3 4 5 6 7 0/0 0/0 0/0 10 20 1/10 8 9 10 11 0/0 0/0 0/0 10 40 1/10 Configuring Non-aggregate WRED Prior to 15.0(1)S release ATM SPA supported only aggregate Weighted Random Early Detection (WRED), where a set of subclass (IP precedence or DSCP) values is aggregated on a single hardware WRED resource on the SPA. ATM SPA has 8 queues per class of which one is reserved for priority traffic and the others for default traffic. Remaining 6 queues is used for user-defined queues. From 15.0(1)S Release, ATM SPA also supports Non-aggregate Weighted Random Early Detection (WRED) on a SIP-200 and SIP-400. ATM SPA supports limited non-aggregate WRED for the specified DSCP or precedence values (maximum of 6) and the rest non-specified DSCP or precedence goes to default profile. Step 7 Router(config-subif)# pvc [name] vpi/vci [ilmi | qsaal] Configures a new ATM PVC by assigning an optional name and its VPI/VCI numbers. • name—(Optional) An arbitrary string that identifies this PVC. • vpi—VPI ID. The range is 0 to 255. • vci—VCI ID. The valid range is 1 to 65535. Values 1 to 31 are reserved and should not be used, except 5 for the QSAAL PVC and 16 for the ILMI PVC. Step 8 Router(config-subif)# service-policy output policy-map-name Attaches the specified policy map to the subinterface. • policy-map-name—Name of a service policy map to be attached. The name can be a maximum of 40 alphanumeric characters Command Purpose7-37 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Non-aggregate WRED Configuration Guidelines When configuring non-aggregate WRED on an ATM SPA interface, consider the following guidelines: • The Non-aggregate WRED feature is supported on a SIP-200 and SIP-400 requires that the ATM SPAs are installed in a SIP-200 or a SIP-400. • Non-aggregate WRED has maximum of 6 user-defined WRED queues. Configuring Non-aggregate WRED Based on IP Precedence To configure non-aggregate WRED to drop packets based on IP precedence values, use the following commands in the global configuration mode: Command Purpose Step 1 Router(config)# policy-map policy-map-name Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. • policy-map-name—Name of a service policy map to be created. The name can be a maximum of 40 alphanumeric characters. Step 2 Router(config-pmap)# class {class-name | class-default} Specifies the class policy to be configured. • class-name—Name of class you want to configure. Note that WRED can be defined for a user-defined class only if the class has the bandwidth/shape feature enabled. • class-default—Default class. Step 3 Router(config-pmap-c)# random-detect [precedence-based] Enables non-aggregate WRED based on IP precedence values. If optional parameters for a default non-aggregate class are not defined, these parameters will be set based on interface (VC) bandwidth. • precedence-based—(Optional) Specifies that non-aggregate WRED is to drop packets based on IP precedence values. This is the default.7-38 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Step 4 Router(config-pmap-c)# random-detect precedence values sub-class-val1 [...[sub-class-val8]] min-thresh max-thresh [mark-prob] Configures the WRED parameters for packets with one or more specific IP precedence values. • sub-class-val1 [...[sub-class-val8]]—One or more specific IP precedence values to which the following WRED profile parameter specifications are to apply. A maximum of 8 subclasses (IP precedence values) can be specified per CLI entry. The IP precedence value can be a number from 0 to 7. • min-thresh—Minimum threshold in number of packets. The value range of this argument is from 1 to 12288. • max-thresh—Maximum threshold in number of packets. The value range of this argument is from the value of the minimum threshold argument to 12288. • mark-prob—Denominator for the fraction of packets dropped when the average queue depth is at the maximum threshold. The value for maximum mark probability configurable is 31. Repeat this command for each set of IP precedence values that share WRED parameters. Step 5 Router(config-pmap-c)# interface atm slot/subslot/port.subinterface point-to-point Creates the specified point-to-point subinterface on the given port on the specified ATM SPA, and enters subinterface configuration mode. • slot—Chassis slot number where the SIP is installed. • subslot—Secondary slot of the SIP where the SPA is installed. • port —Number of the individual interface port on the SPA. • .subinterface—Subinterface number. The number that precedes the period must match the number to which this subinterface belongs. The range is 1 to 4,294,967,293. Step 6 Router(config-subif)# ip address address mask Assigns the specified IP address and subnet mask to the interface. • address—IP address. • mask—Subnet mask. Command Purpose7-39 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Verifying the Precedence-Based Non-aggregate WRED Configuration To verify a precedence-based non-aggregate WRED configuration, use the show policy-map interface command. Note that the statistics for IP precedence values 0 through 3 and 4 and 5 have been aggregated into one line each. Router# show policy-map interface atm 3/0/2 ATM3/0/2: VC 1/100 - Service-policy output: non-agg-prec Counters last updated 00:00:02 ago Class-map: prec012 (match-any) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: ip precedence 0 Match: ip precedence 1 Match: ip precedence 2 Queueing queue limit 11009 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 bandwidth 42% (62899 kbps) Exp-weight-constant: 9 (1/512) Mean queue depth: 0 packets class Transmitted Random drop Tail drop Minimum Maximum Mark pkts/bytes pkts/bytes pkts/bytes thresh thresh prob default 0/0 0/0 0/0 3096 5504 1/10 0 0/0 0/0 0/0 12 324 1/10 1 N/A N/A N/A N/A N/A N/A 2 N/A N/A N/A N/A N/A N/A 3 N/A N/A N/A N/A N/A N/A 4 N/A N/A N/A N/A N/A N/A 5 N/A N/A N/A N/A N/A N/A 6 N/A N/A N/A N/A N/A N/A 7 N/A N/A N/A N/A N/A N/A Step 7 Router(config-subif)# pvc [name] vpi/vci [ilmi | qsaal] Configures a new ATM PVC by assigning an optional name and its VPI/VCI numbers. • name—(Optional) An arbitrary string that identifies this PVC. • vpi—VPI ID. The range is 0 to 255. • vci—VCI ID. The valid range is 1 to 65535. Values 1 to 31 are reserved and should not be used, except 5 for the QSAAL PVC and 16 for the ILMI PVC. Step 8 Router(config-subif)# service-policy output policy-map-name Attaches the specified policy map to the subinterface. • policy-map-name—Name of a service policy map to be attached. The name can be a maximum of 40 alphanumeric characters. Command Purpose7-40 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Configuring Non-aggregate WRED Based on DSCP To configure Non-aggregate WRED to drop packets based on the differentiated services code point (DSCP) value, use the following commands beginning in global configuration mode: Command Purpose Step 1 Router(config)# policy-map policy-map-name Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. • policy-map-name—Name of a service policy map to be created. The name can be a maximum of 40 alphanumeric characters. Step 2 Router(config-pmap)# class {class-name | class-default} Specifies the class policy to be configured. • class-name—Name of class you want to configure. Note that WRED can be defined for a user-defined class only if the class has the bandwidth/shape feature enabled. • class-default—Default class. Step 3 Router(config-pmap-c)# random-detect dscp-based Enables non-aggregate WRED based on DSCP values. Step 4 Router(config-pmap-c)# random-detect dscp values sub-class-val1 [...[sub-class-val8]] min-thresh max-thresh [mark-prob] Configures the WRED parameters for packets with one or more specific DSCP values. • sub-class-val1 [...[sub-class-val8]]—One or more DSCP values to which the following WRED parameter specifications are to apply. [A maximum of 8 subclasses (IP precedence values) can be specified per CLI entry.] The DSCP value can be a number from 0 to 63, or it can be one of the following keywords: ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, or cs7 • min-thresh—Specifies the minimum threshold in number of packets. The value range of this argument is from 1 to 12288. • max-thresh—Specifies the maximum threshold in number of packets. The value range of this argument is from the value of the minimum threshold argument to 12288. • mark-prob—Specifies the denominator for the fraction of packets dropped when the average queue depth is at the maximum threshold. The value range is from 1 to 255. Repeat this command for each set of DSCP values that share WRED parameters.7-41 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Tasks Verifying the DSCP-Based Non-aggregate WRED Configuration To verify a DSCP-based Non-aggregate WRED configuration, use the show policy-map interface command. Note that the statistics for DSCP values 0 through 3, 4 through 7, and 8 through 11 have been aggregated into one line each. Router# show policy-map interface a4/1/0.11 ATM3/0/2: VC 1/100 - Service-policy output: non-agg Class-map: DSCP-OUT-D1 (match-any) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: ip dscp cs3 (24) af31 (26) af32 (28) cs4 (32) Queueing queue limit 15724 packets (queue depth/total drops/no-buffer drops) 0/0/0 Step 5 Router(config-pmap-c)# interface atm slot/subslot/port.subinterface point-to-point Creates the specified point-to-point subinterface on the given port on the specified ATM SPA, and enters subinterface configuration mode. • slot—Chassis slot number where the SIP is installed. • subslot—Secondary slot of the SIP where the SPA is installed. • port—Number of the individual interface port on the SPA. • .subinterface—subinterface number. The number that precedes the period must match the number to which this subinterface belongs. The range is 1 to 4,294,967,293. Step 6 Router(config-subif)# ip address address mask Assigns the specified IP address and subnet mask to the interface. • address—IP address. • mask—Subnet mask. Step 7 Router(config-subif)# pvc [name] vpi/vci [ilmi | qsaal] Configures a new ATM PVC by assigning an optional name and its VPI/VCI numbers. • name—(Optional) An arbitrary string that identifies this PVC. • vpi—VPI ID. The range is 0 to 255. • vci—VCI ID. The valid range is 1 to 65535. Values 1 to 31 are reserved and should not be used, except 5 for the QSAAL PVC and 16 for the ILMI PVC. Step 8 Router(config-subif)# service-policy output policy-map-name Attaches the specified policy map to the subinterface. • policy-map-name—Name of a service policy map to be attached. The name can be a maximum of 40 alphanumeric characters Command Purpose7-42 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits (pkts output/bytes output) 0/0 bandwidth 42% (62899 kbps) Mean queue depth: 0 packets dscp Transmitted Random drop Tail drop Minimum Maximum Mark pkts/bytes pkts/bytes pkts/bytes thresh thresh prob default 0/0 0/0 0/0 2752 5504 1/10 cs3 0/0 0/0 0/0 118 235 1/20 af31 0/0 0/0 0/0 123 5243 1/34 Creating and Configuring Switched Virtual Circuits A switched virtual circuit (SVC) is created and released dynamically, providing user bandwidth on demand. To enable the use of SVCs, you must configure a signaling protocol to be used between the Cisco 7600 series router and the ATM switch. The ATM SPA supports versions 3.0, 3.1, and 4.0 of the User-Network Interface (UNI) signaling protocol, which uses the Integrated Local Management Interface (ILMI) to establish, maintain, and clear the ATM connections at the UNI. The Cisco 7600 series router does not perform ATM-level call routing when configured for UNI/ILMI operation. Instead, the ATM switch acts as the network and performs the call routing, while the Cisco 7600 series router acts only as the user end-point of the call circuit and only routes packets through the resulting circuit. Note The 1-Port OC-48c/STM-16 ATM SPA does not support SVCs. To use UNI/ILMI signaling, you must create an ILMI PVC and a signaling PVC to be used for the SVC call-establishment and call-termination messages between the ATM switch and Cisco 7600 series router. This also requires configuring the ATM interface with a network service access point (NSAP) address that uniquely identifies itself across the network. The NSAP address consists of a network prefix (13 hexadecimal digits), a unique end station identifier (ESI) of 6 hexadecimal bytes, and a selector byte. If an ILMI PVC exists, the Cisco 7600 series router can obtain the NSAP prefix from the ATM switch, and you must manually configure only the ESI and selector byte. If an ILMI PVC does not exist, or if the ATM switch does not support this feature, you must configure the entire address manually. To create and configure an SVC, use the following procedure beginning in global configuration mode: 7-43 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port Enters interface configuration mode for the indicated port on the specified ATM SPA. Step 2 Router(config-subif)# pvc [name] 0/5 qsaal Configures a new ATM PVC to be used for SVC signaling: • name—(Optional) An arbitrary string that identifies this PVC. • vpi—Specifies the VPI ID. The valid range is 0 to 255, but the recommended value for vpi for the signaling PVC is 0. • vci—Specifies the VCI ID. The valid range is 1 to 65535, but the recommended value for vci for the QSAAL signaling PVC is 5. Note The ATM switch must be configured with the same VPI and VCI values for this PVC. • qsaal—Configures the signaling PVC to use QSAAL encapsulation. Step 3 Router(config-subif)# pvc [name] 0/16 ilmi Creates a new ATM PVC to be used for ILMI signaling: • name—(Optional) An arbitrary string to identify the PVC. • vpi—Specifies the VPI ID. The valid range is 0 to 255, but the recommended value for vpi for the ILMI PVC is 0. • vci—Specifies the VCI ID. The valid range is 1 to 65535, but the recommended value for vci for the ILMI PVC is 16. • ilmi—Configures the PVC to use ILMI encapsulation. Note The signaling and ILMI PVCs must be set up on the main ATM interface, not on a subinterface. Step 4 Router(config-if-atm-vc)# exit Exits ATM PVC configuration mode and returns to interface configuration mode. Step 5 Router(config-if)# atm ilmi-keepalive [seconds] [retry counts] (Optional) Enables ILMI keepalive messages and sets the interval between them. ILMI keepalive messages are disabled by default. • seconds—(Optional) The amount of time, in seconds, between keepalive messages between the Cisco 7600 series router and the ATM switch. The valid range is 1 to 65535, with a default of 3 seconds. • retry counts—(Optional) Specifies the number of times the router should resend a keepalive message if the first message is unacknowledged. The valid range is 2 to 5, with a default of 4. 7-44 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Step 6 Router(config-if)# atm esi-address esi.selector Specifies the end station ID (ESI) and selector fields for the local portion of the interface’s NSAP address, and configures the interface to get the NSAP prefix from the ATM switch. • esi—Specifies a string of 12 hexadecimal digits, in dotted notation, for the ATM interface’s ESI value. This value must be unique across the network. • selector—Specifies a string of 2 hexadecimal digits for the selector byte for this ATM interface. To configure the ATM address, you need to enter only the ESI (12 hexadecimal digits) and the selector byte (2 hexadecimal digits). The NSAP prefix (26 hexadecimal digits) is provided by the ATM switch. or Router(config-if)# atm nsap-address nsap-address Assigns a complete NSAP address (40 hexadecimal digits) to the interface. The address consists of a network prefix, ESI, and selector byte, and must be in the following format: XX.XXXX.XX.XXXXXX.XXXX.XXXX.XXXX.XXXX.XXXX.XXXX.XX Note The above dotted hexadecimal format provides some validation that the address is a legal value. If you know that the NSAP address is correct, you may omit the dots. Note The atm esi-address and atm nsap-address commands are mutually exclusive. Configuring the Cisco 7600 series router with one of these commands automatically negates the other. Use the show interface atm command to display the NSAP address that is assigned to the interface. Step 7 Router(config-if)# interface atm slot/subslot/port.subinterface [multipoint | point-to-point] (Optional) Creates the specified subinterface on the specified ATM interface, and enters subinterface configuration mode. Note You can create SVCs on either the main ATM interface or on a multipoint subinterface. Step 8 Router(config-subif)# svc [name] nsap address Creates an SVC and specifies the destination NSAP address (40 hexadecimal digits in dotted notation). You can also configure the following option: • name—(Optional) An arbitrary string that identifies this SVC. Step 9 Router(config-if-atm-vc)# oam-svc [manage] [frequency] Enables end-to-end Operation, Administration, and Maintenance (OAM) loopback cell generation and management of the SVC. • manage—(Optional) Enables OAM management of the SVC. • frequency—(Optional) Specifies the delay between transmitting OAM loopback cells. The valid range is 0 to 600 seconds, with a default of 10 seconds. Command or Action Purpose7-45 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Verifying the SVC Configuration Use the show atm svc and show atm ilmi-status commands to verify the configuration of the SVCs that are currently configured on the Cisco 7600 series router. Router# show atm svc VCD / Peak Avg/Min Burst Interface Name VPI VCI Type Encaps SC Kbps Kbps Cells Sts 4/0/0 1 0 5 SVC SAAL UBR 155000 UP 4/0/2 4 0 35 SVC SNAP UBR 155000 UP 4/1/0 16 0 47 SVC SNAP UBR 155000 UP 4/1/0.1 593 0 80 SVC SNAP UBR 155000 UP Tip To display all SVCs on a particular ATM interface or subinterface, use the show atm svc interface atm command. To display detailed information about a particular SVC, specify its VPI and VCI values: Router# show atm svc 0/35 ATM5/1/0.200: VCD: 3384, VPI: 0, VCI: 35, Connection Name: SVC00 UBR, PeakRate: 155000 AAL5-MUX, etype:0x800, Flags: 0x44, VCmode: 0x0 OAM frequency: 10 second(s), OAM retry frequency: 1 second(s) OAM up retry count: 3, OAM down retry count: 5 OAM Loopback status: OAM Received OAM VC status: Verified ILMI VC status: Not Managed VC is managed by OAM. InARP DISABLED Transmit priority 6 InPkts: 0, OutPkts: 4, InBytes: 0, OutBytes: 400 Step 10 Router(config-if-atm-vc)# protocol protocol {protocol-address | inarp} [[no] broadcast] Configures the SVC for a particular protocol and maps it to a specific protocol-address. • protocol—Typically set to either ip or ppp, but other values are possible. • protocol-address—Destination address or virtual interface template for this SVC (if appropriate for the protocol). • inarp—Specifies that the SVC uses Inverse ARP to determine its address. • [no] broadcast—(Optional) Specifies that this mapping should (or should not) be used for broadcast packets. Step 11 Router(config-if-atm-vc)# encapsulation aal5snap (Optional) Configures the ATM adaptation layer (AAL) and encapsulation type. The default and only supported type is aal5snap. Note Repeat Step 7 through Step 11 for each SVC to be created. Step 12 Router(config-if-atm-vc)# end Exits SVC configuration mode and returns to privileged EXEC mode. Command or Action Purpose7-46 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits InPRoc: 0, OutPRoc: 4, Broadcasts: 0 InFast: 0, OutFast: 0, InAS: 0, OutAS: 0 InPktDrops: 0, OutPktDrops: 0 CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0, LengthViolation: 0, CPIErrors: 0 Out CLP=1 Pkts: 0 OAM cells received: 10 F5 InEndloop: 10, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0 F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0 OAM cells sent: 10 F5 OutEndloop: 10, F5 OutSegloop: 0, F5 OutRDI: 0 F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0 OAM cell drops: 0 Status: UP TTL: 4 interface = ATM5/1/0.200, call locally initiated, call reference = 8094273 vcnum = 3384, vpi = 0, vci = 35, state = Active(U10) , point-to-point call Retry count: Current = 0 timer currently inactive, timer value = 00:00:00 Remote Atm Nsap address: 47.00918100000000107B2B4B01.111155550001.00 , VC owner: ATM_OWNER_SMAP To display information about the ILMI status and NSAP addresses being used for the SVCs on an ATM interface, use the show atm ilmi-status command: Router# show atm ilmi-status atm 4/1/0 Interface : ATM4/1/0 Interface Type : Private UNI (User-side) ILMI VCC : (0, 16) ILMI Keepalive : Enabled/Up (5 Sec 4 Retries) ILMI State: UpAndNormal Peer IP Addr: 10.10.13.1 Peer IF Name: ATM 3/0/3 Peer MaxVPIbits: 8 Peer MaxVCIbits: 14 Active Prefix(s) : 47.0091.8100.0000.0010.11b8.c601 End-System Registered Address(s) : 47.0091.8100.0000.0010.11b8.c601.2222.2222.2222.22(Confirmed) 47.0091.8100.0000.0010.11b8.c601.aaaa.aaaa.aaaa.aa(Confirmed) Tip To display information about the SVC signaling PVC and ILMI PVC, use the show atm pvc 0/5 and show atm pvc 0/16 commands. Configuring Traffic Parameters for PVCs or SVCs After creating a PVC or SVC, you can also configure it for the type of traffic quality of service (QoS) class to be used over the circuit: • Constant Bit Rate (CBR)—Configures the CBR service class and specifies the average cell rate for the PVC or SVC. • Unspecified Bit Rate (UBR)—Configures the UBR service class and specifies the output peak rate (PCR) for the PVC or SVC. This is the default configuration. SVCs can also be configured with similar input parameters. • Unspecified Bit Rate Plus (UBR+)—Configures the UBR+ service class and specifies the output peak cell rate (PCR) and minimum cell rate (MCR) for the SVC. SVCs can also be configured with similar input parameters. Note The 1-Port OC-48c/STM-16 ATM SPA does not support UBR+.7-47 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits • Variable Bit Rate–Non-real Time (VBR-nrt)—Configures the VBR-nrt service class and specifies the output PCR, output sustainable cell rate (SCR), and output maximum burst size (MBS) for the PVC or SVC. SVCs can also be configured with similar input parameters. • Variable Bit Rate–Real Time (VBR-rt)—Configures the VBR-rt service class and the peak rate and average rate burst for the PVC or SVC. Each service class is assigned a different transmit priority, which the Cisco 7600 series router uses to determine which queued cell is chosen to be transmitted out of an interface during any particular cell time slot. This process ensures that real-time QoS classes have a higher likelihood of being transmitted during periods of congestion. Table 7-1 lists the ATM QoS classes and their default transmit priorities. Note When using a CBR VC that exceeds half of the interface line rate, it is possible in some cases that the shaping accuracy for the CBR traffic can drop from 99 percent to 98 percent when the interface is also configured for UBR VCs that are oversubscribed (that is, the UBR VCs are configured for a total line rate that exceeds the interface line rate). If this small drop in accuracy is not acceptable, then we recommend using VBR-rt or VBR-nrt instead of CBR when oversubscribing UBR traffic. You can configure a PVC or SVC for only one QoS service class. If you enter more than one type, only the most recently configured QoS class takes effect on the circuit. To configure the traffic parameters for a PVC or SVC, perform the following procedure beginning in global configuration mode: Table 7-1 ATM Classes of Service and Default Transmit Priorities Service Category Transmit Priority 1 1. The default priorities can be changed for individual VCs using the transmit-priority VC configuration command. Signaling, Operation, Administration, and Maintenance (OAM) cells, and other control cells 0 (highest) CBR when greater than 5 percent of the line rate 1 CBR when less than 5 percent of the line rate 2 Voice traffic 3 VBR-rt 4 VBR-nrt 5 UBR 6 Unused and not available or configurable 7 (lowest) Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot or Router(config)# interface atm slot/subslot/port.subinterface [multipoint | point-to-point] Enters interface or subinterface configuration mode for the indicated port on the specified ATM SPA. Step 2 Router(config-if)# pvc [name] vpi/vci or Router(config-if)# svc [name] nsap-address Specifies the PVC or SVC to be configured, and enters PVC/SVC configuration mode. 7-48 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Note When using the pvc command, remember that the vpi/vci combination forms a unique identifier for the interface and all of its subinterfaces. If you specify a vpi/vci combination that has been used on another subinterface, the Cisco IOS software assumes that you want to modify that PVC’s configuration and automatically switches to its parent subinterface. Step 3 Router(config-if-atm-vc)# cbr rate Configures constant bit rate (CBR) quality of service (QoS) and average cell rate for the PVC or SVC: • rate—Average cell rate in kbps. The valid range is 48 to 149760 (OC-3) or 599040 (OC-12). or Router(config-if-atm-vc)# ubr output-pcr [input-pcr] Configures unspecified bit rate (UBR) quality of service (QoS) and peak cell rate (PCR) for the PVC or SVC: • output-pcr—Output PCR in kbps. The valid range is 48 to 149760 (OC-3), 599040 (OC-12), or 2396160 (1-Port OC-48c/STM-16 ATM SPA). • input-pcr—(Optional for SVCs only) Input PCR in kbps. If omitted, input-pcr equals output-pcr. or Router(config-if-atm-vc)# vbr-nrt output-pcr output-scr output-mbs [input-pcr] [input-scr] [input-mbs] Configures the variable bit rate–nonreal time (VBR-nrt) QoS, the peak cell rate (PCR), sustainable cell rate (SCR), and maximum burst cell size (MBS) for the PVC or SVC: • output-pcr—Output PCR in kbps. The valid range is 48 to 149760 (OC-3), 599040 (OC-12), or 2396160 (1-Port OC-48c/STM-16 ATM SPA). • output-scr—Output SCR in kbps. The valid range is 48 to PCR, and typically is less than the PCR value. • output-mbs—Output MBS in number of cells. The valid range is 1 to 65535, depending on the PCR and SCR values. If the PCR and SCR are configured to the same value, the only valid value for MBS is 1. • input-pcr—(Optional for SVCs only) Input PCR in kbps. • input-scr—(Optional for SVCs only) Input SCR in kbps. • input-mbs—(Optional for SVCs only) Input MBS in number of cells. or Command or Action Purpose7-49 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Verifying the Traffic Parameter Configuration Use the show atm vc command to verify the configuration of the traffic parameters for a PVC or SVC: Router# show atm vc 20 ATM1/1/0.200: VCD: 20, VPI: 2, VCI: 200 UBR, PeakRate: 44209 AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0 OAM frequency: 0 second(s) InARP frequency: 5 minutes(s) Transmit priority 4 InPkts: 10, OutPkts: 11, InBytes: 680, OutBytes: 708 InPRoc: 10, OutPRoc: 5, Broadcasts: 0 InFast: 0, OutFast: 0, InAS: 0, OutAS: 6 InPktDrops: 0, OutPktDrops: 0 CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0 OAM cells received: 0 OAM cells sent: 0 Status: UP To verify the configuration of all PVCs or SVCs on an interface, use the show atm vc interface atm command: Router# show atm vc interface atm 2/1/0 ATM2/1/0.101: VCD: 201, VPI: 20, VCI: 101 UBR, PeakRate: 149760 AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0 OAM frequency: 0 second(s) InARP frequency: 15 minutes(s) Transmit priority 4 Router(config-if-atm-vc)# vbr-rt pcr scr burst Configures the variable bit rate–real time (VBR-rt) QoS, and the PCR, average cell rate (ACR), and burst cell size (BCS) for the PVC or SVC: • pcr—PCR in kbps. The valid range is 48 to 149760 (OC-3), 599040 (OC-12), or 2396160 (1-Port OC-48c/STM-16 ATM SPA). • scr—SCR in kbps. The valid range is 48 to PCR, and typically is less than the PCR value. • burst—Burst size in number of cells. The valid range is 1 to 65535, depending on the PCR and SCR values. If the PCR and SCR are configured to the same value, the only valid value for burst is 1. Step 4 Router(config-if-atm-vc)# transmit-priority level (Optional) Configures the PVC for a new transmit priority level. • level—Priority level from 1 to 6. The default value is determined by the PVC’s configured service class (see Table 7-1 on page 7-47 for the default levels). Note Repeat Step 2 through Step 4 for each PVC or SVC to be configured. Step 5 Router(config-if-atm-vc)# end Exits PVC/SVC configuration mode and returns to privileged EXEC mode. Command or Action Purpose7-50 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits InPkts: 3153520, OutPkts: 277787, InBytes: 402748610, OutBytes: 191349235 InPRoc: 0, OutPRoc: 0, Broadcasts: 0 InFast: 211151, OutFast: 0, InAS: 0, OutAS: 0 InPktDrops: 0, OutPktDrops: 17 CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0 OAM cells received: 0 OAM cells sent: 0 Status: UP Configuring Virtual Circuit Classes When multiple PVCs or SVCs use the same or similar configurations, you can simplify the Cisco 7600 series router’s configuration file by creating virtual circuit (VC) classes. Each VC class acts as a template, which you can apply to an ATM interface or subinterface, or to individual PVCs or SVCs. When you apply a VC class to an ATM interface or subinterface, all PVCs and SVCs created on that interface or subinterface inherit the VC class configuration. When you apply a VC class to an individual PVC or SVC, that particular PVC or SVC inherits the class configuration. You can then customize individual PVCs and SVCs with further configuration commands. Any commands that you apply to individual PVCs and SVCs take precedence over those of the VC class that were applied to the interface or to the PVC/SVC. To create and configure a VC class, and then apply it to an interface, subinterface, or individual PVC or SVC, use the following procedure beginning in global configuration mode: Command or Action Purpose Step 1 Router(config)# vc-class atm vc-class-name Creates an ATM virtual circuit (VC) class and enters VC-class configuration mode. • vc-class-name—Arbitrary name to identify this particular VC class. Step 2 Router(config-vc-class)# configuration-commands Enter any PVC or SVC configuration commands for this VC class. See the “Creating a Permanent Virtual Circuit” section on page 7-8 and the “Creating and Configuring Switched Virtual Circuits” section on page 7-42 for additional information. Note You can specify both PVC and SVC configuration commands in the same VC class. If a command is not appropriate for a PVC or SVC, it is ignored when the VC class is assigned to the PVC or SVC. Step 3 Router(config-vc-class)# interface atm slot/subslot/port or Router(config-vc-class)# interface atm slot/subslot/port.subinterface [multipoint | point-to-point] Enters subinterface configuration mode for the specified ATM interface or subinterface. Step 4 Router(config-if)# class-int vc-class-name (Optional) Applies a VC class on the ATM main interface or subinterface. This class then applies to all PVCs or SVCs that are created on that interface. • vc-class-name—Name of the VC class that was created in Step 1. 7-51 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Verifying the Virtual Circuit Class Configuration To verify the virtual circuit class configuration, use the show atm vc command: Router# show atm vc VCD / Peak Avg/Min Burst Interface Name VPI VCI Type Encaps SC Kbps Kbps Cells Sts 6/1/0 1 0 5 PVC SAAL UBR 155000 UP 6/1/0 2 0 16 PVC ILMI UBR 155000 UP 6/1/0.1 3 1 32 PVC-D SNAP UBR 155000 UP 6/1/0.2 4 2 32 PVC-D SNAP UBR 155000 UP Configuring Virtual Circuit Bundles Virtual circuit bundles are similar to VC classes, in that they allow you to configure a large group of PVCs by configuring a template (the VC bundle). The main difference between a VC bundle and a VC class is that the VC bundle management allows you to configure multiple VCs that have different QoS characteristics between any pair of ATM-connected routers. Using VC bundles, you first create an ATM VC bundle and then add VCs to it, and each VC in the bundle can have its own ATM traffic class and ATM traffic parameters. You can configure the VCs collectively at the bundle level, or you can configure the individual VC bundle members. You can also apply a VC class to a bundle to apply the VC class configuration to all of the VCs in the bundle. You can therefore create differentiated service by mapping one or more MPLS EXP levels to each VC in the bundle, thereby enabling individual VCs in the bundle to carry packets marked with different MPLS EXP levels. The ATM VC bundle manager determines which VC to use for a particular packet by matching the MPLS EXP level of the packet to the MPLS EXP levels assigned to the VCs in the bundle. The bundle manager can also use Weighted Random Early Detection (WRED) or distributed WRED (dWRED) to further differentiate service across traffic that has different MPLS EXP levels. Step 5 Router(config-if)# pvc [name] vpi/vci or Router(config-if)# svc [name] nsap-address Specifies the PVC or SVC to be configured, and enters ATM VC configuration mode. Note When using the pvc command, remember that the vpi/vci combination forms a unique identifier for the interface and all of its subinterfaces. If you specify a vpi/vci combination that has been used on another subinterface, the Cisco IOS software assumes that you want to modify that PVC’s configuration and automatically switches to its parent subinterface. Step 6 Router(config-if-atm-vc)# class-vc vc-class-name Assigns the specified VC class to this PVC or SVC. • vc-class-name—Name of the VC class that was created in Step 1. Step 7 Router(config-if-atm-vc)# configuration-commands Any other VC configuration commands to be applied to this particular PVC or SVC. Commands that are applied to the individual PVC or SVC supersede any conflicting commands that were specified in the VC class. Step 8 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. Command or Action Purpose7-52 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Virtual Circuit Bundles Configuration Guidelines • VC bundles are supported only on ATM SPAs in a Cisco 7600 SIP-200. Bundles are not supported for ATM SPAs in a Cisco 7600 SIP-400. • VC bundles can be used only for PVCs, not SVCs. • VC bundles require ATM PVC management, as well as Forwarding Information Base (FIB) and Tag Forwarding Information Base (TFIB) switching functionality. • The Cisco 7600 series router at the remote end of the network must be using a version of Cisco IOS that supports MPLS and ATM PVC management. Virtual Circuit Bundles Configuration Task To create and configure a VC bundle and then apply it to an ATM interface or subinterface, perform the following procedure beginning in global configuration mode: Command or Action Purpose Step 1 Router(config)# ip cef [distributed] Enables Cisco Express Forwarding (CEF) Layer 3 switching on the Cisco 7600 series router. The Cisco 7600 series router enables CEF by default. • distributed—(Optional) Enables distributed CEF (dCEF). Step 2 Router(config)# mpls label protocol ldp Specifies the default label distribution protocol for a platform. Step 3 Router(config)# interface atm slot/subslot/port or Router(config)# interface atm slot/subslot/port.subinterface [multipoint | point-to-point] Enters interface configuration mode for the specified ATM interface or subinterface. Step 4 Router(config-if)# mpls ip Enables MPLS forwarding of IPv4 packets along normally routed paths for the interface. Step 5 Router(config-if)# bundle bundle-name Creates an ATM virtual circuit (VC) bundle and enters bundle configuration mode. • bundle-name—Arbitrary name to identify this particular VC bundle. Step 6 Router(config-if-atm-bundle)# class-bundle vc-class-name (Optional) Applies a VC class to this bundle. The class configuration is then applied to all VCs in the bundle. • vc-class-name—Name of the VC class to be applied to this bundle and its PVCs or SVCs. See the “Configuring Virtual Circuit Classes” section on page 7-50 for information on creating VC classes. Step 7 Router(config-if-atm-bundle)# configuration-commands Enter any other PVC or SVC configuration commands for this VC bundle. See the “Creating a Permanent Virtual Circuit” section on page 7-8 and the “Creating and Configuring Switched Virtual Circuits” section on page 7-42 for additional information. 