Cisco 837 Router and SOHO 97 Router Cabling and Setup Quick Start Guide (French)
CISCO sur FNAC.COM
Voir également d'autres Guide CISCO :
Cisco-Security-Appliance-Command-Line-ASA-5500-version-7-2
Cisco-Introduction-to-the-Security-Appliance
Cisco-ASR-9000-Series-Aggregation-Configuration-Guide-Release-4-2-x
Cisco-IOS-XR-Carrier-Grade-NAT-Configuration-Guide-for-the-Cisco-CRS-Router-Release-4-2-x
Cisco-ASR-9000-Series-Aggregation-Services-Router-Interface-and-Hardware-Component-Configuration-Guide-Release-4-2-x
Cisco-ASR-9000-Series-Aggregation-Services-Router-IP-Addresses-and-Services-Configuration-Guide-Release-4-2-x
Cisco-ASR-9000-Series-Aggregation-Services-Router-L2VPN-et-services-Ethernet-Configuration-Guide-version-4-2-x
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide, Release 4.2.x
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
CHAPITRE
4-1
Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide
78-14782-07
Français
4
Configuration et câblage des routeurs Cisco 837
et SOHO 97
• Garantie limitée Cisco d'un an sur le matériel
• Vérification des éléments livrés avec le routeur
• Connexion du routeur
• Configuration du routeur
• Félicitations ! Vous avez terminé la configuration.
• Obtention de documentation
• Vos commentaires sur la documentation
• Assistance technique
• Obtention de publications et d'informations complémentaires4-2
Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide
78-14782-07
Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97
Garantie limitée Cisco d'un an sur le matériel
Garantie limitée Cisco d'un an sur le matériel
Des conditions spécifiques s'appliquent à la garantie de votre matériel et aux prestations de services dont
vous pouvez bénéficier pendant la période de validité de cette garantie. Votre déclaration formelle de
garantie, qui inclut la garantie et les accords de licence applicables aux logiciels Cisco, est disponible
sur le site Cisco.com.
Démarrez votre navigateur et accédez à l'URL suivante :
http://www.cisco.com/en/US/products/prod_warranties_listing.html
Vous pouvez également vous rendre sur le site Web de l'assistance technique et des services Cisco pour
obtenir une aide :
http://www.cisco.com/public/Support_root.shtml.
Vérification des éléments livrés avec le routeur
Respectez les étapes de la procédure suivante pour vérifier que tous les éléments nécessaires ont été
livrés avec le routeur.
Étape 1 Les éléments livrés avec votre routeur sont les suivants. Si l'un des éléments manque ou est endommagé,
contactez votre service clientèle.
Remarque Le câble ADSL standard est un câble direct bleu lavande. Si le câble qui a été commandé
est un câble ADSL croisé, il est bleu lavande avec une bande bleue.
Étape 2 Localisez la référence du produit.
L'étiquette mentionnant la référence du routeur Cisco 837 se trouve sur la partie arrière gauche du châssis.
Figure 4-1 Emplacement de la référence du produit
1 Câble Ethernet jaune 5 Documentation produit
2 Câble ADSL bleu lavande 6 Câble de console bleu clair (RJ-45 à DB-9)
3 Adaptateur secteur de bureau 7 Câble modem pour les gammes de routeurs
SOHO/800 (commandé séparément)
4 Cordon d'alimentation noir
INTERNET (E1) 4 3 2 1
Cisco 831
+18 VCC
CONSOLE ETHERNET 10-BASE-T ORDINATEURS (E0) ETHERNET 10-BASE-T
MARCHE
ARRÊT
Réf. : AAANNNNXXXX 121480
SN: AAANNNNXXXX4-3
Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide
78-14782-07
Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97
Connexion du routeur
Connexion du routeur
La Figure 4-2 montre l'installation type d'un routeur Cisco 837 ou SOHO 97.
Figure 4-2 Installation type d'un routeur Cisco 837 ou SOHO 97
Procédez comme suit pour connecter le routeur à l'adaptateur secteur, à votre réseau local et au réseau
de votre fournisseur de services :
Étape 1 Si vous connectez plus de quatre PC au routeur, connectez ce dernier à un commutateur ou à un
concentrateur à l’aide d'un câble Ethernet jaune, comme le montre la Figure 4-2.
Étape 2 Pour connecter un PC directement au routeur, procédez comme indiqué dans la Figure 4-2. Mettez le PC
hors tension afin qu'il obtienne une adresse IP du routeur lorsqu'il sera remis sous tension. Vous pouvez
connecter d'autres PC aux ports Ethernet numérotés restants.
Étape 3 Le port console est un port de service auquel vous pouvez connecter un terminal ou un PC pour configurer
le logiciel à l'aide de l'interface CLI (command-line interface) ou résoudre les problèmes rencontrés avec
le routeur. Si vous voulez accéder à la console du routeur, connectez un PC ou un terminal au port console
sur le routeur. Pour plus d'informations, consultez le document Cisco 837 and SOHO 97 Hardware
Installation Guide (Routeurs Cisco 837 et SOHO 97 - Guide d'installation matérielle).
Remarque En connectant le port console à un modem asynchrone à l’aide du câble modem pour les gammes de
routeurs SOHO/800 (disponible en option), vous pouvez doter le routeur de fonctionnalités de
sauvegarde et de gestion à distance. Reportez-vous au document Cisco 831 Router and SOHO 91 Router
Hardware Installation Guide (Routeurs Cisco 831 et SOHO 91 - Guide d'installation matérielle) pour
plus d'informations.
Cisco 837
CONSOLE ADSLoISDN +18 VDC ETHERNET 10BASET COMPUTERS (E0)a
4 3 2 1
1X
2X
1X
2X
1
121524
1 2
3
4 54-4
Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide
78-14782-07
Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97
Configuration du routeur
Étape 4 Connectez le port ADSL du routeur à la prise murale du téléphone à l'aide du câble ADSL bleu lavande.
Si la ligne ADSL sert aussi à la communication vocale, vous pouvez empêcher toute interruption de la
transmission de données en connectant le routeur à un filtre ADSL ou en installant des microfiltres entre
les téléphones ou les télécopieurs et la prise murale.
Étape 5 Raccordez le cordon d'alimentation au routeur comme indiqué dans la Figure 4-2 et mettez le routeur
sous tension. Assurez-vous d'utiliser l'adaptateur secteur livré avec le routeur. Le routeur n'accepte pas
d'autres adaptateurs secteur Cisco.
Configuration du routeur
Le routeur est livré avec un outil de configuration basé sur le Web que vous exécutez à partir d'un
navigateur Web.
Instructions de configuration SDM
Si le manuel Cisco Router and Security Device Manager (SDM) Quick Start Guide (Guide de démarrage
rapide du gestionnaire de routeur SDM) fait partie de votre kit d'accessoires, alors
Cisco Router and Security Device Manager (SDM) est chargé sur le routeur. Reportez-vous à ce
document pour configurer votre routeur Cisco 837.
Le lien suivant permet d'accéder à plus d'informations sur SDM, notamment aux notes de version et à
d'autres documentations SDM.
http://www.cisco.com/en/US/products/sw/secursw/ps5318/
Remarque SDM n'est pas livré avec les routeurs SOHO 97.
Instructions de configuration du logiciel CRWS
Si vous n'avez pas reçu le manuel Cisco Router and Security Device Manager (SDM) Quick Start Guide
(Guide de démarrage rapide du gestionnaire de routeur SDM), cela signifie que Cisco Router Web Setup
(CRWS) est chargé sur votre routeur. Les instructions de ce guide vous expliquent comment configurer
le routeur à l'aide du logiciel CRWS. Ce logiciel s'exécute avec les versions 3.0 à 4.7 de Netscape et les
versions 4 et supérieures d'Internet Explorer.
Le logiciel CRWS (Cisco Router Web Setup) est installé sur le routeur. Il sert à configurer la connexion
du routeur à Internet. Le logiciel CRWS s'exécute avec les versions 3.0 à 4.7 de Netscape et les versions
4 et supérieures d'Internet Explorer. Pour démarrer le logiciel CRWS et configurer le routeur, respectez
la procédure suivante :
Étape 1 Démarrez ou redémarrez un PC connecté à l'un des ports Ethernet (1, 2, 3 ou 4) du routeur.
Étape 2 Lancez un navigateur Web. Assurez-vous que le navigateur est configuré pour travailler en mode connexion.
• Dans Internet Explorer, cliquez sur le menu Fichier et assurez-vous que l'option Travailler hors
connexion est désactivée.
• Dans Netscape, l'option Travailler hors ligne du menu Fichier est désactivée par défaut. 4-5
Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide
78-14782-07
Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97
Configuration du routeur
Étape 3 Tapez l'URL (Universal Resource Locator) indiquée dans la Figure 4-3.
Figure 4-3 Tapez l'URL http://10.10.10.1
Le tableau de bord du logiciel CRWS (Figure 4-4) doit apparaître après 1 à 2 minutes.
Figure 4-4 Tableau de bord du logiciel CRWS
Conseil Si le tableau de bord de CRWS ne s'affiche pas lorsque vous entrez l'URL http://10.10.10.1, testez la
connexion entre le PC et le routeur en procédant comme suit :
• Assurez-vous que le témoin OK du routeur est allumé et vérifiez la connexion des câbles entre le
routeur et le PC.
• Si la page d'accueil CRWS ne s'affiche toujours pas, vérifiez que l'option « Travailler hors
connexion » du navigateur est désactivée.
• Si la page Web refuse toujours de s'afficher, assurez-vous que le PC est configuré pour la réception
automatique d'une adresse IP. Sélectionnez Démarrer/Exécuter, tapez winipcfg dans la fenêtre
Exécuter et examinez l'adresse se trouvant dans le champ de l'adresse IP. Cette adresse doit être au 4-6
Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide
78-14782-07
Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97
Configuration du routeur
format 10.10.10.X, où X est un nombre supérieur ou égal à 2 (par exemple, 10.10.10.2 ou
10.10.10.3). Si le format de l’adresse IP n'est pas conforme, suivez les instructions du Conseil à la
page 4-6 pour configurer le PC afin d'obtenir une adresse IP automatiquement. Relancez ensuite le
logiciel CRWS.
Étape 4 Si vous souhaitez une configuration standard, cliquez sur le lien Router Setup (Configuration du
routeur) de la page d'accueil, puis cliquez sur Quick Setup (Configuration rapide). Entrez ensuite le nom
d'utilisateur et le mot de passe attribués par votre fournisseur d'accès Internet et suivez la procédure
indiquée sur la page affichée.
Étape 5 Si vous devez configurer des fonctions particulières, comme le protocole NAT (Network Address
Translation), cliquez sur les liens correspondants de la page d'accueil et complétez les écrans de configuration.
Étape 6 Cliquez sur le lienMot de passe du routeur de la page d'accueil et définissez un mot de passe pour le
routeur.
Étape 7 Sélectionnez Démarrer/Exécuter et tapez winipcfg dans le champ Ouvrir de la fenêtre Exécuter. Lorsque
la fenêtre Configuration IP s'affiche, cliquez sur Libérer, puis sur Renouveler pour respectivement
libérer et renouveler l'adresse IP du PC.
Vous pouvez également ouvrir une fenêtre DOS et saisir ipconfig /release pour libérer l'adresse IP du
PC. Entrez ensuite ipconfig /renew pour la renouveler.
Étape 8 Ouvrez un navigateur Web sur le PC et connectez-vous à un site Web.
Conseil Si vous n'avez pas pu démarrer CRWS, cela indique peut-être que votre PC n'est pas configuré pour
obtenir une adresse IP automatiquement. Vous pouvez utiliser les informations suivantes si votre PC
s'exécute sous Microsoft Windows NT ou Microsoft Windows 95, 98 ou 2000. Pour les autres versions
de Microsoft Windows, consultez la documentation livrée avec le PC.
1. Mettez le PC en route et ouvrez le Panneau de configuration.
2. Double-cliquez sur l'icône Réseau pour afficher la fenêtre correspondante.
3. Vérifiez que le protocole TCP/IP a été ajouté et associé à l'adaptateur Ethernet. L'icône TCP/IP
représente un câble en Y dans la fenêtre Configuration de Microsoft Windows 95, 98, 2000, ME
et XP et dans la fenêtre Protocole de Microsoft Windows NT. Si cette icône n'est pas visible, cliquez
sur Ajouter, puis ajoutez Microsoft TCP/IP.
4. Pour vérifier si le PC est configuré pour obtenir une adresse IP automatiquement, cliquez sur l'icône
TCP/IP représentant un câble, puis sélectionnez l'onglet Adresse IP dans la fenêtre Propriétés
TCP/IP. Si ce n'est déjà fait, cochez la case Obtenir automatiquement une adresse IP. Les champs
Adresse IP et Masque de sous-réseau doivent être grisés.
5. Pour accepter toutes les modifications et quitter cette fenêtre, cliquez sur OK. Cliquez ensuite sur
OK dans la fenêtre Réseau.
6. Si vous y êtes invité, cliquez sur Oui pour redémarrer le PC.
7. Revenez à l'Étape 3 de la section Configuration du routeur page 4-4.
Pour plus d'informations sur la configuration du protocole TCP/IP, consultez le manuel Guide de
dépannage de la configuration Web d'un routeur Cisco disponible sur le CD de documentation produit
des gammes Cisco 800 et SOHO .4-7
Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide
78-14782-07
Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97
Félicitations ! Vous avez terminé la configuration.
Félicitations ! Vous avez terminé la configuration.
Si vous parvenez à vous connecter à un site Web, cela indique que le câblage et la configuration de
votre routeur ont réussi. Vous pouvez désormais utiliser le routeur pour accéder à Internet. Pour
configurer d'autres fonctionnalités, cliquez sur les liens CRWS appropriés et entrez les valeurs de
configuration du routeur.