7-53 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Verifying the Virtual Circuit Bundles Configuration To verify the configuration of the virtual circuit bundles and display the configuration for its interface or subinterface, use the show running-config interface atm command, as in the following example: Note Configuration commands applied directly to the VC bundle supersede a configuration that is applied through a VC class. Step 8 Router(config-if-atm-bundle)# pvc-bundle [name] vpi/vci Creates a member PVC of the bundle and enters PVC bundle configuration mode. Step 9 Router(config-if-atm-member)# mpls experimental [level | other | range] (Optional) Configures the MPLS EXP levels for the PVC bundle member. • level—MPLS EXP level for the PVC bundle member. The valid range is 0 to 7. • other—Any MPLS EXP levels in the range from 0 to 7 that are not explicitly configured (default). • range—A range of MPLS EXP levels between 0 and 7, separated by a hyphen. Step 10 Router(config-if-atm-member)# bump {implicit | explicit precedence-level | traffic} (Optional) Configures the bumping rules for the PVC bundle member. • implicit—Bumped traffic is carried by a VC with a lower precedence (default). • explicit precedence-level—Specifies the precedence level of the traffic that should be bumped when the PVC member goes down. The precedence-level can range from 0 to 9. • traffic—The PVC member accepts bumped traffic (default). Use no bump traffic to specify that the PVC member does not accept bumped traffic. Step 11 Router(config-if-atm-member)# protect {group | vc} (Optional) Specifies that the PVC bundle member is protected. • group—Specifies that the PVC bundle member is part of a protected group. When all members of a protected group go down, the bundle goes down. • vc—Specifies that the PVC bundle member is individually protected. When a protected VC goes down, it also takes the bundle down. By default, PVC bundle members are not protected. Step 12 Router(config-if-atm-member)# configuration-commands Any other VC configuration commands to be applied to this particular VC bundle member. Commands that are applied to a bundle member supersede any conflicting commands that were specified in the VC class or VC bundle. Note Repeat Step 8 through Step 12 for each PVC member of the bundle to be created. Step 13 Router(config-if-atm-member)# end Exits PVC bundle configuration mode and returns to privileged EXEC mode. Command or Action Purpose7-54 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Router# show running-config interface atm 4/1/0.2 interface ATM4/1/0.2 point-to-point ip address 10.10.10.1 255.255.255.0 no ip directed-broadcast no atm enable-ilmi-trap bundle ABC class-bundle bundle-class pvc-bundle ABC-high 1/107 class-vc high pvc-bundle ABC-med 1/105 class-vc med pvc-bundle ABC-low 1/102 class-vc low ! ! To verify the operation and current status of a virtual circuit bundle, specify the bundle name with the show atm bundle command: Router# show atm bundle ABC ABC on ATM4/1/0.2: UP Config Current Bumping PG/ Peak Avg/Min Burst VC Name VPI/ VCI Prec/Exp Prec/Exp PrecExp/ PV Kbps kbps Cells Sts Accept ABC-high 1/107 7 7 - / Yes PV 10000 5000 32 UP ABC-med 1/105 6 6 - / Yes PV 10000 UP ABC-low 1/102 5-0 5-0 - / Yes - 10000 UP Configuring Multi-VLAN to VC Support For information on configuring multi-VLAN to VC support, see the “Configuring QoS for ATM VC Access Trunk Emulation” topic at http://www.cisco.rw/univercd/cc/td/doc/product/ core/cis7600/cfgnotes/flexport/combo/flexqos.htm#wp1162305. Configuring Link Fragmentation and Interleaving with Virtual Templates The ATM SPA supports Link Fragmentation and Interleaving (LFI) with the distributed Compressed Real-Time Protocol (dCRTP). This allows the ATM interfaces, which are cell-based, to efficiently transport packet-based IP traffic without an excessive amount of bandwidth being used for packet headers and other overhead. The LFI/dCRTP feature requires the use of multilink PPP (MLP), which can be implemented either by using virtual templates or dialer templates. Note Stateful Switch Over(SSO) is not supported with distributed Link Fragmentation and Interleaving (dLFI) over ATM. Link Fragmentation and Interleaving with Virtual Templates Configuration Guidelines • The 1-Port OC-48c/STM-16 ATM SPA does not support LFI.7-55 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits • A functional multilink PPP (MLP) bundle requires one virtual access interface operating as a PPP interface, and a second virtual access interface operating as a multilink PPP bundle interface. • The Cisco IOS software supports a maximum of 1,000 virtual template interfaces per Cisco 7600 series router. • When LFI is configured on a PVC, the output packets counter in the show atm pvc command counts all fragments of a packet as a single packet, and does not display the actual number of fragmented packets that were output. For example, if a packet is fragmented into four fragments, the output packets counter shows only one packet, not four. The output bytes counter is accurate, however, and you can also display the total number of fragmented packets on all PVCs on the interface with the show interface atm command. • LFI supports three protocol formats: AAL5CISCOPP, AAL5MUX, and AAL5SNAP • For fragmentation to function, a QoS service policy having a minimum of two QoS queues needs to be applied to the virtual template interface. • In order for dLFI to work properly and to be supported, the following commands must be already be configured on the Virtual Template interface: – ppp multilink – ppp multilink interleave – service-policy output policy name Note The service-policy attached to the Virtual-Template must have at least two queues, one of which contains the priority CLI. Note When dLFI is correctly configured on an ATM SPA PVC, which includes ppp multilink, ppp multilink interleave, and service-policy output on the Virtual-Template, the following MLP behavior occurs: 1. Packets with a smaller fragment size are sent without MLP headers as straight PPP frames 2. Packets with a greater fragment size that are classified in priority LLQ are sent straight without MLP headers as PPP frames and are interleaved between fragmented packets. 3. Packets with a greater fragment size are fragmented and sent with MLP headers. Link Fragmentation and Interleaving with Virtual Templates Configuration Task To configure LFI with virtual templates, perform the following procedure beginning in global configuration mode:7-56 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Command or Action Purpose Step 1 Router(config)# interface virtual-template number Creates a virtual template and enters interface configuration mode. • number—Arbitrary value to identify this virtual template. Step 2 Router(config-if)# bandwidth value Specifies the bandwidth, in kbps, for the interfaces that use this virtual template: • value—Bandwidth, in kilobits per second, for the interface. Step 3 Router(config-if)# service-policy input policy-name Attaches the specified policy map to the input interface that uses this virtual template: • policy-name—Name of the policy map that was created by the policy-map command to be used. Step 4 Router(config-if)# service-policy output policy-name Attaches the specified policy map to the output interface that uses this virtual template: • policy-name—Name of the policy map that was created by the policy-map command to be used. Step 5 Router(config-if)# ppp multilink [bap] Enables multilink PPP (MLP) on the interfaces that use this virtual template: • bap—(Optional) Enables bandwidth allocation control negotiation and dynamic allocation of bandwidth on a link, using the bandwidth allocation protocol (BAP). Step 6 Router(config-if)# ppp multilink fragment delay max-delay (Optional) Configures the maximum delay for the transmission of a packet fragment on an MLP bundle. • max-delay—Maximum amount of time, in milliseconds, that should be required to transmit a fragment. The range is from 1 to 1000, with a default value of 30 for MLP bundles. Step 7 Router(config-if)# ppp multilink interleave Enables interleaving of the fragments of larger packets on an MLP bundle. Step 8 Router(config-if)# interface atm slot/subslot/port.subinterface point-to-point Creates the specified point-to-point subinterface and enters interface configuration mode. 7-57 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Verifying the Link Fragmentation and Interleaving with Virtual Templates Configuration To verify a virtual template configuration, display the running configuration for the configured ATM and virtual interfaces: Router# show running-config interface virtual-template 1 ! interface Virtual-Template1 Current configuration : 373 bytes ! interface Virtual-Template1 bandwidth 300 ip address 23.0.0.1 255.255.255.0 ppp chap hostname template1 ppp multilink ppp multilink fragment-delay 8 ppp multilink interleave service-policy output lfiqos ! Router# show running-config interface atm 6/0/1 ! interface ATM6/0/1 atm idle-cell-format itu atm enable-payload-scrambling Step 9 Router(config-if)# pvc [name] vpi/vci [ilmi | qsaal] Configures a new ATM PVC by assigning its VPI/VCI numbers and enters ATM VC configuration mode. The valid values for vpi/vci are: • vpi—Specifies the VPI ID. The valid range is 0 to 255. • vci—Specifies the VCI ID. The valid range is 1 to 65535. Values 1 to 31 are reserved and should not be used, except for 5 for the QSAAL PVC and 16 for the ILMI PVC. You can also configure the following options: • name—(Optional) An arbitrary string that identifies this PVC. • ilmi—(Optional) Configures the PVC to use ILMI encapsulation (default). • qsaal—(Optional) Configures the PVC to use QSAAL encapsulation. Note When using the pvc command, remember that the vpi/vci combination forms a unique identifier for the interface and all of its subinterfaces. If you specify a vpi/vci combination that has been used on another subinterface, the Cisco IOS software assumes that you want to modify that PVC’s configuration and automatically switches to its parent subinterface. Step 10 Router(config-if-atm-vc)# protocol ppp virtual-template number Configures the PVC for PPP with the parameters from the specified virtual template. Step 11 Router(config-if-atm-vc)# end Exits ATM VC configuration mode and returns to privileged EXEC mode. Command or Action Purpose7-58 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits no atm ilmi-keepalive pvc 32/32 vbr-rt 640 640 256 encapsulation aal5snap protocol ppp Virtual-Template1 To display run-time statistics and other information about the currently configured multilink PPP bundles, use the show ppp multilink command: Router# show ppp multilink Virtual-Access3, bundle name is north-2 Bundle up for 00:01:51 Bundle is Distributed 0 lost fragments, 0 reordered, 0 unassigned 0 discarded, 0 lost received, 1/255 load 0x0 received sequence, 0x0 sent sequence Member links: 1 (max not set, min not set) Vi1, since 00:01:38, no frags rcvd, 62 weight, 54 frag size dLFI statistics: DLFI Packets Pkts In Pkts Out Fragmented 4294967288 3129990 UnFragmented 1249071 0 Reassembled 1249071 1564994 Reassembly Drops 0 Fragmentation Drops 0 Out of Seq Frags 0 Note The show ppp multilink command displays only the packet counters, and not byte counters, for a dLFI configuration on an ATM SPA interface. Also, the number of fragmented packets shows the number of fragments sent to the SAR assembly, not the number of fragments that are placed on the ATM line. It is possible that the SAR assembly might drop some of these fragments on the basis of Layer 3 QoS limits. Configuring the Distributed Compressed Real-Time Protocol The distributed Compressed Real-Time Protocol (dCRTP) compresses the 40 bytes of the IP/UDP/RTP packet headers down to between only two and four bytes in a distributed fast-switching and distributed Cisco Express Forwarding (dCEF) network. This compression reduces the packet size, improves the speed of packet transmission, and reduces packet latency, especially on cell-based interfaces, such as ATM interfaces. Distributed Compressed Real-Time Protocol Configuration Guidelines When configuring dCRTP, consider the following guidelines: • Distributed CEF switching or distributed fast switching must be enabled on the interface. • PPP must be used on the interface or subinterface. 7-59 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Distributed Compressed Real-Time Protocol Configuration Task To enable and configure dCRTP on an ATM interface, virtual template interface, or a dialer template interface, perform the following procedure beginning in global configuration mode: Verifying the Distributed Compressed Real-Time Protocol Configuration To verify the dCRTP of an ATM interface, use the show running-config interface interface virtual-template command: Router# show running-config interface interface virtual-template 1 ! interface Virtual-Template1 bandwidth 2320 ip unnumbered Loopback2 max-reserved-bandwidth 100 Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port or Router(config)# interface virtual-template number or Router(config)# interface dialer number Enters interface configuration mode for an interface on the ATM SPA, or for a virtual template or dialer template interface. Step 2 Router(config-if)# ip rcp header-compression [passive] Enables RCP header compression. • passive—(Optional) Compresses outgoing RCP packets only if incoming RCP packets on the same interface are compressed. The default compresses all RCP packets on the interface. Step 3 Router(config-if)# ip tcp header-compression [passive] Enables TCP header compression. • passive—(Optional) Compresses outgoing TCP packets only if incoming TCP packets on the same interface are compressed. The default compresses all TCP packets on the interface. Note By default, RCP and TCP header compression are enabled on ATM interfaces when they are configured with an IP address. You do not need to give the ip rcp header-compression and ip tcp header-compression commands unless you have previously disabled these features, or you want to use the passive options. Step 4 Router(config-if)# ip rcp compression-connections number Specifies the total number of RCP header compression connections that can be supported on the interface. • number—Number of RCP header compression connections. The valid range is 3 to 1000, with a default of 32 connections (16 calls). Step 5 Router(config-if)# ip tcp compression-connections number Specifies the total number of TCP header compression connections that can be supported on the interface. • number—Number of TCP header compression connections. The valid range is 3 to 1000, with a default of 32 connections (16 calls). Step 6 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. 7-60 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits ip tcp header-compression ppp multilink ppp multilink fragment delay 4 ppp multilink interleave ip rtp header-compression Configuring Automatic Protection Switching The ATM SPAs support 1+1 Automatic Protection Switching (APS) on PVCs as described in section 5.3 of the Telcordia publication GR-253-CORE SONET Transport Systems: Common Generic Criteria. APS redundancy is supported at the line layer, so that when an OC-3c, OC-12c, or OC-48c link fails, all of the PVCs that are carried by that link are switched simultaneously. Note APS is not supported for SVCs. In an APS configuration, a redundant ATM interface (the Protect interface) is configured for every active ATM interface (the Working interface). If the Working interface goes down, the Protect interface automatically switches over and continues communication over the interface’s PVCs. The APS Protect Group Protocol (PGP), which runs on top of User Datagram Protocol (UDP), provides communication between the Working and Protect interfaces. This communication occurs over a separate out-of-band (OOB) communication channel, such as an Ethernet link. In the case of degradation, loss of channel signal, or manual intervention, the APS software on the Protect interface sends APS PGP commands to activate or deactivate the Working interface as necessary. If the communication channel between the Working and Protect interfaces is lost, the Working interface assumes full control, as if no Protect interface existed. The performance enhancement of PPP/MLPPP APS does not impact the original PPP/MLPPP scalability on Cisco 7600. Figure 7-4 shows a simple example of a pair of Working and Protect interfaces on a single router. Figure 7-4 Basic Automatic Protection Switching Configuration Tip If possible, use separate SPAs to provide the Working and Protect interfaces, as shown in Figure 7-4. This technique removes the SPA as a potential single point of failure, which would be the case if the same SPA provided both the Working and Protect interfaces. Multiple routers can be using APS at the same time. For example, Figure 7-5 shows a simple example of two routers that each have one pair of Working and Protect interfaces. In this configuration, the two routers are independently configured. Router A ATM3/0/0 Working interface ATM4/0/0 Protect interface SONET network equiptment Add Drop Multiplexer (ADM) 1178527-61 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Figure 7-5 Sample Automatic Protection Switching Configuration with Multiple Routers You can also configure multiple routers with APS so that interfaces on one router can provide protection for the interfaces on another router. This provides protection in case a router experiences a major system problem, such as a processor fault. Figure 7-6 shows a basic example of two routers that each have one Working ATM interface. Each router also has one Protect interface that provides protection for the other router’s Working interface. Note that this configuration requires a separate out-of-band (OOB) communication link between the two routers, which in this case is provided by the Ethernet network. Figure 7-6 Sample Multiple Router Protection with Automatic Protection Switching An APS configuration requires the following steps: • Configure the Working interface with the desired IP addresses, subinterfaces, and PVCs. Also assign the interface to an APS group and designate it as the Working interface. • Create a loopback circuit for communication between the Working and Protect interfaces. This is optional, because you can also use any valid IP address on the router. However, we recommend using a loopback interface because it is always up and provides connectivity between the two interfaces as long as any communication path exists between them. • Configure the Protect interface with the same subinterfaces and PVCs that were configured on the Working interface. The Protect interface should also be configured with an IP address that is on the same subnet as the Working interface. Tip Always configure the Working interface before the Protect interface, so as to prevent the Protect interface from becoming active and disabling the circuits on the Working interface. ADM Router-A Router-B ATM 4/0/0 (working) ATM 4/0/1 (protect) ATM 3/1/0 (working) ATM 3/1/1 (protect) 117547 Router A E1/0/0 ATM2/0/0 Working interface 10 SONET network equipment Add Drop Multiplexer (ADM) E1/0/0 Router B ATM2/0/0 Working interface 20 117853 ATM3/0/0 Protect interface 20 ATM3/0/0 Protect interface 107-62 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Automatic Protection Switching Configuration Guidelines When configuring APS, consider the following guidelines: • The Working and Protect interfaces must be compatible (that is, both OC-3c or both OC-12c interfaces). The interfaces can be on the same SPA, different SPAs in the same router, or different SPAs in different routers. • If using interfaces on different routers, the two routers must have a network connection other than the ATM connection (such as through an Ethernet LAN). Because the APS PGP is UDP traffic, this network connection should be reliable with a minimum number of hops. • Configure the Working ATM interface with the desired IP addresses and other parameters, as described in the “Required Configuration Tasks” section on page 7-2 and the “Configuring SONET and SDH Framing” section on page 7-76. • Configure the desired PVCs on the Working interface, as described in the different procedures that are listed in the “Creating a Permanent Virtual Circuit” section on page 7-8. • The IP addresses on the Working and Protect interfaces should be in the same subnet. • APS is not supported on SVCs. Automatic Protection Switching Configuration Task To configure the Working and Protect interfaces on the ATM SPAs for basic APS operation, perform the following procedure beginning in global configuration mode. For complete information on APS, including information on additional APS features, refer to the “Configuring ATM Interfaces” chapter in the Cisco IOS Interface Configuration Guide, Release 12.2. Command or Action Purpose Step 1 Router(config)# interface loopback interface-number Creates a loopback interface and enters interface configuration mode: • interface-number—An arbitrary value from 0 to 2,147,483,647 that uniquely identifies this loopback interface. Step 2 Router(config-if)# ip address ip-address mask [secondary] Specifies the IP address and subnet mask for this loopback interface. If the Working and Protect interfaces are on the same router, this IP address should be in the same subnet as the Working interface. If the Working and Protect interfaces are on different routers, this IP address should be in the same subnet as the Ethernet interface that provides the connectivity between the two routers. Repeat this command with the secondary keyword to specify additional IP addresses to be used for this interface. Step 3 Router(config-if)# interface atm slot/subslot/port Enters interface configuration mode for the Working interface on the ATM SPA. Step 4 Router(config-if)# ip address ip-address mask [secondary] Specifies the IP address and subnet mask for the Working interface. Repeat this command with the secondary keyword to specify additional IP addresses to be used for the interface. 7-63 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Step 5 Router(config-if)# aps group group-number Enables the use of the APS Protect Group Protocol for this Working interface. • group-number—Unique number identifying this pair of Working and Protect interfaces. Note The aps group command is optional if this is the only pair of Working and Protect interfaces on the router, but is required when you configure more than one pair of Working and Protect interfaces on the same router. Step 6 Router(config-if)# aps working circuit-number Identifies the interface as the Working interface. • circuit-number—Identification number for this particular channel in the APS pair. Because only 1+1 redundancy is supported, the only valid values are 0 or 1, and the Working interface defaults to 1. Step 7 Router(config-if)# aps authentication security-string (Optional) Specifies a security string that must be included in every OOB message sent between the Working and Protect interfaces. • security-string—Arbitrary string to be used as a password between the Working and Protect interfaces. This string must match the one configured on the Protect interface. Step 8 Router(config-if)# interface atm slot/subslot/port Enters interface configuration mode for the Protect interface on the ATM SPA. Step 9 Router(config-if)# ip address ip-address mask [secondary] Specifies the IP address and subnet mask for the Protect interface. Note This should be the same address that was configured on the Working interface in Step 4. Repeat this command with the secondary keyword to specify additional IP addresses to be used for the interface. These should match the secondary IP addresses that are configured on the Working interface. Step 10 Router(config-if)# aps group group-number Enables the use of the APS Protect Group Protocol for this Protect interface. • group-number—Unique number identifying this pair of Working and Protect interfaces. Note The aps group command is optional if this is the only pair of Working and Protect interfaces on the router, but is required when you configure more than one pair of Working and Protect interfaces on the same router. Command or Action Purpose7-64 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Verifying the Automatic Protection Switching Configuration To verify the APS configuration on the router, use the show aps command without any options. The following example shows a typical configuration in which the Working interface is the active interface: Router# show aps ATM4/0/1 APS Group 1: protect channel 0 (inactive) bidirectional, revertive (2 min) PGP timers (default): hello time=1; hold time=3 state: authentication = (default) Step 11 Router(config-if)# aps protect circuit-number ip-address Identifies this interface as the Protect interface: • circuit-number—Identification number for this particular channel in the APS pair. Because only 1+1 redundancy is supported, the only valid values are 0 or 1, and the Protect interface defaults to 0. • ip-address—IP address for the loopback interface that was configured in Step 2. The Protect interface uses this IP address to communicate with the Working interface. Note If you do not want to use a loopback interface for this configuration, this IP address should be the address of the Working interface if the Protect and Working interfaces are on the same router. If the Working and Protect interfaces are on different routers, this should be the IP address of the Ethernet interface that provides interconnectivity between the two routers. Step 12 Router(config-if)# aps authentication security-string (Optional) Specifies a security string that must be included in every OOB message sent between the Working and Protect interfaces. • security-string—Arbitrary string to be used as a password between the Working and Protect interfaces. This string must match the one configured on the Working interface. Step 13 Router(config-if)# aps revert minutes (Optional) Enables the Protect interface to automatically switch back to the Working interface after the Working interface has been up for a specified number of minutes. • minutes—Number of minutes until the interface is switched back to the Working interface after the Working interface comes back up. Note If this command is not given, you must manually switch back to the Working interface using either the aps force circuit-number or the aps manual circuit-number command. Step 14 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. Command or Action Purpose7-65 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits PGP versions (native/negotiated): 2/2 SONET framing; SONET APS signalling by default Received K1K2: 0x00 0x05 No Request (Null) Transmitted K1K2: 0x20 0x05 Reverse Request (protect) Working channel 1 at 10.10.10.41 Enabled Remote APS configuration: (null) ATM4/0/0 APS Group 1: working channel 1 (active) PGP timers (from protect): hello time=3; hold time=6 state: Enabled authentication = (default) PGP versions (native/negotiated): 2/2 SONET framing; SONET APS signalling by default Protect at 10.10.10.41 Remote APS configuration: (null) The following sample output is for the same interfaces, except that the Working interface has gone down and the Protect interface is now active: Router# show aps ATM4/0/1 APS Group 1: protect channel 0 (active) bidirectional, revertive (2 min) PGP timers (default): hello time=1; hold time=3 state: authentication = (default) PGP versions (native/negotiated): 2/2 SONET framing; SONET APS signalling by default Received K1K2: 0x00 0x05 No Request (Null) Transmitted K1K2: 0xC1 0x05 Signal Failure - Low Priority (working) Working channel 1 at 10.10.10.41 Disabled SF Pending local request(s): 0xC (, channel(s) 1) Remote APS configuration: (null) ATM4/0/0 APS Group 1: working channel 1 (Interface down) PGP timers (from protect): hello time=3; hold time=6 state: Disabled authentication = (default) PGP versions (native/negotiated): 2/2 SONET framing; SONET APS signalling by default Protect at 10.10.10.41 Remote APS configuration: (null) Tip To obtain APS information for a specific ATM interface, use the show aps atm slot/subslot/port command. To display information about the APS groups that are configured on the router, use the show aps group command. Configuring Access Circuit Redundancy on SIP-400 ATM SPA s7-66 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits The ATM Automatic Protection Switching (APS) mechanism takes a longer switchover time with pseudowire configuration, as the pseudowire needs to come UP on switchover. To reduce the switchover time, ATM provides Access Circuit Redundancy for ATM clients in a single router APS (SR APS ) environment. This ensures low data traffic downtime in case of switchover. QoS support on an ATM SPA with ACR configured supports all the QoS features allowed on Layer 2 transport PVCs on ATM SPAs. ATM Asynchronous functionality Additionally when there is a local attachment circuit fault, the data plane needs to be UP. ATM VCs and VPs are provided with an enable and disable functionality, so that the they remain provisioned even when the interface is configured with shutdown or no shutdown respectively. Earlier a fasulty scenario led to a teardown of the ATM VC/VP. This resulted in blocking all types of traffic. With the new feature a complete teardown of the the VC/VP is not executed. The VC/ VP remains provisioned in the hardware. Thhis feature supports AAL5 and AAL0 encapsulation with cell packing. The enabling and disabling of ATM VC/VP is done asynchronously. To enable the async feature, you must configure atm asynchronous under the atm interface. Local switching and pseudowire redundancy are not supported. Restrictions The following restrictions apply while configuring ACR and QoS support on ACR on the Cisco 7600 SIP-400 ATM SPAs: • The pseudowire should not have a data loss of more than 100 ms when the APS switchover is done on the physical layer. • ACR supports 4000 pseudowire configurations per chassis. • ATM interfaces that are part of an ACR group can be configured only using the virtual interface. However, there are some configurations allowed under the physical ACR members, such as the Layer 1 configuration commands • PVC or PVP and xconnect configuration are visible only under the virtual ATM interfaces. • Service-policy is supported only on PVC under an ACR interface. • Currently the interface counters on the route processor are updated by choosing incremental statistics corresponding to the active interface at any point of time. The ATM PVC statistics are also updated similarly. Given this approach, the receiving interface statistics are always accurate, but the transmitting statistics show a difference, which moves it away from the actual value for every APS switchover done. The inaccuracy reflected in the transmission interface statistics per APS switchover is approximately about 5 to 8 seconds of traffic. The MPLS counters for the ACR MPLS show accurate statistics in both directions and are reliable independent of switchover. • When the protect interface of an ACR group is active and the protect LC is hard-OIRed, APS switchover time is close to 1 second. You must do a manual APS switchover, using manual, force, or shut options on the member, and bring up the other member interface before the physical OIR of the line card or SPA.7-67 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Configuring the ACR Interface SUMMARY STEPS Step 1 interface atm interface aps group acr acr no aps working circuit number Step 2 interface atm interface aps group acr acr no aps protect circuit number ip-address aps revert minutes7-68 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits DETAILED STEPS The following commands configure the ACR Interface: Command or Action Purpose Step 1 Router (config)# interface atm interface Router(config-if)# aps group acr acr no Router (config-if)# aps working circuit number This command enters the ATM interface mode. aps group- This command configures the APS group for an interface. acr- This command configures the ACR group on top of APS. acr no—This specifies a group number between 0-255. An ACR virtual interface is created. circuit-number—Identification number for this particular channel in the APS pair. Because only 1+1 redundancy is supported, the only valid values are 0 or 1, and the Working interface defaults to 1. Step 2 Router(config-if)#interface atm interface Router(config-if)#aps group acr acr no Router(config-if)#aps protect circuit number ip-address Router(config-if)#aps revert minutes This command enters the ATM interface mode. aps group- This command configures the APS group for an interface. acr- This command configures the ACR group on top of APS. acr no— This specifies a group number between 0-255. An ACR virtual interface is created. circuit-number—Identification number for this particular channel in the APS pair. Because only 1+1 redundancy is supported, the only valid values are 0 or 1, and the Working interface defaults to 1. Note When the virtual interface is created, apart from APS no other configuration is possible under the corresponding physical interface. All interface configurations must be applied under the virtual ACR interface. aps protect- Identifies this interface as the Protect interface: • circuit-number—Identification number for this particular channel in the APS pair. Because only 1+1 redundancy is supported, the only valid values are 0 or 1, and the Protect interface defaults to 0. • ip-address—IP address for the loopback interface. The Protect interface uses this IP address to communicate with the working interface. Note The APS group can be active or inactive. Active-The interface that is currently sending and receiving data. Inactive-The interface which is currently standing by to take over when the active fails. aps revert- This command configures the ACR interface as revert. The value of the minutes argument specifies the time, in minutes, after which the revert process begins. Note Use the revert command only under the protect member of the ACR group. Note To create an ACR interface without any members attached, use the interface acr acr no command.7-69 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Enabling or Disabling the ATM Asynchronous functionality SUMMARY STEPS To Enable the Async Feature Step 1 int atm slot/bay/port Step 2 atm asynchronous To Set MCPT Timers Step 1 int atm slot/bay/port Step 2 atm mcpt-timers 100 1000 1000 To Configure Cell-Packing Step 1 int atm slot/bay/port Step 2 pvc 1/100 l2transport Step 3 atm mcpt-timers 100 1000 1000 Step 4 cell-packing 20 mcpt-timer timer value Xconnect Configuration Step 1 int atm slot/bay/port Step 2 pvc pvc id l2transport Step 3 xconnect ip_address vc_id encapsulation mpls | l2tpv3 DETAILED STEPS The following commands enable or disable the ATM Asynchronous functionality and configure the interface with MCPT timers and encapsulation type using the xconnect commands: Command or Action Purpose Step 1 Router(config)# int atm slot/bay/port This command enters the ATM interface mode. Step 2 Router(config-if)# atm asynchronous This command enables or disables the asynchronous functionality on the ATM interface Step 3 Router(config-if)#atm mcpt-timers 100 1000 1000 This command sets the mcpt-timers on the ATM interface7-70 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Examples Configuration of ACR interface and policy attachment interface ATM4 /0 /0 aps group acr 1 aps working 1 ! interface ATM4 /0 /1 aps group acr 1 aps revert 2 aps protect 1 10.7.7.7 ! This will create the virtual ATM interface. The following commands can be configured under the PVC of the virtual interface: • pvc • atm pvp • cell-packing • class-int • map-group • service-policy • atm asynchronous • atm mcpt-timers • shut interface ACR 1 no ip address The following configuration on the ATM interface enables the asynchronous functionality. Step 4 Router(config-if)#pvc 1/100 l2transport Router(config-if)#atm mcpt-timers 100 1000 1000 Router(cfg-if-atm-l2trans-pvc)#cell-pac king 20 mcpt-timer 2 Configures cell-packing on the ATM interface Step 5 Router(cfg-if-atm-l2trans-pvc)#xconnec t ip_address vc_id encapsulation mpls | l2tpv3 Sets the encapsulation method on the ATM interface using the xconnect command Command or Action Purpose7-71 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits int atm 3/0/0 atm asynchronous Other configurations supported with respect to L2VPN with this feature are: MCPT timer: conf t int atm 4/0/0 atm mcpt-timers 100 1000 1000 Cell packing: conf t int atm 4/0/0 pvc 1/100 l2transport atm mcpt-timers 100 1000 1000 cell-packing 20 mcpt-timer 2 Xconnect configuration: conf t int atm 4/0/0 pvc 1/100 l2transport xconnect 22.22.22.22 101 encapsulation mpls conf t int atm 4/0/0 pvc 1/100 l2transport xconnect 22.22.22.22 101 encapsulation l2tpv3 Configuration in VP /VC Mode interface ACR 1 pvc 1/100 l2transport xconnect 100 2.2.2.2 encapsulation mpls service-policy out foo service-policy in foo Show commands show acr group acr group no. Example: Router# show acr group 10 ACR Group Working I/f Protect I/f Currently Active Status 7-72 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits -------------------------------------------------------------------------- 10 ATM2/1/1 ATM2/1/2 ATM2/1/1 show acr group acr group no. detail Example: PE2# show acr group 10 detail ACR Group Working I/f Protect I/f Currently Active Status -------------------------------------------------------------------------- 10 ATM2/1/1 ATM2/1/2 ATM2/1/1 ATM PVC Detail VPI VCI State on Working State on Protect 16 100 Provision Success Provision Success show acr group ACR Group Working I/f Protect I/f Currently Active Status -------------------------------------------------------------------------- 99 ATM4/0/0 ATM4/1/0 ATM4/1/0 The following new show commands have been added in Release 12.2(33)SRE, for QoS support: show policy-map int ? ACR interface show policy-map int ACR ? <0-255> ACR interface number When the ATM interface is shut down the VC goes into inactive state: show atm vc Codes: DN - DOWN, IN - INACTIVE Details of the VC states can be found by: show atm vc detail ATM4/0/0: VCD: 1, VPI: 2, VCI: 200 Interface VCD/Name VPI VCI Type Encaps SC Peak Kbps Av/Min Kbps Burst Cells St 4/0/0 2 1 100 PVC SNAP UBR 149760 IN 4/0/0 1 2 200 PVC AAL5 UBR 149760 IN7-73 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits :: Status: INACTIVE Async Status: SETUP_COMP, Admin Status: DISABLED, Flags: Setup ATM4/0/0: VCD: 1, VPI: 2, VCI: 200 :: Status: UP Async Status: SETUP_COMP, Admin Status: ENABLED, Flags: Enable ACR and APS Co-existence Configuring APS with the same group number as that of ACR is allowed, but members cannot be added to it. However, you can configure a working member in APS and the protect member in ACR, and vice versa. Sample: PE1#conf t Enter configuration commands, one per line. End with CNTL/Z. PE1(config)#int atm 2/0/0 PE1(config-if)#do sh runn int atm 2/0/0 Building configuration... Current configuration : 66 bytes ! interface ATM2/0/0 no ip address no atm enable-ilmi-trap end PE1(config-if)#aps gr acr 99 % Unconfigure one of the acr groups already configured before configuring here PE1(config-if)#aps gr 99 PE1(config-if)#aps work 1 i/f 2/0: APS: Group 99 : already has a working member; command ignored PE1(config-if)#aps prot 1 2.2.2.2 i/f 2/0: APS: Group 99 : already has a protect member; command ignored PE1(config-if)#do sh runn int atm 2/0/0 Building configuration... Current configuration : 80 bytes ! interface ATM2/0/0 no ip address no atm enable-ilmi-trap aps group 99 end PE1(config-if)#do sh aps ATM4/1/0 APS Group 99: protect channel 0 (Active) (HA) Working channel 1 at 2.2.3.2 (Disabled) (HA) bidirectional, non-revertive PGP timers (extended for HA): hello time=1; hold time=10 hello fail revert time=120 SONET framing; SONET APS signalling by default Received K1K2: 0x11 0x157-74 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Do Not Revert (working); Bridging working Transmitted K1K2: 0x21 0x15 Reverse Request (working); Bridging working Remote APS configuration: (null) ATM4/0/0 APS Group 99: working channel 1 (Inactive) (HA) Protect at 2.2.3.2 PGP timers (from protect): hello time=1; hold time=10 SONET framing Remote APS configuration: (null) PE1(config-if)#end PE1# *Mar 16 12:02:59.471 IST: %SYS-5-CONFIG_I: Configured from console by console PE1#sh runn int atm 4/0/0 Building configuration... Current configuration : 74 bytes ! interface ATM4/0/0 no ip address aps group acr 99 aps working 1 end PE1#sh runn int atm 4/1/0 Building configuration... Current configuration : 82 bytes ! interface ATM4/1/0 no ip address aps group acr 99 aps protect 1 2.2.3.2 end PE1#conf t Enter configuration commands, one per line. End with CNTL/Z. PE1(config)#default int atm 4/0/0 WARNING: use of this command will result in reset of the interface. This will cause traffic outage. Are you sure you want to continue? [no]: yes Interface ATM4/0/0 set to default configuration PE1(config)# *Mar 16 12:03:57.923 IST: %SONET-4-ALARM: ATM4/0/0: APS enabling channel *Mar 16 12:03:57.927 IST: %SONET-6-APSREMSWI: ATM4/0/0 (grp 99 chn 1: ACTIVE): Remote APS status now non-aps PE1(config)#do sh runn int atm 4/0/0 Building configuration... Current configuration : 66 bytes ! interface ATM4/0/0 no ip address no atm enable-ilmi-trap end PE1(config)# *Mar 16 12:04:07.539 IST: %SONET-3-APSCOMMLOST: ATM4/1/0 (grp 99 chn 0: ACTIVE): Link to working channel lostdo sh aps ATM4/1/0 APS Group 99: protect channel 0 (Active) (HA) Working channel 1 at 2.2.3.2 (no contact) (HA) bidirectional, non-revertive 7-75 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits PGP timers (extended for HA): hello time=1; hold time=10 hello fail revert time=120 SONET framing; SONET APS signalling by default Received K1K2: 0x11 0x15 Do Not Revert (working); Bridging working Transmitted K1K2: 0x21 0x15 Reverse Request (working); Bridging working Remote APS configuration: (null) PE1(config)#int atm 4/0/0 PE1(config-if)#aps gr 99 PE1(config-if)#aps work 1 PE1(config-if)# *Mar 16 12:04:34.063 IST: %SONET-4-ALARM: ATM4/0/0: APS disabling channel *Mar 16 12:04:34.063 IST: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM4/0/0, changed state to down *Mar 16 12:04:34.543 IST: %SONET-3-APSCOMMEST: ATM4/1/0 (grp 99 chn 0: ACTIVE): Link to working channel established - PGP protocol version 4 PE1(config-if)#end PE1# *Mar 16 12:04:44.991 IST: %SYS-5-CONFIG_I: Configured from console by console PE1#sh acr gr ACR Group Working I/f Protect I/f Currently Active Status -------------------------------------------------------------------------- 99 ATM4/1/0 ATM4/1/0 PE1#sh aps ATM4/1/0 APS Group 99: protect channel 0 (Active) (HA) Working channel 1 at 2.2.3.2 (Disabled) (HA) bidirectional, non-revertive PGP timers (extended for HA): hello time=1; hold time=10 hello fail revert time=120 SONET framing; SONET APS signalling by default Received K1K2: 0x11 0x15 Do Not Revert (working); Bridging working Transmitted K1K2: 0x21 0x15 Reverse Request (working); Bridging working Remote APS configuration: (null) ATM4/0/0 APS Group 99: working channel 1 (Inactive) (HA) Protect at 2.2.3.2 PGP timers (from protect): hello time=1; hold time=10 SONET framing Remote APS configuration: (null)7-76 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Configuring SONET and SDH Framing The default framing on the ATM OC-3c and OC-12c SPAs is SONET, but the interfaces also support SDH framing. Note In ATM environments, the key difference between SONET and SDH framing modes is the type of cell transmitted when no user or data cells are available. The ATM forum specifies the use of idle cells when unassigned cells are not being generated. More specifically, in Synchronous Transport Module-X (STM-X) mode, an ATM interface sends idle cells for cell-rate decoupling. In Synchronous Transport Signal-Xc (STS-Xc) mode, the ATM interface sends unassigned cells for cell-rate decoupling. Note The interface configuration command atm sonet stm-1 is not supported from 12.2(33)SRC release. If you are using 12.2(33)SRC and later versions, you should use the atm framing sdh command instead of the atm sonet stm-1 command. To change the framing type and configure optional parameters, perform the following procedure beginning in global configuration mode: Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port Enters interface configuration mode for the indicated port on the specified ATM SPAs. Step 2 Router(config-if)# atm clock internal (Optional) Configures the interface to use its own internal (onboard) clock to clock transmitted data. The default (no atm clock internal) configures the interface to use the transmit clock signal that is recovered from the receive data stream, allowing the switch to provide the clocking source. Step 3 Router(config-if)# atm framing {sdh | sonet} (Optional) Configures the interface for either SDH or SONET framing. The default is SONET. Step 4 Router(config-if)# [no] atm sonet report {all | b1-tca | b2-tca | b3-tca | default | lais | lrdi | pais | plop | pplm | prdi | ptim | puneq | sd-ber | sf-ber | slof | slos} (Optional) Enables ATM SONET alarm reporting on the interface. The default is for all reports to be disabled. You can enable an individual alarm, or you can enable all alarms with the all keyword. Note This command also supports a none [ignore] option, which cannot be used with any of the other options. See the “Configuring for Transmit-Only Mode” section on page 7-78 for details. 7-77 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Verifying the SONET and SDH Framing Configuration To verify the framing configuration, use the show controllers atm command: Router# show controllers atm 5/0/1 Interface ATM5/0/1 is up Framing mode: SONET OC3 STS-3c SONET Subblock: SECTION LOF = 0 LOS = 0 BIP(B1) = 603 LINE AIS = 0 RDI = 2 FEBE = 2332 BIP(B2) = 1018 PATH AIS = 0 RDI = 1 FEBE = 28 BIP(B3) = 228 LOP = 0 NEWPTR = 0 PSE = 1 NSE = 2 Active Defects: None Active Alarms: None Alarm reporting enabled for: LOF LOS B1-TCA B2-TCA SF LOP B3-TCA ATM framing errors: HCS (correctable): 0 HCS (uncorrectable): 0 APS COAPS = 0 PSBF = 0 State: PSBF_state = False Rx(K1/K2): 00/00 Tx(K1/K2): 00/00 Rx Synchronization Status S1 = 00 S1S0 = 00, C2 = 00 PATH TRACE BUFFER : STABLE BER thresholds: SF = 10e-3 SD = 10e-6 TCA thresholds: B1 = 10e-7 B2 = 10e-6 B3 = 10e-6 Clock source: line The following example verifies the framing configuration for 1-Port and 3-Port Clear Channel OC-3 ATM SPA using the show controllers atm command: Step 5 Router(config-if)# [no] atm sonet-threshold {b1-tca value | b2-tca value | b3-tca value | sd-ber value | sf-ber value} (Optional) Configures the BER threshold values on the interface. The value specifies a negative exponent to the power of 10 (10 to the power of minus value) for the threshold value. The default values are the following: • b1-tca = 6 (10e–6) • b2-tca = 6 (10e–6) • b3-tca = 6 (10e–6) • sd-ber = 6 (10e–6) • sf-ber = 3 (10e–3) Step 6 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. Command or Action Purpose7-78 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Router# show controllers atm 0/2/2 Interface ATM0/2/2 (SPA-3XOC3-ATM-V2[0/2]) is up Framing mode: SONET OC3 STS-3c SONET Subblock: SECTION LOF = 0 LOS = 1 BIP(B1) = 0 LINE AIS = 0 RDI = 1 FEBE = 55 BIP(B2) = 0 PATH AIS = 0 RDI = 1 FEBE = 21 BIP(B3) = 0 LOP = 1 NEWPTR = 0 PSE = 0 NSE = 0 Active Defects: None Active Alarms: None Alarm reporting enabled for: SF SLOS SLOF B1-TCA B2-TCA PLOP B3-TCA ATM framing errors: HCS (correctable): 0 HCS (uncorrectable): 0 APS not configured COAPS = 0 PSBF = 0 State: PSBF_state = False Rx(K1/K2): 00/00 Tx(K1/K2): 00/00 Rx Synchronization Status S1 = 00 S1S0 = 00, C2 = 13 PATH TRACE BUFFER : STABLE BER thresholds: SF = 10e-3 SD = 10e-6 TCA thresholds: B1 = 10e-6 B2 = 10e-6 B3 = 10e-6 Clock source: line Configuring for Transmit-Only Mode The ATM SPAs support operation in a transmit-only mode, where a receive fiber does not need to be connected. This mode is typically used for one-way applications, such as video-on-demand. By default, the lack of a receive path generates continuous framing errors, which bring the ATM interface down. To prevent this, you must configure the ATM interface to disable and ignore all ATM SONET alarms. The 1-Port OC-48c/STM-16 ATM SPA default framing is SONET. Note This configuration violates the ATM specifications for alarm reporting. Transmit-Only Mode Configuration Guidelines When an ATM interface has been configured to ignore ATM SONET alarms, you cannot configure an IP address (or other Layer 3 parameter) on the interface. Similarly, you must remove all IP addresses (and all other Layer 3 parameters) from the interface before beginning this procedure. Transmit-Only Mode Configuration Task To configure the ATM interface to disable and ignore all ATM SONET alarms, perform the following procedure beginning in global configuration mode: 7-79 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Configuring AToM Cell Relay VP Mode Transporting of ATM data not framed using AAL5 requires relaying individual celss over the MPLS cloud. Cells can be transported over the MPLS cloud using Single Cell Relay (SCR) or Packed Cell Relay (PCR) forms. Cell Relay may be based on the VP mode. This VP mode transports cells belonging to a VP (cells with the same VPI) over the MPLS cloud, either in Single or Packed form. For more information on AToM configuration, see the feature documentation for Any Transport over MPLS at: http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_any_transport.html#wp1046670 To configure Any Transport over MPLS (AToM) Cell Relay in VP Mode, perform the following procedure beginning in global configuration mode: VP Mode Configuration Guidelines When configuring ATM Cell Relay over MPLS in VP mode, use the following guidelines: • You do not need to enter the encapsulation aal0 command in VP mode. Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port[.subinterface] Enters interface (or subinterface) configuration mode for the indicated port on the specified ATM SPA. Step 2 Router(config-if)# no ip address ip-address mask Removes the IP address that is assigned to this interface (if one has been configured). All IP and other Layer 3 configurations must be removed from the interface before ATM SONET alarms can be ignored. Step 3 Router(config-if)# atm sonet report none ignore Disables the generation of all ATM SONET alarms, and instructs the ATM interface to remain up and operational when such alarm conditions exist. Step 4 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port Enters interface configuration mode for the indicated port on the specified ATM SPA. Step 2 Router(config-if)# no ip address ip-address mask Removes the IP address that is assigned to this interface (if one has been configured). Step 3 Router(config-if)# atm pvp vpi l2transport Creates a permanent virtual path (PVP) used to multiplex (or bundle) one or more virtual circuits (VCs). Step 4 Router(config-if)# xconnect peer-router-id vcid encapsulation mpls Routes a Layer 2 packets over a specified point-to-point VC by using Ethernet over multiprotocol label switching (EoMPLS). Step 5 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. 7-80 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits • One ATM interface can accommodate multiple types of ATM connections. VP cell relay, VC cell relay, and ATM AAL5 over MPLS can coexist on one ATM interface. • If a VPI is configured for VP cell relay, you cannot configure a PVC using the same VPI. • VP trunking (mapping multiple VPs to one emulated VC label) is not supported in this release. Each VP is mapped to one emulated VC. • Each VP is associated with one unique emulated VC ID. The AToM emulated VC type is ATM VP Cell Transport. • The AToM control word is supported. However, if a peer PE does not support the control word, it is disabled. This negotiation is done by LDP label binding. • VP mode (and VC mode) drop idle cells. VP Mode Configuration Example The following example transports single ATM cells over a virtual path: Router# pseudowire-class vp-cell-relay encapsulation mpls int atm 1/0/0 xconnect 10.0.0.1 123 pw-class vp-cell-relay Verifying ATM Cell Relay VP Mode The following show atm vp command shows that the interface is configured for VP mode cell relay: Router# show atm vp 1 ATM5/0 VPI: 1, Cell Relay, PeakRate: 149760, CesRate: 0, DataVCs: 1, CesVCs: 0, Status: ACTIVE VCD VCI Type InPkts OutPkts AAL/Encap Status 6 3 PVC 0 0 F4 OAM ACTIVE 7 4 PVC 0 0 F4 OAM ACTIVE TotalInPkts: 0, TotalOutPkts: 0, TotalInFast: 0, TotalOutFast: 0, TotalBroadcasts: 0 TotalInPktDrops: 0, TotalOutPktDrops: 0 Configuring Packed Cell Relay over Multi-Protocol Label Switching (PCRoMPLS) on SIP-400 for CeOP and 1-Port OC-48c/STM-16 ATM SPA Interconnecting ATM Networks require relay of individual cells over the MPLS cloud. Transport of ATM data not framed using AAL5 framing also requires transport of individual cells over the MPLS cloud. Cell Relay has two versions: • Single Cell Relay • Packed Cell Relay These are available through three modes • VC mode • VP mode, and • Port mode7-81 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Configuration Steps To configure PCRoMPLS on SIP-400 for CeOP and 1-Port OC-48c/STM-16 ATM SPA, run the commands listed in the following sections. SUMMARY STEPS Step 1 atm mcpt-timers timer-values Step 2 cell-packing 2 mcpt-timer 1 Step 3 xconnect 11.11.11.11 72337 encapsulation mpls DETAILED STEPS Configuration Example interface ATM1/1/1 no ip address logging event link-status atm clock INTERNAL atm mcpt-timers 100 200 300 no atm enable-ilmi-trap cell-packing 2 mcpt-timer 1 no snmp trap link-status xconnect 11.11.11.11 72337 encapsulation mpls Or on a CHOC port: controller SONET 8/3/0 framing sonet clock source line ! sts-1 1 mode vt-15 vtg 1 t1 1 atm ! ! interface ATM8/3/0.1/1/1 no ip address atm mcpt-timers 500 1000 1500 no atm enable-ilmi-trap cell-packing 2 mcpt-timer 1 Command or Action Purpose Step 1 Router(config-if)# atm mcpt-timers timer-values Defines the value of three Maximum Cell Packing Timeout (MCPT) timers under the main ATM interface Step 1 Router(config-if)# cell-packing 2 mcpt-timer 1 Enables cell packing with the maximum number of cells allowed to be packed in a packet with the MCPT timer Step 2 Router(config-if)# xconnect 11.11.11.11 72337 encapsulation mpls Routes a Layer 2 packets over a specified point-to-point VC7-82 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits xconnect 11.11.11.11 72338 encapsulation mpls ! Sample of PCRoMPLS using pseudowire pw-class ! pseudowire-class pw_mpls encapsulation mpls ! interface ATM8/3/0.1/1/1 interface ATM8/3/0.1/1/1 no ip address atm mcpt-timers 500 1000 1500 no atm enable-ilmi-trap xconnect 11.11.11.11 72338 pw-class pw_mpls ! PCRoMPLS using the cell-packing command interface ATM8/3/0.1/1/1 no ip address atm mcpt-timers 500 1000 1500 no atm enable-ilmi-trap cell-packing 2 mcpt-timer 1 xconnect 11.11.11.11 72338 encapsulation mpls ! Or, PE1(config)#interface ATM2/1/0 PE1(config-if)#at mc PE1(config-if)#atm mcpt-timers shutdown interface before modify mcpt values PE1(config-if)#shutdown PE1(config-if)#at PE1(config-if)#atm mc PE1(config-if)#atm mcpt-timers PE1(config-if)# pvc 3/100 l2transport PE1(cfg-if-atm-l2trans-pvc)# cell-packing 20 mcpt-timer 3 PE1(cfg-if-atm-l2trans-pvc)# encapsulation aal0 PE1(cfg-if-atm-l2trans-pvc)# xconnect 10.0.0.5 100 encapsulation mpls PE1(cfg-if-atm-l2trans-pvc-xconn)# ! PE1(cfg-if-atm-l2trans-pvc-xconn)#end Sample configuration on a SONET interface using xconnect: osr3(config)#Controller SONET 8/3/0 osr3(config-controller)#sts-1 ? <1-3> sts-1 number osr3(config-ctrlr-sts1)#vtg ? <1-7> vtg number <1-7> osr3(config-ctrlr-sts1)#vtg 1 t1 ? <1-4> t1 line number <1-4> Controller SONET 8/3/0 framing sonet clock source line ! sts-1 1 mode vt-15 vtg 1 t1 1 atm ! interface ATM8/3/0.1/1/1 no ip address atm mcpt-timers 500 1000 1500 no atm enable-ilmi-trap7-83 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits cell-packing 28 mcpt-timer 3 xconnect 11.11.11.11 72338 encapsulation mpls ! Send bidirectional traffic from end to end with all different framing types (config-controller)#framing ? esf Extended Superframe sf Superframe unframed Clear T1 Verifying the PCRoMPLS configuration Use the show atm cell-packing and show atm pvc slot/bay/port commands to verify the connectivity and configuration. Sample Show Command Output Sample output for the show atm cell-packing command is given below: osr3#show atm cell-packing average average circuit local nbr of cells peer nbr of cells MCPT type MNCP rcvd in one pkt MNCP sent in one pkt (us) ATM1/1/0 vc 246/246 2 0 1 1 30 ATM1/1/1 port 2 0 2 0 100 ATM8/3/0.1/1/1 port 28 0 1 0 1500 osr3#sh xconnect all Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State UP=Up DN=Down AD=Admin Down IA=Inactive SB=Standby RV=Recovering NH=No Hardware XC ST Segment 1 S1 Segment 2 S2 ------+---------------------------------+--+---------------------------------+-- UP ac Gi8/0/0(Ethernet) UP mpls 11.11.11.11:3 UP DN ac Gi7/0/2(Ethernet) DN mpls 11.11.11.11:4 DN UP ac AT1/1/1(ATM CELL) UP mpls 11.11.11.11:72337 UP AD ac AT8/3/0.1/1/1(ATM CELL) AD mpls 11.11.11.11:72338 DN DN ac AT1/1/0:123/123(ATM VCC CEL UP mpls 11.11.11.11:88001 DN DN ac AT1/1/0:0/300(ATM VCC CELL) UP mpls 44.44.44.44:77001 DN DN ac AT1/1/0:246/246(ATM VCC CEL UP mpls 44.44.44.44:99001 DN osr3# A sample output for the show xconnect all command is given below: Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State UP=Up DN=Down AD=Admin Down IA=Inactive SB=Standby RV=Recovering NH=No Hardware XC ST Segment 1 S1 Segment 2 S2 ------+---------------------------------+--+---------------------------------+-- UP ac Gi8/0/0(Ethernet) UP mpls 11.11.11.11:3 UP DN ac Gi7/0/2(Ethernet) DN mpls 11.11.11.11:4 DN UP ac AT1/1/1(ATM CELL) UP mpls 11.11.11.11:72337 UP AD ac AT8/3/0.1/1/1(ATM CELL) AD mpls 11.11.11.11:72338 DN DN ac AT1/1/0:123/123(ATM VCC CEL UP mpls 11.11.11.11:88001 DN DN ac AT1/1/0:0/300(ATM VCC CELL) UP mpls 44.44.44.44:77001 DN DN ac AT1/1/0:246/246(ATM VCC CEL UP mpls 44.44.44.44:99001 DN7-84 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits A sample output for show mpls l2transport vc is given below: osr3#show mpls l2transport vc ? <1-4294967295> VC ID or min VC ID value destination Destination address of the VC detail Detailed information interface Local interface of the VC vcid VC ID or min-max range of the VC IDs | Output modifiers Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------- AT1/1/1 ATM CELL ATM1/1/1 11.11.11.11 72337 UP AT8/3/0.1/1/1 ATM CELL ATM8/3/0.1/1/1 11.11.11.11 72338 ADMIN DOWN AT1/1/0 ATM VCC CELL 123/123 11.11.11.11 88001 DOWN AT1/1/0 ATM VCC CELL 0/300 44.44.44.44 77001 DOWN AT1/1/0 ATM VCC CELL 246/246 44.44.44.44 99001 DOWN A more detailed output of the command is shown below: PE17#show mpls l2 vc destination 11.11.11.11 detail | begin AT1/1/1 Local interface: AT1/1/1 up, line protocol up, ATM CELL ATM1/1/1 up Destination address: 11.11.11.11, VC ID: 72337, VC status: up Output interface: Gi7/0/1, imposed label stack {59 1301} Preferred path: not configured Default path: active Next hop: 47.0.0.4 Create time: 01:31:35, last status change time: 01:30:56 Signaling protocol: LDP, peer 11.11.11.11:0 up Targeted Hello: 39.39.39.39(LDP Id) -> 11.11.11.11 Status TLV support (local/remote) : enabled/supported Label/status state machine : established, LruRru Last local dataplane status rcvd: no fault Last local SSS circuit status rcvd: no fault Last local SSS circuit status sent: no fault Last local LDP TLV status sent: no fault Last remote LDP TLV status rcvd: no fault MPLS VC labels: local 1309, remote 1301 Group ID: local 0, remote 0 MTU: local n/a, remote n/a Remote interface description: Sequencing: receive disabled, send disabled VC statistics: packet totals: receive 368219176, send 379593764 byte totals: receive 39767653888, send 40996127808 packet drops: receive 0, seq error 0, send 0 Local interface: AT8/3/0.1/1/1 admin down, line protocol down, ATM CELL ATM8/3/0.1/1/1 admin down Destination address: 11.11.11.11, VC ID: 72338, VC status: down Output interface: if-?(0), imposed label stack {} Preferred path: not configured Default path: no route No adjacency Create time: 00:44:02, last status change time: 00:33:44 Signaling protocol: LDP, peer 11.11.11.11:0 up Targeted Hello: 39.39.39.39(LDP Id) -> 11.11.11.11 Status TLV support (local/remote) : enabled/unknown (no remote binding) Label/status state machine : ldp ready, LndRnd Last local dataplane status rcvd: no fault Last local SSS circuit status rcvd: DOWN(Hard-down) Last local SSS circuit status sent: not sent7-85 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Last local LDP TLV status sent: not sent Last remote LDP TLV status rcvd: unknown (no remote binding) MPLS VC labels: local unassigned, remote unassigned Group ID: local unknown, remote unknown MTU: local unknown, remote unknown Remote interface description: Sequencing: receive disabled, send disabled VC statistics: packet totals: receive 0, send 0 byte totals: receive 0, send 0 packet drops: receive 0, seq error 0, send 0 Configuring AToM Cell Relay Port Mode Transporting of ATM data not framed using AAL5 requires relaying individual cells over the MPLS cloud. Cells can be transported over the MPLS cloud using Single Cell Relay (SCR) or Packed Cell Relay (PCR) forms. Cell Relay may be based on the Port mode. The Port mode involves transporting all the cells arriving on an ATM port over the MPLS cloud, separately or packed together. Note that AToM cell relay port mode is supported only on SIP-200 and SIP-400 line cards for the 12.2(33)SRD release. For more detailed information on AToM configuration, including procedures “Configuring ATM Single Cell Relay over MPLS” and “Configuring ATM Packed Cell Relay over MPLS” refer to the Any Transport over MPLS documentation on: http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_any_transport.html#wp1046670 Command or Action Purpose Step 1 enable Example: Router# enable Enables privileged EXEC mode. Enter your password if prompted. Step 2 configure terminal Example: Router# configure terminal Enters global configuration mode. Step 3 interface atm slot/bay/port Example: Router(config)# interface atm 1/1/0 Specifies an ATM interface and enters interface configuration mode.7-86 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Port Mode Configuration Guidelines When configuring ATM cell relay over MPLS in port mode, use the following guidelines: • The pseudowire VC type is set to ATM transparent cell transport (AAL0). • The AToM control word is supported. However, if the peer PE does not support a control word, the control word is disabled. This negotiation is done by LDP label binding. • Port mode and VP and VC mode are mutually exclusive. If you enable an ATM main interface for cell relay, you cannot enter any PVP or PVC commands. • If the pseudowire VC label is withdrawn due to an MPLS core network failure, the PE router sends a line AIS to the CE router. Port Mode Configuration Example The following example transports single ATM cells over a virtual path: Router# pseudowire-class vp-cell-relay encapsulation mpls int atm 1/0/0 xconnect 10.0.0.1 123 pw-class vp-cell-relay Verifying ATM Cell Relay Port Mode The following show atm route and show mpls l2transport vc commands shows that the interface is configured for port mode cell relay: Router# show atm route ATM5/0 VPI: 1, Cell Relay, PeakRate: 149760, CesRate: 0, DataVCs: 1, CesVCs: 0, Status: ACTIVE VCD VCI Type InPkts OutPkts AAL/Encap Status 6 3 PVC 0 0 F4 OAM ACTIVE 7 4 PVC 0 0 F4 OAM ACTIVE TotalInPkts: 0, TotalOutPkts: 0, TotalInFast: 0, TotalOutFast: 0, TotalBroadcasts: 0 TotalInPktDrops: 0, TotalOutPktDrops: 0 Router# show mpls l2transport vc Local intf Local circuit Dest address VC ID Status ------------- -------------------- --------------- ---------- ---------- AT1/1/0 ATM CELL ATM1/1/0 10.1.1.121 1121 UP Step 4 xconnect peer-router-id vcid encapsulation mpls Example: Router(config-if)# xconnect 10.0.0.1 123 encapsulation mpls Binds the attachment circuit to the interface. Step 5 end Example: Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. Command or Action Purpose7-87 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Configuring QoS Features on ATM SPAs The SIPs and SPAs support many QoS features using modular QoS CLI (MQC) configuration. For information about the QoS features supported by the ATM SPAs, see the “Configuring QoS Features on a SIP” section on page 4-94 of Chapter 4, “Configuring the SIPs and SSC.” ATM SPA QoS Configuration Guidelines For the 2-Port and 4-Port OC-3c/STM-1 ATM SPA, the following applies: • In the ingress direction, all Quality of Service (QoS) features are supported by the Cisco 7600 SIP-200 and SIP-400: • The following features are not supported on a ATM SPA: – Hierarchical policy maps with queuing features. – Traffic Shaping • The following features are supported on a ATM SPA: – Strict priority – Ingress, no queueing is supported. • VC QoS on VP-PW feature works only with Single Cell Relay and does not work with Packed Cell Relay. • In the egress direction: – All queueing-based features (such as class-based weighted fair queueing [CBWFQ], and ATM per-VC WFQ, WRED, and shaping) are implemented on the segmentation and reassembly (SAR) processor on the SPA. – Policing, classification, policing and marking are implemented on the SIP. – Class queue shaping is not supported. – For detailed support information, see “QoS Congestion Management and Avoidance Feature Compatibility by SIP and SPA Combination” Phase 2 Local Switching Redundancy Phase 2 Local Switching Redundancy provides a backup attachment circuit (AC) when the primary attachment circuit fails. All the ACs must be on same Cisco 7600 series router. The following combinations of ATM ACs are supported: • ATM ACs on the same SPA • ATM ACs on different SPAs on the same SIP • ATM ACs on different SIPs on the same Cisco 7600 series router Note For Cisco IOS release 12.2(33)SRC, this feature is supported on the 24-Port Channelized T1/E1 ATM CEoP SPA and the 1-Port Channelized OC-3 STM1 ATM CEoP SPA, as well as the 2-Port and 4-Port OC-3c/STM-1 ATM SPA, the 1-Port OC-12c/STM-4 ATM SPA, and the 1-Port OC-48c/STM-16 ATM SPA.7-88 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Guidelines • Autoconfiguration of ATM interfaces is supported. • Only the tail end AC can be backed up, if head end fails there is no protection. • The circuit type of the primary and backup AC must be identical (failover operation will not switch between different types of interfaces or different CEM circuit types). • Only one backup AC is allowed for each connection. • Autoconfiguration is allowed for backup ATM Permanent Virtual Circuits (PVCs) or ATM Permanent Virtual Paths (PVPs) . • The ATM circuit used as a backup in a local switching connection cannot be used for xconnect configurations. • Dynamic modification of parameters in a local switching connection is not supported in the case where the tail-end segment is backed up to a segment using the backup command. If you want to modify the parameters in any of the three segments (head-end, tail-end, or backup segment), you must first unconfigure with the backup command, make the changes in the individual segments, and then re-configure the backup with the backup command. Configuration Configuration Example Router(config)# connect ATM atm2/0/0 0 atm3/0/0 0 Router(config-connection)# backup interface atm4/0/0 1 Verifying Use the show xconnect all command to check the status of the backup and primary circuits. Saving the Configuration To save your running configuration to nonvolatile random-access memory (NVRAM), use the following command in privileged EXEC configuration mode: Note To permanently save your configuration changes, you must write them to the nonvolatile RAM (NVRAM) by entering the copy running-config startup-config command in privileged EXEC mode. Command or Action Purpose Step 1 Router(config)# [no] connect name atma/b/c vpi/vci atmx/y/z vpi/vci Configures a local switching connection between two ATM interfaces. The no form of this command unconfigures a local switching connection between two ATM interfaces. Router(config-connection)# backup interface atm x/y/z vpi/vci Backs up a locally switched ATM connection.7-89 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits For more information about managing configuration files, refer to the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2 and Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 publications. Multi Router Automatic Protection Switching (MR-APS) Integration with Hot Standby Pseudowire The multi router automatic protection switching (MR-APS) enables interface connections to switch from one circuit to another if a circuit fails. Interfaces can be switched in response to a router failure, degradation or loss of channel signal, or manual intervention. In a multi router environment, the MR-APS allows the protected SONET interface to reside in a different router from the working SONET interface. Service providers are migrating to ethernet networks from their existing SONET or SDH equipment to reduce cost. Any transport over MPLS (AToM) pseudowires (PWs) help service providers to maintain their investment in asynchronous transfer mode (ATM) or time division multiplexing (TDM) network and change only the core from SONET or SDH to ethernet. When the service providers move from SONET or SDH to ethernet, network availability is always a concern. Therefor to enhance the network availability, service providers use PWs. The hot-standby PW support for ATM and TDM access circuits (ACs) allow the backup PW to be in a hot- standby state, so that it can immediately take over if the primary PW fails. The present hot-standby PW solution does not support access circuits (ACs) as part of the APS group. The PWs which are configured over the protected interface, remains in the down state. This increases the PW switchover time in case of an APS switchover. MR-APS integration with a hot standby pseudowire is an integration of APS with ATM or TDM hot standby PWs created over the SIP 400 line card for the Cisco 7600 platform and improves the switchover time. Figure 7-7 explains MR-APS integration with hot