Les autres sections de ce guide de démarrage rapide présentent des informations sur la documentation
connexe des gammes Cisco 800 et SOHO.
Informations complémentaires sur le routeur
Pour plus d'informations, consultez les documents suivants :
• Cisco 837 Router and SOHO 97 Router Hardware Installation Guide (Routeurs Cisco 837 et SOHO
97 - Guide d'installation matérielle) : fournit des informations détaillées concernant le câblage et le
matériel pour les routeurs Cisco 837 et SOHO 97.
• Cisco 800 Series Router Software Configuration Guide (Routeurs Cisco 800 – Guide de configuration
logicielle) : fournit des informations détaillées sur la configuration des routeurs Cisco 800.
• Cisco 828 Router and SOHO 78 Router Hardware Installation Guide (Routeurs Cisco 828 et SOHO
78 - Guide d'installation matérielle) : fournit des informations détaillées concernant le câblage et le
matériel pour les routeurs Cisco 828 et SOHO 78.
• Cisco 828 Router and SOHO 78 Router Software Configuration Guide (Routeurs Cisco 828 et
SOHO 78 - Guide de configuration logicielle) : fournit des instructions de configuration détaillées
pour les routeurs Cisco 828 et SOHO 78.
• Cisco Router Web Setup Troubleshooting Guide (Guide de dépannage de la configuration Web d'un
routeur Cisco) : fournit des informations de base sur la configuration du routeur.
• Upgrading Memory in Cisco 800 Series Routers (Routeurs Cisco 800 – Mise à niveau de la
mémoire) : fournit des informations sur la mise à niveau de la mémoire des routeurs Cisco 800.
La documentation Cisco la plus récente est disponible sur Internet à partir des sites suivants :
• http://www.cisco.com
• http://www-china.cisco.com
• http://www-europe.cisco.com
Obtention de documentation
La documentation Cisco est disponible sur le site Cisco.com. Cisco propose aussi divers moyens pour
obtenir une assistance technique et d'autres ressources techniques. Les sections qui suivent expliquent
comment obtenir des informations techniques de Cisco Systems.
Cisco.com
Vous pouvez accéder à la documentation Cisco la plus récente à l'adresse suivante :
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html4-8
Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide
78-14782-07
Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97
Vos commentaires sur la documentation
Vous pouvez accéder au site Web de Cisco à l'adresse suivante :
http://www.cisco.com
Vous pouvez accéder aux sites Web internationaux de Cisco à l'adresse suivante :
http://www.cisco.com/public/countries_languages.shtml
Commande de documentation
Vous trouverez les instructions de commande de documentation à l'adresse suivante :
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
Vous pouvez commander de la documentation Cisco comme suit :
• Les utilisateurs inscrits sur Cisco.com (clients directs de Cisco) peuvent commander de la
documentation à l'adresse suivante :
http://www.cisco.com/en/US/partner/ordering/index.shtml
• Les utilisateurs non inscrits sur Cisco.com peuvent se procurer de la documentation par
l'intermédiaire d'un représentant de compte local en appelant le siège social de Cisco Systems
(Californie, États-Unis) au numéro 408 526-7208 ou, en Amérique du Nord, en composant le
800 553-NETS (6387).
Vos commentaires sur la documentation
Vous pouvez envoyer vos commentaires sur la documentation technique à l'adresse bug-doc@cisco.com.
Pour envoyer vos commentaires par courrier ordinaire, utilisez le coupon-réponse situé à l'arrière de la
couverture de votre document ou, à défaut, écrivez à l'adresse suivante :
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
États-Unis
Vos commentaires sont les bienvenus.
Assistance technique
Pour tous les clients, partenaires, revendeurs et distributeurs en possession de contrats de service Cisco
valides, le centre d'assistance technique Cisco propose une assistance hors pair disponible 24 heures sur
24. Le site Web d'assistance technique Cisco sur Cisco.com propose des ressources en ligne très
complètes. En outre, le centre d'assistance technique (TAC) Cisco fournit une assistance téléphonique.
Si vous n'avez pas de contrat de service Cisco valide, contactez votre revendeur.4-9
Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide
78-14782-07
Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97
Assistance technique
Site Web d'assistance technique Cisco
Ce site propose des documents et outils en ligne pour dépanner et résoudre les problèmes techniques liés
aux technologies et produits Cisco. Il est disponible 24 heures sur 24, 365 jours par an à l'adresse suivante :
http://www.cisco.com/techsupport
Pour accéder aux outils du site, vous devez être inscrit à Cisco.com et posséder un ID utilisateur ainsi
qu'un mot de passe. Si vous êtes en possession d'un contrat de service valide mais que vous n'avez ni ID
utilisateur ni de mot de passe, connectez-vous à l'adresse suivante pour vous inscrire :
http://tools.cisco.com/RPF/register/register.do
Soumission d'une demande de service
Utiliser l'outil de demande de service en ligne sur le TAC est le moyen le plus rapide d'ouvrir des
demandes de service S3 et S4. (Ces demandes correspondent à une dégradation minimale du
fonctionnement de votre réseau ou à une demande d'information produit.) Lorsque vous avez décrit la
situation, l'outil de demande de service du TAC vous propose automatiquement les solutions
recommandées. Si cela ne résout pas le problème, votre demande de service est affectée à un ingénieur
du TAC Cisco. Vous trouverez l'outil de demande de service du TAC à l'adresse suivante :
http://www.cisco.com/techsupport/servicerequest
Pour les demandes de service S1 ou S2 ou si vous n'avez pas d'accès à Internet, contactez le TAC Cisco
par téléphone. (Vous soumettez ce type de demandes quand votre réseau opérationnel est très dégradé
ou paralysé.) Ces demandes sont affectées immédiatement aux ingénieurs du TAC Cisco pour préserver
le bon fonctionnement de vos activités.
Pour ouvrir une demande de service par téléphone, composez l'un des numéros suivants :
Asie-Pacifique : +61 2 8446 7411 (Australie : 1 800 805 227)
Zone EMEA : +32 2 704 55 55
États-Unis : 1 800 553 2447
Pour consulter la liste complète des contacts du TAC Cisco, rendez-vous à l'adresse :
http://www.cisco.com/techsupport/contacts
Définition de la gravité des demandes de service
Cisco a défini des niveaux de gravité de sorte que toutes les demandes de service observent un
format standard.
Gravité 1 (S1) : votre réseau est « paralysé » ou la situation a un impact très négatif sur vos activités
commerciales. Vous et Cisco engagerez 24 heures sur 24 toutes les ressources nécessaires pour résoudre
le problème.
Gravité 2 (S2) : le fonctionnement d'un réseau existant est très dégradé ou des aspects importants de
vos activités commerciales sont affectés par les performances inadéquates des produits Cisco. Vous
et Cisco engagerez des ressources à temps plein pendant les heures de bureau normales pour résoudre
le problème.
Gravité 3 (S3) : les performances de votre réseau sont affectées mais la plupart de vos activités
commerciales restent fonctionnelles. Vous et Cisco engagerez des ressources pendant les heures de
bureau normales pour rétablir des niveaux de service satisfaisants.4-10
Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide
78-14782-07
Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97
Obtention de publications et d'informations complémentaires
Gravité 4 (S4) : vous avez besoin d'informations ou d'assistance concernant des fonctionnalités,
l'installation ou la configuration de produits Cisco. L'impact sur vos activités commerciales est faible,
voire nul.
Obtention de publications et d'informations complémentaires
Des informations sur les produits, les technologies et les solutions réseau Cisco sont disponibles en ligne
et sous forme imprimée.
• La boutique Cisco Marketplace offre un grand choix d'ouvrages Cisco, de guides de référence et de
produits. Pour la découvrir, rendez-vous à l'adresse suivante :
http://www.cisco.com/go/marketplace/
• Le Catalogue des produits Cisco détaille les produits réseau proposés par Cisco Systems, ainsi que
les services clients gérant les commandes et les demandes d'assistance. Accédez au Catalogue des
produits Cisco en tapant l'URL suivante :
http://cisco.com/univercd/cc/td/doc/pcat/
• Cisco Press publie une large gamme d'ouvrages traitant de l'administration réseau, des formations
et des certifications. Les utilisateurs débutants comme les plus expérimentés y trouveront des
informations utiles. Pour connaître les dernières publications de Cisco Press et consulter d'autres
informations, visitez le site de Cisco Press à l'adresse suivante :
http://www.ciscopress.com
• Le magazine Packet destiné aux utilisateurs techniques de Cisco Systems détaille comment
maximiser les investissements Internet et réseau. Chaque trimestre, il présente les dernières
tendances en matière de réseaux, les innovations technologiques ainsi que les produits et solutions
Cisco. Il donne des conseils pour le déploiement et le dépannage des réseaux et propose des
exemples de configuration, des études de cas relatives à la clientèle, des informations sur les
certifications et les formations et des liens vers des ressources plus détaillées accessibles en ligne.
Vous pouvez accéder au magazine Packet à l'adresse suivante :
http://www.cisco.com/packet
• Le journal trimestriel Internet Protocol Journal publié par Cisco Systems s'adresse aux ingénieurs
concernés par la conception, le développement et l'exploitation de réseaux Internet et intranet
publics et privés. Vous pouvez y accéder à l'adresse suivante :
http://www.cisco.com/ipj
• Cisco propose des formations de niveau international sur les réseaux. Les programmes en cours sont
présentés à l'adresse suivante :
http://www.cisco.com/en/US/learning/index.html
CHAPITRE
4-1
Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide
78-14767-06
Français
4
Guide de démarrage rapide - Configuration et
câblage des routeurs Cisco 836 et SOHO 96
• Garantie limitée Cisco d’un an sur le matériel
• Vérification des éléments livrés avec le routeur
• Connexion du routeur
• Configuration du routeur
• Félicitations ! Vous avez terminé la configuration.
• Obtention de documentation
• Vos commentaires sur la documentation
• Assistance technique
• Obtention de publications et d’informations complémentaires4-2
Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide
78-14767-06
Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96
Garantie limitée Cisco d’un an sur le matériel
Garantie limitée Cisco d’un an sur le matériel
Des conditions spécifiques s’appliquent à la garantie de votre matériel et aux prestations de services dont
vous pouvez bénéficier pendant la période de validité de cette garantie. Votre déclaration formelle de
garantie, qui inclut la garantie et les accords de licence applicables aux logiciels Cisco, est disponible
sur le site Cisco.com.
Démarrez votre navigateur et accédez à l’URL suivante :
http://www.cisco.com/en/US/products/prod_warranties_listing.html
Vous pouvez également vous rendre sur le site Web de l’assistance technique et des services Cisco pour
obtenir une aide :
http://www.cisco.com/public/Support_root.shtml.
Durée de la garantie sur le matériel
Un (1) an
Procédure de remplacement, réparation ou remboursement du matériel
Cisco ou son centre de service sera en mesure d’expédier une pièce de rechange dans un délai de dix (10)
jours suivant la réception de la demande d’autorisation de retour de matériel (ARM). Le délai effectif de
livraison pourra varier en fonction de la destination.
Cisco se réserve le droit de rembourser le prix d’achat comme seule garantie.
Pour recevoir un numéro d’autorisation de retour de matériel (ARM)
Contactez la société auprès de laquelle vous avez acheté le produit. Si vous avez acheté le produit
directement auprès de Cisco, contactez votre responsable des ventes Cisco.
Complétez les informations ci-dessous et conservez-les comme référence.
Vérification des éléments livrés avec le routeur
Respectez les étapes de la procédure suivante pour vérifier que tous les éléments nécessaires ont été
livrés avec le routeur.
Étape 1 La Figure 4-1 présente les éléments livrés avec le routeur. Si l’un des éléments manque ou est
endommagé, contactez votre service clientèle.
Produit acheté auprès de
Numéro de téléphone du vendeur
Modèle du produit
Référence du produit
Numéro du contrat de maintenance4-3
Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide
78-14767-06
Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96
Vérification des éléments livrés avec le routeur
Figure 4-1 Éléments livrés avec le routeur
Étape 2 Vérifiez quel câble ADSL a été livré avec le routeur. Le routeur est livré avec un des câbles ADSL
suivants, spécifié lors de la commande du routeur : un câble ADSL standard direct RJ-11 à RJ-11, croisé
RJ-11 à RJ-11 ou direct RJ-11 à RJ-45.
Étape 3 Localisez la référence du produit.
L’étiquette mentionnant la référence du routeur Cisco 836 se trouve sur la partie arrière gauche du châssis.
Figure 4-2 Emplacement de la référence du produit
1 Câble Ethernet jaune 5 Cordon d’alimentation noir
2 Câble ADSL bleu lavande 6 Documentation produit
3 Câble S/T RNIS orange (commandé
séparément)
7 Câble de console bleu clair (RJ-45 à DB-9)
4 Adaptateur secteur de bureau
5
6
121478
2
Autre
documentation
Guide de
démarrage
rapide
INTERNET (E1) 4 3 2 1
Cisco 831
+18 VCC
CONSOLE ETHERNET 10-BASE-T ORDINATEURS (E0) ETHERNET 10-BASE-T
MARCHE
ARRÊT
Réf. : AAANNNNXXXX 121480
SN: AAANNNNXXXX4-4
Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide
78-14767-06
Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96
Connexion du routeur
Connexion du routeur
La Figure 4-3 montre l’installation type d’un routeur Cisco 836 ou SOHO 96.
Figure 4-3 Installation type d’un routeur Cisco 836 ou SOHO 96
Cisco 836
CONSOLE ISDN S/T ADSLoISDN +18 VDC ETHERNET 10BASET COMPUTERS (E0)a
4 3 2 1
1X
2X
1X
2X
1
121520
1 2 4
5
34-5
Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide
78-14767-06
Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96
Configuration du routeur
Procédez comme suit pour connecter le routeur à l’adaptateur secteur, à votre réseau local et au réseau
de votre fournisseur de services :
Étape 1 Si vous connectez plus de quatre PC au routeur, connectez ce dernier à un commutateur ou à un
concentrateur à l’aide d’un câble Ethernet jaune, comme le montre la Figure 4-3.