standby PW feature implementation. Command Purpose Router# copy running-config startup-config Writes the new configuration to NVRAM.7-90 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Figure 7-7 MR- APS Integration with Hot Standby Pseudowire Implementation In this example routers P1 and PE1 are in the same APS group G1, and routers P2 and PE2 are in the same APS group G2. In group G1, P1 is the working router and PE1 is the protected router. Similarly in group G2, P2 is the working router and PE2 is the protected router. The MR-APS integration with hot standby pseudowire deployment involves cell sites connected to the provider network using bundled T1/E1 connections. These T1/E1 connections are aggregated into the optical carrier 3 (OC3) or optical carrier 12 (OC12) links using the add-drop multiplexers (ADMs). For more information on APS, see the Automatic Protection Switching section in the Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide at the following link: http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/ 76cfstm1.html#wp1216498 Failover Operations MR-APS integration with hot standby pseudowire feature handles the following failures. • Failure 1, where the link between ADM and P1 goes down, or the connecting ports at ADM or P1 go down. • Failure 2, where the router P1 fails. • Failure 3, where the router P1 is isolated from the core. 246928 CE1 P1 PE1 P2 PE2 ADM CE2 ADM7-91 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Figure 7-8 explains the failure points in the network. Figure 7-8 Failure Points in a Network In case of failure 1, where either port at the ADM goes down, or the port at the router goes down or the link between ADM and router fails, the APS switchover triggers the pseudowires at the protect interface to become active. The same applies to failure 2 as well where the complete router fails over. In case of failure 3, where all the links carrying primary and backup traffic lose the connection, a new client is added to the inter chassis redundancy manager (ICRM) infrastructure to handle the core isolation. The client listens to the events from the ICRM. Upon receiving the core isolation event from the ICRM, the client either initiates the APS switchover, or initiates the alarm based on the peer core isolation state. If APS switchover occurs, it changes the APS inactive interface to active and hence activates the PWs at the interface. Similarly, when core connectivity goes up based upon the peer core isolation state, it clears the alarms or triggers the APS switchover. ICRM monitors the directly connected interfaces only. Hence only those failures in the directly connected interfaces can cause a core isolation event. Restrictions Following restrictions apply to the MR-APS integration with hot standby pseudowire feature: • MR-APS integration with hot standby PW is supported only on the SIP 400 line cards. • For ATM pseudowires only ATM asynchronous mode is supported. • Revertive APS mode should not be configured on the interfaces. • MR-APS integration with hot standby pseudowire is supported only on 1-port channelized OC-3 STM1 ATM CEoP SPA and 2-port and 4-port OC-3c/STM-1 ATM SPA. • APS group number should be greater than zero. • Do not configure the backup delay value command if the MR-APS integration with hot standby pseudowire feature is configured. ADM ADM CE1 CE2 P1 3 1 2 P2 PE1 PE27-92 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits • Unconfiguring mpls ip command on the core interface is not supported. • The hspw force switch command is not supported. Configuring MR-APS Integration with Hot Standby Pseudowire on an ATM Interface Complete these steps to configure the MR-APS integration with hot standby pseudowire. This involves configuring the working routers and protect routers that are part of the APS group. SUMMARY STEPS 1. enable 2. configure terminal 3. pseudo wire-class pw-class-name 4. encapsulation mpls 5. status peer topology dual-homed 6. exit 7. redundancy 8. interchassis group group-id pw-class-name 9. member ip ip-address 10. backbone interface interface ip-address 11. backbone interface interface ip-address 12. exit 13. interface atm slot/subslot/port 14. atm asynchronous 15. aps group group_id 16. aps [working | protect] aps-group-number [ip-address] 17. aps hspw-icrm-grp icrm-group-number 18. atm pvc vpi/vci l2transport 19. xconnect peer-ip-address vc-id pw-class pw-class-name 20. backup peer ip-address vc-id pw-class pw-class-name 21. end 7-93 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Detailed Steps Command Purpose Step 1 enable Example: Router> enable Enables the privileged EXEC mode. If prompted, enter your password. Step 2 configure terminal Example: Router# configure terminal Enters the global configuration mode. Step 3 pseudowire-class pw-class-name Example: Router(config)# pseudowire-class hw_aps Specifies the name of a pseudowire class and enters pseudowire class configuration mode. Step 4 encapsulation mpls Example: Router(config-pw-class)# encapsulation mpls Specifies that MPLS is used as the data encapsulation method for tunneling Layer 2 traffic over the pseudowire. Step 5 status peer topology dual-homed Example: Router(config-pw-class)# status peer topology dual-homed Enables the reflection of the attachment circuit status on both the primary and secondary pseudowires. This configuration is necessary if the peer PEs are connected to a dual-homed device. Step 6 exit Example: Router(config-pw-class)# exit Exits pseudowire class configuration mode. Step 7 redundancy Example: Router(config)# redundancy Enters the redundancy configuration mode. Step 8 interchassis group group-id Example: Router(config-red)# interchassis group 50 Configures an interchassis group within the redundancy configuration mode and enters the interchassis redundancy mode. Step 9 member ip ip-address Example: Router(config-r-ic)# member ip 60.60.60.2 Configures the IP address of the peer member group.7-94 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Step 10 backbone interface interface Example: Router(config-r-ic)# backbone interface GigabitEthernet 2/3 Specifies the backbone interface. Step 11 exit Example: Router(config-r-ic)# exit Exits the redundancy mode. Step 12 exit Example: Router(config-if)# exit Exits the interface configuration mode. Step 13 interface atm slot/subslot/port Example: Router(config)# interface atm 3/1/0 Enters interface configuration mode for the indicated port on the specified ATM SPA. slot/subslot/port—Specifies the location of the interface. Step 14 atm asynchronous Example: Router(config-if)# atm asynchronous Enables or disables the asynchronous functionality on the ATM interface Step 15 aps group group_id Example: Router(config-if)# aps group 1 Configures the APS group for ATM. Step 16 aps [working | protect] aps-group-number Example: Router(config-if)# aps working 1 Configures the APS group as the working interface. Step 17 aps hspw-icrm-grp icrm-group-number Example: Router(config-if)# aps hspw-icrm-grp 1 Associates the APS group to an interchassis redundancy manager (ICRM) group number. Command Purpose7-95 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Examples Figure 7-9 is a sample configuration for MR-APS integration with hot standby pseudowire. Step 18 pvc vpi/vci l2transport Example: Router(config-if)# pvc 1/100 l2transport Assigns a virtual path identifier (VPI) and VCI and enters ATM PVC l2transport configuration mode. • vpi—ATM network virtual path identifier (VPI) of the VC to multiplex on the permanent virtual path. The range is from 0 to 255. • vci— VCI specifies the virtual channel identifier. Note The l2transport keyword indicates that the PVC is a switched PVC instead of a terminated PVC. Step 19 xconnect peer-ip-address vcid pseudowire-class pw-class-name Example: Router(config-if)# xconnect 3.3.3.3 1 pseudowire-class hw_aps Specifies the IP address of the peer PE router and the 32-bit virtual circuit identifier shared between the PEs at each end of the control channel. The peer router ID (IP address) and virtual circuit ID must be a unique combination on the router. pw-class-name —The pseudowire class configuration from which the data encapsulation type is taken. Step 20 backup peer peer-id vc-id pseudowire-class pw-class-name Example: Router(config-if-srv)# backup peer 4.3.3.3 90 pseudowire-class hw_aps Specifies a redundant peer for a pseudowire virtual circuit. Step 21 end Example: Router(config-if-srv)# end Exits the configuration session. Command Purpose7-96 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Figure 7-9 Sample Configuration for MR-APS Integration with Hot Standby Pseudowire This example shows how to configure the MR-APS integration with hot standby pseudowire on the working router P1 shown in Figure 7-9. RouterP1> enable RouterP1# configure terminal RouterP1(config)# pseudowire-class hspw_aps RouterP1(config-pw-class)# encapsulation mpls RouterP1(config-pw-class)# status peer topology dual-homed RouterP1(config-pw-class)# exit RouterP1(config)# redundancy RouterP1(config-red)# interchassis group 1 RouterP1(config-r-ic)# member ip 14.2.0.2 RouterP1(config-r-ic)# backbone interface GigabitEthernet 1/0/0 RouterP1(config-r-ic)# backbone interface GigabitEthernet 1/0/1 RouterP1(config-r-ic)# exit RouterP1(config)# interface ATM 4/0/0 RouterP1(config-if)# atm asynchronous RouterP1(config-if)# aps group 3 RouterP1(config-if)# aps working 1 RouterP1(config-if)# aps hspw-icrm-grp 1 RouterP1(config-if)# pvc 1/100 l2transport RouterP1(config-if)# xconnect 3.3.3.3 1 encapsulation mpls pw-class hspw_aps RouterP1(config-if)# backup peer 4.4.4.4 2 pw-class hspw_aps RouterP1(config-if)# exit RouterP1(config)# end This example shows how to configure the MR-APS integration with hot standby pseudowire on the protect router PE1 shown in Figure 7-9. RouterPE1> enable RouterPE1# configure terminal RouterPE1(config)# pseudowire-class hspw_aps RouterPE1(config-pw-class)# encapsulation mpls RouterPE1(config-pw-class)# status peer topology dual-homed RouterPE1(config-pw-class)# exit RouterPE1(config)# redundancy RouterPE1(config-red)# interchassis group 1 300153 ADM ADM CE1 CE2 P1 P2 PE1 PE2 Gig1/0/1 Gig2/0/4 Gig3/2/0 Gig3/0/1 Gig1/0/0 Gig2/0/3 Gig3/2/0 Gig3/0/2 ATM4/0/0 ATM2/1/0 ATM3/1/1 ATM3/1/0 Gig1/2/0 Gig2/0/2 Gig2/2/0 Gig3/0/07-97 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits RouterPE1(config-r-ic)# member ip 14.2.0.1 RouterPE1(config-r-ic)# backbone interface GigabitEthernet 2/2/1 RouterPE1(config-r-ic)# backbone interface GigabitEthernet 3/2/0 RouterPE1(config-r-ic)# exit RouterPE1(config)# interface ATM 3/1/1 RouterPE1(config-if)# atm asynchronous RouterPE1(config-if)# aps group 3 RouterPE1(config-if)# aps protect 1 14.2.0.2 RouterPE1(config-if)# aps hspw-icrm-grp 1 RouterPE1(config-if)# pvc 1/100 l2transport RouterPE1(config-if)# xconnect 3.3.3.3 3 encapsulation mpls pw-class hspw_aps RouterPE1(config-if)# backup peer 4.4.4.4 4 pw-class hspw_aps RouterPE1(config-if)# exit RouterPE1(config)# end This example shows how to configure the MR-APS integration with hot standby pseudowire on the working router P2 shown in Figure 7-9. RouterP2> enable RouterP2# configure terminal RouterP2(config)# pseudowire-class hspw_aps RouterP2(config-pw-class)# encapsulation mpls RouterP2(config-pw-class)# status peer topology dual-homed RouterP2(config-pw-class)# exit RouterP2(config)# redundancy RouterP2(config-red)# interchassis group 1 RouterP2(config-r-ic)# member ip 14.6.0.2 RouterP2(config-r-ic)# backbone interface GigabitEthernet 2/0/4 RouterP2(config-r-ic)# backbone interface GigabitEthernet 2/0/3 RouterP2(config-r-ic)# exit RouterP2(config)# interface ATM 2/1/0 RouterP2(config-if)# atm asynchronous RouterP2(config-if)# aps group 4 RouterP2(config-if)# aps working 1 RouterP2(config-if)# aps hspw-icrm-grp 1 RouterP2(config-if)# pvc 1/100 l2transport RouterP2(config-if)# xconnect 1.1.1.1 1 encapsulation mpls pw-class hspw_aps RouterP2(config-if)# backup peer 2.2.2.2 3 pw-class hspw_aps RouterP2(config-if)# exit RouterP2(config)# end This example shows how to configure the MR-APS integration with hot standby pseudowire on the protect router PE2 shown in Figure 7-9. RouterPE2> enable RouterPE2# configure terminal RouterPE2(config)# pseudowire-class hspw_aps RouterPE2(config-pw-class)# encapsulation mpls RouterPE2(config-pw-class)# status peer topology dual-homed RouterPE2(config-pw-class)# exit RouterPE2(config)# redundancy RouterPE2(config-red)# interchassis group 1 RouterPE2(config-r-ic)# member ip 14.6.0.1 RouterPE2(config-r-ic)# backbone interface GigabitEthernet 3/0/1 RouterPE2(config-r-ic)# backbone interface GigabitEthernet 3/0/2 RouterPE2(config-r-ic)# exit RouterPE2(config)# interface ATM 3/1/0 RouterPE2(config-if)# atm asynchronous RouterPE2(config-if)# aps group 4 RouterPE2(config-if)# aps protect 1 14.6.0.2 RouterPE2(config-if)# aps hspw-icrm-grp 17-98 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits RouterPE2(config-if)# pvc 1/100 l2transport RouterPE2(config-if)# xconnect 1.1.1.1 2 encapsulation mpls pw-class hspw_aps RouterPE2(config-if)# backup peer 2.2.2.2 4 pw-class hspw_aps RouterPE2(config-if)# exit RouterPE2(config)# end Verification Use these commands to verify the MR-APS integration with hot standby pseudowire configuration. Table 7-2 Verification This example shows the output of show mpls l2transport vc command when routers P1 and P2 are in active APS status and PE1 and PE2 are in APS inactive status. P1# show mpls l2 vc Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------- AT4/0/0 ATM AAL5 20/100 3.3.3.3 1 UP AT4/0/0 ATM AAL5 20/100 4.4.4.4 2 STANDBY P2# show mpls l2 vc Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------- AT2/1/0 ATM AAL5 20/100 1.1.1.1 1 UP AT2/1/0 ATM AAL5 20/100 2.2.2.2 3 STANDBY PE1# show mpls l2 vc Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------- AT3/1/1 ATM AAL5 20/100 3.3.3.3 3 STANDBY AT3/1/1 ATM AAL5 20/100 4.4.4.4 4 STANDBY PE2# show mpls l2 vc Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------- AT3/1/0 ATM AAL5 20/100 1.1.1.1 2 STANDBY AT3/1/0 ATM AAL5 20/100 2.2.2.2 4 STANDBY Command Purpose show mpls l2transport vc Displays information about AToM VCs that have been enabled to route Layer 2 packets on a router. show hspw-aps-icrm group group-id Displays information about a specified hot standby pseudowire APS group. show hspw-aps-icrm all Displays information about all hot standby pseudowire APS and ICRM groups. show redundancy interchassis Displays information about interchassis redundancy group configuration. show xconnect all Displays information about all xconnect attachment circuits and pseudowires.7-99 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits This example shows the output of show hspw-aps-icrm group group-id command when routers P1 and P2 are in active status and PE1 and PE2 are in APS inactive status. P1# show hspw-aps-icrm group 1 ICRM group id 1, Flags : My core isolated No,Peer core isolated No, State Connect APS Group id 1 hw_if_index 35 APS valid:Yes Total aps grp attached to ICRM group 1 is 1 PE1# show hspw-aps-icrm group 1 ICRM group id 1, Flags : My core isolated No,Peer core isolated No, State Connect APS Group id 1 hw_if_index 41 APS valid:Yes Total aps grp attached to ICRM group 1 is 1 P2# show hspw-aps-icrm group 2 ICRM group id 2, Flags : My core isolated No,Peer core isolated No, State Connect APS Group id 2 hw_if_index 22 APS valid:Yes Total aps grp attached to ICRM group 2 is 1 PE2# show hspw-aps-icrm group 2 ICRM group id 2, Flags : My core isolated No,Peer core isolated No, State Connect APS Group id 2 hw_if_index 15 APS valid:Yes Total aps grp attached to ICRM group 2 is 1 This example shows the output of show hspw-aps-icrm all command when routers P1 and P2 are in active status and PE1 and PE2 are in APS inactive status. P1# show hspw-aps-icrm all ICRM group id 1, Flags : My core isolated No,Peer core isolated No, State Connect APS Group id 1 hw_if_index 35 APS valid:Yes Total aps grp attached to ICRM group 1 is 1 ICRM group count attached to MR-APS HSPW feature is 1 PE1# show hspw-aps-icrm all ICRM group id 1, Flags : My core isolated No,Peer core isolated No, State Connect APS Group id 1 hw_if_index 41 APS valid:Yes Total aps grp attached to ICRM group 1 is 1 ICRM group count attached to MR-APS HSPW feature is 1 P2# show hspw-aps-icrm all ICRM group id 2, Flags : My core isolated No,Peer core isolated No, State Connect APS Group id 2 hw_if_index 22 APS valid:Yes Total aps grp attached to ICRM group 2 is 1 ICRM group count attached to MR-APS HSPW feature is 1 PE2# show hspw-aps-icrm all ICRM group id 2, Flags : My core isolated No,Peer core isolated No, State Connect APS Group id 2 hw_if_index 15 APS valid:Yes Total aps grp attached to ICRM group 2 is 1 ICRM group count attached to MR-APS HSPW feature is 1 This example shows the output of the show redundancy interchassis command when routers P1 and P2 are in active status and PE1 and PE2 are in APS inactive status. P1# show redundancy interchassis Redundancy Group 1 (0x1) Applications connected: MR-APS with HSPW Monitor mode: Route-watch member ip: 14.2.0.2 “PE1", CONNECTED Route-watch for 14.2.0.2 is UP MR-APS with HSPW state: CONNECTED backbone int GigabitEthernet1/0/0: UP (IP)7-100 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits backbone int GigabitEthernet1/0/1: UP (IP) ICRM fast-failure detection neighbor table IP Address Status Type Next-hop IP Interface ========== ====== ==== =========== ========= 14.2.0.2 UP RW PE1# show redundancy interchassis Redundancy Group 1 (0x1) Applications connected: MR-APS with HSPW Monitor mode: Route-watch member ip: 14.2.0.1 “P1", CONNECTED Route-watch for 14.2.0.1 is UP MR-APS with HSPW state: CONNECTED backbone int GigabitEthernet2/2/1: UP (IP) backbone int GigabitEthernet3/2/0: UP (IP) ICRM fast-failure detection neighbor table IP Address Status Type Next-hop IP Interface ========== ====== ==== =========== ========= 14.2.0.1 UP RW This example shows the outputs of the show xconnect all command when routers P1 and P2 are in active status and PE1 and PE2 are in APS inactive status. P1# show xconnect all Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State UP=Up DN=Down AD=Admin Down IA=Inactive SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware XC ST Segment 1 S1 Segment 2 S2 ------+---------------------------------+--+---------------------------------+-- UP pri ac AT4/0/0:20/100(ATM AAL5) UP mpls 3.3.3.3:1 UP IA sec ac AT4/0/0:20/100(ATM AAL5) UP mpls 4.4.4.4:2 SB PE1# show xconnect all Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State UP=Up DN=Down AD=Admin Down IA=Inactive SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware XC ST Segment 1 S1 Segment 2 S2 ------+---------------------------------+--+---------------------------------+-- SB pri ac AT3/1/1:20/100(ATM AAL5) UP mpls 3.3.3.3:3 SB IA sec ac AT3/1/1:20/100(ATM AAL5) UP mpls 4.4.4.4:4 SB P2# show xconnect all Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State UP=Up DN=Down AD=Admin Down IA=Inactive SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware XC ST Segment 1 S1 Segment 2 S2 ------+---------------------------------+--+---------------------------------+-- UP pri ac AT2/1/0:20/100(ATM AAL5) UP mpls 1.1.1.1:1 UP IA sec ac AT2/1/0:20/100(ATM AAL5) UP mpls 2.2.2.2:3 SB PE2# show xconnect all Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State UP=Up DN=Down AD=Admin Down IA=Inactive SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware XC ST Segment 1 S1 Segment 2 S2 ------+---------------------------------+--+---------------------------------+-- SB pri ac AT3/1/0:20/100(ATM AAL5) UP mpls 1.1.1.1:2 SB IA sec ac AT3/1/0:20/100(ATM AAL5) UP mpls 2.2.2.2:4 SB7-101 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Troubleshooting Tips Table 7-3 Troubleshooting Tips N:1 PVC Mapping to Pseudowires with Non-Unique VPI Asynchronous Transfer Mode (ATM) over Multi Protocol Label Switching (MPLS) pseudowire is used to carry ATM cells over an MPLS network. You can configure ATM over MPLS in N-to-1 cell mode or 1-to-1 cell mode. N-to-1 cell mode maps one or more ATM Virtual Channel Connections (VCCs) or Permanent Virtual Circuits (PVCs) to a single pseudowire and 1-to-1 cell mode maps a single ATM VCC or PVC to a single pseudowire. Currently, Cisco 7600 supports N-to-one mode with N=1 only. Effective with Cisco IOS release 15.2(1)S, N-to-1 cell mode where N greater than 1 is also supported for ATM pseudowires. Restrictions for N:1 PVC Mapping to Pseudowires with Non-Unique VPI Following restrictions apply to the N:1 PVC mapping to pseudowires with non unique Virtual Path Identifier (VPI) feature. • Supported only on SIP 400 line cards with 1 GB memory, SPAs SPA-3XOC3-ATM-V2, SPA-1xOC12-ATM-V2 and all versions of RSP720 and SUP720. • Ingress and egress queuing features like shaping, bandwidth and priority not supported. • The following ingress QoS features are supported on the ATM multipoint subinterface: – Classification based on the ATM Cell Loss Priority (CLP) bit – Marking for the MPLS Experimental (EXP) bit – Frame based policing • The following egress QoS features are supported on the ATM multipoint subinterface: – Marking for the ATM CLP bit – Classification based on the MPLS EXP bit • Operations, Administration, and Maintenance (OAM) is not supported for PVCs belonging to N:1 pseudowire group. • Up to 16000 pseudowires are supported per chassis and 4000 pseudowires per SIP 400. • Supports up to 32000 PVCs per router, 8000 PVCs per SIP400, and 4000 PVCs per SPA. • In the ingress direction, on the Provider Edge (PE) router, cell packs are packed per PVC and not per sub interface. Cells belonging to a single PVC are packed in a single frame. • A service policy can be applied at the sub interface level for N:1 PVC mapping to pseudowire configuration. Command Purpose debug hspw-aps errors Displays information about hot standby pseudowire APS group errors. debug hspw-aps events Displays information about events related to hot standby pseudowire APS group configuration.7-102 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits • ATM classes of service including Constant Bit Rate (CBR), Variable Bit Rate-real time (VBR-rt), and Variable Bit Rate-non-real time (VBR-nrt), that are currently supported are also supported on PVCs for N:1 PVC mapping to pseudowire configuration. Configuring N:1 PVC Mapping to Pseudowires with Non-Unique VPI Perform these steps to configure N:1 PVC mapping to pseudowires with non-unique VPI. SUMMARY STEPS 1. enable 2. configure terminal 3. interface atm slot/subslot/port 4. atm mcpt-timers timer-1 timer-2 timer-3 5. exit 6. interface atm slot/subslot/port.subinterface multipoint 7. no ip address 8. cell-packing cells mcpt-timer timer 9. xconnect ip_address vc_id encapsulation mpls 10. pvc pvc-id l2transport 11. exit 12. end 7-103 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Detailed Steps Command Purpose Step 1 enable Example: Router> enable Enables the privileged EXEC mode and enter your password if prompted. Step 2 configure terminal Example: Router# configure terminal Enters the global configuration mode. Step 3 interface atm slot/subslot/port Example: Router(config)# interface atm 3/1/0 Enters interface configuration mode for the indicated port on the specified ATM SPA. slot/subslot/port—Specifies the location of the interface. Step 4 atm mcpt-timers timer1 timer2 timer3 Example: Router(config-if)# atm mcpt-timers 100 1000 1000 Sets the Martini Cell Packing Timer (MCPT) values in microseconds. MCPT timer sets the time that the router waits for the raw cells to be packed into a single packet. The range for timer1 and timer2 is 10 to 4095. The range for timer 3 is 20 to 4095. Step 5 exit Example: Router(config-if)# exit Exits the interface configuration mode. Step 6 interface atm slot/subslot/port.subslot multipoint Example: Router(config)# interface atm 9/1/1.1 multipoint Creates the specified point-to-multipoint subinterface on the given port on the specified ATM SPA, and enters the subinterface configuration mode. Step 7 cell-packing cells mcpt-timer timer-number Example: Router(config-subif)# cell-packing 20 mcpt-timer 2 Enables ATM over MPLS to pack multiple ATM cells into each MPLS packet within the MCPT timing. Step 8 xconnect peer-ipaddress vc-id encapsulation mpls Example: Router(config-subif)# xconnect 2.2.2.2 100 encapsulation mpls Enables the attachment circuit. • peer-ipaddress - Specify the IP address of the peer router. • vc-id- Specifies the virtual circuit identifier. The range of the VC ID is from 1 to 4294967295. 7-104 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Examples This example shows how to configure the N:1 ATM PVC mapping to pseudowires with a non unique VPI on the Cisco 7600 router. Also, a service policy p-map is applied in the ingress direction. Router> enable Router# configure terminal Router(config)# class-map match all c-map Router(config-cmap)# match atm clp Router(config-cmap)# exit Router(config)# policy-map p-map Router(config-pmap)# class c-map Router(config-pmap-c)# set mpls experimental imposition 5 Router(config-pmap-c)# exit Router(config-pmap)# exit Router(config)# interface atm 9/1/1 Router(config-if)# atm mcpt-timers 20 30 40 Router(config-if)# exit Router(config)# interface atm 9/1/1.1 multipoint Router(config-subif)# no ip address Router(config-subif)# xconnect 2.2.2.2 100 encapsulation mpls Router(config-subif)# service-policy input p-map Router(config-subif)# pvc 10/100 l2transport Router(config-subif)# pvc 11/122 l2transport Router(config-subif)# pvc 19/231 l2transport Router(config-subif)# exit Router(config)# end This example shows how to configure the N:1 ATM PVC mapping to pseudowires with non unique VPI on a Cisco 7600 router with a service policy p-map applied in the egress direction. Router> enable Router# configure terminal Router(config)# class-map match all c-map Router(config-cmap)# mpls experimental topmost 5 Step 9 pvc vpi/vci l2transport Example: Router(config-subif)# pvc 10/100 l2transport Assigns a VPI and VCI and enters ATM PVC l2transport configuration mode. • vpi— Specifies the ATM network virtual path identifier (VPI) of the VC to multiplex on the permanent virtual path. The accepted range is from 0 to 255. • vci— VCI specifies the virtual circuit identifier. The l2transport keyword indicates that the PVC is a switched PVC instead of a terminated PVC. Step 10 exit Example: Router(config-subif)# exit Exits the interface configuration mode. Step 11 end Example: Router(config-subif)# end Exits the configuration session. Command Purpose7-105 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Router(config-cmap)# exit Router(config)# policy-map p-map Router(config-pmap)# class c-map Router(config-pmap-c)# set atm clp Router(config-pmap-c)# exit Router(config-pmap)# exit Router(config)# interface atm 9/1/1 Router(config-if)# atm mcpt-timers 20 30 40 Router(config-if)# exit Router(config)# interface atm 9/1/1.1 multipoint Router(config-subif)# no ip address Router(config-subif)# xconnect 3.3.3.3 100 encapsulation mpls Router(config-subif)# service-policy output p-map Router(config-subif)# pvc 10/100 l2transport Router(config-subif)# pvc 11/122 l2transport Router(config-subif)# pvc 19/231 l2transport Router(config-subif)# exit Router(config)# end Verification Use these commands to verify the N:1 ATM PVC mapping to pseudowires with non unique VPI configuration. The show mpls l2 transport vc-id command displays information about Any Transport over MPLS (AToM) Virtual Circuits (VCs) that are enabled to route layer 2 packets on a router. This example shows the output of the show mpls transport vc-id command for a specified AToM virtual circuit. Router# show mpls l2transport 100 Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- -------- AT9/1/1.1 ATM CELL ATM9/1/1.1 2.2.2.2 100 UP The show atm cell-packing command displays information about cell packing related information for the layer 2 attachment circuits (ACs) configured on the router. Router# show atm cell-packing average average circuit local nbr of cells peer nbr of cells MCPT type MNCP rcvd in one pkt MNCP sent in one pkt (us) ------------- ----- --------------- ------- -------------- ---- ATM1/0/1.1 vc 1/100 30 0 1 0 30 ATM1/0/1.1 vc 2/100 30 0 1 0 30 Shutting Down and Restarting an Interface on a SPA Shutting down an interface puts it into the administratively down mode and takes it offline, stopping all traffic that is passing through the interface. Shutting down an interface, though, does not change the interface configuration. 7-106 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits As a general rule, you do not need to shut down an interface if you are removing it and replacing it with the same exact model of SPA in an online insertion and removal (OIR) operation. However, we recommend shutting down an interface whenever you are performing one of the following tasks: • When you do not need to use the interface in the network. • Preparing for future testing or troubleshooting. • Changing the interface configuration in a way that would affect the traffic flow, such as changing the encapsulation. • Changing the interface cables. • Removing a SPA that you do not expect to replace. • Replacing the SIP with another type of SIP (such as replacing a Cisco 7600 SIP-200 with a Cisco 7600 SIP-400). • Replacing an interface card with a different model of card. Shutting down the interface in these situations prevents anomalies from occurring when you reinstall the new card or cables. It also reduces the number of error messages and system messages that might otherwise appear. Tip If you are planning on physically removing the SPA from the SIP, also shut down the SPA, using the procedure given in the “Shutting Down an ATM Shared Port Adapter” section on page 7-107. Note If you plan to replace an existing ATM port adapter with an ATM SPA in the Cisco 7600 series router and want to use the same configuration, save the slot’s configuration before physically replacing the hardware. This is because all slot configuration is lost when you replace one card type with another card type, even if the two cards are functionally equivalent. You can then re-enter the previous configuration after you have inserted the ATM SPA. To shut down an interface, perform the following procedure beginning in global configuration mode: Tip When you shut down an interface, the show interface command indicates that the interface is administratively down until the SPA is physically removed from the chassis or until the SPA is re-enabled. The following shows a typical example of shutting down an ATM SPA interface: Router> enable Router# configure terminal Router(config)# interface atm 4/0/0 Router(config-if)# shutdown Command or Action Purpose Step 1 Router(config)# interface atm slot/subslot/port Enters interface configuration mode for the indicated port on the specified ATM SPA. Step 2 Router(config-if)# shutdown Shuts down the interface. Note Repeat Step 1 and Step 2 for each interface to be shut down. Step 3 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. 7-107 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Creating and Configuring Switched Virtual Circuits Router(config-if)# end Router# show interface atm 4/0/0 ATM4/0/0 is administratively down, line protocol is down Hardware is SPA-4XOC3-ATM, address is 000d.2959.d5ca (bia 000d.2959.d5ca) Internet address is 10.10.10.16/24 MTU 4470 bytes, sub MTU 4470, BW 599040 Kbit, DLY 80 usec, reliability 255/255, txload 42/255, rxload 1/255 Encapsulation ATM, loopback not set Encapsulation(s): AAL5 4095 maximum active VCs, 1 current VCCs VC idle disconnect time: 300 seconds 0 carrier transitions Last input 01:01:16, output 01:01:16, output hang never Last clearing of "show interface" counters 01:10:21 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/0 (size/max) 30 second input rate 0 bits/sec, 0 packets/sec 30 second output rate 702176000 bits/sec, 1415679 packets/sec 1000 packets input, 112000 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 2948203354 packets output, 182788653886 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out Shutting Down an ATM Shared Port Adapter Shutting down an ATM SPA shuts down all ATM interfaces on the SPA, and puts the SPA and its interfaces into the administratively down state. This takes all interfaces offline, stopping all traffic that is passing through the SPA. Shutting down an ATM SPA, though, does not change the configuration of the SPA and its interfaces. As a general rule, you do not need to shut down an ATM SPA if you are removing it and replacing it with the same exact model of SPA in an online insertion and removal (OIR) operation. However, you should shut down the ATM SPA whenever you are performing one of the following tasks: • Removing an interface that you do not expect to replace. • Replacing the SIP with another type of SIP (such as replacing a Cisco 7600 SIP-200 with a Cisco 7600 SIP-400). • Replacing the ATM SPA with a different model of SPA. To shut down the ATM SPA, use the following procedure beginning in global configuration mode:7-108 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Verifying the Interface Configuration The following shows a typical example of shutting down ATM SPAs. In this example, the SPA in subslot 0 is put into reset mode, while the SPA in subslot 1 is powered down. Router> enable Router# hw-module subslot 4/0 shutdown powered Router# hw-module subslot 4/1 shutdown unpowered Tip The ATM SPA remains shut down, even after a new SPA is installed or after a reset of the Cisco 7600 series router, until you re-enable the SPA using the no hw-module subslot shutdown command. Verifying the Interface Configuration See the following sections to obtain configuration and operational information about the ATM SPA and its interfaces: • Verifying Per-Port Interface Status, page 7-109 • Monitoring Per-Port Interface Statistics, page 7-110 For additional information on using these and other commands to obtain information about the configuration and operation of the ATM SPAs and interfaces, see Chapter 8, “Troubleshooting the ATM Shared Port Adapter.” Command or Action Purpose Step 1 Router(config)# hw-module subslot slot/subslot shutdown [powered | unpowered] Shuts down the ATM SPA. • powered—(Optional) Shuts down the ATM SPA and leaves it in the reset state. This is the default and is typically done when you want to shut down the SPA but leave it physically installed and cabled in the Cisco 7600 series router. • unpowered—(Optional) Shuts down the ATM SPA and leaves it in the unpowered state. Typically, this is done before removing the ATM SPA from the chassis. Note Repeat this step for each ATM SPA to be shut down. Note The hw-module subslot shutdown command can be given in both the global configuration and privileged EXEC modes. If this command is given in global configuration mode, it can be saved to the startup configuration so that it is automatically executed after each reload of the router. If given in privileged EXEC mode, the command takes effect immediately, but it is not saved to the configuration. In either case, the hw-module subslot shutdown command remains in effect during the current session of the Cisco 7600 series router until it is reversed using the no form of the command. Step 2 Router(config)# end Exits configuration mode and returns to privileged EXEC mode. 7-109 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Verifying the Interface Configuration Verifying Per-Port Interface Status Use the show interfaces atm command to display detailed status information about an interface port in an ATM SPA that is installed in the Cisco 7600 series router. The following example provides sample output for interface port 1 (the second port) on the ATM SPA that is located in subslot 0 (the left-most subslot), of the SIP that is installed in slot 3 of a Cisco 7600 series router: Router# show interface atm 3/0/1 ATM3/0/1 is up, line protocol is up Hardware is SPA-4XOC3-ATM, address is 000a.f330.7dc0 (bia 000a.f330.7dca) Internet address is 10.13.21.31/24 MTU 4470 bytes, sub MTU 4470, BW 599040 Kbit, DLY 80 usec, reliability 255/255, txload 140/255, rxload 129/255 Encapsulation ATM, loopback not set Encapsulation(s): AAL5 4095 maximum active VCs, 1 current VCCs VC idle disconnect time: 300 seconds 0 carrier transitions Last input never, output never, output hang never Last clearing of "show interface" counters 00:45:35 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 304387000 bits/sec, 396342 packets/sec 5 minute output rate 329747000 bits/sec, 396334 packets/sec 1239456438 packets input, 118987818048 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 1239456287 packets output, 128903453848 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out The following example displays detailed status information about an interface port in 3-Port Clear Channel OC-3 ATM SPA that is installed on the Cisco 7600 series router: Router# show interfaces atm 0/2/2 ATM0/2/2 is up, line protocol is up Hardware is SPA-3XOC3-ATM-V2, address is 001a.3044.7522 (bia 001a.3044.7522) MTU 4470 bytes, sub MTU 4470, BW 149760 Kbit, DLY 80 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ATM, loopback not set Keepalive not supported Encapsulation(s): AAL5 AAL0 4095 maximum active VCs, 1 current VCCs VC Auto Creation Disabled. VC idle disconnect time: 300 seconds 4 carrier transitions Last input never, output 00:04:11, output hang never Last clearing of "show interface" counters never Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 5 packets input, 540 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 5 packets output, 540 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 output buffer failures, 0 output buffers swapped out7-110 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Verifying the Interface Configuration Monitoring Per-Port Interface Statistics Use the show controllers atm command to display detailed status and statistical information on a per-port basis for an ATM SPA. The following example provides sample output for interface port 0 (the first port) on the ATM SPA that is located in subslot 0 (the left-most subslot) of the SIP that is installed in slot 4 of a Cisco 7600 series router: Router# show controllers atm 4/0/0 Interface ATM4/0/0 is up Framing mode: SONET OC3 STS-3c SONET Subblock: SECTION LOF = 0 LOS = 0 BIP(B1) = 603 LINE AIS = 0 RDI = 2 FEBE = 2332 BIP(B2) = 1018 PATH AIS = 0 RDI = 1 FEBE = 28 BIP(B3) = 228 LOP = 0 NEWPTR = 0 PSE = 1 NSE = 2 Active Defects: None Active Alarms: None Alarm reporting enabled for: SF SLOS SLOF B1-TCA B2-TCA PLOP B3-TCA ATM framing errors: HCS (correctable): 0 HCS (uncorrectable): 0 APS COAPS = 0 PSBF = 0 State: PSBF_state = False Rx(K1/K2): 00/00 Tx(K1/K2): 00/00 Rx Synchronization Status S1 = 00 S1S0 = 00, C2 = 00 PATH TRACE BUFFER : STABLE Remote hostname : fecao7609_2 Remote interface: ATM9/0/0 Remote IP addr : 0.0.0.0 Remote Rx(K1/K2): 00/00 Tx(K1/K2): 00/00 BER thresholds: SF = 10e-3 SD = 10e-6 TCA thresholds: B1 = 10e-6 B2 = 10e-6 B3 = 10e-6 Clock source: line The following examples displays detailed status and statistical information on a per-port basis for 3-Port Clear Channel OC-3 ATM SPAs. Router# show controllers atm 0/2/2 Interface ATM0/2/2 (SPA-3XOC3-ATM-V2[0/2]) is up Framing mode: SONET OC3 STS-3c SONET Subblock: SECTION LOF = 0 LOS = 1 BIP(B1) = 0 LINE AIS = 0 RDI = 1 FEBE = 55 BIP(B2) = 0 PATH AIS = 0 RDI = 1 FEBE = 21 BIP(B3) = 0 LOP = 1 NEWPTR = 0 PSE = 0 NSE = 07-111 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples Active Defects: None Active Alarms: None Alarm reporting enabled for: SF SLOS SLOF B1-TCA B2-TCA PLOP B3-TCA ATM framing errors: HCS (correctable): 0 HCS (uncorrectable): 0 APS not configured COAPS = 0 PSBF = 0 State: PSBF_state = False Rx(K1/K2): 00/00 Tx(K1/K2): 00/00 Rx Synchronization Status S1 = 00 S1S0 = 00, C2 = 13 PATH TRACE BUFFER : STABLE BER thresholds: SF = 10e-3 SD = 10e-6 TCA thresholds: B1 = 10e-6 B2 = 10e-6 B3 = 10e-6 Clock source: line Configuration Examples This section includes the following configuration examples for the ATM SPAs: • Basic Interface Configuration Example, page 7-112 • MTU Configuration Example, page 7-112 • Permanent Virtual Circuit Configuration Example, page 7-112 • PVC on a Point-to-Point Subinterface Configuration Example, page 7-113 • PVC on a Multipoint Subinterface Configuration Example, page 7-114 • RFC 1483 Bridging for PVCs Configuration Example, page 7-115 • RFC 1483 Bridging for PVCs with IEEE 802.1Q Tunneling Configuration Example, page 7-116 • ATM RFC 1483 Half-Bridging Configuration Example, page 7-116 • ATM Routed Bridge Encapsulation Configuration Example, page 7-116 • Precedence-Based Aggregate WRED Configuration Example, page 7-116 • DSCP-Based Aggregate WRED Configuration Example, page 7-118 • Switched Virtual Circuits Configuration Example, page 7-118 • Traffic Parameters for PVCs or SVCs Configuration Example, page 7-119 • Virtual Circuit Classes Configuration Example, page 7-120 • Virtual Circuit Bundles Configuration Example, page 7-120 • Link Fragmentation and Interleaving with Virtual Templates Configuration Example, page 7-121 • Distributed Compressed Real-Time Protocol Configuration Example, page 7-122 • Automatic Protection Switching Configuration Example, page 7-123 • SONET and SDH Framing Configuration Example, page 7-123 • Layer 2 Protocol Tunneling Topology with a Cisco 7600, Catalyst 5500, and Catalyst 6500 Configuration Example, page 7-124 • Layer 2 Protocol Tunneling Topology with a Cisco 7600 and Cisco 7200 Configuration Example, page 7-125 • Cisco 7600 Basic Back-to-Back Scenario Configuration Example, page 7-1267-112 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples • Catalyst 5500 Switch and Cisco 7600 Series Routers in Back-to-Back Topology Configuration Example, page 7-126 • Cisco 7600 and Cisco 7200 in Back-to-Back Topology Configuration Example, page 7-127 Basic Interface Configuration Example ! interface ATM5/1/0 mtu 9216 no ip address atm clock INTERNAL ! interface ATM5/1/0.1 point-to-point mtu 9216 ip address 70.1.1.1 255.255.0.0 pvc 52/100 ! ! interface ATM5/1/1 mtu 9216 no ip address atm clock INTERNAL ! interface ATM5/1/1.1 point-to-point mtu 9216 ip address 70.2.1.1 255.255.0.0 pvc 53/100 ! ! interface ATM5/1/2 no ip address atm clock INTERNAL ! interface ATM5/1/3 no ip address atm clock INTERNAL ! MTU Configuration Example ! interface ATM4/1/0 ip address 192.168.100.13 255.255.255.0 mtu 9216 ip mtu 9188 mpls mtu 9288 atm clock INTERNAL ! Permanent Virtual Circuit Configuration Example ! interface ATM5/0/0 no ip address pvc 1/100 protocol ip 1.1.1.37-113 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples protocol ip 20.1.1.1 broadcast ! ! interface ATM5/0/1 no ip address ! interface ATM5/1/1 ip address 1.1.1.1 255.255.255.0 load-interval 30 pvc 1/100 protocol ip 1.1.1.3 protocol ip 20.1.1.1 cbr 140000 broadcast oam-pvc manage ! pvc 1/101 protocol ip 9.9.9.2 encapsulation aal5ciscoppp Virtual-Template1 ! PVC on a Point-to-Point Subinterface Configuration Example The following example shows a simple configuration of several PVCs that are configured on point-to-point subinterfaces: interface ATM3/1/0 no ip address ! interface ATM3/1/0.1 point-to-point pvc 4/44 l2transport mpls l2transport route 22.22.22.22 400 ! ! interface ATM3/1/0.2 point-to-point pvc 5/55 l2transport encapsulation aal0 mpls l2transport route 22.22.22.22 500 ! ! interface ATM3/1/0.3 point-to-point ip address 99.0.0.2 255.0.0.0 pvc 9/99 ! ! interface ATM5/0/0 description flexwan_6_0_0 no ip address logging event link-status atm clock INTERNAL ! interface ATM5/0/0.1 point-to-point ip address 50.1.1.1 255.255.255.0 pvc 50/11 ! ! interface ATM5/0/0.2 point-to-point ip address 50.2.2.1 255.255.255.0 pvc 50/12 !7-114 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples ! interface ATM5/0/0.3 point-to-point ip address 50.3.3.1 255.255.255.0 pvc 50/13 ! ! interface ATM5/0/0.4 point-to-point ip address 50.4.4.1 255.255.255.0 pvc 50/14 ! ! interface ATM5/0/0.5 point-to-point ip address 50.5.5.1 255.255.255.0 pvc 50/15 ! ! interface ATM5/1/0.1 point-to-point ip address 2.0.0.2 255.255.255.0 ! interface ATM5/1/0.2 point-to-point ip address 2.0.1.2 255.255.255.0 ! interface ATM5/1/0.3 point-to-point ip address 39.0.0.1 255.0.0.0 ! PVC on a Multipoint Subinterface Configuration Example ! interface ATM4/1/0 no ip address atm clock INTERNAL ! interface ATM4/1/0.2 multipoint ip address 1.1.1.1 255.0.0.0 pvc 0/121 protocol ip 1.1.1.23 broadcast vbr-nrt 2358 2358 encapsulation aal5snap ! pvc 0/122 protocol ip 1.1.1.24 broadcast vbr-nrt 2358 2358 encapsulation aal5snap ! pvc 0/123 protocol ip 1.1.1.25 broadcast vbr-nrt 2358 2358 encapsulation aal5snap ! pvc 0/124 protocol ip 1.1.1.26 broadcast vbr-nrt 2358 2358 encapsulation aal5snap ! pvc 0/125 protocol ip 1.1.1.27 broadcast ! ... interface ATM5/1/1 ip address 1.1.1.1 255.255.255.07-115 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples load-interval 30 pvc 1/100 protocol ip 1.1.1.3 protocol ip 20.1.1.1 cbr 140000 broadcast oam-pvc manage ! pvc 1/101 protocol ip 9.9.9.2 encapsulation aal5ciscoppp Virtual-Template1 ! ! interface ATM5/1/1.200 multipoint ip address 7.7.7.1 255.255.255.0 bundle bundle pvc-bundle high 2/100 class-vc high pvc-bundle med 2/101 class-vc med pvc-bundle low 2/102 class-vc low ! ! interface ATM5/1/2 no ip address ! interface ATM5/1/3 no ip address ! RFC 1483 Bridging for PVCs Configuration Example The following shows a simple example of an ATM interface and PVC that have been configured for RFC 1483 bridging with a Fast Ethernet interface: vlan 30 ! interface FastEthernet7/1 no ip address duplex full speed 100 switchport switchport access vlan 30 switchport mode access ! interface ATM9/1/0 no ip address mtu 4096 bandwidth 2000 pvc 0/39 bridge-domain 30 encapsulation aal5snap ! interface ATM9/1/0.2 point-to-point ip address 10.10.12.2 255.255.255.0 ip access-group rbe-list in atm route-bridged ip no mls ip pvc 10/200 ! 7-116 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples router rip network 10.0.0.0 network 30.0.0.0 ! RFC 1483 Bridging for PVCs with IEEE 802.1Q Tunneling Configuration Example The following shows a simple example of an ATM interface that has been configured for RFC 1483 bridging using IEEE 802.1Q tunneling: interface ATM6/2/0 no ip address shutdown atm clock INTERNAL atm mtu-reject-call no atm ilmi-keepalive pvc 2/101 bridge-domain 99 dot1q-tunnel ! mls qos trust dscp spanning-tree bpdufilter enable ATM RFC 1483 Half-Bridging Configuration Example The following simple example shows an ATM subinterface configured for half-bridging: ! interface ATM5/1/0.100 multipoint ip address 192.168.100.14 255.255.0.0 mtu 1500 pvc 10/200 encapsulation aal5snap bridge ! ATM Routed Bridge Encapsulation Configuration Example The following simple example shows an ATM subinterface configured for RBE, also known as RFC 1483 half-bridging: ! interface ATM5/1/0.100 point-to-point ip address 10.10.10.121 255.255.0.0 mtu 1500 atm route-bridged ip pvc 100/100 encapsulation aal5snap ! Precedence-Based Aggregate WRED Configuration Example The following example shows a precedence-based aggregate WRED configuration: ! Create a policy map named prec-aggr-wred. !7-117 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples Router(config)# policy-map prec-aggr-wred ! ! Configure a default class for the policy map. ! Router(config-pmap)# class class-default ! ! Enable precedence-based (the default setting) aggregate WRED for the default class. ! Router(config-pmap-c)# random-detect aggregate ! ! Define an aggregate subclass for packets with IP Precedence values of 0-3 and assign the ! WRED profile parameter values for this subclass. ! Router(config-pmap-c)# random-detect precedence values 0 1 2 3 minimum thresh 10 maximum-thresh 100 mark-prob 10 ! ! Define an aggregate subclass for packets with IP Precedence values of 4 and 5 and assign ! the WRED profile parameter values for this subclass. ! Router(config-pmap-c)# random-detect precedence values 4 5 minimum-thresh 40 maximum-thresh 400 mark-prob 10 ! ! Define an aggregate subclass for packets with an IP Precedence value of 6 and assign the ! WRED profile parameter values for this subclass. ! Router(config-pmap-c)# random-detect precedence values 6 minimum-thresh 60 maximum-thresh 600 mark-prob 10 ! ! Define an aggregate subclass for packets with an IP Precedence value of 7 and assign the ! WRED profile parameter values for this subclass. ! Router(config-pmap-c)# random-detect precedence values 7 minimum-thresh 70 maximum-thresh 700 mark-prob 10 ! ! Attach the policy map prec-aggr-wred to the interface. Note all ATM SPA service policies ! are applied at the atm vc level. ! Router(config-pmap-c)# interface ATM4/1/0.10 point-to-point Router(config-subif)# ip address 10.0.0.2 255.255.255.0 Router(config-subif)# pvc 10/110 Router(config-subif)# service policy output prec-aggr-wred7-118 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples DSCP-Based Aggregate WRED Configuration Example The following example shows a DSCP-based aggregate WRED configuration: ! Create a policy map named dscp-aggr-wred. ! Router(config)# policy-map dscp-aggr-wred ! ! Configure a default class for the policy map. ! Router(config-pmap)# class class-default ! ! Enable dscp-based aggregate WRED for the default class and assign the ! default WRED profile parameter values to be used for all subclasses that have not been ! specifically configured.. ! Router(config-pmap-c)# random-detect dscp-based aggregate minimum-thresh 1 maximum-thresh 10 mark-prob 10 ! ! Define an aggregate subclass for packets with DSCP values of 0-7 and assign the WRED ! profile parameter values for this subclass ! Router(config-pmap-c)# random-detect dscp values 0 1 2 3 4 5 6 7 minimum-thresh 10 maximum-thresh 20 mark-prob 10 ! ! Define an aggregate subclass for packets with DSCP values of 8-11 and assign the WRED ! profile parameter values for this subclass. ! Router(config-pmap-c)random-detect dscp values 8 9 10 11 minimum-thresh 10 maximum-thresh 40 mark-prob 10 ! ! Attach the policy map dscp-aggr-wred to the interface. Note all ATM SPA service policies ! are applied at the atm vc level. ! Router(config)# interface ATM4/1/0.11 point-to-point Router(config-subif)# ip address 10.0.0.2 255.255.255.0 Router(config-subif) pvc 11/101 Router(config-subif)# service policy output dscp-aggr-wred Switched Virtual Circuits Configuration Example interface ATM4/0/2 ip address 10.23.33.2 255.255.255.0 atm clock INTERNAL atm pvp 244 atm esi-address 111111111111.11 pvc 0/5 qsaal ! pvc 0/16 ilmi ! ! interface ATM4/0/2.1 multipoint ip address 10.20.0.2 255.0.0.0 atm esi-address 333333333333.33 ! svc nsap 47.009181000000001011B8C601.222222222222.22 protocol ip 10.20.0.1 ubr 1000 ! !7-119 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples interface ATM4/0/2.2 multipoint ip address 10.13.3.1 255.255.255.0 atm esi-address 510211111111.11 ! svc nsap 47.009181000000001011B8C601.410233333333.33 protocol ip 10.13.3.3 ! interface ATM4/0/2.3 multipoint svc SVC1 nsap 47.009181000000BBBBBB000001.222222222222.22 protocol ip 33.33.33.1 broadcast encapsulation aal5snap Traffic Parameters for PVCs or SVCs Configuration Example ! interface ATM5/1/1.100 point-to-point ip address 10.1.1.1 255.255.255.0 load-interval 30 pvc 1/100 protocol ip 1.1.1.3 protocol ip 20.1.1.1 cbr 100 broadcast ! ! interface ATM5/1/1.110 point-to-point ip address 10.2.2.2 255.255.255.0 pvc 1/110 ubr 1000 ! ! interface ATM5/1/1.120 point-to-point ip address 10.3.3.3 255.255.255.0 no ip directed-broadcast pvc 1/120 vbr-nrt 50000 50000 encapsulation aal5snap ! ! interface ATM5/1/1.130 point-to-point ip address 10.4.4.4 255.255.255.0 pvc 1/130 vbr-rt 445 445 encapsulation aal5snap ! ! interface ATM5/1/1.140 point-to-point ip address 10.5.5.5 255.255.255.0 atm arp-server nsap 47.00918100000000107B2B4B01.111155550000.00 atm esi-address 111155550001.00 ! svc SVC00 nsap 47.00918100000000107B2B4B01.222255550001.00 protocol ip 10.5.5.6 broadcast oam-svc manage encapsulation aal5mux ip ubr 1000 !7-120 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples Virtual Circuit Classes Configuration Example vc-class atm high-class ilmi manage oam-pvc manage 5 oam retry 10 7 3 ! vc-class atm low-class ! interface ATM4/1/0 no ip address class-int high-class atm ilmi-pvc-discovery subinterface pvc 0/5 qsaal ! pvc 0/16 ilmi ! ! interface ATM4/1/0.1 multipoint pvc 1/110 protocol 10.10.10.14 ! interface ATM4/1/1 ip address 10.10.11.2 255.255.255.0 class-int low-class atm uni-version 4.0 atm pvp 1 atm esi-address AAAAAAAAAAAA.AA interface ATM4/1/1.2 multipoint pvc 2/100 protocol ip 10.10.11.1 ! Virtual Circuit Bundles Configuration Example ! interface ATM5/1/1 ip address 1.1.1.1 255.255.255.0 load-interval 30 pvc 1/100 protocol ip 1.1.1.3 protocol ip 20.1.1.1 cbr 140000 broadcast oam-pvc manage ! pvc 1/101 protocol ip 9.9.9.2 encapsulation aal5ciscoppp Virtual-Template1 ! ! interface ATM5/1/1.200 multipoint ip address 7.7.7.1 255.255.255.0 bundle atm-bundle pvc-bundle high 2/100 class-vc high pvc-bundle med 2/101 class-vc med pvc-bundle low 2/102 class-vc low !7-121 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples Link Fragmentation and Interleaving with Virtual Templates Configuration Example The following simple example shows a sample LFI configuration using a virtual template interface: ! vlan internal allocation policy ascending vlan access-log ratelimit 2000 ! class-map match-all prec4 match ip precedence 4 class-map match-all prec5 match ip precedence 5 class-map match-all prec6 match ip precedence 6 class-map match-all prec7 match ip precedence 7 class-map match-all prec0 match ip precedence 0 class-map match-all prec1 match ip precedence 1 class-map match-all prec2 match ip precedence 2 class-map match-all dscp2 match dscp 2 class-map match-all prec3 match ip precedence 3 class-map match-all prec8 match precedence 0 2 4 6 class-map match-any all class-map match-all any match any ! ! policy-map pmap1 class prec1 bandwidth percent 10 class prec2 police 100000000 3125000 3125000 conform-action transmit exceed-action drop priority ! ! ! interface ATM2/1/0 no ip address atm clock INTERNAL ! interface ATM2/1/0.1 point-to-point pvc 0/100 encapsulation aal5snap protocol ppp Virtual-Template1 ! ! interface ATM2/1/0.1000 point-to-point pvc 1/1000 encapsulation aal5ciscoppp Virtual-Template2 ! ! interface ATM2/1/0.1001 point-to-point pvc 1/1001 protocol ip 10.10.11.12 encapsulation aal5ciscoppp Virtual-Template3 7-122 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples ! interface ATM2/1/1 no ip address shutdown ! interface ATM2/1/2 no ip address shutdown ! interface ATM2/1/3 no ip address ! interface Virtual-Template1 bandwidth 100 ip address 10.34.0.2 255.255.255.0 no keepalive ppp chap hostname north-21 ppp multilink ppp multilink fragment-delay 5 ppp multilink interleave multilink max-fragments 16 service-policy output pmap1 ! interface Virtual-Template2 ip address 10.36.0.2 255.255.255.0 no keepalive ppp chap hostname north-22 ppp multilink ppp multilink fragment-delay 5 ppp multilink interleave service-policy output pmap1 ! interface Virtual-Template3 ppp chap hostname north-23 ppp multilink ppp multilink fragment-delay 5 ppp multilink interleave service-policy output pmap1 ! interface Vlan1 no ip address shutdown ! Distributed Compressed Real-Time Protocol Configuration Example ! interface ATM5/1/0.200 point-to-point pvc 10/300 encapsulation aal5mux ppp Virtual-Template200 ! ... ! interface Virtual-Template200 bandwidth 2000 ip address 10.1.200.2 255.255.255.0 ip rcp header-compression passive ip tcp header-compression passive ppp chap hostname template200 ppp multilink ppp multilink fragment-delay 8 ppp multilink interleave7-123 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples ip rtp header-compression passive ip tcp compression-connections 64 ! Automatic Protection Switching Configuration Example ! interface ATM4/0/0 description working ip address 10.5.5.1 255.255.255.0 no shutdown aps group 1 aps working 1 pvc 1/100 protocol ip 10.5.5.2 ! interface ATM4/0/1 description protect ip address 10.5.5.1 255.255.255.0 aps group 1 aps revert 2 aps protect 0 10.7.7.7 pvc 1/100 protocol ip 10.5.5.2 ! interface Loopback1 ip address 10.7.7.7 255.255.255.0 SONET and SDH Framing Configuration Example ! interface ATM2/0/0 description Example of SONET framing-“atm framing sonet” is default and doesn’t appear ip address 10.16.2.2 255.255.255.0 logging event link-status atm sonet report all atm sonet threshold sd-ber 3 atm sonet threshold sf-ber 6 atm sonet overhead c2 0x00 ! interface ATM2/0/1 description Example of SDH framing-”atm framing sdh” appears in configuration ip address 10.16.3.3 255.255.255.0 logging event link-status atm framing sdh atm sonet report all atm sonet overhead c2 0x00 !7-124 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples Layer 2 Protocol Tunneling Topology with a Cisco 7600, Catalyst 5500, and Catalyst 6500 Configuration Example Figure 7-10 shows one sample network topology in which data packets are sent between a Catalyst 6500 series switch and a Cisco 7600 series router. Figure 7-10 Catalyst 5500 Switch, 6500 Switch, and Cisco 7600 Series Router in an L2PT Topology As shown in Figure 7-10, Layer 2 Protocol Tunneling (L2PT) is configured at the Cisco 7600 ATM 6/1/0 interface and also at the Catalyst 6500 switch Gig 2/1 interface. PVST packets are sent from the Catalyst 5500 switch to the Cisco 7600 series router. The Cisco 7600 series router transports those BPDUs by way of L2PT and sends them to the Catalyst 6500 series switch. Those BPDUs are decapsulated and restored before sending the packets out to the customer network. The Cisco 7600 series router and the Catalyst 6500 series switch are provider edge (PE) devices and the rest are customer edge (CE) devices. ATM Configuration Example Any traffic coming in must be sent via a dot1q-tunnel. If the PE VLAN is 200 and the CE VLAN is 100, you have the following configuration: Router(config)# interface atm 6/1/0 Router(config-if)# pvc 6/200 Router(config-if-atm-vc)# bridge-domain 200 dot1q-tunnel ignore-bpdu-pid pvst-tlv 100 Ethernet Configuration Example An example of the Ethernet configuration follows: Router(config)# interface gig2/1 Router(config-if)# switchport Router(config-if)# switchport access vlan 200 Router(config-if)# switchport mode dot1q-tunnel Router(config-if)# l2protocol-tunnel CE VLAN 100 is what is used at the customer sites. The Catalyst 5500 switch sends the IEEE BPDU in data format. The Cisco 7600 series router receives the BPDU and first converts it to PVST+ format. Then the destination address (DA) MAC of the frame is changed to the protocol tunnel MAC address and sent out into the Layer 2 cloud. At the other end, when the frame leaves the Gig 2/1 interface, the DA MAC is changed back to the PVST+ DA MAC and the PVST+ BPDU is sent to the customer premises equipment (CPE) device. Catalyst 5500 switch Customer LAN Customer LAN Catalyst 6500 switch Cisco 7600 router L2PT ATM 6/1/0 interface (Layer 2 protocol tunneling enabled) Gig2/1 interface (L2PT enabled) Service provider ATM network Service provider ATM network 1462247-125 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples Layer 2 Protocol Tunneling Topology with a Cisco 7600 and Cisco 7200 Configuration Example Figure 7-11 shows how a Cisco 7600 series router needs to communicate with a Cisco 7200 series router. Figure 7-11 Cisco 7600 and Cisco 7200 Routers in an L2PT Topology PE Configuration On the PE routers, the configuration appears as follows: !On PE 1 interface ATM2/0/0 no ip address atm mtu-reject-call pvc 7/101 bridge-domain 200 dot1q-tunnel ! end !On PE 2 interface ATM3/0/0 no ip address pvc 2/101 bridge-domain 200 dot1q-tunnel pvst-tlv 100 ! end Cisco 7600 CE Configuration The configuration for the Cisco 7600 CE 1 router would be as follows: !On CE 1 interface ATM1/1/0 no ip address atm mtu-reject-call pvc 7/101 bridge-domain 101 ! end Cisco 7200 CE Configuration The configuration for the Cisco 7200 CE 2 router would be as follows: !On CE 2 interface ATM4/0 no ip address no atm ilmi-keepalive pvc 2/101 ! bridge-group 101 end CE 1 ATM 1/1/0 Cisco 7600 ATM network ATM network ATM network 146225 PE 1 Cisco 7600 PE 2 Cisco 7600 CE 2 Cisco 7200 ATM 2/0/0 ATM 3/0/0 ATM 4/07-126 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples Data Transmission Sequence from the Cisco 7200 CE to the Cisco 7600 CE Given the configurations and topologies shown in these examples, the data transmission sequence from the Cisco 7200 CE to the Cisco 7600 CE is as follows: 1. The Cisco 7200 CE 2 router sends BPDUs without the MAC header in RFC 1483 format. 2. The Cisco 7600 PE router receives the packets and then translates the IEEE BPDU into PVST+ BPDU format. 3. VLAN 100 is inserted into the PVST+ BPDU. 4. The frame’s destination address (DA) MAC value is rewritten to use the protocol tunnel DA MAC and is sent out into the ATM network cloud. 5. The L2PT BPDU must go out of the PE 1 ATM 2/0/0 interface. The DA MAC is restored to the PVST+ DA MAC. 6. Finally, the PVST+ BPDU is sent to the Cisco 7600 CE 1 router. Cisco 7600 Basic Back-to-Back Scenario Configuration Example Figure 7-12 shows an example of a basic back-to-back scenario. Figure 7-12 Cisco 7600 Routers in Basic Back-to-Back Topology The PDUs exchanged are PVST+ BPDUs. The PVST+ BPDUs are sent using a PID of 0x00-07. The configuration is set as follows: Router(config)# interface atm 2/1/0 Router(config-if)# pvc 2/202 Router(config-if-atm-vc)# bridge-domain 101 Catalyst 5500 Switch and Cisco 7600 Series Routers in Back-to-Back Topology Configuration Example Figure 7-13 shows another sample topology with a simple back-to-back setup, which serves to test basic Catalyst 5500 and Cisco 7600 interoperability. Figure 7-13 Catalyst 5500 Switch and Cisco 7600 Routers in Back-to-Back Topology ATM 2/1/0 Cisco 7600 Service provider ATM network Cisco 7600 146226 ATM 4/1/0 Customer network Customer network Catalyst 5500 switch Cisco 7600 router ATM network ATM 2/1/0 1462277-127 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration Examples When connected to a device that sends and receives IEEE BPDUs in data format (PID 0x00-07) such as the Catalyst 5000’s ATM module, the configuration must be something like this: Router(config)# interface atm 2/1/0 Router(config-if)# pvc 2/202 Router(config-if-atm-vc)# bridge-domain 101 ignore-bpdu-pid pvst-tlv 101 The Cisco 7600 series router translates its outgoing PVST+ BPDUs into IEEE BPDUs. Because the ignore-bpdu-pid keyword is also enabled, the BPDU uses a PID of 0x00-07, which is exactly what the Catalyst 5500 switch requires. Cisco 7600 and Cisco 7200 in Back-to-Back Topology Configuration Example When connecting to a device that is completely RFC 1483-compliant, in which the IEEE BPDUs are sent using a PID of 0x00-0E, you must use the new ignore-bpdu-pid keyword in the bridge-domain command. Figure 7-14 shows an example of such a configuration. Figure 7-14 Cisco 7600 Router Series and Cisco 7200 Router Series in Back-to-Back Topology For example, when a Cisco 7600 series router is connected to a Cisco 7200 series router, the configuration would be as follows: Router(config)# interface atm 2/1/0 Router(config-if)# pvc 2/202 Router(config-if-atm-vc)# bridge-domain 101 pvst-tlv 101 Note In this configuration scenario, the CE’s VLAN number must be identical to the bridge-domain VLAN number. An example of the Ethernet configuration is shown in the “Ethernet Configuration Example” section on page 7-124. Cisco 7600 router ATM network 146228 Cisco 7200 router ATM 4/0 ATM 2/1/07-128 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 7 Configuring the ATM SPAs Configuration ExamplesC H A P T E R 8-1 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 8 Troubleshooting the ATM SPAs This chapter describes how to monitor and troubleshoot the asynchronous transfer mode (ATM) shared port adapters (SPAs) in a Cisco 7600 series router. This document covers the 1-Port OC-48c/STM-16 ATM SPA, 1-Port OC-12c/STM-4 ATM SPA, and the 2-Port and 4-Port OC-3c/STM-1 ATM SPA. • General Troubleshooting Information, page 8-1 • Monitoring the ATM SPA, page 8-2 • Troubleshooting the ATM Shared Port Adapter, page 8-15 • Preparing for Online Insertion and Removal of a SPA, page 8-27 For more information about troubleshooting your hardware installation, refer to the Cisco 7600 Series Router SIP, SSC, and SPA Hardware Installation Guide. General Troubleshooting Information This section provides the following general information for troubleshooting ATM SPA cards and their SPA interface processor (SIP) carrier cards: • Interpreting Console Error and System Messages, page 8-1 • Using debug Commands, page 8-2 • Using show Commands, page 8-2 Interpreting Console Error and System Messages To view the explanations and recommended actions for Cisco 7600 series router error messages, including messages related to Cisco 7600 series router SIPs and SPAs, refer to the Cisco 7600 Series Cisco IOS System Message Guide, Cisco IOS Release 12.2 SX. System error messages are organized in the documentation according to the particular system facility that produces the messages. The SIP and SPA error messages use the following facility names: • Cisco 7600 SIP-200 • Cisco 7600 SIP-400 • 1-Port OC-12c/STM-4 ATM SPA • 1-Port OC-48c/STM-16 ATM SPA • 2-Port and 4-Port OC-3c/STM-1 ATM SPA8-2 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Monitoring the ATM SPA Using debug Commands Along with the other debug commands supported on the Cisco 7600 series router, you can obtain specific debug information for SPAs on the Cisco 7600 series router using the debug hw-module subslot privileged exec command. Caution Because debugging output is assigned high priority in the CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead can affect system use. The debug hw-module subslot command is intended for use by Cisco Systems technical support personnel. For more information about the debug hw-module subslot command and about other debug commands that can be used on a Cisco 7600 series router, refer to the Cisco 7600 Series Cisco IOS Command Reference, 12.2 SXand to the Cisco IOS Debug Command Reference, Release 12.2 SR. Using show Commands There are several show commands that you can use to monitor and troubleshoot the SIP and SPA cards on a Cisco 7600 series router. For more information on these commands, see the “Monitoring the ATM SPA” section on page 8-2. Also see the following chapters in this guide for additional information about these show commands: • Chapter 7, “Configuring the ATM SPAs” Monitoring the ATM SPA This section contains the following subsections that describe commands that can be used to display information about the ATM SPA hardware, interfaces, PVCs, SVCs, and APS configuration: • Displaying Hardware Information, page 8-2 • Displaying Information About ATM Interfaces, page 8-5 • Displaying Information About PVCs and SVCs, page 8-7 • Displaying Information About Automatic Protection Switching, page 8-13 Note The outputs in this document are samples only. The actual output that appears on your router depends on the model of router, type of cards that are installed, and their configuration. Displaying Hardware Information Use the following commands to display different types of hardware and system information: • show version—Displaying System Information, page 8-3 • show hw-module subslot fpd and show idprom module—Displaying Information About the ATM SPA Hardware Revision Levels, page 8-38-3 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Monitoring the ATM SPA • show controllers atm—Displaying Information About the ATM Controller Hardware, page 8-4 • show diag—Displaying Information About ATM Ports, page 8-5 Displaying System Information To display information about the router, its system hardware and software, and the number of each type of interface that is installed, use the show version command. The following sample output shows a Cisco 7606 router that has two four-port OC-3c ATM SPA cards installed in a Cisco 7600 SIP-400 carrier card, along with a number of Gigabit Ethernet interfaces: Router# show version Cisco Internetwork Operating System Software IOS (tm) c6sup2_rp Software (c6sup2_rp-JSV-M), Released Version 12.2(XX) [BLD-sipedon2 187] Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 16-Mar-04 05:13 by jrstu Image text-base: 0x40020F94, data-base: 0x424B0000 ROM: System Bootstrap, Version 12.2(14r)S1, RELEASE SOFTWARE (fc1) sup2_7606 uptime is 44 minutes Time since sup2_7606 switched to active is 43 minutes System returned to ROM by power-on (SP by power-on) System image file is "disk0:c6k222-jsv-mz_022204" cisco CISCO7606 (R7000) processor (revision 1.0) with 458752K/65536K bytes of memory. Processor board ID TBM06402027 SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2, 2048KB L3 Cache Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 FlexWAN controller (2 ATM). 2 SIP-400 controllers (7 ATM). 1 Dual-port OC12c ATM controller (2 ATM). 1 Virtual Ethernet/IEEE 802.3 interface(s) 8 Gigabit Ethernet/IEEE 802.3 interface(s) 11 ATM network interface(s) 1917K bytes of non-volatile configuration memory. 8192K bytes of packet buffer memory. 