Étape 2 Pour connecter un PC directement au routeur, procédez comme indiqué dans la Figure 4-3. Mettez le PC
hors tension afin qu’il obtienne une adresse IP du routeur lorsqu’il sera remis sous tension. Vous pouvez
connecter d’autres PC aux ports Ethernet numérotés restants.
Étape 3 Le port console est un port de service auquel vous pouvez connecter un terminal ou un PC pour
configurer le logiciel à l’aide de l’interface CLI (command-line interface) ou résoudre les problèmes
rencontrés avec le routeur. Si vous voulez accéder à la console du routeur, connectez un PC ou un
terminal au port console. Pour plus d’informations, consultez le document Cisco 836 and SOHO 96
Hardware Installation Guide (Routeurs Cisco 836 et SOHO 96 - Guide d’installation matérielle).
Étape 4 Facultatif. Pour la sauvegarde et la gestion à distance, vous pouvez connecter le port S/T RNIS à une
terminaison réseau (NT1) ou à un filtre ADSL à l’aide du câble S/T RNIS orange (disponible en option).
Pour plus d’informations, consultez le document Cisco 836 and SOHO 96 Hardware Installation Guide
(Routeurs Cisco 836 et SOHO 96 - Guide d’installation matérielle).
Étape 5 Branchez le câble ADSL sur le port ADSLoRNIS du routeur et sur le filtre ADSL ou la prise murale. Si
vous utilisez un filtre ADSL, connectez-le à la prise murale à l’aide d’un câble à paire torsadée non
blindée de catégorie 5.
Étape 6 Raccordez le cordon d’alimentation au routeur comme indiqué dans la Figure 4-3 et mettez le routeur
sous tension. Assurez-vous d’utiliser l’adaptateur secteur livré avec le routeur.
Attention L’appareil est prévu pour fonctionner avec des systèmes d’alimentation TN.
Attention Ce produit dépend des installations du bâtiment pour la protection contre les courts-circuits
(surtension). Assurez-vous qu’un fusible ou un disjoncteur (maximum 240VCA, 16 A, 120 V CA, 15 A aux
États-Unis) est utilisé sur les conducteurs de phase (tous les conducteurs sous tension).
Attention Cet appareil doit être mis à la terre. Assurez-vous que le système hôte est raccordé à la terre en
cours d’utilisation.
Configuration du routeur
Le routeur est livré avec un outil de configuration basé sur le Web que vous exécutez à partir d’un
navigateur Web.
Instructions de configuration SDM
Si le manuel Cisco Router and Security Device Manager (SDM) Quick Start Guide (Guide de démarrage
rapide du gestionnaire de routeur SDM) fait partie de votre kit d’accessoires, alors
Cisco Router and Security Device Manager (SDM) est chargé sur le routeur. Reportez-vous à ce
document pour configurer votre routeur Cisco 836.4-6
Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide
78-14767-06
Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96
Configuration du routeur
Le lien suivant permet d’accéder à plus d’informations sur SDM, notamment aux notes de version et à
d’autres documentations SDM.
http://www.cisco.com/en/US/products/sw/secursw/ps5318/
Remarque SDM n’est pas livré avec les routeurs SOHO 96.
Instructions de configuration du logiciel CRWS
Si vous n’avez pas reçu le Cisco Router and Security Device Manager (SDM) Quick Start Guide (Guide
de démarrage rapide du gestionnaire de routeur SDM), alors Cisco Router Web Setup (CRWS) est
chargé sur votre routeur. Les instructions de ce guide vous expliquent comment configurer le routeur à
l’aide du logiciel CRWS. Ce logiciel s’exécute avec les versions 3.0 à 4.7 de Netscape et les versions 4
et supérieures d’Internet Explorer.
Pour démarrer le logiciel CRWS et configurer le routeur, respectez la procédure suivante :
Étape 1 Démarrez ou redémarrez un PC connecté à l’un des ports Ethernet (1, 2, 3 ou 4) du routeur. Il n’est pas
nécessaire que le PC soit connecté directement au routeur. Il peut être connecté par l’intermédiaire d’un
commutateur ou d’un concentrateur.
Étape 2 Lancez un navigateur Web. Assurez-vous que le navigateur est configuré pour travailler en mode connexion.
• Dans Internet Explorer, cliquez sur le menu Fichier et assurez-vous que l’option Travailler hors
connexion est désactivée.
• Dans Netscape, l’option Travailler hors ligne du menu Fichier est désactivée par défaut.
Étape 3 Tapez l’URL (Universal Resource Locator) indiquée dans la Figure 4-4.
Figure 4-4 Tapez l’URL http://10.10.10.1
Le tableau de bord du logiciel CRWS (Figure 4-5) doit apparaître après 1 à 2 minutes.4-7
Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide
78-14767-06
Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96
Configuration du routeur
Figure 4-5 Tableau de bord du logiciel CRWS
Conseil Si le tableau de bord de CRWS ne s’affiche pas lorsque vous entrez l’URL http://10.10.10.1, testez la
connexion entre le PC et le routeur en procédant comme suit :
• Assurez-vous que le témoin OK du routeur est allumé et vérifiez la connexion des câbles entre le
routeur et le PC.
• Si la page d’accueil CRWS ne s’affiche toujours pas, vérifiez que l’option « Travailler hors
connexion » du navigateur est désactivée.
• Si la page Web refuse toujours de s’afficher, assurez-vous que le PC est configuré pour la réception
automatique d’une adresse IP. Sélectionnez Démarrer/Exécuter, tapez winipcfg dans la fenêtre
Exécuter et examinez l’adresse se trouvant dans le champ de l’adresse IP. Cette adresse doit être au
format 10.10.10.X, où X est un nombre supérieur ou égal à 2 (par exemple, 10.10.10.2 ou
10.10.10.3). Si le format de l’adresse IP n’est pas conforme, suivez les instructions du Conseil à la
page 4-8 pour configurer le PC afin d’obtenir une adresse IP automatiquement. Relancez ensuite le
logiciel CRWS.
Étape 4 Si vous souhaitez une configuration standard, cliquez sur le lien Router Setup (Configuration du
routeur) de la page d’accueil, puis cliquez sur Quick Setup (Configuration rapide). Entrez ensuite le
nom d’utilisateur et le mot de passe attribués par votre fournisseur d’accès Internet et suivez la procédure
indiquée sur la page affichée.
Étape 5 Si vous devez configurer des fonctions particulières, comme le protocole NAT (Network Address Translation),
cliquez sur les liens correspondants de la page d’accueil et complétez les écrans de configuration.4-8
Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide
78-14767-06
Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96
Félicitations ! Vous avez terminé la configuration.
Étape 6 Cliquez sur le lien Router Password (Routeur - Mot de passe) de la page d’accueil et définissez un mot
de passe pour le routeur.
Étape 7 Sélectionnez Démarrer/Exécuter et tapez winipcfg dans le champ Ouvrir de la fenêtre Exécuter.
Lorsque la fenêtre Configuration IP s’affiche, cliquez sur Libérer, puis sur Renouveler pour
respectivement libérer et renouveler l’adresse IP du PC.
Vous pouvez également ouvrir une fenêtre Exécuter et saisir ipconfig /release pour libérer l’adresse IP
du PC. Entrez ensuite ipconfig /renew pour la renouveler.
Étape 8 Ouvrez un navigateur Web sur le PC et connectez-vous à un site Web.
Conseil Si vous n’avez pas pu démarrer CRWS, cela indique peut-être que votre PC n’est pas configuré pour
obtenir une adresse IP automatiquement. Vous pouvez utiliser les informations suivantes si votre PC
s’exécute sous Microsoft Windows NT ou Microsoft Windows 95, 98 ou 2000. Pour les autres versions
de Microsoft Windows, consultez la documentation livrée avec le PC.
1. Mettez le PC en route et ouvrez le Panneau de configuration.
2. Double-cliquez sur l’icône Réseau pour afficher la fenêtre correspondante.
3. Vérifiez que le protocole TCP/IP a été ajouté et associé à l’adaptateur Ethernet. L’icône TCP/IP
représente un câble en Y dans la fenêtre Configuration de Microsoft Windows 95, 98, 2000, ME
et XP et dans la fenêtre Protocole de Microsoft Windows NT. Si cette icône n’est pas visible, cliquez
sur Ajouter, puis ajoutez Microsoft TCP/IP.
4. Pour vérifier si le PC est configuré pour obtenir une adresse IP automatiquement, cliquez sur l’icône
TCP/IP représentant un câble, puis sélectionnez l’onglet Adresse IP dans la fenêtre Propriétés
TCP/IP. Si ce n’est déjà fait, cochez la case Obtenir automatiquement une adresse IP. Les champs
Adresse IP et Masque de sous-réseau doivent être grisés.
5. Pour accepter toutes les modifications et quitter cette fenêtre, cliquez sur OK. Cliquez ensuite sur
OK dans la fenêtre Réseau.
6. Si vous y êtes invité, cliquez sur Oui pour redémarrer le PC.
7. Revenez à l’Étape 3 de la section Configuration du routeur page 4-5.
Pour plus d’informations sur la configuration du protocole TCP/IP, consultez le manuel Guide de
dépannage de la configuration Web d'un routeur Cisco disponible sur le Cisco.com.
Félicitations ! Vous avez terminé la configuration.
Si vous parvenez à vous connecter à un site Web, cela indique que le câblage et la configuration de votre
routeur ont réussi. Vous pouvez désormais l’utiliser pour accéder à Internet. Pour configurer d’autres
fonctionnalités, cliquez sur les liens CRWS appropriés et entrez les valeurs de configuration du routeur.4-9
Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide
78-14767-06
Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96
Obtention de documentation
Informations complémentaires sur le routeur
Pour plus d’informations, consultez les documents suivants :
• Cisco 836 Router and SOHO 96 Router Hardware Installation Guide (Routeurs Cisco 836 et SOHO
96 - Guide d’installation matérielle) : fournit des informations détaillées concernant le câblage et le
matériel pour les routeurs Cisco 836 et SOHO 96.
• Cisco 800 Series Router Software Configuration Guide (Routeurs Cisco 800 – Guide de configuration
logicielle) : fournit des informations détaillées sur la configuration des routeurs Cisco 800.
• Regulatory Compliance and Safety Information for Cisco 800 Series and SOHO Series Routers
(Routeurs des gammes Cisco 800 et SOHO – Informations relatives au respect des réglementations
et à la sécurité) : fournit des informations sur les normes de sécurité et les réglementations
internationales pour tous les routeurs des gammes Cisco 800 et SOHO.
• Upgrading Memory in Cisco 800 Series Routers (Routeurs Cisco 800 – Mise à niveau de la
mémoire) : fournit des informations sur la mise à niveau de la mémoire des routeurs Cisco 800.
La documentation Cisco la plus récente est disponible sur Internet à partir des sites suivants :
• http://www.cisco.com
• http://www-china.cisco.com
• http://www-europe.cisco.com
Obtention de documentation
La documentation Cisco est disponible sur le site Cisco.com. Cisco propose aussi divers moyens pour
obtenir une assistance technique et d’autres ressources techniques. Les sections qui suivent expliquent
comment obtenir des informations techniques de Cisco Systems.
Cisco.com
Vous pouvez accéder à la documentation Cisco la plus récente à l’adresse suivante :
http://www.cisco.com/en/US/support/index.html
Vous pouvez accéder au site Web de Cisco à l’adresse suivante :
http://www.cisco.com
Vous pouvez accéder aux sites Web internationaux de Cisco à l’adresse suivante :
http://www.cisco.com/public/countries_languages.shtml
Commande de documentation
Vous trouverez les instructions de commande de documentation à l’adresse suivante :
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html4-10
Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide
78-14767-06
Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96
Vos commentaires sur la documentation
Vous pouvez commander de la documentation Cisco comme suit :
• Les utilisateurs inscrits sur Cisco.com (clients directs de Cisco) peuvent commander de la
documentation à l’adresse suivante :
http://www.cisco.com/en/US/partner/ordering/index.shtml
• Les utilisateurs non inscrits sur Cisco.com peuvent se procurer de la documentation par
l’intermédiaire d’un représentant de compte local en appelant le siège social de Cisco Systems
(Californie, États-Unis) au numéro 408 526-7208 ou, en Amérique du Nord, en composant le
800 553-NETS (6387).
Vos commentaires sur la documentation
Vous pouvez envoyer vos commentaires sur la documentation technique à l’adresse bug-doc@cisco.com.
Pour envoyer vos commentaires par courrier ordinaire, utilisez le coupon-réponse situé à l’arrière de la
couverture de votre document ou, à défaut, écrivez à l’adresse suivante :
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
États-Unis
Vos commentaires sont les bienvenus.
Assistance technique
Pour tous les clients, partenaires, revendeurs et distributeurs en possession de contrats de service Cisco
valides, le centre d’assistance technique Cisco propose une assistance hors pair disponible 24 heures sur
24. Le site Web d’assistance technique Cisco sur Cisco.com propose des ressources en ligne très
complètes. En outre, le centre d’assistance technique (TAC) Cisco fournit une assistance téléphonique.
Si vous n’avez pas de contrat de service Cisco valide, contactez votre revendeur.
Site Web d’assistance technique Cisco
Ce site propose des documents et outils en ligne pour dépanner et résoudre les problèmes techniques
liés aux technologies et produits Cisco. Il est disponible 24 heures sur 24, 365 jours par an à
l’adresse suivante :
http://www.cisco.com/techsupport
Pour accéder aux outils du site, vous devez être inscrit à Cisco.com et posséder une ID utilisateur ainsi
qu’un mot de passe. Si vous êtes en possession d’un contrat de service valide mais que vous n’avez ni
ID utilisateur ni de mot de passe, connectez-vous à l’adresse suivante pour vous inscrire :
http://tools.cisco.com/RPF/register/register.do4-11
Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide
78-14767-06
Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96
Assistance technique
Soumission d’une demande de service
Utiliser l’outil de demande de service en ligne sur le TAC est le moyen le plus rapide d’ouvrir des
demandes de service S3 et S4. (Ces demandes correspondent à une dégradation minimale du
fonctionnement de votre réseau ou à une demande d’information produit.) Lorsque vous avez décrit la
situation, l’outil de demande de service du TAC vous propose automatiquement les solutions
recommandées. Si cela ne résout pas le problème, votre demande de service est affectée à un ingénieur
du TAC Cisco. Vous trouverez l’outil de demande de service du TAC à l’adresse suivante :
http://www.cisco.com/techsupport/servicerequest
Pour les demandes de service S1 ou S2 ou si vous n’avez pas d’accès à Internet, contactez le TAC Cisco
par téléphone. (Vous soumettez ce type de demandes quand votre réseau opérationnel est très dégradé
ou paralysé.) Ces demandes sont affectées immédiatement aux ingénieurs du TAC Cisco pour préserver
le bon fonctionnement de vos activités.
Pour ouvrir une demande de service par téléphone, composez l’un des numéros suivants :
Asie-Pacifique : +61 2 8446 7411 (Australie : 1 800 805 227)
Zone EMEA : +32 2 704 55 55
États-Unis : 1 800 553 2447
Pour consulter la liste complète des contacts du TAC Cisco, rendez-vous à l’adresse :
http://www.cisco.com/techsupport/contacts
Définition de la gravité des demandes de service
Cisco a défini des niveaux de gravité de sorte que toutes les demandes de service observent un
format standard.
Gravité 1 (S1) : votre réseau est « paralysé » ou la situation a un impact très négatif sur vos activités
commerciales. Vous et Cisco engagerez 24 heures sur 24 toutes les ressources nécessaires pour résoudre
le problème.
Gravité 2 (S2) : le fonctionnement d’un réseau existant est très dégradé ou des aspects importants de vos
activités commerciales sont affectés par les performances inadéquates des produits Cisco. Vous et Cisco
engagerez des ressources à temps plein pendant les heures de bureau normales pour résoudre le problème.
Gravité 3 (S3) : les performances de votre réseau sont affectées mais la plupart de vos activités
commerciales restent fonctionnelles. Vous et Cisco engagerez des ressources pendant les heures de
bureau normales pour rétablir des niveaux de service satisfaisants.
Gravité 4 (S4) : vous avez besoin d’informations ou d’assistance concernant des fonctionnalités,
l’installation ou la configuration de produits Cisco. L’impact sur vos activités commerciales est faible,
voire nul.4-12
Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide
78-14767-06
Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96
Obtention de publications et d’informations complémentaires
Obtention de publications et d’informations complémentaires
Des informations sur les produits, les technologies et les solutions réseau Cisco sont disponibles en ligne
et sous forme imprimée.
• La boutique Cisco Marketplace offre un grand choix d’ouvrages Cisco, de guides de référence et de
produits. Pour la découvrir, rendez-vous à l’adresse suivante :
http://www.cisco.com/go/marketplace/
• Le Catalogue des produits Cisco détaille les produits réseau proposés par Cisco Systems, ainsi que
les services clients gérant les commandes et les demandes d’assistance. Accédez au Catalogue des
produits Cisco en tapant l’URL suivante :
http://cisco.com/univercd/cc/td/doc/pcat/
• Cisco Press publie une large gamme d’ouvrages traitant de l’administration réseau, des formations
et des certifications. Les utilisateurs débutants comme les plus expérimentés y trouveront des
informations utiles. Pour connaître les dernières publications de Cisco Press et consulter d’autres
informations, visitez le site de Cisco Press à l’adresse suivante :
http://www.ciscopress.com
• Le magazine Packet destiné aux utilisateurs techniques de Cisco Systems détaille comment
maximiser les investissements Internet et réseau. Chaque trimestre, il présente les dernières
tendances en matière de réseaux, les innovations technologiques ainsi que les produits et solutions
Cisco. Il donne des conseils pour le déploiement et le dépannage des réseaux et propose des
exemples de configuration, des études de cas relatives à la clientèle, des informations sur les
certifications et les formations et des liens vers des ressources plus détaillées accessibles en ligne.
Vous pouvez accéder au magazine Packet à l’adresse suivante :
http://www.cisco.com/packet
• Le journal trimestriel Internet Protocol Journal publié par Cisco Systems s’adresse aux ingénieurs
concernés par la conception, le développement et l’exploitation de réseaux Internet et intranet
publics et privés. Vous pouvez y accéder à l’adresse suivante :
http://www.cisco.com/ipj
• Cisco propose des formations de niveau international sur les réseaux. Les programmes en cours sont
présentés à l’adresse suivante :
http://www.cisco.com/en/US/learning/index.html
Cisco ASR 9000 Series Aggregation Services Router System
Management Configuration Guide, Release 4.2.x
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-26081-03THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown
for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S
P r e f a c e Preface xiii
Changes to This Document xiii
Obtaining Documentation and Submitting a Service Request xiv
C H A P T E R 1 Configuring Profiles on the Cisco ASR 9000 Series Router 1
Restrictions of Scale Profiles 1
Information About Profiles 2
Information About Scale Profiles 2
Information About Feature Profiles 2
Relationship Between Scale and Feature Profiles 2
How to Configure Profiles 3
Configuring the Scale Profile 3
Configuring the Feature Profile 5
Additional References 7
C H A P T E R 2 Secure Domain Routers on the Cisco ASR 9000 Series Router 9
Prerequisites for Working with Secure Domain Routers 9
Information About Configuring Secure Domain Routers 10
What Is a Secure Domain Router? 10
Owner SDR and Administration Configuration Mode 10
SDR Access Privileges 10
Root-System Users 11
root-lr Users 11
Other SDR Users 12
Designated Shelf Controller (DSC) 12
Default Configuration of the Router 12
Cisco IOS XR Software Package Management 12
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 iiiAdditional References 13
C H A P T E R 3 Upgrading and Managing Software on Cisco ASR 9000 Series Router 15
Overview of Cisco IOS XR Software Packages 16
Package Installation Envelopes 16
Summary of Cisco IOS XR Software Packages 16
Packages in the Cisco IOS XR Unicast Routing Core Bundle 17
Software Maintenance Upgrades 17
Filename Component Description 17
PIE Filenames and Version Numbers 19
Copying the PIE File to a Local Storage Device or Network Server 20
Information About Package Management 20
Summary of Package Management 20
Adding Packages 21
Activating Packages 21
Activating Multiple Packages or SMUs 22
Activating All Packages Added in a Specific Operation 22
Adding and Activating a Package with a Single Command 22
Upgrading and Downgrading Packages 22
Committing the Active Software Set 22
Rolling Back to a Previous Installation Operation 22
Upgrading Packages 23
Downgrading Packages 23
Impact of Package Version Changes 24
Impact of Package Activation and Deactivation 24
Delaying the Return of the CLI Prompt 25
Displaying Installation Log Information 25
Examples 25
Package Management Procedures 27
Activation and Deactivation Prerequisites 27
Obtaining and Placing Cisco IOS XR Software 28
Transferring Installation Files from a Network File Server to a Local Storage
Device 29
Preparing for Software Installation Operations 31
Examples 34
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
iv OL-26081-03
ContentsAdding and Activating Packages 41
Examples 47
Committing the Active Package Set 49
Examples 50
Upgrading to Cisco IOS XR Software Release 4.0 51
Deactivating and Removing Cisco IOS XR Software Packages 57
Examples 61
Rolling Back to a Previous Software Set 62
Displaying Rollback Points 62
Displaying the Active Packages Associated with a Rollback Point 63
Rolling Back to a Specific Rollback Point 63
Rolling Back to the Last Committed Package Set 64
Additional References 64
C H A P T E R 4 Configuring Disk Mirroring on the Cisco ASR 9000 Series Router 67
Disk Mirroring Prerequisites 67
Information About Disk Mirroring 68
How to Enable Disk Mirroring 69
Enabling Disk Mirroring 69
Replacing the Secondary Mirroring Device 71
Replacing the Primary Mirroring Device 72
Configuration Examples for Enabling Disk Mirroring 76
Additional References 77
C H A P T E R 5 Software Entitlement on the Cisco ASR 9000 Series Router 79
Prerequisites for Configuring Software Entitlement 80
Restrictions for Cisco IOS XR Software Entitlement 80
Information About Cisco IOS XR Software Entitlement 80
What Is Software Entitlement? 80
Types of Licenses 81
Router License Pools 81
Chassis-Locked Licenses 81
Slot-Based Licenses 81
Features that Require Licenses After a Software Image Upgrade 82
How to Configure Cisco IOS XR Software Entitlement 83
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 v
ContentsAdding a License for a New Feature 83
Backing Up Licenses 85
Examples 86
Restoring Licenses 87
Examples 88
Troubleshooting License Issues after a Software Upgrade 88
Additional References 88
C H A P T E R 6 Managing the Router Hardware 91
Prerequisites for Managing Router Hardware 92
Displaying Hardware Status 92
Displaying SDR Hardware Version Information 92
Displaying System Hardware Version Information 95
Displaying Software and Hardware Information 98
Displaying SDR Node IDs and Status 99
Displaying Router Node IDs and Status 100
Displaying Router Environment Information 101
Displaying RP Redundancy Status 104
Displaying Field-Programmable Device Compatibility 105
RSP Redundancy and Switchover 107
Establishing RSP Redundancy 107
Determining the Active RP in a Redundant Pair 108
Role of the Standby RSP 109
Summary of Redundancy Commands 109
Automatic Switchover 110
RSP Redundancy During RSP Reload 110
Manual Switchover 110
Communicating with a Standby RP 111
Reloading, Shutting Down, or Power Cycling a Node 111
Reloading the Active RSP 113
Flash Disk Recovery 115
Using Controller Commands to Manage Hardware Components 115
Formatting Hard Drives, Flash Drives, and Other Storage Devices 115
Removing and Replacing Cards 116
Removing Line Cards 117
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
vi OL-26081-03
ContentsReplacing a Line Card with the Same Media Type and Port Count 118
Replacing a Line Card with the Same Media Type and a Different Port Count 118
Replacing a Line Card or PLIM with a Different Media Type 118
Upgrading the CPU Controller Bits 119
Examples 119
Additional References 119
C H A P T E R 7 Upgrading FPD on the Cisco ASR 9000 Series Router 123
Prerequisites for FPD Image Upgrades 124
Overview of FPD Image Upgrade Support 124
Automatic FPD Upgrade 124
How to Upgrade FPD Images 125
Configuration Examples for FPD Image Upgrade 128
show hw-module fpd Command Output: Example 128
show fpd package Command Output: Example 130
upgrade hw-module fpd Command Output: Example 139
show platform Command Output: Example 140
Troubleshooting Problems with FPD Image Upgrades 140
Power Failure or Removal of a SPA During an FPD Image Upgrade 140
Performing a SPA FPD Recovery Upgrade 141
Performing a SIP FPD Recovery Upgrade 141
Additional References 141
C H A P T E R 8 Configuring Manageability on Cisco ASR 9000 Series Router 145
Information About XML Manageability 146
How to Configure Manageability 146
Configuring the XML Agent 146
Configuration Examples for Manageability 147
Enabling VRF on an XML Agent: Examples 147
Additional References 148
C H A P T E R 9 Configuring Call Home on the Cisco ASR 9000 Series Router 151
About Call Home 151
Destination Profiles 152
Call Home Alert Groups 152
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 vii
ContentsCall Home Message Levels 153
Obtaining Smart Call Home 154
Configuring Call Home 155
Configuring Contact Information 155
Configuring and Activating Destination Profiles 158
Associating an Alert Group with a Destination Profile 160
Configuring Email 163
Enabling Call Home 165
C H A P T E R 1 0 Implementing NTP on the Cisco ASR 9000 Series Router 169
Prerequisites for Implementing NTP on Cisco IOS XR Software 170
Information About Implementing NTP 170
How to Implement NTP on Cisco IOS XR Software 171
Configuring Poll-Based Associations 171
Configuring Broadcast-Based NTP Associates 173
Configuring NTP Access Groups 176
Configuring NTP Authentication 177
Disabling NTP Services on a Specific Interface 179
Configuring the Source IP Address for NTP Packets 181
Configuring the System as an Authoritative NTP Server 182
Updating the Hardware Clock 184
Verifying the Status of the External Reference Clock 185
Examples 186
Configuration Examples for Implementing NTP 186
Additional References 189
C H A P T E R 1 1 Implementing Object Tracking on Cisco IOS XR Software 191
Prerequisites for Implementing Object Tracking 191
Information About Object Tracking 192
How to Implement Object Tracking 192
Tracking Whether an Interface Is Up or Down 192
Tracking the Line Protocol State of an Interface 193
Tracking IP Route Reachability 196
Building a Track Based on a List of Objects 198
Building a Track Based on a List of Objects - Threshold Percentage 201
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
viii OL-26081-03
ContentsBuilding a Track Based on a List of Objects - Threshold Weight 202
Configuration Examples for Configuring Object Tracking 204
Additional References 206
C H A P T E R 1 2 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router 209
Prerequisites for Implementing Physical and Virtual Terminals 210
Information About Implementing Physical and Virtual Terminals 210
Line Templates 210
Line Template Configuration Mode 210
Line Template Guidelines 211
Terminal Identification 212
vty Pools 212
How to Implement Physical and Virtual Terminals on Cisco IOS XR Software 212
Modifying Templates 212
Creating and Modifying vty Pools 214
Monitoring Terminals and Terminal Sessions 216
Configuration Examples for Implementing Physical and Virtual Terminals 217
Additional References 219
C H A P T E R 1 3 Implementing SNMP on the Cisco ASR 9000 Series Router 223
Prerequisites for Implementing SNMP 224
Restrictions for SNMP Use on Cisco IOS XR Software 224
Information About Implementing SNMP 224
SNMP Functional Overview 224
SNMP Manager 224
SNMP Agent 224
MIB 225
SNMP Notifications 225
SNMP Versions 226
Comparison of SNMPv1, v2c, and v3 227
Security Models and Levels for SNMPv1, v2, v3 228
SNMPv3 Benefits 229
SNMPv3 Costs 230
User-Based Security Model 230
View-Based Access Control Model 230
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 ix
ContentsMIB Views 231
Access Policy 231
IP Precedence and DSCP Support for SNMP 231
How to Implement SNMP on Cisco IOS XR Software 231
Configuring SNMPv3 231
Configuring SNMP Trap Notifications 234
Setting the Contact, Location, and Serial Number of the SNMP Agent 237
Defining the Maximum SNMP Agent Packet Size 238
Changing Notification Operation Values 240
Setting IP Precedence and DSCP Values 241
Configuring MIB Data to be Persistent 243
Configuring LinkUp and LinkDown Traps for a Subset of Interfaces 244
Configuration Examples for Implementing SNMP 247
Configuring SNMPv3: Examples 247
Configuring Trap Notifications: Example 250
Setting an IP Precedence Value for SNMP Traffic: Example 251
Setting an IP DSCP Value for SNMP Traffic: Example 251
Additional References 251
C H A P T E R 1 4 Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series
Router 255
Prerequisites for Periodic MIB Data Collection and Transfer 255
Information About Periodic MIB Data Collection and Transfer 256
SNMP Objects and Instances 256
Bulk Statistics Object Lists 256
Bulk Statistics Schemas 256
Bulk Statistics Transfer Options 256
Benefits of Periodic MIB Data Collection and Transfer 257
How to Configure Periodic MIB Data Collection and Transfer 257
Configuring a Bulk Statistics Object List 257
Configuring a Bulk Statistics Schema 258
Configuring Bulk Statistics Transfer Options 261
Monitoring Periodic MIB Data Collection and Transfer 264
Periodic MIB Data Collection and Transfer: Example 265
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
x OL-26081-03
ContentsC H A P T E R 1 5 Implementing CDP on the Cisco ASR 9000 Series Router 267
Prerequisites for Implementing CDP 267
Information About Implementing CDP 268
How to Implement CDP on Cisco IOS XR Software 269
Enabling CDP 269
Modifying CDP Default Settings 270
Monitoring CDP 272
Examples 273
Configuration Examples for Implementing CDP 275
Additional References 275
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 xi
Contents Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
xii OL-26081-03
ContentsPreface
This book presents configuration information and examples for System Management of the Cisco IOS XR
software. The preface for Cisco ASR 9000 Series Aggregation Services Router System Management
Configuration Guide consists of the following sections:
• Changes to This Document, page xiii
• Obtaining Documentation and Submitting a Service Request, page xiv
Changes to This Document
This table lists the technical changes made to this document since it was first printed.