65536K bytes of Flash internal SIMM (Sector size 512K). Configuration register is 0x2102 Displaying Information About the ATM SPA Hardware Revision Levels To display information about the hardware revision of the SPA, as well as the version of the field-programmable device (FPD) that is onboard the SPA, use the show hw-module subslot fpd command. Cisco technical engineers might need this information to debug or troubleshoot problems with a SPA installation. Router# show hw-module subslot fpd ==== ====================== ====== ============================================= H/W Field Programmable Current Min. Required Slot Card Type Ver. Device: "ID-Name" Version Version ==== ====================== ====== ================== =========== ============== 5/0 4xOC-3 ATM SPA 1.0 1-I/O FPGA 0.70 0.70 ---- ---------------------- ------ ------------------ ----------- --------------8-4 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Monitoring the ATM SPA 5/1 4xOC-3 ATM SPA 1.0 1-I/O FPGA 0.70 0.70 ==== ====================== ====== ============================================= In addition, the show idprom module command also displays the serial number and board revisions for the ATM SPA. Router# show idprom module 5/2 IDPROM for SPA module #5/2 (FRU is '4-port OC3/STM1 ATM Shared Port Adapter') Product Identifier (PID) : SPA-4XOC3-ATM Version Identifier (VID) : V01 PCB Serial Number : PRTA0304088 Top Assy. Part Number : 68-2177-01 73/68 Board Revision : 04 73/68 Board Revision : 10 Hardware Revision : 0.17 CLEI Code : UNASSIGNED Displaying Information About the ATM Controller Hardware To display information about the controller hardware for an ATM interface, including framing and alarm configuration, as well as port, packet, and channel performance statistics, use the show controllers atm command, which has the following syntax: show controllers atm slot/sublot/port The following example shows typical output for an ATM SPA interface: Router# show controllers atm 5/1/0 Interface ATM5/1/0 is up Framing mode: SONET OC3 STS-3c SONET Subblock: SECTION LOF = 0 LOS = 0 BIP(B1) = 603 LINE AIS = 0 RDI = 2 FEBE = 2332 BIP(B2) = 1018 PATH AIS = 0 RDI = 1 FEBE = 28 BIP(B3) = 228 LOP = 0 NEWPTR = 0 PSE = 1 NSE = 2 Active Defects: None Active Alarms: None Alarm reporting enabled for: SF SLOS SLOF B1-TCA B2-TCA PLOP B3-TCA ATM framing errors: HCS (correctable): 0 HCS (uncorrectable): 0 APS COAPS = 0 PSBF = 0 State: PSBF_state = False Rx(K1/K2): 00/00 Tx(K1/K2): 00/00 Rx Synchronization Status S1 = 00 S1S0 = 00, C2 = 00 PATH TRACE BUFFER : STABLE BER thresholds: SF = 10e-3 SD = 10e-68-5 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Monitoring the ATM SPA TCA thresholds: B1 = 10e-6 B2 = 10e-6 B3 = 10e-6 Clock source: line Note The ATM SPA does not support automatic updates of the remote host information, if any, in the Path Trace Buffer section of the show controllers atm command. Displaying Information About ATM Ports To display information about the type of port adapters that are installed in the router, use the show diag command, which has the following syntax: show diag slot where slot is the slot number that contains the port adapter. The following example shows typical output for a 4-port OC-3c ATM SPA that is in slot 4 in the router: Router# show diag 4 Slot 4: Logical_index 8 4-adapter SIP-200 controller Board is analyzed ipc ready HW rev 0.300, board revision 08 Serial Number: Part number: 73-8272-03 Slot database information: Flags: 0x2004 Insertion time: 0x1961C (01:16:54 ago) Controller Memory Size: 384 MBytes CPU Memory 128 MBytes Packet Memory 512 MBytes Total on Board SDRAM IOS (tm) cwlc Software (sip1-DW-M), Released Version 12.2(17)SX [BLD-sipedon2 107] SPA Information: subslot 4/0: 4xOC-3 ATM SPA (0x3E1), status: ok subslot 4/1: 4xOC-3 ATM SPA (0x3E1), status: ok Displaying Information About ATM Interfaces Use the following commands to display information about ATM interfaces: • show interface atm—Displaying Layer 2 Information About an ATM Interface, page 8-5 • show atm interface atm—Displaying ATM-Specific Information About an ATM Interface, page 8-6 • show ip interface—Displaying Layer 3 IP Information About an ATM Interface, page 8-7 Displaying Layer 2 Information About an ATM Interface To display Layer 2 information about an ATM interface or subinterface, along with the current status and packet counters, use the show interface atm command. The following example shows sample output for an ATM interface on an ATM SPA: Router# show interface atm 5/1/08-6 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Monitoring the ATM SPA ATM5/1/0 is up, line protocol is up Hardware is ATM SPA, address is 000a.f330.2a80 (bia 000a.f330.2a80) MTU 4470 bytes, sub MTU 4470, BW 149760 Kbit, DLY 80 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ATM, loopback not set Encapsulation(s): AAL5 4095 maximum active VCs, 21 current VCCs VC idle disconnect time: 300 seconds Signalling vc = 1, vpi = 0, vci = 5 UNI Version = 4.0, Link Side = user 6 carrier transitions Last input 01:47:05, output 00:00:01, output hang never Last clearing of "show interface" counters 01:03:35 Input queue: 0/75/33439/80 (size/max/drops/flushes); Total output drops: 963306 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 9502306 packets input, 6654982829 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 45011 input errors, 131042 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 27827569 packets output, 21072150159 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 output buffer failures, 0 output buffers swapped out The following example shows sample output for a subinterface on this same ATM interface: Router# show interface atm 5/1/0.200 ATM5/1/0.200 is up, line protocol is up Hardware is ATM SPA, address is 000a.f330.2a80 (bia 000a.f330.2a80) Internet address is 10.10.10.16/24 MTU 4470 bytes, BW 149760 Kbit, DLY 80 usec, reliability 255/255, txload 1/255, rxload 1/255 NSAP address: 47.00918100000000107B2B4B01.222255550001.00 Encapsulation ATM 12630 packets input, 10521156 bytes 4994 packets output, 4176213 bytes 3753 OAM cells input, 4366 OAM cells output AAL5 CRC errors : 0 AAL5 SAR Timeouts : 0 AAL5 Oversized SDUs : 0 Note The value for “packets output” in the default version of the show interfaces atm command includes the bytes used for ATM AAL5 padding, trailer and ATM cell header. To see the packet count without the padding, header, and trailer information, use the show interfaces atm statistics or show atm pvc commands. Displaying ATM-Specific Information About an ATM Interface To display Layer 2 ATM-specific information about an ATM interface or subinterface, use the show atm interface atm command: Router# show atm interface atm 3/1/0 Interface ATM3/1/0: AAL enabled: AAL5 , Maximum VCs: 1023, Current VCCs: 1 Maximum Transmit Channels: 648-7 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Monitoring the ATM SPA Max. Datagram Size: 4528 PLIM Type: SONET - 155000Kbps, TX clocking: LINE Cell-payload scrambling: ON sts-stream scrambling: ON 0 input, 0 output, 0 IN fast, 0 OUT fast, 0 out drop Avail bw = 155000 Config. is ACTIVE Displaying Layer 3 IP Information About an ATM Interface To display Layer 3 (IP-layer) information about an ATM interface, use the show ip interface command. To display a brief summary about all interfaces, use the following command: show ip interface brief To display information about a specific ATM interface, use the following command: show ip interface atm slot/subslot/port The following output shows a typical example for the brief version of the show ip interface command: Router# show ip interface brief Interface IP-Address OK? Method Status Protocol Vlan1 unassigned YES NVRAM down down GigabitEthernet1/1 172.18.76.57 YES NVRAM up up GigabitEthernet1/2 unassigned YES NVRAM administratively down down ATM3/0/0 unassigned YES manual up up ATM3/0/0.1 unassigned YES manual up up ATM3/0/0.2 10.1.1.1 YES manual up up ATM3/1/0 unassigned YES manual up up ATM3/1/0.1 unassigned YES manual up up ATM3/1/0.2 unassigned YES unset up up ATM3/1/0.3 11.1.1.1 YES manual up up Displaying Information About PVCs and SVCs Use the following commands to display information about PVCs and SVCs, including mapping, traffic, and VLAN configuration information: • show atm vp—Displaying Information About Virtual Paths, page 8-8 • show atm vc—Displaying Information About Virtual Channels, page 8-8 • show atm pvc—Displaying Information About PVCs, page 8-9 • show atm svc and show atm ilmi-status—Displaying Information About SVCs, page 8-10 • show atm map—Displaying Information About Layer 2/Layer 3 Mappings, page 8-11 • show atm traffic—Displaying Information About ATM Traffic, page 8-12 • show atm vlan—Displaying Information About VLAN Mappings, page 8-12 • show atm class-links—Displaying Information About VC Bundles, page 8-138-8 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Monitoring the ATM SPA Displaying Information About Virtual Paths To display information about the virtual paths (VPs) that are configured on the router’s ATM interfaces, use the show atm vp command: Router# show atm vp Data CES Peak CES Interface VPI VCs VCs Kbps Kbps Status ATM5/0/3 1 1 0 149760 0 ACTIVE ATM5/0/3 1 2 0 299520 299000 ACTIVE ATM5/0/3 2 0 0 1000 0 ACTIVE Router# To display detailed information about a specific virtual path, including its current PVCs and SVCs, specify the VPI with the show atm vp command: Router# show atm vp 30 ATM8/1/0 VPI: 30, ATM8/1/0 VPI: 30, PeakRate: 149760, CesRate: 0, DataVCs: 1, CesVCs: 0, Status: ACTIVE VCD VCI Type InPkts OutPkts AAL/Encap Status 2 3 PVC 0 0 F4 OAM ACTIVE 3 4 PVC 0 0 F4 OAM ACTIVE 4 300 PVC 5 5 AAL5-SNAP ACTIVE 6 11 PVC 12 1 AAL5-SNAP ACTIVE TotalInPkts: 17, TotalOutPkts: 6, TotalInFast: 0, TotalOutFast: 6, TotalBroadcasts: 0 TotalInPktDrops: 0, TotalOutPktDrops: 0 Displaying Information About Virtual Channels To display information about all of the virtual channels that are currently configured on the ATM interfaces, use the show atm vc command without any options: Router# show atm vc VCD / Peak Avg/Min Burst Interface Name VPI VCI Type Encaps SC Kbps Kbps Cells Sts 3/0/0 1 1 100 PVC SNAP UBR 149760 UP 3/0/1 1 2 100 PVC SNAP UBR 149760 UP 3/0/2 1 3 100 PVC SNAP UBR 149760 UP 3/0/2 2 3 300 PVC SNAP UBR 149760 UP 3/0/3 1 4 100 PVC SNAP UBR 149760 UP To display detailed information about a specific virtual connection, specify its VC descriptor (VCD) along with the command: Router# show atm vc 20 ATM1/1/0.200: VCD: 20, VPI: 2, VCI: 200 UBR, PeakRate: 44209 AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0 OAM frequency: 0 second(s) InARP frequency: 5 minutes(s) Transmit priority 4 InPkts: 10, OutPkts: 11, InBytes: 680, OutBytes: 708 InPRoc: 10, OutPRoc: 5, Broadcasts: 0 InFast: 0, OutFast: 0, InAS: 0, OutAS: 6 InPktDrops: 0, OutPktDrops: 0 8-9 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Monitoring the ATM SPA CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0 OAM cells received: 0 OAM cells sent: 0 Status: UP You can also display information about the VCs on a specific ATM interface and its subinterfaces: Router# show atm vc interface atm 2/1/0 ATM2/0.101: VCD: 201, VPI: 20, VCI: 101 UBR, PeakRate: 149760 AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0 OAM frequency: 0 second(s) InARP frequency: 15 minutes(s) Transmit priority 4 InPkts: 3153520, OutPkts: 277787, InBytes: 402748610, OutBytes: 191349235 InPRoc: 0, OutPRoc: 0, Broadcasts: 0 InFast: 211151, OutFast: 0, InAS: 0, OutAS: 0 InPktDrops: 0, OutPktDrops: 17 CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0 OAM cells received: 0 OAM cells sent: 0 Status: UP To display information about the traffic over a particular VC, use the show atm vc command with the following syntax: show atm vc traffic interface atm slot/subslot/port vpi vci Router# show atm vc traffic interface atm 1/0/1 1 101 Interface VPI VCI Type rx-cell-cnts tx-cell-cnts ATM1/0/1 1 101 PVC 9345 7231 Displaying Information About PVCs Use the show atm pvc command to provide information about the PVCs that are currently configured on the router. To display all PVCs that are currently configured on the router’s ATM interfaces and subinterfaces, use the show atm pvc command: Router# show atm pvc VCD / Peak Avg/Min Burst Interface Name VPI VCI Type Encaps SC Kbps Kbps Cells Sts 2/1/0 1 2 32 PVC SNAP UBR 0 UP 2/1/0.1 0 0 33 PVC MUX UBR 599040 UP 2/1/0.2 2 0 34 PVC MUX UBR 599040 INAC 2/1/0.3 3 0 35 PVC MUX UBR 599040 INAC 2/1/0.4 4 0 36 PVC MUX UBR 599040 INAC 2/1/1.1 0 0 33 PVC MUX UBR 599040 UP 2/1/1.2 2 0 34 PVC MUX UBR 599040 INAC 2/1/1.3 3 0 35 PVC MUX UBR 599040 INAC 2/1/1.4 4 0 36 PVC MUX UBR 599040 INAC Tip To display all PVCs on a particular ATM interface or subinterface, use the show atm pvc interface atm command. To display detailed information about a particular PVC, specify its VPI/VCI values: Router# show atm pvc 1/1008-10 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Monitoring the ATM SPA ATM3/0/0: VCD: 1, VPI: 1, VCI: 100 UBR, PeakRate: 149760 AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0 OAM frequency: 0 second(s), OAM retry frequency: 1 second(s) OAM up retry count: 3, OAM down retry count: 5 OAM Loopback status: OAM Disabled OAM VC status: Not Managed ILMI VC status: Not Managed InARP frequency: 15 minutes(s) Transmit priority 6 InPkts: 94964567, OutPkts: 95069747, InBytes: 833119350, OutBytes: 838799016 InPRoc: 1, OutPRoc: 1, Broadcasts: 0 InFast: 0, OutFast: 0, InAS: 94964566, OutAS: 95069746 InPktDrops: 0, OutPktDrops: 0 CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0, LengthViolation: 0, CPIErrors: 0 Out CLP=1 Pkts: 0 OAM cells received: 0 F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0 F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0 OAM cells sent: 0 F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutRDI: 0 F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0 OAM cell drops: 0 Status: UP VC 1/100 doesn't exist on 7 of 8 ATM interface(s) Displaying Information About SVCs Use the show atm vc and show atm ilmi-status commands to provide information about the SVCs that are currently configured on the router. To display all SVCs that are currently configured on the router’s ATM interfaces and subinterfaces, use the show atm svc command: Router# show atm svc VCD / Peak Avg/Min Burst Interface Name VPI VCI Type Encaps SC Kbps Kbps Cells Sts 4/0/0 1 0 5 SVC SAAL UBR 155000 UP 4/0/2 4 0 35 SVC SNAP UBR 155000 UP 4/1/0 16 0 47 SVC SNAP UBR 155000 UP 4/1/0.1 593 0 80 SVC SNAP UBR 599040 UP Tip To display all SVCs on a particular ATM interface or subinterface, use the show atm svc interface atm command. To display detailed information about a particular SVC, specify its VPI/VCI values: Router# show atm svc 0/35 ATM5/1/0.200: VCD: 3384, VPI: 0, VCI: 35, Connection Name: SVC00 UBR, PeakRate: 155000 AAL5-MUX, etype:0x800, Flags: 0x44, VCmode: 0x0 OAM frequency: 10 second(s), OAM retry frequency: 1 second(s) OAM up retry count: 3, OAM down retry count: 5 OAM Loopback status: OAM Received OAM VC status: Verified ILMI VC status: Not Managed VC is managed by OAM. InARP DISABLED Transmit priority 6 InPkts: 0, OutPkts: 4, InBytes: 0, OutBytes: 4008-11 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Monitoring the ATM SPA InPRoc: 0, OutPRoc: 4, Broadcasts: 0 InFast: 0, OutFast: 0, InAS: 0, OutAS: 0 InPktDrops: 0, OutPktDrops: 0 CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0, LengthViolation: 0, CPIErrors: 0 Out CLP=1 Pkts: 0 OAM cells received: 10 F5 InEndloop: 10, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0 F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0 OAM cells sent: 10 F5 OutEndloop: 10, F5 OutSegloop: 0, F5 OutRDI: 0 F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0 OAM cell drops: 0 Status: UP TTL: 4 interface = ATM5/1/0.200, call locally initiated, call reference = 8094273 vcnum = 3384, vpi = 0, vci = 35, state = Active(U10) , point-to-point call Retry count: Current = 0 timer currently inactive, timer value = 00:00:00 Remote Atm Nsap address: 47.00918100000000107B2B4B01.111155550001.00 , VC owner: ATM_OWNER_SMAP To display information about the ILMI status and NSAP addresses being used for the SVCs on an ATM interface, use the show atm ilmi-status command: Router# show atm ilmi-status atm 4/1/0 Interface : ATM4/1/0 Interface Type : Private UNI (User-side) ILMI VCC : (0, 16) ILMI Keepalive : Enabled/Up (5 Sec 4 Retries) ILMI State: UpAndNormal Peer IP Addr: 10.10.13.1 Peer IF Name: ATM 3/0/3 Peer MaxVPIbits: 8 Peer MaxVCIbits: 14 Active Prefix(s) : 47.0091.8100.0000.0010.11b8.c601 End-System Registered Address(s) : 47.0091.8100.0000.0010.11b8.c601.2222.2222.2222.22(Confirmed) 47.0091.8100.0000.0010.11b8.c601.aaaa.aaaa.aaaa.aa(Confirmed) Tip To display information about the SVC signaling PVC and ILMI PVC, use the show atm pvc 0/5 and show atm pvc 0/16 commands. Displaying Information About Layer 2/Layer 3 Mappings To display the mapping between the mappings between virtual circuits and Layer 3 IP addresses, use the show atm map command: Router# show atm map Map list ATM3/1/0.100_ATM_INARP : DYNAMIC ip 10.11.11.2 maps to VC 19, VPI 2, VCI 100, ATM3/1/0.100 ip 10.11.11.1 maps to VC 4, VPI 0, VCI 60, ATM3/1/0.102 ip 10.11.13.4 maps to VC 1, VPI 5, VCI 33, ATM3/1/0 ip 10.10.9.20 maps to bundle vc-group1, 0/32, 0/33, 0/34, ATM3/1/0.1, broadcast Map list ATM3/1/1.200_ATM_INARP : DYNAMIC ip 10.2.3.2 maps to VC 20, VPI 2, VCI 200, ATM1/1/0.200 ip 10.2.3.10 maps to bundle vc-group2, 0/32, 0/33, 0/34, ATM3/1/1.1, broadcast Map list ATM4/0/3.95_pvc1 : PERMANENT ip 10.4.4.4 maps to NSAP CD.CDEF.01.234567.890A.BCDE.F012.3456.7890.1234.12, broadcast, aal5mux, multipoint connection up, VC 68-12 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Monitoring the ATM SPA ip 10.4.4.6 maps to NSAP DE.CDEF.01.234567.890A.BCDE.F012.3456.7890.1234.12, broadcast, aal5mux, connection up, VC 15, multipoint connection up, VC 6 ip 10.4.4.16 maps to VC 1, VPI 13, VCI 95, ATM4/0/3.95, aal5mux Displaying Information About ATM Traffic To display general information about the traffic over the ATM interfaces, use the show atm traffic command: Router# show atm traffic 276875 Input packets 272965 Output packets 2 Broadcast packets 0 Packets received on non-existent VC 6 Packets attempted to send on non-existent VC 272523 OAM cells received F5 InEndloop: 272523, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0 F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0 272963 OAM cells sent F5 OutEndloop: 272963, F5 OutSegloop: 0, F5 OutRDI: 0 0 OAM cell drops To display information about traffic shaping on the ATM interfaces in a particular slot, use the show atm traffic shaping slot command: Router# show atm traffic shaping slot 3 Traffic Shaping CAM State : ACTIVE Shaper Configuration Status : Shapers In Use By Config : 3, Shapers Available for Config : 3 Shaper Status in Hardware : Shaper 0 : In Use - Port : 0/0/0 Class : best-effort Shaper 1 : Not In Use Shaper 2 : Not In Use Shaper 3 : Not In Use Statistics : Total cell discards : 0, clp0 discards : 0, clp1 discards : 0 Free cell buffers : 262143 Total cells queued : 0 Tip You can also use the show atm vc traffic command to display traffic information for a particular VC. Displaying Information About VLAN Mappings To display the mappings of VLAN IDs to VCs, use the show atm vlan command: Router# show atm vlan VCD VLAN-ID 101 1 102 2 103 3 104 4 105 5 106 6 107 7 108 8 109 9 110 10 8-13 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Monitoring the ATM SPA 111 11 112 12 113 13 114 14 115 15 116 16 117 17 118 18 119 19 120 20 121 21 122 22 ... 800 11 801 11 802 11 803 11 804 326 805 326 806 326 807 326 808 327 809 327 810 327 811 327 Tip To display the ports being used by a VLAN, use the show vlan id command. Displaying Information About VC Bundles To display the relationship between a particular VC and its parent VC class, including the parameters that were inherited from the class and those that were set manually, use the show atm class-link command: Router# show atm class-links 0/66 Displaying vc-class inheritance for ATM2/0.3, vc 0/66: broadcast - VC-class configured on main-interface encapsulation aal5mux ip - VC-class configured on subinterface no ilmi manage - Not configured - using default oam-pvc manage 3 - VC-class configured on vc oam retry 3 5 1 - Not configured - using default ubr 10000 - Configured on vc directly Displaying Information About Automatic Protection Switching When you have configured automatic protection switching (APS) on one or more router, you can show the current APS configuration and status with the show aps command, which has the following syntax: show aps [atm interface | controller | group [number] ] You can display information about the overall APS configuration and about the specific APS groups that include interfaces that are present in the router. 8-14 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Monitoring the ATM SPA Displaying the Current APS Status The show aps command, without any options, displays information for all interfaces in the router that are configured as Working or Protect APS interfaces. The following shows sample output for a router with one Working interface and one Protect interface: Router# show aps ATM4/0/1 APS Group 1: protect channel 0 (inactive) bidirectional, revertive (2 min) PGP timers (default): hello time=1; hold time=3 state: authentication = (default) PGP versions (native/negotiated): 2/2 SONET framing; SONET APS signalling by default Received K1K2: 0x00 0x05 No Request (Null) Transmitted K1K2: 0x20 0x05 Reverse Request (protect) Working channel 1 at 10.10.10.41 Enabled Remote APS configuration: (null) ATM4/0/0 APS Group 1: working channel 1 (active) PGP timers (from protect): hello time=3; hold time=6 state: Enabled authentication = (default) PGP versions (native/negotiated): 2/2 SONET framing; SONET APS signalling by default Protect at 10.10.10.41 Remote APS configuration: (null) The following sample output is for the same interfaces, except that the Working interface has gone down and the Protect interface is now active: Router# show aps ATM4/0/1 APS Group 1: protect channel 0 (active) bidirectional, revertive (2 min) PGP timers (default): hello time=1; hold time=3 state: authentication = (default) PGP versions (native/negotiated): 2/2 SONET framing; SONET APS signalling by default Received K1K2: 0x00 0x05 No Request (Null) Transmitted K1K2: 0xC1 0x05 Signal Failure - Low Priority (working) Working channel 1 at 10.10.10.41 Disabled SF Pending local request(s): 0xC (, channel(s) 1) Remote APS configuration: (null) ATM4/0/0 APS Group 1: working channel 1 (Interface down) PGP timers (from protect): hello time=3; hold time=6 state: Disabled authentication = (default) PGP versions (native/negotiated): 2/2 SONET framing; SONET APS signalling by default Protect at 10.10.10.41 Remote APS configuration: (null)8-15 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Troubleshooting the ATM Shared Port Adapter Tip To display the same information for a specific ATM interface, use the show aps atm slot/subslot/port command. Displaying Information About APS Groups To display information about the APS groups that are configured on the router, use the show aps group command. You can display information for all groups or for a single group. For example, the following example shows a typical display for an individual group: Router# show aps group 2 ATM4/0/0 APS Group 2: working channel 1 (active) PGP timers (from protect): hello time=3; hold time=6 SONET framing; SONET APS signalling by default Protect at 10.10.10.7 Remote APS configuration: (null) ATM4/0/1 APS Group 2: protect channel 0 (inactive) bidirectional, revertive (2 min) PGP timers (default): hello time=1; hold time=3 SONET framing; SONET APS signalling by default Received K1K2: 0x00 0x05 No Request (Null) Transmitted K1K2: 0x20 0x05 Reverse Request (protect) Working channel 1 at 10.10.10.7 Enabled Remote APS configuration: (null) Note In the above example, both the Working and Protect interfaces in the APS group are on the same router. If the two interfaces are on different routers, the show aps group command shows information only for the local interface that is a member of the APS group. Troubleshooting the ATM Shared Port Adapter This section describes the following commands and messages that can provide information in troubleshooting the ATM SPA and its interfaces: • Understanding Line Coding Errors, page 8-16 • Using the Ping Command to Verify Network Connectivity, page 8-16 • Using the Ping Command to Verify Network Connectivity, page 8-16 • Using Loopback Commands, page 8-17 • Using ATM Debug Commands, page 8-26 • Using the Cisco IOS Event Tracer to Troubleshoot Problems, page 8-26 Tip For additional information on troubleshooting specific problems related to PVCs and SVCs, see the TAC tech note web page, at the following URL: http://www.cisco.com/en/US/tech/tk39/tk48/tech_tech_notes_list.html8-16 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Troubleshooting the ATM Shared Port Adapter Understanding Line Coding Errors This section provides a brief description of line coding and of the types of errors and alarms that can occur on a line: • Alarm Indication Signal (AIS)—An AIS alarm indicates that an alarm was raised by a device on a line upstream to the ATM interface. Typically, the device creating the alarm is the adjacent network neighbor, but the AIS signal could also be generated by a device in the service provider’s ATM cloud. • Loss of Frame (LOF)—An LOF alarm occurs when the local interface is using a framing format that does not match the framing format being used on the line. LOF errors could also occur when the line or a device on the line is generating bit errors that are corrupting frames. • Rx Cell HCS Error (HCSE)—The interface detected an error in the cell’s header checksum (HCS) field, which indicates that one or more header bits were corrupted. (This field does not indicate whether any errors occurred in the cell’s 48-bit payload.) • Remote Alarm Indication (RAI) and Far-end Receive Failure (FERF)—An RAI/FERF error indicates that a problem exists between the local ATM interface and the far end, and that the error might not be in the local segment between the local interface and adjacent node. Using the Ping Command to Verify Network Connectivity The ping command is a convenient way to test the ability of an interface to send and receive packets over the network. The ping command sends ICMP echo request packets to a specified destination address, which should send an equal number of ICMP echo reply packets in reply. By measuring the numbering of packets that are successfully returned, as well as how long each packet takes to be returned, you can quickly obtain a rough idea of the Layer 3 to Layer 3 connectivity between two interfaces. The IP ping command has the following syntax: ping or ping ip-address [repeat count] [data hex] [size datagram-size] If you enter just ping, the command interactively prompts you for all other parameters. Otherwise, you must specify at least a specific IP address as the destination for the ping. You can also optionally specify the following parameters: • repeat count—Number of ICMP echo request packets to send. The default is five packets. • data hex—The data pattern, in hexadecimal, to be sent in the ICMP echo request packets. • size datagram-size—Specifies the size, in bytes, of the ICMP echo request packets to be sent. The range is 40 to 18024 bytes, with a default of 100 bytes. Examples The following shows a typical example of the ping command: Router# ping 10.10.10.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echoes to 10.10.10.10, timeout is 2 seconds:8-17 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Troubleshooting the ATM Shared Port Adapter !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/15/64 ms Note You must have at least one PVC or SVC defined on an ATM interface before it can respond to an ICMP ping packet. Using Loopback Commands The loopback commands place an interface in loopback mode, which enables you to use the ping command to send packets through the local interface and line, so as to test connectivity. These commands are especially useful when an interface is experiencing a high number of cyclic redundancy check (CRC) errors, so that you can pinpoint where the errors are occurring. Use the following procedures to perform the different loopback tests: • Using loopback diagnostic to Create a Local Loopback, page 8-17 • Using loopback line, page 8-22 Tip For more information about using loopbacks to troubleshoot CRC errors on an interface, see the CRC Troubleshooting Guide for ATM Interfaces tech note, at the following URL: http://www.cisco.com/en/US/tech/tk39/tk48/technologies_tech_note09186a00800c93ef.shtml Using loopback diagnostic to Create a Local Loopback To perform a local loopback test, in which the transmit data is looped back to the receive data at the physical (PHY) layer, use the loopback diagnostic command on an ATM interface. This loopback tests connectivity on the local ATM interface, verifying that the interface’s framing circuitry and segmentation and reassembly (SAR) circuitry is operating correctly. This loopback, however, does not test the interface’s optics circuitry and ports. Tip If an ATM interface is currently connected to another ATM interface and passing traffic, shut down the remote ATM interface before giving the loopback diagnostic command on the local ATM interface. Otherwise, the remote interface continues to send traffic to the local interface, and the remote network could also start reporting interface and network errors. Figure 8-1 shows a router-level diagram of a local loopback. Figure 8-2 shows a block-level diagram of a local loopback, as it is performed within the ATM interface circuitry. Figure 8-1 Performing a Local Loopback—Router Level Router 1 Router 2 TX RX Loopback cells 117335 ATM cloud8-18 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Troubleshooting the ATM Shared Port Adapter Figure 8-2 Performing a Local Loopback—Block Level FPGA ATM SAR SONET/SDH Framer ATM optics TX RX 1173368-19 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Troubleshooting the ATM Shared Port Adapter DETAILED STEPS Command or Action Purpose Step 1 Router# configure terminal Enters global configuration mode. Step 2 Router(config)# interface atm slot/subslot/port Enters interface configuration mode for the indicated port on the specified ATM SPA card. Step 3 Router(config-if)# loopback diagnostic Puts the ATM interface into the local loopback mode, so that data that is transmitted out the interface is internally routed back into the receive data line. Step 4 Router(config-if)# atm clock internal Specifies that the AMT interface should derive its clocking from its local oscillator, which is required, because the loopback command isolates the interface from the network and from the clocking signals that are derived from the network line. Step 5 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. Step 6 Router# show interface atm slot/subslot/port (Optional) Verifies that the interface has been configured for loopback mode. The output should show the words “loopback set” when the interface is operating in loopback mode. Step 7 Router# debug atm packet interface atm slot/subslot/port (Optional) Enables packet debugging on the ATM interface. Note This command generates several lines of debug output for each packet transmitted and received on the interface. Do not use it on a live network, or you could force the processor to 100% utilization. Step 8 Router(config-if)# ping ip-address [repeat count] [data hex] [size datagram-size] Sends an ICMP echo request packet to the specified IP address. • ip-address—Destination IP address for the ICMP echo request packet. Because the interface has been put into loopback mode, the exact IP address does not matter—any valid IP address can be specified. • repeat count—(Optional) Specifies the number of ICMP echo request packets to be sent. The default is 5. • data hex—(Optional) The data pattern, in hexadecimal, to be sent in the ICMP echo request packets. • size datagram-size—(Optional) Specifies the size, in bytes, of the ICMP echo request packets to be sent. The range is 40 to 18024 bytes, with a default of 100 bytes. Note Because the interface is in loopback mode, the ping command will report that it failed. This is to be expected. 8-20 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Troubleshooting the ATM Shared Port Adapter Examples The following sample output shows a local loopback being set with the loopback diagnostic command. The ping command then sends two PING packets, and the resulting output from the show interface command shows that two CRC errors occurred. Router# configure terminal Router(config)# interface atm 4/1/0 Router(config-if)# loopback diagnostic Router(config-if)# atm clock internal Router(config-if)# end Router# show interface atm 4/1/0 ATM4/1/0 is up, line protocol is up Hardware is ATM SPA, address is 000a.f330.2a80 (bia 000a.f330.2a80) MTU 4470 bytes, sub MTU 4470, BW 149760 Kbit, DLY 80 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ATM, loopback set Encapsulation(s): AAL5 4095 maximum active VCs, 21 current VCCs VC idle disconnect time: 300 seconds Signalling vc = 1, vpi = 0, vci = 5 UNI Version = 4.0, Link Side = user 6 carrier transitions Last input 01:47:05, output 00:00:01, output hang never Last clearing of "show interface" counters 01:03:35 Input queue: 0/75/33439/80 (size/max/drops/flushes); Total output drops: 963306 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 9502306 packets input, 6654982829 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 27827569 packets output, 21072150159 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 output buffer failures, 0 output buffers swapped out Step 9 Router# show interface atm slot/subslot/port Displays interface statistics, including whether any CRC or other errors occurred during the ping test. For example: Router# show interface atm 5/0/1 ... Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 5 input errors, 5 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort ... Router# Step 10 Router(config)# interface atm slot/subslot/port Enters interface configuration mode for the indicated port on the specified ATM SPA card. Step 11 Router(config-if)# no loopback diagnostic Removes the local loopback and return the ATM interface to normal operations. Note Also remember to restore the proper clocking on the local ATM interface and to reenable the remote ATM interface. Command or Action Purpose8-21 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Troubleshooting the ATM Shared Port Adapter Router# debug atm packet interface atm 4/1/0 ATM packets debugging is on Displaying packets on interface ATM4/1/0 Router# ping 10.10.10.10 count 2 Type escape sequence to abort. Sending 2, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds: 1w1d: ATM4/1/0(O): VCD:0x5 VPI:0x0 VCI:0x55 DM:0x100 SAP:AAAA CTL:03 OUI:000000 TYPE:0800 Length:0x70 1w1d: 4500 0064 001A 0000 FF01 B77A 0101 0102 0101 0101 0800 119A 13A2 07C5 0000 1w1d: 0000 2D41 2408 ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 1w1d: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 1w1d: ABCD ABCD ABCD ABCD ABCD 1w1d: 1w1d: ATM4/1/0(I): VCD:0x5 VPI:0x0 VCI:0x55 Type:0x0 SAP:AAAA CTL:03 OUI:000000 TYPE:0800 Length:0x70 1w1d: 4500 0064 001A 0000 0101 B57B 0101 0102 0101 0101 0800 119A 13A2 07C5 0000 1w1d: 0000 2D41 2408 ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 1w1d: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 1w1d: ABCD ABCD ABCD ABCD ABCD 1w1d: . 