Table 1: Changes to This Document
Revision Date Change Summary
Configuring Periodic MIB Data
Collection and Transfer module
was added.
OL-26081-03 August 2012
The Object Tracking module was
added.
Information regarding image
filenames was added to the topic:
Filename Component Description,
on page 17.
OL-26081-02 May 2012
OL-26081-01 December 2011 Initial release of this document.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 xiiiObtaining Documentation and Submitting a Service Request
For information on obtaining documentation,submitting a service request, and gathering additional information,
see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco
technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
xiv OL-26081-03
Preface
Obtaining Documentation and Submitting a Service RequestC H A P T E R 1
Configuring Profiles on the Cisco ASR 9000 Series
Router
Your router caters to different market segments on the service provider edge space. Your router is capable
of supporting a wide range of market segments and features, but to make the software more efficient, you
must configure the appropriate profiles to achieve the results you require.
• Different customers have different network architectures, and this puts different scale demands on the
router. By configuring the scale profile, you can configure your router to accommodate your needs.
• The software supports a wide range of features. To optimize performance, each feature profile enables
a subset of the total available features for a release. You must configure the appropriate profile to enable
the features that you require.
Table 2: Feature History for Configuring Profiles
Release Modification
Release 3.9.1 The scale profile was introduced
The scale profile configuration was moved to admin mode.
The feature profile was introduced.
Release 4.0.1
This model contains the following topics:
• Restrictions of Scale Profiles, page 1
• Information About Profiles, page 2
• How to Configure Profiles, page 3
• Additional References, page 7
Restrictions of Scale Profiles
Video monitoring is not supported with the L3XL scale profile.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 1Information About Profiles
Information About Scale Profiles
A scale profile is a user-configurable setting that tunes the router to perform more efficiently depending on
how the router is being used. You should configure a scale profile before deploying the router to production
use.
Your router can be used for different market segments on the service provider edge space. Because different
customers have different network architectures, which can place different scale demands on the router, it is
important to configure the scale profile so that your router works as efficiently as possible within the architecture
that you are using.
Possible scenarios that are taken into account by the scale profile are:
• Use of the router as a Layer 2 transport device, thus requiring the support of high Layer 2 scale numbers.
• Use of the router primarily as a Layer 3 box that provides Layer 3 virtual private network (VPN)services,
thus requiring the support of a high number of Layer 3 routes.
Information About Feature Profiles
To allow sufficient computation capabilities within the router, the available features within the Cisco IOS XR
software image are bundled. A feature profile determines which bundle of features is available for you to use.
Although you can always configure a feature, if the feature is not supported by the active feature profile, you
cannot use it.
There are two feature profiles available on your router:
• The default profile that supports all Cisco IOS XR software features except for IEEE 802.1ah provider
backbone bridge (PBB).
• The L2 profile that supports all Cisco IOS XR software features including IEEE 802.1ah PBB, but does
not support IPv6, reverse-path forwarding (RPF) or netflow.
If the feature profile that you have configured on your router does notsupport a feature that you have configured,
warning messages are displayed on the console, and the feature does not work. A configured feature profile
takes affect only after you reload all the line cards on the router.
Relationship Between Scale and Feature Profiles
Although you are not limited in your selection of scale and feature profiles in relation to each other, we
recommend using one of the following pairs:
• Default scale profile with default feature profile.
• Default scale profile with Layer 2 feature profile.
• Layer 3 scale profile with default feature profile.
Other pairs are not recommended. Note that the Layer 3 XL scale profile does not support video monitoring.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
2 OL-26081-03
Configuring Profiles on the Cisco ASR 9000 Series Router
Information About ProfilesHow to Configure Profiles
Configuring the Scale Profile
Before you deploy your router, you should configure the scale profile to make the system most efficient for
your specific network architecture.
Before You Begin
In general, the route switch processor (RSP) with 4 GB of memory is capable of loading 1.3 million IPv4
routes. However, consider using an 8 GB RSP if the router needs to hold a large number of routes.
SUMMARY STEPS
1. admin
2. configure
3. hw-module profile scale{default | l3 | l3xl}
4. Use one of these commands:
• end
• commit
5. reload location {all | node-id}
6. show running-config
7. show hw-module profile
DETAILED STEPS
Command or Action Purpose
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 1
configure Enters administration configuration mode.
Example:
RP/0/RSP0/CPU0:router(admin)#
configure
Step 2
Step 3 hw-module profile scale{default | l3 | l3xl} Specifies the scale profile for the router.
Example:
RP/0/RSP0/CPU0:router(admin-config)#
hw-module profile
• default —efficient for deployments that require large Layer 2 MAC
tables(up to 512,000 entries) and a relatively small number of Layer 3
routes (less than 512,000).
scale l3xl
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 3
Configuring Profiles on the Cisco ASR 9000 Series Router
How to Configure ProfilesCommand or Action Purpose
• l3 —efficient for deployments that require more Layer 3 routes (up
to 1 million) and smaller Layer 2 MAC tables (less than 128,000
entries).
Sun Nov 14 10:04:27.109 PST
In order to activate this new memory
resource profile,
you must manually reboot the system.
• l3xl —efficient for deployments that require a very large number of
Layer 3 routes (up to 1.3 million) and minimal Layer 2 functionality.
Note that the support for up to 1.3 million routes is split into IPv4
scaled support and IPv4/IPV6 scaled support. You can configure up
to 1.3 million IPv4 routes, or up to 1 million IPv4 routes with 128,000
IPv6 routes.
Step 4 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(admin-config)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
or the router to EXEC mode.
RP/0/RSP0/CPU0:router(admin-config)#
commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Reloads the entire router or all line cards in the chassis. If you are changing
the scale profile to, or from, the l3xl value, you must perform a reload of
reload location {all | node-id}
Example:
RP/0/RSP0/CPU0:router(admin)# reload
location 0/0/cpu0
Step 5
the entire system before the change is enabled. Use the reload location all
command. For all other changesto the scale profile, you must reload all line
cards in the router. Use the reload location node-id command for each
line card separately.
or
RP/0/RSP0/CPU0:router(admin)# reload
location all
show running-config Displays the configured scale profile.
Example:
RP/0/RSP0/CPU0:router(admin)# show
running-config
hw-module profile scale
Step 6
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
4 OL-26081-03
Configuring Profiles on the Cisco ASR 9000 Series Router
Configuring the Scale ProfileCommand or Action Purpose
Displays the active scale profile. If the scale profile is different than the
configured profile, the line cards have not been reloaded as required for the
scale profile configuration to take place.
show hw-module profile
Example:
RP/0/RSP0/CPU0:router# show hw-module
profile scale
Step 7
Configuring the Feature Profile
Before deploying your router you should determine that the feature profile is consistent with the features that
you need to use. If it is not, use this task to configure a different profile.
SUMMARY STEPS
1. admin
2. configure
3. hw-module profile feature{default | l2}
4. Use one of these commands:
• end
• commit
5. reload location {all | node-id}
6. show running-config
7. show hw-module profile feature
DETAILED STEPS
Command or Action Purpose
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 1
configure Enters administration configuration mode.
Example:
RP/0/RSP0/CPU0:router(admin)# configure
Step 2
Step 3 hw-module profile feature{default | l2} Specifies the feature profile for the router.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 5
Configuring Profiles on the Cisco ASR 9000 Series Router
Configuring the Feature ProfileCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(admin-config)#
hw-module profile
• default—supports all features except provider backbone bridge
(PBB).
• l2—supports PBB, but does not support IPv6, reverse-path
feature l2 forwarding (RPF) and netflow.
Wed Dec 8 08:29:54.053 PST
L2 feature profile does NOT support the
following features:
IPv6, RPF, Netflow.
In order to activate this new memory
resource profile,
you must manually reboot the line cards.
Step 4 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(admin-config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(admin-config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Reloads a line card. Before the feature profile configuration becomes
effective, you must reload all line cards in the router. Use the reload
location node-id command for each line card separately.
reload location {all | node-id}
Example:
RP/0/RSP0/CPU0:router(admin)# reload
location 0/0/cpu0
Step 5
show running-config Displays the configured feature profile.
Example:
RP/0/RSP0/CPU0:router(admin)# show
running-config
hw-module profile feature
Step 6
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
6 OL-26081-03
Configuring Profiles on the Cisco ASR 9000 Series Router
Configuring the Feature ProfileCommand or Action Purpose
Displays the active feature profile. If the active profile is different
from the configured profile, the line cards have not been reloaded as
required for the feature profile configuration to take place.
show hw-module profile feature
Example:
RP/0/RSP0/CPU0:router# show hw-module
profile feature all
Step 7
What to Do Next
If you see warning messages to the console indicating that the active feature profile does not match the
configured profile, you must reload the affected line card so that the configured profile matches the active
profile.
LC/0/1/CPU0:Nov 5 02:50:42.732 : prm_server[236]: Configured 'hw-module
profile feature l2' does not match active 'hw-module profile feature default'.
You must reload this line card in order to activate the configured profile on
this card or you must change the configured profile.
If you see warning messages to the console indicating that some features do not match the feature profile, you
should either change the feature profile configuration, or remove the non-supported features.
LC/0/1/CPU0:Nov 5 02:50:42.732 : prm_server[236]: Active 'hw-module profile
feature l2' does not support IPv6, RPF, or Netflow features. Please remove all
unsupported feature configurations.
Additional References
Related Documents
Related Topic Document Title
Hardware Redundancy and Node Administration
on the Cisco ASR 9000 Series Router module of
Cisco ASR 9000 Series Aggregation Services Router
System Management Command Reference
Profile commands
Cisco ASR 9000 Series Aggregation Services Router
Commands Master List
Cisco IOS XR master command index
Configuring AAA Services on the Cisco ASR 9000
Series Router module of Cisco ASR 9000 Series
Aggregation Services Router System Security
Configuration Guide
Information about user groups and task IDs
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 7
Configuring Profiles on the Cisco ASR 9000 Series Router
Additional ReferencesStandards and RFCs
Standard/RFC Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIB MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the
Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
Technical Assistance
Description Link
The Cisco Support website provides extensive online http://www.cisco.com/support
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
8 OL-26081-03
Configuring Profiles on the Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 2
Secure Domain Routers on the Cisco ASR 9000
Series Router
Secure domain routers (SDRs) are a means of dividing a single physical system into multiple logically
separated routers. Cisco ASR 9000 Series Routers are single-shelf routers that only support one SDR—the
owner SDR.
Table 3: Feature History for Secure Domain Routers on Cisco IOS XR Software
Release Modification
Release 3.7.2 This feature was introduced.
This module contains the following topics:
• Prerequisites for Working with Secure Domain Routers, page 9
• Information About Configuring Secure Domain Routers, page 10
• Additional References, page 13
Prerequisites for Working with Secure Domain Routers
Initial Setup
• The router must be running the Cisco IOS XR software .
• The root-system username and password must be assigned as part of the initial configuration.
• For more information on booting a router and performing initial configuration, see Cisco ASR 9000
Series Aggregation Services Router Getting Started Guide.
Required Cards for Each SDR
• Route switch processor (RSP) pair must be installed for the SDR.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 9Task ID Requirements
• You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
Maximum SDR Configurations
• Only one owner SDR is supported. Non-owner SDRs are not supported
Information About Configuring Secure Domain Routers
What Is a Secure Domain Router?
Cisco routers running Cisco IOS XR software can be partitioned into multiple, independent routers known
assecure domain routers(SDRs). SDRs are a means of dividing a single physicalsystem into multiple logically
separated routers. SDRs perform routing functions the same as a physical router, but they share resources
with the rest of the system. For example, the software, configurations, protocols, and routing tables assigned
to an SDR belong to that SDR only, but other functions, such as chassis-control and switch fabric, are shared
with the rest of the system.
Note Cisco ASR 9000 Series Routers are single-shelf routers that only support one SDR—the owner SDR.
Owner SDR and Administration Configuration Mode
The owner SDR is created at system startup and cannot be removed. This owner SDR performs system-wide
functions, including the creation of additional non-owner SDRs. You cannot create the owner SDR because
it always exists, nor can you completely remove the owner SDR because it is necessary to manage the router.
By default, all nodes in the system belong to the owner SDR.
The owner SDR also provides access to the administration EXEC and administration configuration modes.
Only users with root-system privileges can access the administration modes by logging in to the primary route
switch processor (RSP) for the owner SDR (called the designated shelf controller, or DSC).
Administration modes are used to view and manage system-wide resources and logs.
Related Topics
SDR Access Privileges, on page 10
SDR Access Privileges
Each SDR in a router has a separate AAA configuration that defines usernames, passwords, and associated
privileges.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
10 OL-26081-03
Secure Domain Routers on the Cisco ASR 9000 Series Router
Information About Configuring Secure Domain Routers• Only users with root-system privileges can access the administration EXEC and administration
configuration modes.
• Users with other access privileges can access features according to their assigned privileges for a specific
SDR.
For more information about AAA policies, see the Configuring AAA Services on the Cisco ASR 9000 Series
Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide.
Related Topics
Root-System Users, on page 11
root-lr Users, on page 11
Other SDR Users, on page 12
Root-System Users
Users with root-system privileges have access to system-wide features and resources. The root-system user
is created during the initial boot and configuration of the router.
The root-system user has the following privileges:
• Access to administration EXEC and administration configuration commands.
• Ability to create other users with similar or lower privileges.
• Complete authority over the chassis.
• Ability to install and activate software packages for the router.
• Ability to view the following admin plane events (owner SDR logging system only):
? Software installation operations and events.
? System card boot operations, such as card booting notifications and errors, heartbeat-missed
notifications, and card reloads.
? Card alphanumeric display changes.
? Environment monitoring events and alarms.
? Fabric control events.
? Upgrade progress information.
root-lr Users
Users with root-lr privileges can log in to an SDR only and perform configuration tasks that are specific to
that SDR. The root-lr group has the following privileges:
• Ability to configure interfaces and protocols.
• Ability to create other users with similar or lower privileges on the SDR.
• Ability to view the resources assigned to their particular SDR.
The following restrictions apply to root-lr users:
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 11
Secure Domain Routers on the Cisco ASR 9000 Series Router
SDR Access Privileges• Users with root-lr privileges cannot enter administration EXEC or configuration modes.
• Users with root-lr privileges cannot add or remove nodes from an SDR.
• Users with root-lr privileges cannot create root-system users.
• The highest privilege a non-owner SDR user can have is root-lr.
Other SDR Users
Additional usernames and passwords can be created by the root-system or root-lr users to provide more
restricted access to the configuration and management capabilities of the owner SDR.
Designated Shelf Controller (DSC)
In a router running Cisco IOS XR software, one RSP is assigned the role of DSC. The DSC provides
system-wide administration and control capability, including access to the administration EXEC and
administration configuration modes. For more information on DSCs, refer to Cisco ASR 9000 Series
Aggregation Services Router Getting Started Guide.
Default Configuration of the Router
When a router is brought up, the nodes assigned to the router are activated with the default software package
profile. In Cisco IOS XR software, the default software profile is defined by the last install operation.
To view the default software profile, use the show install active summary command in administration
EXEC mode. Any new nodes that are configured to the router boot with the default software profile listed in
the output of this command.
RP/0/RSP0/CPU0:router# show install active summary
Tue Jul 21 06:10:48.321 DST
Active Packages:
disk0:comp-asr9k-mini-3.9.0.14I
disk0:asr9k-adv-video-3.9.0.14I
disk0:asr9k-fpd-3.9.0.14I
disk0:asr9k-k9sec-3.9.0.14I
disk0:asr9k-mgbl-3.9.0.14I
disk0:asr9k-mcast-3.9.0.14I
disk0:asr9k-mpls-3.9.0.14I
For detailed instructions to add and activate software packages, see the Upgrading and Managing Cisco
IOS XR Software module of the Cisco ASR 9000 Series Aggregation Services Router System Management
Configuration Guide. See also the Software Package Management Commands on Cisco IOS XR Software
module of the Cisco ASR 9000 Series Aggregation Services Router System Management Command
Reference.
Note
Cisco IOS XR Software Package Management
Software packages are added to the DSC of the system from administration EXEC mode. Once added, a
package can be activated for the system. For detailed instructions regarding software package management,
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
12 OL-26081-03
Secure Domain Routers on the Cisco ASR 9000 Series Router
Designated Shelf Controller (DSC)see the Upgrading and Managing Cisco IOS XR Software module of Cisco ASR 9000 Series Aggregation
Services Router System Management Configuration Guide. See also the Software Package Management
Commands on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services
Router System Management Command Reference.
• To access install commands, you must be a member of the root-system user group with access to the
administration EXEC mode.
• Most show install commands can be used in the EXEC mode of an SDR to view the details of the
active packages for that SDR.
Related Topics
Default Configuration of the Router, on page 12
Additional References
The following sections provide references related to SDR configuration.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Initial system bootup and configuration information
for a router using the Cisco IOS XR software
Cisco ASR 9000 Series Aggregation Services Router
Commands Master List
Cisco IOS XR master command reference
Configuring AAA Services on the Cisco ASR 9000
Series Router module of Cisco ASR 9000 Series
Aggregation Services Router System Security
Configuration Guide
Information about user groups and task IDs
Cisco ASR 9000 Series Aggregation Services Router
Interface and Hardware Component Command
Reference
Cisco IOS XR interface configuration commands
Configuring AAA Services on the Cisco ASR 9000
Series Router module of Cisco ASR 9000 Series
Aggregation Services Router System Security
Configuration Guide
Information about AAA policies, including
instructions to create and modify users and username
access privileges
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 13
Secure Domain Routers on the Cisco ASR 9000 Series Router
Additional ReferencesMIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the
Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
RFCs
RFCs Title
No new or modified RFCs are supported by this —
feature, and support for existing RFCs has not been
modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
14 OL-26081-03
Secure Domain Routers on the Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 3
Upgrading and Managing Software on Cisco ASR
9000 Series Router
The Cisco IOS XR software is divided into software packages so that you can select which features run on
your router. This module describes the concepts and tasks necessary to add feature packages, upgrade the
active set of packages, roll back to a previously active set of packages, and perform other related package
management tasks.
For complete descriptions of the commands listed in this module, see Related Documents, on page 65. To
locate documentation for other commands that might appear in the course of performing a configuration
task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List.
Table 4: Feature History for Upgrading and Managing Cisco IOS XR Software
Release Modification
Release 3.7.2 The feature was introduced.
A procedure to upgrade software from Cisco IOS XR Release 3.x was introduced.
See Upgrading to Cisco IOS XR Software Release 4.0, on page 51.
Support for installation commands was removed from EXEC mode.
The ability to install software on a specific SDR was removed.
Release 4.0.0
This module contains the following topics:
• Overview of Cisco IOS XR Software Packages, page 16
• Information About Package Management, page 20
• Package Management Procedures, page 27
• Rolling Back to a Previous Software Set, page 62
• Additional References, page 64
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 15Overview of Cisco IOS XR Software Packages
Cisco IOS XR software is divided into software packages so that you can select which features run on your
router. Each package contains the components to perform a specific set of router functions, such as routing,
security, or modular services card (MSC) support. Bundles are groups of packages that can be downloaded
as a set. For example, Cisco IOS XR Unicast Routing Core Bundle (known as mini) providesthe main packages
for use on every router.
Adding a package to the router does not affect the operation of the router—it only copies the package files to
a local storage device on the router, known as the boot device (such as the compact flash drive). To make the
package functional on the router, you must activate it for one or more cards.
To upgrade a package, you activate a newer version of the package. When the automatic compatibility checks
have been passed, the new version is activated, and the old version is deactivated.
Activating a software maintenance upgrade (SMU) does not cause any earlier SMUs or the package to
which the SMU applies to be automatically deactivated.
Note
To downgrade a package, you activate an older version of the package. When the automatic compatibility
checks have been passed, the older version is activated, and the newer version is deactivated.
Note For more information on the features and components included in each package, refer to the release notes.
Package Installation Envelopes
Package Installation Envelopes (PIEs) are nonbootable files that contain a single package or a set of packages
(called a composite package or bundle). Because the files are nonbootable, they are used to add software
package files to a running router.
PIE files have a pie extension. When a PIE file contains software for a specific bug fix, it is called a software
maintenance upgrade (SMU).
Files with the vm extension are bootable installation files used only to replace all current Cisco IOS XR
software. These files are installed from ROM Monitor mode, which causes significant router downtime.
Cisco Systems recommends installing or upgrading software packages only using PIE files as described
in this document. For more information on vm files, see Cisco ASR 9000 Series Aggregation Services
Router ROM Monitor Guide.
Note
Summary of Cisco IOS XR Software Packages
Every router includes a basic set of required packages contained in the Cisco IOS XR Unicast Routing Core
Bundle. Additional optional packages can be added and activated on the router to provide specific features.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
16 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Overview of Cisco IOS XR Software PackagesPackages in the Cisco IOS XR Unicast Routing Core Bundle
The packages contained in the Cisco IOS XR Unicast Routing Core Bundle are as follows:
• Operating system (OS) and minimum boot image (MBI)—Kernel, file system, memory management,
and other slow changing core components.
• Base—Interface manager, system database, checkpoint services, configuration management, other
slow-changing components.
• Infra—Resource management: rack, fabric, secure domain router (SDR).
• Routing—RIB, BGP, ISIS, OSPF, EIGRP, RIP, RPL.
• Forwarding—FIB, ARP, QoS, ACL, and other components.
• LC— Line card drivers.
The filename for this bundle is: asr9k-mini.pie-version.
Refer to the release notes for additional information on the specific features provided by each package.
Software Maintenance Upgrades
An SMU is a PIE file that contains fixes for a specific defect. A composite SMU is a PIE file that contains
SMUs for more than one package. SMUs are added and activated using the same procedures as other PIE
files. SMUs are created to respond to immediate issues and do not include new features. Typically, SMUs do
not have a large impact on router operations. SMU versions are synchronized to the package major, minor,
and maintenance versions they upgrade.
SMUs are not an alternative to maintenance releases. They provide quick resolution of immediate issues. All
bugsfixed by SMUs are integrated into the maintenance releases. For information on available SMUs, contact
Cisco Technical Support, as described in Obtaining Technical Assistance in the monthly What’s New in
Cisco Product Documentation.
Activating a software maintenance upgrade (SMU) does not cause any earlier SMUs, or the package to
which the SMU applies, to be automatically deactivated.
Note
Filename Component Description
The filename componentsfor all packages are described in Table 5: Composite- and Single-Package Filename
Components, on page 17.
Table 5: Composite- and Single-Package Filename Components
Component Description
Identifiesthe platform for which the software package
is designed.
• The platform designation is “asr9k.”
platform
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 17
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Summary of Cisco IOS XR Software PackagesComponent Description
Identifies a specific composite package.
• The only composite PIE file at this time is
named “mini” and includes all packages
described in the Cisco IOS XR Unicast Routing
Core Bundle.
composite_name
Identifies the type of package the file supports
(package_type applies only to single-package PIEs).
Package types include:
• mcast—Multicast package
• mgbl—Manageability package
• mpls—MPLS package
• k9sec—Security package
• diags—Diagnostics package
• fpd—Field-programmable device package
• doc—Documentation package
package_type
Identifies the major release of this package.
• A major release occurs when there is a major
architectural change to the product (for example,
a major new capability is introduced).
• All packages operating on the router must be at
the same major release level.
• A major release is the least frequent release and
may require a router reboot.
major
Identifies the minor release of this package.
• A minor release contains one or more of the
following:
? New features
? Bug fixes
• The minor release version does not have to be
identical for all software packages operating on
the router, but the operating packages must be
certified by Cisco as compatible with each other.
• A minor release may require a router reboot.
minor
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
18 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Summary of Cisco IOS XR Software PackagesComponent Description
Identifies the maintenance release of this package.
• A maintenance release contains a collection of
bug fixes for a package.
• The maintenance release version does not have
to be identical for all software packages
operating on the router, but the major and minor
versions of the maintenance release must match
those of the package being updated.
• A maintenance release does not usually require
a router reboot.
maintenance
SMUs only. Identifies a DDTS
1
number that describes
the problem this SMU addresses.