1w1d: ATM4/1/0(O): VCD:0x5 VPI:0x0 VCI:0x55 DM:0x100 SAP:AAAA CTL:03 OUI:000000 TYPE:0800 Length:0x70 1w1d: 4500 0064 001B 0000 FF01 B779 0101 0102 0101 0101 0800 09C9 13A3 07C5 0000 1w1d: 0000 2D41 2BD8 ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 1w1d: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 1w1d: ABCD ABCD ABCD ABCD ABCD 1w1d: 1w1d: ATM4/1/0(I): VCD:0x5 VPI:0x0 VCI:0x55 Type:0x0 SAP:AAAA CTL:03 OUI:000000 TYPE:0800 Length:0x70 1w1d: 4500 0064 001B 0000 0101 B57A 0101 0102 0101 0101 0800 09C9 13A3 07C5 0000 1w1d: 0000 2D41 2BD8 ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 1w1d: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 1w1d: ABCD ABCD ABCD ABCD ABCD 1w1d: . Success rate is 0 percent (0/2) Router# configure terminal Router(config)# interface atm 4/1/0 Router(config-if)# no loopback diagnostic Router(config-if)# end Router# show interface atm 4/1/0 ATM4/1/0 is up, line protocol is up Hardware is ATM SPA, address is 000a.f330.2a80 (bia 000a.f330.2a80) MTU 4470 bytes, sub MTU 4470, BW 149760 Kbit, DLY 80 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ATM, loopback not set Encapsulation(s): AAL5 4095 maximum active VCs, 21 current VCCs VC idle disconnect time: 300 seconds Signalling vc = 1, vpi = 0, vci = 5 UNI Version = 4.0, Link Side = user 6 carrier transitions Last input 01:47:05, output 00:00:01, output hang never Last clearing of "show interface" counters 01:03:35 Input queue: 0/75/33439/80 (size/max/drops/flushes); Total output drops: 963306 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 9502306 packets input, 6654982829 bytes, 0 no buffer8-22 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Troubleshooting the ATM Shared Port Adapter Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 2 input errors, 2 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 27827569 packets output, 21072150159 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 output buffer failures, 0 output buffers swapped out Using loopback line If an ATM interface can perform a local loopback successfully, without reporting errors, you can next try a line loopback (loopback line command) to determine if packet errors are being generated by the ATM network between the local and remote router. In a line loopback, the interface on the remote router is configured with the loopback line command, so that it reflects every packet that it receives back to the originating router. The local router then generates traffic with the ping command to determine whether the line through the network is generating the packet errors. Figure 8-3 shows a router-level diagram of a line loopback. Figure 8-4 shows a block-level diagram of a line loopback, as it is performed within the ATM interface circuitry. Figure 8-3 Performing a Local Loopback—Router Level Figure 8-4 Performing a Line Loopback—Block Level Router 1 Router 2 TX RX Loopback cells 117337 ATM cloud FPGA ATM SAR SONET/SDH Framer ATM Optics TX RX 1173388-23 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Troubleshooting the ATM Shared Port Adapter DETAILED STEPS Command or Action Purpose Perform the following steps on the remote router: Step 1 Router# configure terminal Enters global configuration mode. Step 2 Router(config)# interface atm slot/subslot/port Enters interface configuration mode for the indicated port on the specified ATM SPA card. Step 3 Router(config-if)# loopback line Puts the ATM interface into the line loopback mode, so that it reflects any data it receives back to the originator. Step 4 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. Step 5 Router# show interface atm slot/subslot/port (Optional) Verifies that the interface has been configured for loopback mode. The output should show the words “loopback set” when the interface is operating in loopback mode. Perform the following steps on the local router: Step 1 Router# debug atm packet interface atm slot/subslot/port (Optional) Enables packet debugging on the ATM interface. Note This command generates several lines of debug output for each packet transmitted and received on the interface. Do not use it on a live network, or you could force the processor to 100% utilization. Step 2 Router(config-if)# ping ip-address [repeat count] [data hex] [size datagram-size] Sends an ICMP echo request packet to the specified IP address. • ip-address—Destination IP address for the ICMP echo request packet. Because the interface has been put into loopback mode, the exact IP address does not matter—any valid IP address can be specified. • repeat count—(Optional) Specifies the number of ICMP echo request packets to be sent. The default is 5. • data hex—(Optional) The data pattern, in hexadecimal, to be sent in the ICMP echo request packets. The default is 0x0000. • size datagram-size—(Optional) Specifies the size, in bytes, of the ICMP echo request packets to be sent. The range is 40 to 18024 bytes, with a default of 100 bytes. Note Because the interface is in loopback mode, the ping command will report that it failed. This is to be expected. Step 3 Router(config-if)# end Exits interface configuration mode and returns to privileged EXEC mode. 8-24 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Troubleshooting the ATM Shared Port Adapter Examples The following shows typical output when performing a line loopback. The following is the output on the remote router: Router# configure terminal Router(config)# interface atm 3/1/2 Router(config)# loopback line Router(config)# end Router# show interface atm 3/1/2 ATM3/1/2 is up, line protocol is up Hardware is ATM SPA, address is 000a.330e.2b08 (bia 000a.330e.2b08) MTU 4470 bytes, sub MTU 4470, BW 149760 Kbit, DLY 80 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ATM, loopback set Encapsulation(s): AAL5 4095 maximum active VCs, 103 current VCCs VC idle disconnect time: 300 seconds Signalling vc = 1, vpi = 0, vci = 5 UNI Version = 4.0, Link Side = user 6 carrier transitions Last input 00:00:02, output 00:00:01, output hang never Last clearing of "show interface" counters 01:03:35 Input queue: 0/75/13/80 (size/max/drops/flushes); Total output drops: 37 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 932603 packets input, 6798282 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 387275 packets output, 371031501 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out On the Local Router Perform the following on the local router: Router# debug atm packet interface atm 4/0/0 ATM packets debugging is on Displaying packets on interface ATM4/0/0 Step 4 Router# show interface atm slot/subslot/port Displays interface statistics, including whether any CRC or other errors during the ping test. For example: Router# show interface atm 5/0/1 ... Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 5 input errors, 5 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort ... Router# Note Also remember to remove the loopback mode on the remote ATM interface, using the no loopback line command. Command or Action Purpose8-25 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Troubleshooting the ATM Shared Port Adapter Router# ping 192.168.100.13 repeat 2 size 128 Type escape sequence to abort. Sending 2, 128-byte ICMP Echos to 192.168.100.13, timeout is 2 seconds: .. Success rate is 0 percent (0/2) 00:52:00: ATM4/0/0(O): VCD:0x1 VPI:0x0 VCI:0x55 DM:0x100 SAP:AAAA CTL:03 OUI:000000 TYPE:0800 Length:0x70 00:52:00: 4500 0064 000F 0000 FF01 B785 0101 0102 0101 0101 0800 CE44 121D 0009 0000 00:52:00: 0000 002F 9DB0 ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 00:52:00: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 00:52:00: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 00:52:00: ABCD ABCD ABCD ABCD 00:52:00: 00:52:00: ATM4/0/0(I): VCD:0x1 VPI:0x0 VCI:0x55 Type:0x0 SAP:AAAA CTL:03 OUI:000000 TYPE:0800 Length:0x70 00:52:00: 4500 0064 000F 0000 0101 B586 0101 0102 0101 0101 0800 CE44 121D 0009 0000 00:52:00: 0000 002F 9DB0 ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 00:52:00: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 00:52:00: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 00:52:00: ABCD ABCD ABCD ABCD 00:52:00: 00:52:02: ATM4/0/0(O): VCD:0x1 VPI:0x0 VCI:0x55 DM:0x100 SAP:AAAA CTL:03 OUI:000000 TYPE:0800 Length:0x70 00:52:02: 4500 0064 0010 0000 FF01 B784 0101 0102 0101 0101 0800 C673 121E 0009 0000 00:52:02: 0000 002F A580 ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 00:52:02: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 00:52:00: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 00:52:00: ABCD ABCD ABCD ABCD 00:52:02: 00:52:02: ATM4/0/0(I): VCD:0x1 VPI:0x0 VCI:0x55 Type:0x0 SAP:AAAA CTL:03 OUI:000000 TYPE:0800 Length:0x70 00:52:02: 4500 0064 0010 0000 0101 B585 0101 0102 0101 0101 0800 C673 121E 0009 0000 00:52:02: 0000 002F A580 ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 00:52:02: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 00:52:00: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 00:52:00: ABCD ABCD ABCD ABCD Router# show interface atm 4/0/0 ATM4/0/0 is up, line protocol is up Hardware is ATM SPA, address is 000a.12f0.80b1 (bia 000a.12f0.80b1) MTU 4470 bytes, sub MTU 4470, BW 149760 Kbit, DLY 80 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ATM, loopback not set Encapsulation(s): AAL5 4095 maximum active VCs, 103 current VCCs VC idle disconnect time: 300 seconds Signalling vc = 1, vpi = 0, vci = 5 UNI Version = 4.0, Link Side = user 6 carrier transitions Last input 00:00:02, output 00:00:01, output hang never Last clearing of "show interface" counters 01:03:35 Input queue: 0/75/13/80 (size/max/drops/flushes); Total output drops: 37 Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 94917 packets input, 1638383 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles8-26 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Troubleshooting the ATM Shared Port Adapter 0 input errors, 2 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 102898 packets output, 2042785 bytes, 0 underruns 0 output errors, 0 collisions, 5 interface resets 0 ouput buffer failures, 0 output buffers swapped out Using ATM Debug Commands The following debug commands can be useful when troubleshooting problems on an ATM interface or subinterface: • debug atm bundle errors—Displays information about VC bundle errors. • debug atm bundle events—Displays information about events related to the configuration and operation of VC bundles, such as VC bumping, when bundles are brought up, when they are taken down, and so forth. • debug atm errors—Displays errors that occur on an ATM interface, such as encapsulation and framing errors, as well as any errors that might occur during configuration of the ATM interfaces. • debug atm events—Displays information about events that occur on the ATM interfaces, such as changes to the ATM SPA and ATM interface configuration, card and interface resets, and PVC or SVC creation. Note The output of debug atm events can be extremely verbose and can cause problems if large numbers of ATM VCs are configured. The command should only be used when a few VCs are configured. • debug atm oam—Displays the contents of ATM operation and maintenance (OAM) cells as they arrive from the ATM network. • debug atm packet—Displays a hexadecimal dump of each packet’s SNAP/NLPID/SMDS header, followed by the first 40 bytes of the packet. Tip Use the no debug all command to turn off all debugging displays. For more information about these commands, see the Cisco IOS Debug Command Reference, Release 12.2. Using the Cisco IOS Event Tracer to Troubleshoot Problems Note This feature is intended for use as a software diagnostic tool and should be configured only under the direction of a Cisco Technical Assistance Center (TAC) representative. The Event Tracer feature provides a binary trace facility for troubleshooting Cisco IOS software. This feature gives Cisco service representatives additional insight into the operation of the Cisco IOS software and can be useful in helping to diagnose problems in the unlikely event of an operating system malfunction or, in the case of redundant systems, route processor switchover. Event tracing works by reading informational messages from specific Cisco IOS software subsystem components that have been preprogrammed to work with event tracing, and by logging messages from those components into system memory. Trace messages stored in memory can be displayed on the screen or saved to a file for later analysis. 8-27 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Preparing for Online Insertion and Removal of a SPA The SPAs currently support the “spa” component to trace SPA OIR-related events. Preparing for Online Insertion and Removal of a SPA The Cisco 7600 series router supports online insertion and removal (OIR) of the SIP, in addition to each of the SPAs. Therefore, you can remove a SIP with its SPAs still intact, or you can remove a SPA independently from the SIP, leaving the SIP installed in the router. This means that a SIP can remain installed in the router with one SPA remaining active, while you remove another SPA from one of the SIP subslots. If you are not planning to immediately replace a SPA into the SIP, then be sure to install a blank filler plate in the subslot. The SIP should always be fully installed with either functional SPAs or blank filler plates. For more information about activating and deactivating SPAs in preparation for OIR, see the “Preparing for Online Insertion and Removal of SIPs and SPAs” topic in the “Troubleshooting a SIP” chapter in this guide.8-28 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 8 Troubleshooting the ATM SPAs Preparing for Online Insertion and Removal of a SPA P A R T 4 CEoP Shared Port Adapters C H A P T E R 9-1 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 9 Overview of the CEoP and Channelized ATM SPAs This chapter provides an overview of the release history, features, and MIB support for the Circuit Emulation over Packet (CEoP) shared port adapters (SPAs) that are available for Cisco 7600 series routers. This chapter includes the following sections: • Release History, page 9-1 • Overview, page 9-2 • Supported Features, page 9-9 • Unsupported Features, page 9-15 • Prerequisites, page 9-15 • Restrictions, page 9-16 • Supported MIBs, page 9-16 • Displaying the SPA Hardware Type, page 9-17 Release History Release Modification 12.2(33) SRE3 Added new CLI options for configuring hardware timer to bring up the controller. 15.0(1)S Support was added for the following features: • Network Clocking and SSM functionality support was added • VC QoS on VP-PW 12.2(33)SRE Support was added for VP and VC mode on CeOP and 1-Port OC-48c/STM-16 ATM SPA 12.2(33)SRC Support was added for the following features: • Support was introduced for the 2-Port Channelized T3/E3 ATM CEoP SPA. • Support was added for Inverse multiplexing over ATM (IMA). • KEOPS Phase 2 Local Switching Redundancy • KEOPS Phase 2 TDM Local Switching9-2 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Overview Overview The CEoP SPAs are single-width, single-height, cross-platform Circuit Emulation over Packet (CEoP) shared port adapters (SPAs) for Cisco 7600 series routers. CEoP SPAs come in the following models: • 24-Port Channelized T1/E1 ATM CEoP SPA (SPA-24CHT1-CE-ATM=) • 2-Port Channelized T3/E3 ATM CEoP SPA (SPA-2CHT3-CE-ATM=) • 1-Port Channelized OC-3 STM1 ATM CEoP SPA (SPA-1CHOC3-CE-ATM=) The 24-Port Channelized T1/E1 ATM CEoP SPA and 1-Port Channelized OC-3 STM1 ATM CEoP SPA must be installed in a Cisco 7600 SIP-400 SPA interface processor (SIP) before they can be used in the Cisco 7600 series router. A maximum of four CEoP SPAs can be installed in each SIP, and these SPAs can be different models. You can install the SPA in the SIP before or after you insert the SIP into the router chassis. This allows you to perform online insertion and removal (OIR) operations either by removing individual SPAs from the SIP, or by removing the entire SIP (and its contained SPAs) from the router chassis. Pseudowire Emulation over Packet (PWEoP) is one of the key components to migrate customers to a packet-based multi-service network. Circuit Emulation over Packet (CEoP) is a subset of PWEoP and is a technology to migrate to all-packet networks from legacy TDM networks, yet providing transport for legacy applications transparently over a packet network. CEoP is the imitation of a physical connection. Many service providers and enterprises operate both packet switched networks and time division multiplexed (TDM) networks. These service providers and enterprises have moved many of their data services from the TDM network to their packet network for scalability and efficiency. Cisco provides routing and switching solutions capable of transporting Layer 2 and Layer 3 protocols such as Ethernet, IP, and Frame Relay. While most applications and services have been migrated to the packet-based network, some, including voice and legacy applications, still rely on a circuit or leased line for transport. CEoP SPAs implement Circuit Emulation over Packet by transporting circuits over a packet-based network. CEoP SPAs help service providers and enterprises migrate to one packet network capable of efficiently delivering both data and circuit services. CEoP SPAs also support ATM and ATM pseudowire. For an overview of ATM, see the “ATM Overview” section on page 6-4. Note In Cisco IOS Release 12.2(33)SRC, the 2-Port Channelized T3/E3 ATM CEoP SPA does not support Circuit Emulation (CEM) mode. The SPA supports ATM mode only. CEoP Frame Formats The CEoP SPAs support the structured or Circuit Emulation Service over Packet Switched Networks (CESoPSN) and the Structure-Agnostic TDM over Packet (SAToP) encapsulations. 12.2(33)SRB1 Support was added for the following new features: • ATM pseudowire redundancy. • Out-of-band clocking. 12.2(33)SRB Support was introduced for the 1-Port Channelized OC-3 STM1 ATM CEoP SPA and 24-Port Channelized T1/E1 ATM CEoP SPA.9-3 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Overview Circuit Emulation Services over Packet Switched Network (CESoPSN) mode Circuit Emulation Services over Packet Switched Network (CESoPSN) mode is used to encapsulate T1/E1 structured (channelized) services over PSN. Structured mode (CESoPSN) identifies framing and sends only payload, which can be channelized T1s within DS3 and DS0s within T1. DS0s can be bundled to the same packet. This mode is based on IETF RFC 5086. SPAs can aggregate individual interfaces and flexibly bundle them together. They can be configured to support either structured or unstructured CES modes of operation per each T1/E1/J1 as well as clear channel DS3 interfaces. Note that DS3 does not support CESoPSN/SAToP currently. It is only supported on 1-Port Channelized OC-3 STM1 ATM CEoP SPA channelized to T1/E1, or on 24-Port Channelized T1/E1 ATM CEoP SPA. Each supported interface can be configured individually to any supported mode. The supported services comply with IETF and ITU drafts and standards. Figure 9-1 shows the frame format in CESoPSN mode. Figure 9-1 Structured Mode Frame Format ''For CESoPSN, Table 9-1 shows the payload and jitter for DS0 lines. Table 9-1 CESoPSN DS0 Lines: Payload and Jitter Limits Encapsulation header CE Control (4Bytes) RTP (optional 12B) Frame#1 Timeslots 1-N Frame#2 CEoP Timeslots 1-N Payload Frame#3 Timeslots 1-N Frame#m Timeslots 1-N 230546 DS0 Maximum Payload Maximum Jitter Minimun Jitter Minimum Payload Maximum Jitter Minimun Jitter 1 40 320 10 32 256 8 2 80 320 10 32 128 4 3 120 320 10 33 128 4 4 160 320 10 32 64 2 5 200 320 10 40 64 2 6 240 320 10 48 64 2 7 280 320 10 56 64 29-4 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Circuit Emulation Services over Packet Switched Network (CESoPSN) over UDP Circuit Emulation Services over Packet Switched Network (CESoPSN) over UDP Circuit Emulation Services over Packet Switched Network (CESoPSN) provides the infrastructure for the emulation of TDM circuits like T1/E1 unstructured and structured over Packet Switched Network (PSN) infrastructure. Existing Pseudowire Emulation over Packet (PWE) solution on the Cisco 7600 series router only supports MPLS as the transport for circuit emulation whereas Circuit Emulation Services over Packet Switched Network over User Datagram Protocol (CESoUDP) extends the support adding UDP over Internet Protocol (IP) as the transport mechanism for circuit emulation over PSN. 8 320 320 10 64 64 2 9 360 320 10 72 64 2 10 400 320 10 80 64 2 11 440 320 10 88 64 2 12 480 320 10 96 64 2 13 520 320 10 104 64 2 14 560 320 10 112 64 2 15 600 320 10 120 64 2 16 640 320 10 128 64 2 17 680 320 10 136 64 2 18 720 320 10 144 64 2 19 760 320 10 152 64 2 20 800 320 10 160 64 2 21 840 320 10 168 64 2 22 880 320 10 176 64 2 23 920 320 10 184 64 2 24 960 320 10 192 64 2 25 1000 320 10 200 64 2 26 1040 320 10 208 64 2 27 1080 320 10 216 64 2 28 1120 320 10 224 64 2 29 1160 320 10 232 64 2 30 1200 320 10 240 64 2 31 1240 320 10 248 64 2 32 1280 320 10 256 64 2 DS0 Maximum Payload Maximum Jitter Minimun Jitter Minimum Payload Maximum Jitter Minimun Jitter9-5 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Circuit Emulation Services over Packet Switched Network (CESoPSN) over UDP Restrictions and Usage Guidelines • CESoUDP supports all the existing modes of HA (RPR and SSO). • CESoUDP is supported on 24-Port Channelized T1/E1 ATM CEoP SPA, 2-Port Channelized T3/E3 ATM CEoP SPA, and 1-Port Channelized OC-3 STM1 ATM CEoP SPA. • CESoPSN on Cisco 7600 series router is supported only with SIP400 on the CE facing side. Both the decapsulation and the encapsulation are done by the CE facing line card. • The Cisco 7600 series router supports up to 8192 CESoUDP pseudowires. But a SIP400 supports only maximum of 2304 pseudowires. • Since CLI on RP is used to install the Access Control List (ACL) entry, the ACL programming is decoupled from the L2VPN control plane update. As a result, when a pseudowire circuit goes down, the ACL is still present. Any traffic coming in from the core which matches the ACL is redirected to the egress line card, where it is dropped due to the absence of appropriate entries in the disposition table. • Pseudowires redundancy is not supported. • Fragmentation of IP packets is not supported. The DF bit is set when the IP header is inserted. • Path MTU is not supported. • Differential synchronization mode is not supported. • The supported pseudowires, payload size ranges from 40 to 1312 Bytes. • The Time To Live (TTL) value in the IP header is configurable under the pseudowire class. The default value is 255. • Only thebasic CESoPSN over UDP/IP encapsulation without the optional Real-Time Protocol (RTP) header is supported. Configuring CESoPSN with UDP Encapsulation Complete the following steps to configure CESoPSN with UDP encapsulation on the Cisco 7600 series router. SUMMARY STEPS Step 1 enable Step 2 configure terminal Step 3 interface loopback interface-number Step 4 ip address ip-address mask [secondary] Step 5 mls cemoudp reserve slot Step 6 pseudowire-class pseudowire-class-name Step 7 encapsulation udp Step 8 ip local interface loopback interface-number Step 9 ip tos value value number Step 10 ip ttl number Step 11 exit9-6 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Circuit Emulation Services over Packet Switched Network (CESoPSN) over UDP Step 12 controller {e1|t1} slot/subslot/port Step 13 clock source {internal | line| loop} Step 14 cem-group number timeslots number Step 15 exit Step 16 interface cem slot/subslot/port Step 17 cem group-number Step 18 xconnect peer-router-id vcid {pseudowire-class name} Step 19 udp port local remote Step 20 exit DETAILED STEPS Command Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Step 2 configure terminal Enters global configuration mode. Step 3 interface loopback interface-number Creates a loopback interface and enters interface configuration mode: interface-number: An arbitrary value from 0 to 2,147,483,647 that uniquely identifies this loopback interface. Step 4 ip address ip-address mask [secondary] Specifies the IP address and subnet mask for this loopback interface. Step 5 mls cemoudp reserve slot Used to reserve a loopback interface used as source for the CESoPSN circuit for a particular line card. Slot number refers to the module number of the line card where the CEoP SPA resides. Step 6 pseudowire-class pseudowire-class-name Creates a new pseudowire class. Step 7 encapsulation udp Specifies the UDP transport protocol. Step 8 ip local interface loopback interface-number Configures the IP address of the provider edge (PE) router interface as the source IP address for sending tunneled packets. Step 9 ip tos value value number Specifies the type of service (ToS) level for IP traffic in the pseudowire. Step 10 ip ttl number Specifies a value for the time-to-live (TTL) byte in the IP headers of Layer 2 tunneled packets. Step 11 exit Exits pseudowire-class configuration mode. Step 12 controller {e1|t1} slot/subslot/port Enters E1/T1 controller configuration mode.9-7 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Circuit Emulation Services over Packet Switched Network (CESoPSN) over UDP Configuration Examples This is an example for configuring CESoPSN with UDP encapsulation on the Cisco 7600 series router: Router> enable Router# configure terminal Router(config)# interface loopback 0 Router(config-if)# ip address 2.2.2.8 255.255.255.255 Router(config-if)# mls cemoudp reserve slot 2 Router(config)# pseudowire-class udpClass Router(config-pw-class)# encapsulation udp Router(config-pw-class)# ip local interface loopback 0 Router(config-pw-class)# ip tos value 100 Router(config-pw-class)# ip ttl 100 Router(config-pw-class)# exit Router(config)# controller e1 2/0/0 Router(config-controller)# clock source internal Router(config-controller)# cem-group 5 timeslots 1-24 Router(config-controller)# exit Step 13 clock source {internal | line| loop} Sets the clock source on the interface to: • Internal: The system clock selection process does not select clock source as the interface but it uses the system clock for TX. • Line: The system clock selection process selects the clock source line as the interface and uses the system clock for TX. • Loop: The system clock selection process selects the clock source line as the interface. For TX clock the interface uses the clock source received on the same interface. Note By default, the clock source on the interface is set to internal. Step 14 cem-group number timeslots number Assigns channels on the T1/E1 circuit to the circuit emulation (CEM) channel. This example uses the timeslots parameter to assign specific timeslots to the CEM channel. Step 15 exit Exits controller configuration. Step 16 interface cem slot/subslot/port Selects the CEM interface where the CEM circuit (group) is located (where slot/subslot is the SPA slot and subslot and port is the SPA port where the interface exists). Step 17 cem group-number Defines a CEM channel. Step 18 xconnect peer-router-id vcid {pseudowire-class name} Binds an attachment circuit to the CEM interface to create a pseudowire. This example creates a pseudowire by binding the CEM circuit 5 to the remote peer 30.30.30.2. Note When creating IP routes for a pseudowire configuration, we recommend that you build a route from the cross-connect address (LDP router-ID or loopback address) to the next hop IP address, such as ip route 30.30.30.2 255.255.255.255 1.2.3.4. Step 19 udp port local remote Specifies a local and remote UDP port for the connection. Valid port values for CESoPSN pseudowires using UDP are from 49152–57343. Step 20 exit Exits the CEM interface. Command Purpose9-8 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Circuit Emulation Services over Packet Switched Network (CESoPSN) over UDP Router(config)# interface cem 2/0/0 Router(config-if)# cem 5 Router(config-if-cem)# xconnect 30.30.30.2 305 pw-class udpClass Router(config-if-cem)# udp port local 50000 remote 55000 Router(config-if-cem)# exit Verifying the Configuration This section provides the commands to verify the configuration of CESoPSN with UDP encapsulation on the Cisco 7600 series router: Router# show xcon all Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State UP=Up DN=Down AD=Admin Down IA=Inactive SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware XC ST Segment 1 S1 Segment 2 S2 ------+---------------------------------+--+---------------------------------+-- UP ac CE3/0/0:1(CESoPSN Basic) UP udp 66.66.66.66:180 UP UP ac CE3/0/0:6(CESoPSN Basic) UP udp 66.66.66.66:181 UP Router# show pw vc Local intf Local circuit VC ID Status -------------- -------------------------- ---------- -------- CE3/0/0 CESoPSN Basic 180 established LAddr: 55.55.55.55 LPort: 50002 RAddr: 66.66.66.66 RPort: 50002 CE3/0/0 CESoPSN Basic 181 established LAddr: 55.55.55.55 LPort: 50004 RAddr: 66.66.66.66 RPort: 50004 Troubleshooting the CESoPSN with UDP Encapsulation Configuration Use these debug commands to troubleshoot CESoPSN with UDP encapsulation when the pseudowire is down: • debug pw-udp event: Provides details on all events occurring on the pseudowire UDP. • debug pw-udp error: Provides debugging information on pseudowire UDP error. • debug pw-udp fsm: Debugs the pseudowire UDP finite state machine (FSM). Structure-Agnostic TDM over Packet (SAToP) mode Structure-Agnostic TDM over Packet (SAToP) mode is used to encapsulate T1/E1 or T3/E3 unstructured (unchannelized) services over packet switched networks. In unstructured (SAToP) mode, bytes are sent out as they arrive on the TDM line. Bytes do not have to be aligned with any framing. In this mode the interface is considered as a continuous framed bit stream. The packetization of the stream is done according to IETF RFC 4553. All signaling is carried transparently as a part of a bit stream. 9-9 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Supported Features Figure 9-2 Unstructured Mode Frame Format For SAToP frame format the following table shows the payload and jitter limits for the T1 lines. Table 9-2 SAToP T1 Frame: Payload and Jitter Limits For SAToP frame format the following table shows the payload and jitter limits for the E1 lines. Table 9-3 SAToP E1 Frame: Payload and Jitter Limits Supported Features This section provides a list of some of the primary features supported by the CEoP hardware and software: • Basic Features, page 9-9 • SONET/SDH Error, Alarm, and Performance Monitoring, page 9-11 • Layer 2 Features, page 9-13 • Layer 3 Features, page 9-14 • High Availability Features, page 9-15 Basic Features • Circuit emulation compliant with IETF standards for CESoPSN and SAToP • The 24-Port Channelized T1/E1 ATM CEoP SPA supports T1 or E1, which can be channelized to DS0 for circuit emulation (CEM). Maximum Payload Maximum Jitter Minimun Jitter Minimum Payload Maximum Jitter Minimun Jitter 960 320 10 192 64 2 Maximum Payload Maximum Jitter Minimun Jitter Minimum Payload Maximum Jitter Minimun Jitter 1280 320 10 256 64 2 Encapsulation header CE Control (4Bytes) RTP (optional 12B) Bytes 1-N CEoP Payload 2305479-10 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Supported Features • The 2-Port Channelized T3/E3 ATM CEoP SPA is supported in Cisco IOS Release 12.2(33)SRC and later releases. • The 1-Port Channelized OC-3 STM1 ATM CEoP SPA supports VT1.5 SONET channelization, and VC-11 and VC-12 SDH channelizations. ATM can be configured on T1s, while CEM can be configured down to DS0. • Maintenance Digital Link (MDL) and Far End Alarm Control (FEAC) features (T3/E3) • Facility Data Link (FDL) support (T1/E1) • Adaptive clock recovery compliant with G.823 and G.824 Traffic interface ITU specification • Compliant with Y.1411 ATM-MPLS network interworking—cell mode user plane interworking • Compliant with Y.1413 TDM-MPLS network interworking—user plane interworking • Compliant with Y.1453 TDM-IP network interworking—user plane interworking • ATM MPLS encapsulation IETF RFC and drafts • ATM over channelized T1 lines • Full channelization down to DS0 (CEM only) • Simultaneous multiple interface support (for example, ATM and circuit emulation) • Bellcore GR-253-CORE SONET/SDH compliance (ITU-T G.707, G.783, G.957, G.958) • Supports both permanent virtual circuits (PVCs) and switched virtual circuits (SVCs) • The absolute maximum for the sum of VPs at VCs is 2048 per CEoP SPA. Each interface can have a maximum of 2047 VCs with the following recommended limitations: – On a Cisco 7600 SIP-400, 8000 PVCs are supported on multipoint subinterfaces. – A recommended maximum number of 2048 PVCs on all point-to-point subinterfaces for all CEoP SPAs in a SIP. – A recommended maximum number of 16,380 PVCs on all multipoint subinterfaces for all CEoP SPAs in a SIP, and a recommended maximum number of 200 PVCs per each individual multipoint subinterface. – A recommended maximum number of 400 SVCs for all CEoP SPAs in a SIP. – A recommended maximum number of 1024 PVCs or 400 SVCs using service policies for all CEoP SPAs in a SIP. • Up to 4096 simultaneous segmentations and reassemblies (SARs) per interface • Supports a maximum number of 200 PVCs or SVCs using Link Fragmentation and Interleaving (LFI) for all CEoP ATM SPAs (or other ATM modules) in a Cisco 7600 series router • Up to 1000 maximum virtual templates per router • ATM adaptation layer 5 (AAL5) for data traffic • Hardware switching of multicast packets for point-to-point subinterfaces • The 1-Port Channelized OC-3 STM1 ATM CEoP SPA uses small form-factor pluggable (SFP) optical transceivers, allowing the same CEoP SPA hardware to support multimode (MM), short reach (SR), intermediate reach (IR1), and long reach (LR1 and LR2) fiber, depending on the capabilities of the SPA. • ATM section, line, and path alarm indication signal (AIS) cells, including support for F4 and F5 flows, loopback, and remote defect indication (RDI) • Operation, Administration, and Maintenance (OAM) cells 9-11 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Supported Features • Online insertion and removal (OIR) of individual CEoP SPAs from the SIP, as well as OIR of the SIPs with CEoP SPAs installed Cisco IOS Release 12.2SRC adds support for the following new features: • 2-Port Channelized T3/E3 ATM CEoP SPA (supports clear-channel T3 ATM mode only) • Inverse multiplexing over ATM (IMA) • CEM local switching and local switching redundancy • ATM cell packing (VC and VP modes) (both SCR and PCR) on 2-Port and 4-Port OC-3c/STM-1 ATM SPA on both SIP-200 and SIP-400, and for SCR on CEoP SPAs (24xT1/E1-CE, 2xT3/E3-CE and 1xCHOC3-CE) on SIP-400. • ATM local switching and local switching redundancy In Cisco IOS Release 12.2(33)SRD support was added for PMCRoMPLS-single or packed-cell relay for the 2-Port and 4-Port OC-3c/STM-1 ATM SPA on SIP-200 and SIP-400, and single cell relay for the CEoP SPAs (24xT1/E1-CE, 2xT3/E3-CE, 1xCHOC3-CE) on the SIP400. In Cisco IOS Release 12.2(33)SRE support was added for VP and VC mode on CeOP and 1-Port OC-48c/STM-16 ATM SPA. • Cisco IOS Release 15.0(1)S adds support for Network Clocking and Synchronization Status Message(SSM) functionality for the CEoP SPAs in a Cisco 7600 SIP-400 only. The supported CEoP SPAs are: – -SPA-1CHOC3-CE-ATM – -SPA-24CHT1-CE-ATM For more information on configuring the network clock see, Configuring Boundary Clock for 2-Port Gigabit Synchronous Ethernet SPA on Cisco 7600 SIP-400, page 12-29 Beginning in Cisco IOS Release12.2(33)SRE support is added for: • Modular QoS CLI (MQC) policy support existing on ATM VC is extended to the ATM PVP on 2-Port and 4-Port OC-3c/STM-1 ATM SPA and the below three flavors of CEoP SPA: – SPA-24XT1E1-CE – SPA-1XOC3-CE – SPA-2XT3E3-CE • ATM VCI (match atm-vci command)—Input ATM PVP Interface is added to the ATM VP. SONET/SDH Error, Alarm, and Performance Monitoring • To configure variable soak period for line, use delay alarm triggers line. • To configure path alarm reporting, use path msecs command. • To configure clearing on 1Port Channelized OC-3 STM1 ATM CEoP SPA, use delay alarm clear line/path msecs. • Fiber removed and reinserted • Signal failure bit error rate (SF-BER) • Signal degrade bit error rate (SD-BER) • Signal label payload construction (C2) • Path trace byte (J1)9-12 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Supported Features • Section Diagnostics: – Loss of signal (SLOS) – Loss of frame (SLOF) – Error counts for B1 – Threshold crossing alarms (TCA) for B1 (B1-TCA) • Line Diagnostics: – Line alarm indication signal (LAIS) – Line remote defect indication (LRDI) – Line remote error indication (LREI) – Error counts for B2 – Threshold crossing alarms for B2 (B2-TCA) • Path Diagnostics: – Path alarm indication signal (PAIS) – Path remote defect indication (PRDI) – Path remote error indication (PREI) – Error counts for B3 – Threshold crossing alarms for B3 (B3-TCA) – Loss of pointer (PLOP) – New pointer events (NEWPTR) – Positive stuffing event (PSE) – Negative stuffing event (NSE) • The following loopback tests are supported: – Network (line) loopback – Internal (diagnostic) loopback • Supported SONET/SDH synchronization: – Local (internal) timing (for inter-router connections over dark fiber or wave division multiplexing [WDM] equipment) – Loop (line) timing (for connecting to SONET/SDH equipment) – +/– 