DDTS is the method used to track known bugs and
the resolutions or workarounds for those issues.
ddts
In Cisco IOS XR Software Release 4.0, the software
packages were reorganized into functionally
well-defined and independently-releasable packages.
These reorganized packages are identified by the -p
in the filename. These packages are not compatible
with packages released prior to Release 4.0. When
upgrading to Release 4.0 or above, special upgrade
instructions must be followed.
p
Identifies images that are compatible with both the
Cisco CRS-1 and Cisco CRS-3 routers. Starting with
Cisco IOS XR Release 4.2, -px releases replace the
-p releases.
px
1
distributed defect tracking system
Related Topics
Summary of Cisco IOS XR Software Bundles
PIE Filenames and Version Numbers
PIE filenames have two formats: one for composite-package PIEs (bundles) and one for single-package PIEs.
A composite-package file is a PIE file that contains multiple packages.
Note Hyphens in the filename are part of the filename.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 19
Upgrading and Managing Software on Cisco ASR 9000 Series Router
PIE Filenames and Version NumbersTable 6: PIE Filenames, on page 20 shows the filenames for available PIE types.
Table 6: PIE Filenames
Software Delivery Type Filename Example
platform-composite_name.pie- asr9k-mini.pie-3.7.2
major.minor.maintenance
Composite (Bundle) PIE
Single package PIE platform-package_type.-p.pie-major.minor.maintenance asr9k-mpls.pie-3.7.2
Composite SMU platform-p.composite_name.ddts.pie
Copying the PIE File to a Local Storage Device or Network Server
To add an optional package or upgrade or downgrade a package, you must copy the appropriate PIE file to a
local storage device or to a network file server to which the router has access.
If you need to store PIE files on the router, we recommended storing PIE files on the harddisk. Flash disk0:
serves as the boot device for packages that have been added or activated on the system. Flash disk1: is used
as a backup for disk0:.
Before copying PIE files to a local storage device, use the dir command to check to see if the required
PIE files are already on the device.
Tip
Information About Package Management
Summary of Package Management
The general procedure for adding optional packages, upgrading a package or package set, or downgrading
packages on the router is as follows:
1 Copy the package file or files to a local storage device or file server.
2 Add the package or packages on the router using the command install add .
3 Activate the package or packages on the router using the install activate command.
4 Commit the current set of packages using the install commit command.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
20 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Information About Package ManagementFigure 1: Process to Add, Activate, and Commit Cisco IOS XR Software Packages, on page 21 illustrates
key steps in the package management process.
Figure 1: Process to Add, Activate, and Commit Cisco IOS XR Software Packages
Adding Packages
Use the install add command to unpack the package software files from a PIE file and copy them to the
boot device (usually disk0:) of your router.
From administration EXEC mode, the package software files are added to the boot device of the DSC of the
router, as well as all active and standby Route Processors (RPs) and fabric shelf controllers (SCs) installed
on the router.
The disk that holds the unpacked software files is also known as the boot device. By default, flash disk0:
is used as the boot device. To use an alternate storage device, such as flash disk1:, see the Router Recovery
with ROM Monitor module of Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Guide.
Remember that all RSPs in a system must use the same boot device. If the boot device on the primary
RSP is flash disk0:, then the standby RSP must also have a flash disk0:.
Note
Activating Packages
Software packages remain inactive until activated with the install activate command.
After a package has been added to the router , use the install activate command to activate the package or
SMUs for all valid cards. Information within the package is used to verify compatibility with the target cards
and with the other active software. Actual activation is performed only after the package compatibility and
application programming interface (API) compatibility checks have been passed.
Activating a Package on the Router
To activate a package on your router, use the install activate command in administration EXEC mode. The
install activate command also activatesthe package on all administration plane nodes and resources, including
service processors (SPs), fabric SCs, fan controllers, alarm modules, and power modules.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 21
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Summary of Package ManagementActivating Multiple Packages or SMUs
To install multiple packages or software maintenance upgrades (SMUs) with a single command, use the
install activate command and either specify up to 16 packages by repeating device: package arguments or
use wildcard syntax to specify multiple packages. Some SMUs may require a reload. If the operation requires
a node reload, the user is prompted before the installation operation occurs.
Activating All Packages Added in a Specific Operation
To install all packages that were added in a specific install add operation, use the install activate command
with the id add-id keyword and argument, specifying the operation ID of the install add operation. You
can specify up to 16 operations in a single command.
Adding and Activating a Package with a Single Command
To add and activate a package with a single command, use the install add command with the activate
keyword from administration EXEC mode.
Upgrading and Downgrading Packages
To upgrade a package, activate the newer version of the package; the older version is automatically deactivated.
To downgrade a package, activate the older version of the package; the newer version is automatically
deactivated.
Actual activation is performed only after the compatibility checks have been passed.
Activating a software maintenance upgrade (SMU) does not cause any earlier SMUs, or the package to
which the SMU applies, to be automatically deactivated.
Note
Committing the Active Software Set
When a package is activated on the router , it becomes part of the current running configuration. To make the
package activation persistent across reloads, enter the install commit command in administration EXEC
mode. On startup, the DSC of the SDR loads the committed software set.
If the system is restarted before the active software set is saved with the install commit command, the
previously committed software set is used.
Note
Rolling Back to a Previous Installation Operation
Although the term commit sounds final, the Cisco IOS XR software provides the flexibility to roll back the
selected package set to previously saved package sets. Each time a package is activated or deactivated, a
rollback point is created that defines the package set that is active after the package activation or deactivation.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
22 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Summary of Package ManagementThe software also creates a rollback point for the last committed package set. If you find that you prefer a
previous package set over the currently active package set, you can use the install rollback command to
make a previously active package set active again.
Related Topics
Rolling Back to a Previous Software Set, on page 62
Upgrading Packages
To upgrade a package that is currently active on your router, add and activate a newer version of the same
package (see Figure 2: Example of a Maintenance Release Package Upgrade, on page 23). The older version
of the software package is deactivated automatically. These actions are permitted only after the package
compatibility checks and API version compatibility checks have been passed.
Deactivated packages are not removed from the router. To remove inactive package files, use the install
remove command.
Upgrading or downgrading a software package can cause a process to restart or a new process to start.
Use the test option to preview the impact of the package activation.
Caution
Figure 2: Example of a Maintenance Release Package Upgrade
Related Topics
Deactivating and Removing Cisco IOS XR Software Packages, on page 57
Downgrading Packages
To downgrade a software package, activate an older version on one or more cards for which that package is
already active. The newer version of the same software package is deactivated automatically. These actions
are performed only after the package compatibility checks and API version compatibility checks have been
passed.
Deactivated packages are not removed from the router. To remove inactive package files, use the install
remove command. See the Related Topics section for links to more information.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 23
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Upgrading PackagesRelated Topics
Deactivating and Removing Cisco IOS XR Software Packages, on page 57
Impact of Package Version Changes
Each package version change has a different impact on the operation of the router, depending on the type of
package and whether the upgrade is for a major, minor, or maintenance release. The following resources can
provide more information on the impact of a package version change:
• See Related Topics for more information on the typical impact for major, minor, and maintenance
releases.
• Forspecific information about the impact of an upgrade, consult the release notesfor the package release,
and test the impact of the package activation by adding the test option to the install activate command.
• The Cisco IOS XR Software Selector tool also contains information on package version compatibility.
Related Topics
PIE Filenames and Version Numbers, on page 19
Obtaining and Placing Cisco IOS XR Software, on page 28
Impact of Package Activation and Deactivation
Activation or deactivation of a package can have an immediate impact on the system. The system can be
affected in the following ways:
• When a new package is activated, any new CLI commands for the package are added to the router. The
router need not be restarted or reloaded.
• When a package is deactivated, the commands associated with the features being deactivated are removed
from the router. The commands are no longer available to the user.
• During a software package deactivation, upgrade, or downgrade, any incompatible configurations are
removed from the running configuration of the router, and saved to a file. Messages for incompatible
configurations are displayed. Incompatible configurations are those configurationsthat are notsupported
by the new version of the software package.
You must address any issues that result from the revised configuration and reapply the configuration, if
necessary.
Note
• New processes may be started.
• Running processes may be stopped or restarted.
• All processes in the cards may be restarted. Restarting processes in the cards is equivalent to a soft reset.
• The cards may reload.
• No impact: no processes in the card may be affected.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
24 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Impact of Package Version ChangesWhen activating and deactivating packages, use the test option to test the effects of a command without
impacting the running system. After the activation or deactivation process completes, enter the show
install log command to display the process results.
Tip
Delaying the Return of the CLI Prompt
By default, the CLI prompt is returned to the screen before the installation operation is complete, which allows
you to enter other commandsthat are not installation commands. If additional installation requests are attempted
before the first operation is complete, they are not run.
To delay the return of the CLI prompt until an installation operation is complete, enter the install command
with the synchronous keyword. For example:
install add disk1:pie-file synchronous
install activate disk0:package synchronous
To determine if an install command is currently running, enter the show install request command.
Displaying Installation Log Information
The install log provides information on the history of the installation operations. Each time an installation
operation is run, a number is assigned to that operation.
• Use the show install log command to display information about both successful and failed installation
operations.
• The show install log command with no arguments displays a summary of all installation operations.
Specify the request-id argument to display information specific to an operation. Use the detail or
verbose keywords to display details for specific operation.
• Use the detail or verbose keywords to display detailed information, including file changes, nodes
that could be reloaded, impact to processes, and impact to Dynamic Link Libraries (DLLs).
By default, the install log stores up to 50 entries. Use the clear install log-history command to reset the
number of entries to any value from 0 to 255.
Tip
Examples
Displaying install log Entries: Example
The following example displays information for the install requests. Use the verbose keyword to display
detailed information, including files changes, impact to processes, and impact to DLLs.
RP/0/RSP0/CPU0:router(admin)# show install log verbose
Install operation 1 started by user 'labuser' at 17:48:51 UTC Sat Jun 03 2009.
install add /disk1:asr9k-diags-p.pie-PD34-06.06.07
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 25
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Delaying the Return of the CLI Prompt/disk1:asr9k-k9sec-p.pie-PD34-06.06.07 /disk1:asr9k-mcast-p.pie-PD34-06.06.07
/disk1:asr9k-mgbl-p.pie-PD34-06.06.07 /disk1:asr9k-mpls-p.pie-PD34-06.06.07
Install operation 1 completed successfully at 17:51:32 UTC Sat Jun 03 2009.
Install logs:
Install operation 1 'install add /disk1:asr9k-diags-p.pie-PD34-06.06.07
/disk1:asr9k-k9sec-p.pie-PD34-06.06.07 /disk1:asr9k-mcast-p.pie-PD34-06.06.07
/disk1:asr9k-mgbl-p.pie-PD34-06.06.07 /disk1:asr9k-mpls-p.pie-PD34-06.06.07'
started by user 'labuser' at 17:48:51 UTC Sat Jun 03 2009.
Info: The following packages are now available to be activated:
Info:
Info: disk0:asr9k-diags-3.7.2.1I
Info: disk0:asr9k-k9sec-3.7.2.1I
Info: disk0:asr9k-mcast-3.7.2.1I
Info: disk0:asr9k-mgbl-3.7.2.1I
Info: disk0:asr9k-mpls-3.7.2.1I
Info:
Install operation 1 completed successfully at 17:51:32 UTC Sat Jun 03 2009.
Install operation 2 started by user 'labuser' at 18:06:32 UTC Sat Jun 03 2009.
install activate disk0:asr9k-diags-3.7.2.1I disk0:asr94k-k9sec-3.7.2.1I
disk0:asr9k-mcast-3.7.2.1I disk0:asr9k-mgbl-3.7.2.1I disk0:asr9k-mpls-3.7.2.1I
Install operation 2 completed successfully at 18:07:48 UTC Sat Jun 03 2009.
Summary:
Install method: parallel
Summary of changes on nodes 0/1/SP, 0/6/SP, 0/SM0/SP, 0/SM1/SP,
0/SM2/SP,0/SM3/SP:
Activated: asr9k-diags-3.7.2.1I
No processes affected
Summary of changes on nodes 0/1/CPU0, 0/6/CPU0:
Activated: asr9k-diags-3.7.2.1I
asr9k-mcast-3.7.2.1I
asr9k-mpls-3.7.2.1I
1 asr9k-mpls processes affected (0 updated, 1 added, 0 removed, 0 impacted)
2 asr9k-mcast processes affected (0 updated, 2 added, 0 removed, 0 impacted)
Summary of changes on nodes 0/RP0/CPU0, 0/RP1/CPU0:
Activated: asr9k-diags-3.7.2.1I
asr9k-k9sec-3.7.2.1I
asr9k-mcast-3.7.2.1I
asr9k-mgbl-3.7.2.1I
asr9k-mpls-3.7.2.1I
6 asr9k-mgbl processes affected (0 updated, 6 added, 0 removed, 0 impacted)
8 asr9k-mpls processes affected (0 updated, 8 added, 0 removed, 0 impacted)
7 asr9k-k9sec processes affected (0 updated, 7 added, 0 removed, 0 impacted)
14 asr9k-mcast processes affected (0 updated, 14 added, 0 removed, 0 impacted)
Install logs:
Install operation 2 'install activate disk0:asr9k-diags-3.7.2.1I
disk0:asr9k-k9sec-3.7.2.1I disk0:asr9k-mcast-3.7.2.1I disk0:asr9k-mgbl-3.7.2.1I
disk0:asr9k-mpls-3.7.2.1I' started by user 'labuser' at
18:06:32 UTC Sat Jun 03 2009.
Info: The changes made to software configurations will not be
Info: persistent across system reloads. Use the command 'admin install
Info: commit' to make changes persistent.
Info: Please verify that the system is consistent following the
Info: software change using the following commands:
Info: show system verify
--More--
The following example displays information for a specific install request. Use the detail keyword to display
additional information, including impact to processes and nodes impacted.