4.6 ppm clock accuracy over full operating temperature T1/E1 Errors and Alarms The 24-Port Channelized T1/E1 ATM CEoP SPA reports the following types of T1/E1 errors and alarms: • Cyclic redundancy check (CRC) errors • Far end block error (FEBE) • Alarm indication signal (AIS) • Remote alarm indication (RAI) • Loss of signal (LOS) • Out of frame (OOF) 9-13 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Supported Features • Failed seconds • Bursty seconds • Bipolar violations • Error events • Failed signal rate • Line and Path Diagnostics: – Errored Second–Line (ES-L) – Severely Errored Second–Line (SES-L) – Coding violation–Line (CV-L) – Failure Count–Path (FC-P) – Errored Second–Path (ES-P) – Severely Errored Second–Path (SES-P) – Unavailable Seconds–Path (UAS-P) T3/E3 Errors and Alarms The 2-Port Channelized T3/E3 ATM CEoP SPA reports the following errors and alarms: • AIS (Alarm Indication Signal) • Far end bit error (FEBE) • Far end receive failure (FERF) • Frame error • Out of frame (OOF) • Path parity error • Parity bit (P-bit) disagreements • Receive Alarm Indication Signal (RAIS) • Yellow alarm bit (X-bits) disagreements Layer 2 Features • Supports the following encapsulation types: – AAL5SNAP (LLC/SNAP) – LLC encapsulated bridged protocol – AAL5MUX (VC multiplexing) – AAL5CISCOPPP • Supports the following ATM traffic classes and per-VC traffic shaping modes: – Constant bit rate (CBR) with peak rate – Unspecified bit rate (UBR) with peak cell rate (PCR) – Non-real-time variable bit rate (VBR-nrt) – Variable bit rate real-time (VBR-rt) 9-14 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Supported Features Note ATM shaping is supported, but class queue-based shaping is not. • ATM point-to-point and multipoint connections • Explicit Forward Congestion Indication (EFCI) bit in the ATM cell header • Integrated Local Management Interface (ILMI) operation, including keepalive, PVC discovery, and address registration and deregistration • Link Fragmentation and Interleaving (LFI) performed in hardware • VC–to–VC local switching and cell relay • VP–to–VP local switching and cell relay • AToM VP Mode Cell Relay support • RFC 1755, ATM Signaling Support for IP over ATM • ATM User-Network Interface (UNI) signalling V3.0, V3.1, and V4.0 only • RFC 2225, Classical IP and ARP over ATM (obsoletes RFC 1577) • Unspecified bit rate plus (UBR+) traffic service class on SVCs and PVCs Layer 3 Features • ATM VC Access Trunk Emulation (multi-VLAN to VC) • ATM over MPLS (AToM) in AAL5 mode (except for AToM cell packing) • ATM over MPLS (AToM) in AAL5/AAL0 VC mode • Distributed Link Fragmentation and Interleaving (dLFI) for ATM (dLFI packet counters are supported, but dLFI byte counters are not supported) • 2047 is the maximum number of VCs per interface (assuming no VPs). Each AToM L2transport PVP reduces the total number of VCs by 3 per CEoP SPA. • OAM flow connectivity using OAM ping for segment or end-to-end loopback • Multicast SVCs are supported if there is only one VC on the subinterface • PVC multicast (Protocol Independent Multicast [PIM] dense and sparse modes) • Quality of Service (QoS): – Policing – IP-to-ATM class of service (IP precedence and DSCP) – ATM CLP bits matching for ingress and set ATM CLP bits for egress through MQC for PVC • RFC 1483, Multiprotocol Encapsulation over ATM Adaptation Layer 5: – PVC bridging (full-bridging) • Routing protocols: – Border Gateway Protocol (BGP) – Enhanced Interior Gateway Routing Protocol (EIGRP) – Interior Gateway Routing Protocol (IGRP) – Integrated Intermediate System-to-Intermediate System (IS-IS) 9-15 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Unsupported Features – Open Shortest Path First (OSPF) – Routing Information Protocol version 1 and version 2 (RIPv1 and RIPv2) High Availability Features • 1+1 Automatic Protection Switching (APS) redundancy (PVC circuits only) • Route Processor Redundancy (RPR) • RPR Plus (RPR+) • OSPF Nonstop Forwarding (NSF) Cisco IOS Release 12.2SRC adds support for the following high-availability feature: • NonStop Forwarding and Stateful switchover (NSF/SSO) support for CEM and ATM pseudowires Unsupported Features • MLPPP and MLFR are not supported • Primary surge protection for the 24-Port Channelized T1/E1 ATM CEoP SPA • The following High Availability features are not supported: – APS 1:N redundancy is not supported. – APS redundancy is not supported on SVCs. – APS reflector mode (aps reflector interface configuration command) is not supported. • PVC autoprovisioning (create on-demand VC class configuration command) is not supported. • Creating SVCs with UNI signalling version 4.1 is not supported (UNI signalling v 3.0, v 3.1, and v 4.0 are supported). • Enhanced Remote Defect Indication–Path (ERDI-P) is not supported. • Fast Re-Route (FRR) over ATM is not supported. • LAN Emulation (LANE) is not supported. • Available Bit Rate (ABR) traffic service class is not supported. • Oversubscription of the Cisco 7600 SIP-400 is not supported (in either CEM or ATM mode). Prerequisites • The Cisco 7600 SIP-400 requires a Cisco 7600 series router using either of the following processors running the Cisco IOS Release 12.2(33)SRB or a later release: – Supervisor Engine 720 (SUP-720) processor, or – Route Switch Processor 720 (RSP720-GE and RSP720-10GE), or – Supervisor Engine 32 (SUP-32) processor9-16 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Restrictions Note Before configuring the CEoP SPA, have the following information available: IP addresses for all ports on the new interfaces, including subinterfaces. Restrictions • The 1-Port Channelized OC-3 STM1 ATM CEoP SPA and 24-Port Channelized T1/E1 ATM CEoP SPA do not support mixed line modes (for example, T1 or E1, or T3). A reset of the SPA is required to change modes. • The 1-Port Channelized OC-3 STM1 ATM CEoP SPA,the 2-Port Channelized T3/E3 ATM CEoP SPA, and the 24-Port Channelized T1/E1 ATM CEoP SPA do not support the following features: BRE, LFI, RBE, or bridging. • The 2-Port Channelized T3/E3 ATM CEoP SPA can receive data over distances of up to 1350 ft (411.5 meters). • When a pseudowire is configured on an interface, APS for the interface is useful only in conjunction with pseudowire redundancy. • VC QoS on VP-PW feature works only with Single Cell Relay and does not work with Packed Cell Relay. Supported MIBs The following MIBs are supported in Cisco IOS Release 12.2(33)SRB and later releases for the CEoP SPAs on the Cisco 7600 series router. Common MIBs • ENTITY-MIB • IF-MIB • MIB-II • MPLS-CEM-MIB Cisco-Specific MPLS MIBs • CISCO-IETF-PW-MIB • CISCO-IETF-PW-MPLS-MIB Cisco-Specific Common MIBs • CISCO-ENTITY-EXT-MIB • OLD-CISCO-CHASSIS-MIB • CISCO-CLASS-BASED-QOS-MIB • CISCO-ENTITY-FRU-CONTROL-MIB • CISCO-ENTITY-ASSET-MIB • CISCO-ENTITY-SENSOR-MIB • CISCO-MQC-MIB 9-17 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Displaying the SPA Hardware Type For more information about MIB support on a Cisco 7600 series router, refer to the Cisco 7600 Series Internet Router MIB Specifications Guide at the following URL: http://www.cisco.com/en/US/docs/routers/7600/technical_references/7600_mib_guides/MIB_Guide_v er_6/7600mib2.html To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator at the following URL: http://tools.cisco.com/ITDIT/MIBS/servlet/index If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Displaying the SPA Hardware Type To verify the SPA hardware type that is installed in your Cisco 7600 series router, use the show interfaces or show diag commands. A number of other show commands also provide information about the SPA hardware. Table 9-4 shows the hardware description that appears in the show command output for each type of CEoP SPA that is supported on the Cisco 7600 series router: Example of the show interfaces cem Command The following example shows output from the show interfaces cem command on a Cisco 7600 series router with an CEoP SPA installed in the first subslot of a SIP that is installed in slot 2: Router# show interfaces cem 2/1/3 CEM2/1/3 is up, line protocol is up Hardware is Circuit Emulation Interface MTU 1500 bytes, BW 10000000 Kbit, DLY 0 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation CEM, loopback not set Keepalive set (10 sec) Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/0 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec Table 9-4 CEoP SPA Hardware Descriptions in show Commands SPA Description in show interfaces Command SPA-24CHT1-CE-ATM “Hardware is SPA-24CHT1-CE-ATM” SPA-1CHOC3-CE-ATM “Hardware is SPA-1CHOC3-CE-ATM” SPA-2CHT3-CE-ATM “Hardware is SPA-2CHT3-CE-ATM”9-18 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 9 Overview of the CEoP and Channelized ATM SPAs Displaying the SPA Hardware Type 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped outC H A P T E R 10-1 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 10 Configuring the CEoP and Channelized ATM SPAs This chapter provides information about configuring the Circuit Emulation over Packet (CEoP) shared port adapters (SPAs) on the Cisco 7600 series router. It contains the following sections: • Configuration Tasks, page 10-2 • Configuring Circuit Emulation, page 10-13 • Configuring ATM, page 10-20 • Configuring Pseudowire Redundancy (Optional), page 10-23 • Configuring T1, page 10-24 • Configuring E1, page 10-24 • Configuring T3, page 10-25 • Configuring SONET (OC-3), page 10-28 • Configuring Inverse Multiplexing over ATM, page 10-29 • Configuring Clocking, page 10-37 • Configuring CEM Parameters, page 10-50 • Configuring Access Circuit Redundancy on CEoP and ATM SPAs, page 10-51 • Configuring Layer 3 QoS on CEoP SPAs, page 10-57 • Configuring AIS and RAI Alarm Forwarding in CESoPSN Mode on CEoP SPAs, page 10-61 • Verifying the Interface Configuration, page 10-82 For information about managing your system images and configuration files, see the Cisco IOS Configuration Fundamentals Configuration Guide and Cisco IOS Configuration Fundamentals Command Reference publications for your Cisco IOS software release. For more information about the commands used in this chapter, refer to the Cisco IOS Software Releases 12.2SR Command References and to the Cisco IOS Software Releases 12.2SX Command References. Also refer to the related Cisco IOS Release 12.2 software command reference and master index publications. For more information, see the “Related Documentation” section on page xlvii.10-2 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuration Tasks Configuration Tasks This section describes the most common configurations for the CEoP SPAs on a Cisco 7600 series router. It contains procedures for the following: • Specifying the Interface Address on a SPA, page 10-2 • Configuring Port Usage (Overview), page 10-2 Specifying the Interface Address on a SPA Four CEoP SPAs can be installed in a SPA interface processor (SIP). Ports are numbered from left to right, beginning with 0. Single-port SPAs use only the port number 0. To configure or monitor SPA interfaces, you need to specify the physical location of the SIP, SPA, and interface in the command-line-interface (CLI). The interface address format is slot/subslot/port, where: • slot—Specifies the chassis slot number in the Cisco 7600 series router where the SIP is installed • subslot—Specifies the secondary slot of the SIP where the SPA is installed • port—Specifies the number of the individual interface port on a SPA The following example shows how to specify the first interface (0) on a SPA installed in subslot 1 of the SIP in chassis slot 3: Router(config)# interface cem 3/1/0 For more information about how to identify slots and subslots, see the “Identifying Slots and Subslots for SIPs, SSCs, and SPAs” section on page 4-2. Configuring Port Usage (Overview) The 24-Port Channelized T1/E1 ATM CEoP SPA and 1-Port Channelized OC-3 STM1 ATM CEoP SPA can be configured to run in the following modes: • Circuit emulation (CEM) • Channelized Asynchronous Transfer Mode (ATM) • Inverse Multiplexing over ATM (IMA) The 2-Port Channelized T3/E3 ATM CEoP SPA, introduced in Cisco IOS Release 12.2(33)SRC, can be configured to run in ATM mode. The SPA does not currently support CEM or IMA mode. The following tables show the commands to configure each of the SPAs for CEM or ATM. Detailed configuration instructions are provided in the sections that follow. Configuring the 24-Port Channelized T1/E1 ATM CEoP SPA To configure the 24-Port Channelized T1/E1 ATM CEoP SPA, perform the following steps: Command or Action Purpose Step 1 Router(config)# card type {t1 | e1} slot subslot Selects a card type. Step 2 Router(config)# controller {t1 | e1} slot/subslot/port Selects the controller for the SPA port to configure.10-3 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuration Tasks Configuring the 2-Port Channelized T3/E3 ATM CEoP SPA To configure the 2-Port Channelized T3/E3 ATM CEoP SPA, complete these steps: SUMMARY STEPS Step 1 enable Step 2 configure terminal Step 3 card type {t3 | e3} slot subslot Step 4 controller {t3 | e3} slot/subslot/port Step 5 channelized mode {t1 | e1} Step 6 cem-group group unframed or {t1} 1-28 cem-group group timeslots 1-24 {e1} 1-21 cem-group group timeslots 1-31 or atm or {t1} 1-28 ima-group group-number {e1} 1-21 ima-group group-number Step 7 exit DETAILED STEPS Step 3 Router(config-controller)# cem-group group unframed Creates a SAToP CEM group and configures the port for clear-channel CEM mode. Router(config-controller)# cem-group group timeslots 1-24 Creates a CESoPSN CEM group and configures the port for channelized CEM mode. Router(config-controller)# atm Configures the port for ATM and creates an ATM interface. Router(config-controller)# ima-group group-number Configures the interface to run in IMA mode, and assigns the interface to an IMA group. Command or Action Purpose Command or Action Purpose Step 4 Router # enable Enables privileged EXEC mode. Step 5 Router# configure terminal Enters global configuration mode. Step 6 Router(config)# card type {t3 | e3} slot subslot or Router(config)# [no] card type {t3 | e3} slot subslot Selects a card type. or Use no command to remove the card type.10-4 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuration Tasks Note See “Configuring T3” section on page 10-25 for information about the features that are not supported on the CEoP SPA in Cisco IOS Release 12.2SRC. Restrictions and Usage Guidelines Follow these restrictions and usage guidelines while configuring 2-Port Channelized T3/E3 CEoP SPA: • CEoP SPAs does not support Layer 3QoS. • Bridging featues such as bridging routed encapsulations (BRE), multipoint bridging(MPB), routed bridge encapsulation(RBE), and multi VLAN are not supported on CEoP. • E3 Channelization to E1 is not supported. Step 7 Router(config)# controller {t3 | e3} slot/subslot/port Selects the controller for the SPA port to configure. Note Effective from Cisco IOS Release 15.1(1)S release, T3 and E3 card types are supported. Step 8 Router(config-controller)# channelized mode {t1 | e1} Swaps between the CT3-T1 and CT3-E1 modes. This is applicable only if the card type is T3. Step 9 Router(config-controller)# cem-group group unframed or Router(config-controller)# [no] cem-group group unframed Creates a SAToP CEM group and configures the port for clear-channel CEM mode. or To delete the CEM circuit and release the time slots, use the no cem-group group-number command. Router(config-controller)# {t1} 1-28 cem-group group timeslots 1-24 Router(config-controller)# {e1} 1-21 cem-group group timeslots 1-31 Creates a CESoPSN CEM group and configures the port for channelized CEM mode. Group number range is from 0 to 671. Router(config-controller)# atm or Router(config-controller)# [no] atm Configures the port to run in clear-channel ATM mode and creates an ATM interface to represent the port. or Use the no form of the command remove the link from the ATM. Router(config-controller)# {t1} 1-28 ima-group group-number Router(config-controller)# {e1} 1-21 ima-group group-number or Router(config-controller)# [no] {t1} 1-28 ima-group group-number Router(config-controller)# [no] {e1} 1-21 ima-group group-number Configures the interface to run in IMA mode, and assigns the interface to an IMA group. Group number range is from 0 to 41. or Use the no form of the command remove the link from the IMA group. Step 10 Router (config-if)# exit Exits interface configuration mode and returns to privileged EXEC mode. Command or Action Purpose10-5 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuration Tasks • Maintenance Digital Link (MDL) is supported only for DSX3-C bit framing. • CEoP SPAs simultaneously supports multiple interface types. • Adaptive clock recovery is supported on 2-Port Channelized T3/E3 CEoP SPA. • Out-of-Band(OOB) clock recovery for CEM is not supported. • E3 or T3 ATM is not supported. Sample Configuration for 2-Port Channelized T3/E3 CEoP SPA on Clear channel T3 Configure SPA in a T3 mode Router(config)# card type T3 5 0 Router(config)# controller T3 5/0/0 Create an T3 ATM interface Router(config-controller)# atm Create CEM group Router(config-controller)# cem-group 0 unframed Sample Configuration for 2-Port Channelized T3/E3 CEoP SPA on Clear channel E3 mode Configure SPA in a E3 mode Router(config)# card type E3 5 0 Router(config)# controller E3 5/0/0 Create an E3 ATM interface Router(config-controller)# atm Create CEM group Router(config-controller)# cem-group 0 unframed Sample Configuration for 2-Port Channelized T3/E3 CEoP SPA on CT3-T1 Channelization mode Configure SPA in a T3 mode Router(config)# card type T3 5 0 Router(config)# controller T3 5/0/0 Create an T3 ATM interface Router(config-controller)# t1 1 atm Create a NxDS0 T1 CEM group router(config-controller)# t1 2 cem-group 0 timeslots 1-12 Create two IMA groups (1 with two T1 members) Router(config-controller)# t1 3 ima-group 5 Router(config-controller)# t1 4 ima-group 5 Sample Configuration for 2-Port Channelized T3/E3 CEoP SPA on CT3-E1 Channelization mode Configure SPA in a T3 mode10-6 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuration Tasks Router(config)# card type T3 5 0 Router(config)# controller T3 5/0/0 Changing channelization to E1 Router(config)# controller T3 5/0/0 router(config-controller)# channelized mode e1 Create an E1 ATM interface Router(config-controller)# e1 1 atm Create a NxDS0 E1 CEM group Router(config-controller)# e1 2 cem-group 0 timeslots 1-12 Create two IMA groups (1 with two E1 members) Router(config-controller)# e1 3 ima-group 5 Router(config-controller)# e1 4 ima-group 5 Verifying 2-Port Channelized T3/E3 CEoP SPA configuration Router# show controller t3 2/1/0 T3 2/1/0 is up. Hardware is SPA-2CHT3-CE-ATM Applique type is Clearchannel T3 ATM No alarms detected. Framing is M23, Line Code is B3ZS, Cablelength is 224 Clock Source is internal Equipment customer loopback Data in current interval (827 seconds elapsed): 0 Line Code Violations, 7 P-bit Coding Violation 0 C-bit Coding Violation, 2 P-bit Err Secs 0 P-bit Severely Err Secs, 3 Severely Err Framing Secs 17 Unavailable Secs, 0 Line Errored Secs 0 C-bit Errored Secs, 0 C-bit Severely Errored Secs 0 Severely Errored Line Secs 0 Far-End Errored Secs, 0 Far-End Severely Errored Secs 0 CP-bit Far-end Unavailable Secs 0 Near-end path failures, 2 Far-end path failures 0 Far-end code violations, 10 FERF Defect Secs 0 AIS Defect Secs, 4 LOS Defect Secs Router# show ip interface br ATM2/1/0 unassigned YES unset up up ATM2/1/1/1 unassigned YES unset up up ATM2/1/ima0 unassigned YES unset up up Router# show interface atm2/1/0 ATM2/1/0 is up, line protocol is up Hardware is SPA-2CHT3-CE-ATM, address is 000c.862c.4d40 (bia 000c.862c.4d40) MTU 4470 bytes, sub MTU 4470, BW 44209 Kbit/sec, DLY 0 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ATM, loopback not set Keepalive not supported Encapsulation(s): AAL5 AAL0 2047 maximum active VCs, 0 current VCCs VC Auto Creation Disabled. VC idle disconnect time: 300 seconds 1 carrier transitions Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 010-7 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuration Tasks Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out Router# show interface ATM2/1/0 ATM2/1/0 is up, line protocol is up Hardware is SPA-2CHT3-CE-ATM, address is 000c.862c.4d40 (bia 000c.862c.4d40) MTU 4470 bytes, sub MTU 4470, BW 44209 Kbit/sec, DLY 0 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ATM, loopback not set Keepalive not supported Encapsulation(s): AAL5 AAL0 2047 maximum active VCs, 0 current VCCs VC Auto Creation Disabled. VC idle disconnect time: 300 seconds 1 carrier transitions Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out Router# show atm int atm2/1/0 Interface ATM2/1/0: AAL enabled: AAL5, AAL0, Maximum VCs: 2047, Current VCCs: 0 Max. Datagram Size: 4528 PLIM Type: DS3 - 45000Kbps, Framing is C-bit ADM, DS3 lbo: short, TX clocking: LINE Cell-payload scrambling: OFF 0 input, 0 output, 0 IN fast, 0 OUT fast Avail bw = 44209 Config. is ACTIVE Router# show atm pvc VCD / Peak Av/Min Burst Interface Name VPI VCI Type Encaps SC Kbps Kbps Cells St 2/1/0 1 1 33 PVC SNAP UBR 44209 UP Router# show interface atm2/1/ima0 ATM2/1/ima0 is up, line protocol is up Hardware is ATM IMA, address is 000c.862c.4d40 (bia 000c.862c.4d40) MTU 4470 bytes, sub MTU 4470, BW 1523 Kbit/sec, DLY 0 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ATM, loopback not set10-8 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuration Tasks Keepalive not supported Encapsulation(s): AAL5 AAL0 2047 maximum active VCs, 0 current VCCs VC Auto Creation Disabled. VC idle disconnect time: 300 seconds 7 carrier transitions Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out Router#show ima int atm2/1/ima0 ATM2/1/ima0 is up, ACTIVATION COMPLETE Slot 2 Slot Unit 65 unit 256, CTRL VC 256, Vir -1, VC 4097 IMA Configured BW 1523, Active BW 1523 IMA version 1.1, Frame length 128 Link Test: Disabled Auto-Restart: Disabled ImaGroupState: NearEnd = operational, FarEnd = operational ImaGroupFailureStatus = noFailure IMA Group Current Configuration: ImaGroupMinNumTxLinks = 1 ImaGroupMinNumRxLinks = 1 ImaGroupDiffDelayMax = 25 ImaGroupNeTxClkMode = common(ctc) ImaGroupFrameLength = 128 ImaTestProcStatus = disabled ImaGroupTestLink = None ImaGroupTestPattern = 0x0 ImaGroupConfLink = 1 ImaGroupActiveLink = 1 IMA Link Information: ID Link Link State - Ctlr/Chan/Prot Test Status ---- -------------- ------------------------------ --------------- 0 T3 2/1/1 T1 2 Up Up Up Up disabled Router# show cem cir 100 CEM2/2/0, ID: 100, Line: UP, Admin: UP, Ckt: ACTIVE Controller state: up, T1/E1 state: up Idle Pattern: 0xFF, Idle CAS: 0x8 Dejitter: 8 (In use: 4) Payload Size: 32 Framing: Framed (DS0 channels: 5) CEM Defects Set None Signalling: No CAS RTP: No RTP Ingress Pkts: 2500 Dropped: 0 Egress Pkts: 2500 Dropped: 0 CEM Counter Details Input Errors: 0 Output Errors: 0 Pkts Missing: 0 Pkts Reordered: 0 Misorder Drops: 0 JitterBuf Underrun: 0 Error Sec: 0 Severly Errored Sec: 0 Unavailable Sec: 0 Failure Counts: 0 10-9 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuration Tasks Pkts Malformed: 0 JitterBuf Overrun: 0 Router# show cem cir detail | b 100 CEM2/2/0, ID: 100, Line: UP, Admin: UP, Ckt: ACTIVE Controller state: up, T1/E1 state: up Idle Pattern: 0xFF, Idle CAS: 0x8 Dejitter: 8 (In use: 4) Payload Size: 32 Framing: Framed (DS0 channels: 5) CEM Defects Set None Signalling: No CAS RTP: No RTP Ingress Pkts: 15000 Dropped: 0 Egress Pkts: 15000 Dropped: 0 CEM Counter Details Input Errors: 0 Output Errors: 0 Pkts Missing: 0 Pkts Reordered: 0 Misorder Drops: 0 JitterBuf Underrun: 0 Error Sec: 0 Severly Errored Sec: 0 Unavailable Sec: 0 Failure Counts: 0 Pkts Malformed: 0 JitterBuf Overrun: 0 Router# show cem circuit interface CEM2/2/0 100 CEM2/2/0, ID: 100, Line: UP, Admin: UP, Ckt: ACTIVE Controller state: up, T1/E1 state: up Idle Pattern: 0xFF, Idle CAS: 0x8 Dejitter: 8 (In use: 4) Payload Size: 32 Framing: Framed (DS0 channels: 5) CEM Defects Set None Signalling: No CAS RTP: No RTP Ingress Pkts: 27500 Dropped: 0 Egress Pkts: 27500 Dropped: 0 CEM Counter Details Input Errors: 0 Output Errors: 0 Pkts Missing: 0 Pkts Reordered: 0 Misorder Drops: 0 JitterBuf Underrun: 0 Error Sec: 0 Severly Errored Sec: 0 Unavailable Sec: 0 Failure Counts: 0 Pkts Malformed: 0 JitterBuf Overrun: 0 Router# show cem circuit summary CEM Int. Total Active Inactive -------------------------------------- CEM2/0/0 13 13 0 CEM2/1/0 7 7 0 CEM2/2/0 576 576 0 Router# show cem circuit CEM Int. ID Ctrlr Admin Circuit AC -------------------------------------------------------------- CEM2/0/0 0 UP UP Active UP CEM2/0/0 1 UP UP Active UP CEM2/0/0 2 UP UP Active UP CEM2/0/0 3 UP UP Active UP 10-10 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuration Tasks CEM2/0/0 4 UP UP Active UP CEM2/0/0 5 UP UP Active UP CEM2/0/0 6 UP UP Active UP CEM2/0/0 7 UP UP Active UP CEM2/0/0 8 UP UP Active UP CEM2/0/0 9 UP UP Active UP CEM2/0/0 21 UP UP Active UP CEM2/0/0 22 UP UP Active UP CEM2/0/0 23 UP UP Active UP Router# show class cem TDM-class-B Class: TDM-class-B Dejitter: 320, Payload Size: 40 Router# show class cem all Class: TDM-class-A Dejitter: 10, Payload Size: 40 Class: TDM-class-B Dejitter: 320, Payload Size: 40 Router# show class cem detail *Oct 26 05:43:12.846 IST: %SYS-5-CONFIG_I: Configured from console by console -Traceback= 4084BB0Cz 40856A84z 41CAF9ACz 41CAF990z Class: TDM-class-A Dejitter: 10, Payload Size: 40 Circuits inheriting this Class: None Interfaces inheriting this Class: None Class: TDM-class-B Dejitter: 320, Payload Size: 40 Circuits inheriting this Class: CEM2/2/0: Circuit 100 CEM2/2/0: Circuit 50 Interfaces inheriting this Class: None Note See the “Configuring T3” section on page 10-25 for information about the features that are not supported on the SPA in Cisco IOS Release 12.2SRC. Configuring the 1-Port Channelized OC-3 STM1 ATM CEoP SPA for SONET VT1.5 To configure the 1-Port Channelized OC-3 STM1 ATM CEoP SPA for SONET VT 1.5, perform the following steps: Command or Action Purpose Step 1 Router(config)# controller sonet 5/1/0 Selects the controller to configure. Step 2 Router(config-controller)# framing sonet Specifies SONET framing. Step 3 Router(config-controller)# sts-1 2 Specifies the STS identifier. Step 4 Router(config-ctrlr-sts1)# mode vt-15 Specifies VT-15 as the STS-1 mode of operation.10-11 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuration Tasks Configuring the 1-Port Channelized OC-3 STM1 ATM CEoP SPA for SDH AU-4 C-12 To configure the 1-Port Channelized OC-3 STM1 ATM CEoP SPA for SDH AU-4 C-12, perform the following steps: Configuring the 1-Port Channelized OC-3 STM1 ATM CEoP SPA for SDH AU-3 C-11 To configure the 1-Port Channelized OC-3 STM1 ATM CEoP SPA for SDH AU-3 C-11, perform the following steps: Step 5 Router(config-ctrlr-sts1)# vtg 3 t1 2 atm Creates a T1 (VT1.5) ATM interface. OR, Router(config-ctrlr-sts1)# vtg 1 t1 1 ima-group group-number Configures the interface to run in IMA mode and assigns the interface to an IMA group. OR, Router(config-ctrlr-sts1)# vtg 2 t1 1 cem-group 1 unframed Creates a single SAToP CEM group. OR, Router(config-ctrlr-sts1)# vtg 2 t1 4 cem-group 2 timeslots 1-5,14 Creates a CESoPSN CEM group. Command or Action Purpose Command or Action Purpose Step 1 Router(config)# controller sonet 5/1/0 Selects the controller to configure. Step 2 Router(config-controller)# framing sdh Specifies SDH as the framing mode. Step 3 Router(config-controller)# aug mapping au-4 Specifies AUG mapping. Step 4 Router(config-controller)# au-4 1 tug-3 2 Selects the AU-4, TUG-3 to configure. Step 5 Router(config-ctrlr-tug3)# mode c-12 Specifies the channelization mode for the TUG-3. Step 6 Router(config-ctrlr-tug3)# tug-2 7 e1 3 atm Creates an ATM interface. Router(config-ctrlr-tug3)# tug-2 1 e1 1 ima-group group-number Configures the interface to run in IMA mode and assigns the interface to an IMA group. Router(config-ctrlr-tug3)# tug-2 1 e1 1 cem-group 1 unframed Creates a SAToP CEM group. Router(config-ctrlr-tug3)# tug-2 1 e1 1 cem-group 1 timeslots 1-31 Creates a CESoPSN CEM group. Command or Action Purpose Step 1 Router(config)# controller sonet 5/1/0 Selects the controller to configure. Step 2 Router(config-controller)# framing sdh Specifies the framing mode. Step 3 Router(config-controller)# aug mapping au-3 Specifies AUG mapping. Step 4 Router(config-controller)# au-3 3 Selects the AU-3 to configure. Step 5 Router(config-ctrlr-au3)# mode c-11 Specifies the channelization mode for the link.10-12 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuration Tasks Step 6 Router(config-ctrlr-au3)# tug-2 7 t1 4 atm Creates an ATM interface. Router(config-ctrlr-tug3)# tug-2 1 e1 1 ima-group group-number Configures the interface to run in IMA mode and assigns the interface to an IMA group. Router(config-ctrlr-au3)# tug-2 1 t1 2 cem-group 1 unframed Creates a SAToP CEM group. Router(config-ctrlr-au3)# tug-2 1 t1 2 cem-group 2015 timeslots 1-12 Creates a CESoPSN CEM group. Command or Action Purpose10-13 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuring Circuit Emulation Configuring Circuit Emulation This section provides information about how to configure circuit emulation on a CEoP SPA. Circuit emulation provides a bridge between a time division multiplexed (TDM) network and a packet network (such as Multiprotocol Label Switching [MPLS]). The router encapsulates TDM data in MPLS packets and sends the data over a CEM pseudowire to the remote provider edge (PE) router. Thus, circuit emulation acts like a physical communication link across the packet network. To configure circuit emulation on a CEoP SPA port, you must do the following: 1. Configure one or more CEM groups on the port. Each CEM group represents a set of time slots from the TDM circuit attached to the port. When you configure a CEM group on the port, the router creates an interface that has the same slot/subslot/port number as the port (for example, cem2/1/0). 2. Configure a pseudowire for each CEM group. The router maps the data from the time slots in each group onto its pseudowire and sends the data over the MPLS network to the remote PE router. Use the xconnect command with encap mpls to create a pseudowire for each CEM group. Figure 10-1 shows the following sample configuration for a CEoP SPA: • A TDM circuit is connected to port 0 on a SPA installed in slot 1, subslot 0 (T1 controller 1/0/0). • Two pseudowires (PW10 and PW20) are configured to carry TDM data across the MPLS network. • Two CEM groups (2 and 3) are configured for the data in the TDM time slots: – Time slots 1 through 6 are sent over pseudowire 10 to the remote PE router at 10.0.0.0. – Time slots 8 through 13 are sent to PE router 11.0.0.0 over pseudowire 20. Figure 10-1 TDM Time Slots to Pseudowire Mappings MPLS network PW10 PW20 191977 controller T1 1/0/0 cem-group 2 timeslots 1–6 cem-group 3 timeslots 8–13 interface cem 1/0/0 cem 2 xconnect 10.0.0.0 10 encap mpls cem 3 xconnect 11.0.0.0 20 encap mpls CEM group 2 time slots 1 – 6 CEM group 3 time slots 8 – 13 TDM data stream 10.0.0.0 11.0.0.010-14 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuring Circuit Emulation Table 10-1lists the number of CEM groups you can configure for each CEoP SPA on the SIP 400. Table 10-1 Number of CEM Groups Supported for Each CEoP SPA Configuration Guidelines and Restrictions Not all combinations of payload-size and dejitter-buffer size are supported. Payload size, or dejitter configurations are rejected at the CLI level in CEM circuit mode on the SPA if they are not compatible. Any incompatible parameter modifications will be rejected and the configuration will fall back to the old dejitter and payload parameters if the parameters are being applied through the cem class template. For relation between the payload size and the dejitter buffer size on CeoPSN and SaToP T1/E1 frames see Table 9- 1, CESoPSN DS0 Lines: Payload and Jitter Limits, Table 9- 2, SAToP T1 Frame: Payload and Jitter Limits and Table 9-3, SAToP E1 Frame: Payload and Jitter Limits. Configuring a CEM Group To configure a CEM group to represent a CEM circuit on a SPA port, use the following procedure. Note • The first cem-group command under the controller creates a CEM interface that has the same slot/subslot/port information as the controller. The CEM interface is removed when all of the CEM groups under the interface have been deleted. • The CEM interface is always up, even if the controller state is down. This allows the CEM pseudowire to carry alarm information to the remote end. CEoP SPA Number of Supported CEM Groups 24 T1/E1 Channelized ATM CEoP SPA 191 2-Port Channelized T3/E3 ATM CEoP SPA 576 1-Port Channelized OC-3 STM1 ATM CEoP SPA 57610-15 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuring Circuit Emulation Configuring a CEM Class (Optional) To assign CEM parameters to one or more CEM interfaces, you can create a CEM class (template) that defines the parameters and then apply the class to the interfaces. CEM class parameters can be configured directly on the CEM circuit. The inheritance is as follows: • CEM circuit (highest level) • Class attached to CEM circuit • Class attached to the CEM interface Command or Action Purpose Step 1 Router(config)# controller type slot/subslot/port Examples Router(config)# controller t1 3/1/ Router(config)# controller sonet 2/0/1 Selects the controller for the port being configured: • type identifies the port type. Depending on the card type, valid values are t1, e1, t3, e3, or sonet. For additional information, see the sections for configuring those port types. • slot/subslot/port identifies the SPA slot, subslot, and port. Step 2 Router(config-controller)# [no] cem-group group-number {unframed | timeslots timeslot} Examples Router(config)# controller t1 3/2/0 Router(config-controller)# cem-group 1 unframed Router(config)# controller t1 3/2/1 Router(config-controller)# cem-group 1 timeslots 1,3,5-11 Router(config-controller)# cem-group 2 timeslots 12-24 Router(config)#controller t3 3/2/0 Router(config-controller)# t1 1 cem-group 1 timeslots 1 Router(config)# controller t3 3/2/1 Router(config-controller)# e1 1 cem-group 1 unframed Creates a CEM circuit (group) from one or more time slots of the line connected to this port. To delete the CEM circuit and release the time slots, use the no cem-group group-number command. • group-number assigns a CEM circuit number: – For 24 T1/E1 Channelized ATM CEoP SPA, you can configure up to 191 CEM groups. – For 2-Port Channelized T3/E3 ATM CEoP SPA, you can configure up to 576 CEM groups. – For 1-Port Channelized OC-3 STM1 ATM CEoP SPA, you can configure up to 576 CEM groups. • unframed creates a single CEM circuit from all of the time slots, and uses the framing on the line. Use this keyword for SAToP mode. • timeslots timeslot specifies the time slots to include in the CEM circuit. Use this keyword for CESoPSN mode. The list of time slots can include commas and hyphens with no spaces between the numbers, commas, and hyphens. Note Each time slot operates at 64 kilobits per second (kbps). Step 3 Router(config-controller)# exit Exits interface configuration mode. 10-16 Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide OL-5070-30 Chapter 10 Configuring the CEoP and Channelized ATM SPAs Configuring Circuit Emulation If the same parameter is configured on the CEM interface and CEM circuit, the value on the CEM circuit takes precedence. To configure a CEM class, use the following procedure: In the following example, a CEM class (TDM-Class-A) is configured to set the payload-size and d