RP/0/RSP0/CPU0:router(admin)# show install log 2 detail
Install operation 2 started by user 'labuser' at 18:06:32 UTC Sat Jun 03 2009.
install activate disk0:asr9k-diags-3.7.2.1I disk0:asr9k-k9sec-3.7.2.1I
disk0:asr9k-mcast-3.7.2.1I disk0:asr9k-mgbl-3.7.2.1I disk0:asr9k-mpls-3.7.2.1I
Install operation 2 completed successfully at 18:07:48 UTC Sat Jun 03 2006.
Summary:
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
26 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Displaying Installation Log InformationInstall method: parallel
Summary of changes on nodes 0/1/SP, 0/6/SP, 0/SM0/SP, 0/SM1/SP,
0/SM2/SP, 0/SM3/SP:
Activated: asr9k-diags-3.7.2.1I
No processes affected
Summary of changes on nodes 0/1/CPU0, 0/6/CPU0:
Activated: asr9k-diags-3.7.2.1I
asr9k-mcast-3.7.2.1I
asr9k-mpls-3.7.2.1I
1 asr9k-mpls processes affected (0 updated, 1 added, 0 removed, 0 impacted)
2 asr9k-mcast processes affected (0 updated, 2 added, 0 removed, 0 impacted)
Summary of changes on nodes 0/RP0/CPU0, 0/RP1/CPU0:
Activated: asr9k-diags-3.7.2.1I
asr9k-k9sec-3.7.2.1I
asr9k-mcast-3.7.2.1I
asr9k-mgbl-3.7.2.1I
asr9k-mpls-3.7.2.1I
6 asr9k-mgbl processes affected (0 updated, 6 added, 0 removed, 0 impacted)
8 asr9k-mpls processes affected (0 updated, 8 added, 0 removed, 0 impacted)
7 asr9k-k9sec processes affected (0 updated, 7 added, 0 removed, 0 impacted)
14 asr9k-mcast processes affected (0 updated, 14 added, 0 removed, 0 impacted)
Install logs:
Install operation 2 'install activate disk0:asr9k-diags-3.7.2.1I
disk0:asr9k-k9sec-3.7.2.1I disk0:asr9k-mcast-3.7.2.1I disk0:asr9k-mgbl-3.7.2.1I
disk0:asr9k-mpls-3.7.2.1I' started by user 'labuser' at 18:06:32 UTC
Sat Jun 03 2006.
Info: The changes made to software configurations will not be
Info: persistent across system reloads. Use the command 'admin install
Info: commit' to make changes persistent.
Info: Please verify that the system is consistent following the
Info: software change using the following commands:
Info: show system verify
Info: install verify packages
Install operation 2 completed successfully at 18:07:48 UTC Sat Jun 03 2006.
Package Management Procedures
Note Review the concepts about package management before performing the tasks described in this module.
Related Topics
Information About Package Management, on page 20
Activation and Deactivation Prerequisites
The following prerequisites must be met for a package to be activated or deactivated:
• You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
• Verify that all cards are installed and operating properly. For example, do not activate or deactivate
packages while cards are booting, while cards are being upgraded or replaced, or when you anticipate
an automatic switchover activity.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 27
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Package Management Procedures• If a ROM Monitor upgrade is required for the software package, the upgrade must be completed before
the package is activated. For ROM Monitor upgrade information and procedures, see Cisco ASR 9000
Series Aggregation Services Router ROM Monitor Guide.
• Check the sanity of the configuration file system and recover from any internal inconsistencies by using
the cfs check command.
RP/0/RSP0/CPU0:router# cfs check
Tue Sep 20 07:22:03.374 DST
Creating any missing directories in Configuration File system...OK
Initializing Configuration Version Manager...OK
Syncing commit database with running configuration...OK
• Clear any inconsistency alarms and remove any failed configurations using the clear configuration
inconsistency command.
An inconsistency alarm is set when there is a failure to restore the configuration; this can occur during
router startup, or when a line card or route switch processor (RSP) card is inserted or removed. If an
inconsistency alarm is set, a message similar to the following example is displayed:
RP/0/0/CPU0:May 26 11:58:40.662 : cfgmgr-rp[130]: %MGBL-CONFIGCLI-3
BATCH_CONFIG_FAIL : 28 config(s) failed during startup. To view
failed config(s) use the command - "show configuration failed startup"
When the inconsistency alarm is set, all configuration commit operations fail until the alarm is cleared.
• Although more than one version of a software package can be added to a storage device, only one version
of a package can be active for any card.
• Some packages require the activation or deactivation of other packages.
• The package being activated must be compatible with the current active software set.
Activation is performed only after the package compatibility checks and API version compatibility checks
have been passed. If a conflict is found, an on-screen error message is displayed.
While a software package is being activated, other requests are not allowed to run on any of the impacted
nodes. Package activation is completed when a message similar to the following appears:
Install operation 2 completed successfully at 20:30:29 UTC Mon Nov 14 2005.
Each CLI install request is assigned a request ID, which can be used later to review the events.
Obtaining and Placing Cisco IOS XR Software
This section contains information to locate the available software packages and to transfer them either to a
local storage device or to a network server. When this is done, the package or packages can be added and
activated on the router .
There are two primary ways to obtain packages in Cisco IOS XR software:
• Request the software from Cisco on a flash disk that you can insert into the removable flash disk slot
(usually flash disk1:). Flash disk1: is optional. When it is installed, flash disk1: can be used to store PIE
files, which can then be used to add new software to the boot device (usually flash disk0:).
• Download the Cisco IOS XR software packages to a local storage device of the DSC, such as flash
disk1:, or to a remote server, such as a tftp or rcp server.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
28 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Obtaining and Placing Cisco IOS XR SoftwareThe boot device is the local disk on the DSC where Cisco IOS XR software is added and activated. PIE files
should not be stored on this boot device. The default boot device is disk0:. All PIE files should be stored on
flash disk1:.
Transferring Installation Files from a Network File Server to a Local Storage Device
If the Cisco IOS XR software PIE files are located on a remote TFTP, FTP, SFTP, or rcp server, you can copy
the files to a local storage device such as disk1:. When the PIE files are located on a local storage device, the
software packages can be added and activated on the router from that storage device. Table 7: Download
Protocols Supported by Cisco IOS XR Software, on page 29 describes the supported server protocols, and
the CLI syntax used copy files from each server type to the local storage device.
Cisco IOS XR software PIE files can also be added to the router boot device directly from the remote
server.
Tip
Note Consult your system administrator for the location and availability of your network server.
Table 7: Download Protocols Supported by Cisco IOS XR Software
Name Description
TFTP allowsfilesto be transferred from one computer
to another over a network, usually without the use of
client authentication (for example, username and
password). It is a simplified version of FTP.
Some Cisco IOS XR software images may
be larger than 32 MB, and the TFTP services
provided by some vendors may not support
a file this large. If you do not have access to
a TFTP server that supports files larger than
32 MB, download the software image using
FTP or rcp.
Note
Trivial File Transfer Protocol
FTP is part of the TCP/IP protocol stack and requires
a username and password.
File Transfer Protocol
The rcp protocol uses TCP to ensure the reliable
delivery of data, and rcp downloads require a
usernames.
Remote Copy Protocol
SFTP is part of the SSHv2 feature in the Security
package and provides for secure file transfers. For
more information, see the Cisco ASR 9000 Series
Aggregation Services Router System Security
Configuration Guide.
SSH File Transfer Protocol
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 29
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Obtaining and Placing Cisco IOS XR SoftwareThe router commands listed in Table 8: Commands for Copying Package Files to the Router, on page 30
show how to copy package files to the router using three types of file transfer protocols.
Table 8: Commands for Copying Package Files to the Router
Server Type Command and Examples
The following command syntax is used:
copy tftp:// hostname_or_ipaddress/ directory-path
/ pie-name disk1:
Example:
RP/0/RSP0/CPU0:router# copy
tftp://10.1.1.1/images/compasr9k-mini.pie disk1:
TFTP
The following command syntax is used:
copy ftp:// username : password @
hostname_or_ipaddress / directory-path / pie-name
disk1:
Example:
RP/0/RSP0/CPU0:router# copy
ftp://john:secret@10.1.1.1/images/
comp-asr9k-mini.pie disk1:
FTP
The following command syntax is used:
copy rcp:// username @ hostname_or_ipaddress /
directory-path / pie-name disk1:
Example:
RP/0/RSP0/CPU0:router# copy
rcp://john@10.1.1.1/images/
comp-asr9k-mini.pie disk1:
rcp
Table 9: Command Variablesfor Copying and Adding Packagesfrom a Network Server, on page 30 describes
the command variables for copying packages from a network server.
Table 9: Command Variables for Copying and Adding Packages from a Network Server
Variable Description
Host name or IP address of the server that stores the
source file.
hostname_or_ipaddress
Name of the PIE file (package). See the Overview of
Cisco IOS XR Software Packages, on page 16 for
descriptions of the available packages.
pie-name
Required for FTP and rcp only and must be a valid
username on the FTP or rcp server.
username
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
30 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Obtaining and Placing Cisco IOS XR SoftwareVariable Description
Required for FTP only. If a password is not provided,
the networking device accepts anonymous FTP.
password
The specified directory should be a directory under
the home directory of the user. In the rcp and FTP
examplesin Table 8: Commandsfor Copying Package
Files to the Router, on page 30, the file being
downloaded is in a subdirectory called “images” in
the home directory of the user “john.”
For FTP and rcp services, directory-path
is the directory relative to the username
home directory. If you want to specify an
absolute path for the directory, you must add
a "/" following the server address.
Note
directory-path
When the installation files have been transferred to a network file server or the router, you are ready to activate
or upgrade the software.
Files with the vm extension are bootable installation files used only to replace all current Cisco IOS XR
software. These files are installed from ROM monitor mode and cause significant router downtime. We
recommend installing or upgrading software packages using PIE files only, as described in this chapter.
See Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Guide for information on installing
from vm files.
Note
Related Topics
Adding and Activating Packages, on page 41
Overview of Cisco IOS XR Software Packages, on page 16
Preparing for Software Installation Operations
This section includes instructions to prepare for software installation operations.
Activation is performed only after the automatic package compatibility and API version compatibility
checks have been passed. If a conflict is found, an on-screen error message is displayed.
Note
Before You Begin
Before adding or activating Cisco IOS XR software:
• Update the ROM Monitor software, if necessary.
• Determine if a software change is required.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 31
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Preparing for Software Installation Operations• Verify that the new package is supported on your system. Some software packages require that other
packages or package versions be activated, and some packages only support specific cards.
• Review the release notes for important information related to that release and to help determine the
package compatibility with your router configuration.
• Verify that the system is stable and prepared for the software changes.
SUMMARY STEPS
1. admin
2. show diag
3. Update the ROMMON software if necessary.
4. show install active
5. show install pie-info device:package [ brief | detail | verbose ]
6. verify packages
7. exit
8. (Optional) show system verify start
9. (Optional) show system verify [ detail | report ]
10. show clock
DETAILED STEPS
Command or Action Purpose
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 1
Displays the ROMMON software version for all cards in the system. Verify that
the correct ROMMON software version is installed before upgrading a
Cisco IOS XR software package.
show diag
Example:
RP/0/RSP0/CPU0:router(admin)#
show diag
Step 2
See Related Topics for information regarding the required ROM Monitor
(ROMMON) software version.
Note
Updates the ROMMON software. For instructions, see Cisco ASR 9000 Series
Aggregation Services Router ROM Monitor Guide.
Update the ROMMON software if
necessary.
Step 3
Displays the active software on the router for the owner SDR. Use this command
to determine what software should be added, upgraded or downgraded on the
show install active
Example:
RP/0/RSP0/CPU0:router(admin)#
show install active
Step 4
router, and to compare to the active software report after installation operations
are complete.
You can also display the active packages for a specific node, and view
results in detailed or summary mode. See the Software Package
Management Commands on the Cisco ASR 9000 Series Router module
of Cisco ASR 9000 Series Aggregation Services Router System
Management Command Reference for more information.
Note
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
32 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Preparing for Software Installation OperationsCommand or Action Purpose
Displays information imbedded in the package. The following keywords provide
three levels of information:
show install pie-info device:package
[ brief | detail | verbose ]
Step 5
Example:
RP/0/RSP0/CPU0:router(admin)#
• brief (default)—Displays the expiration date of the file, the size, and the
installed package name. The expiration date is used for certifying the package.
• detail—Displays the package components, the compatible cards, the
expiration date, file size, and the installed package name.
show install pie-info
disk1:/asr9k-mcast-p.pie-3.8.30
• verbose—Displays information from the detail display and sub-component
information.
Always review the release notes for the software package for important
information related to that release and to help determine the package
compatibility with your router configuration.
Note
Verifies that there are no corrupted software files. The consistency of a previously
installed software set is verified against the package file from which it originated.
verify packages
Example:
RP/0/RSP0/CPU0:router(admin)#
install verify packages
Step 6
This command can be used as a debugging tool to verify the validity of the files
that constitute the packages, to determine if there are any corrupted files. This
command also checks for corruptions of installation state files and MBI image
files. This command is particularly useful when issued after the activation of a
package or upgrading the Cisco IOS XR software to a major release.
The install verify packages command can take up to two minutes per
package to process.
Note
exit Exits administration EXEC mode and returns to EXEC mode.
Example:
RP/0/RSP0/CPU0:router(admin)#
exit
Step 7
(Optional)
Starts the system status check.
show system verify start
Example:
RP/0/RSP0/CPU0:router# show
system verify start
Step 8
(Optional)
Displayssystem statusinformation. A variety of information is displayed including
the memory and CPU usage, process status, protocol status, and other status
information. Use this information to verify that the system is stable.
show system verify [ detail | report
]
Example:
RP/0/RSP0/CPU0:router# show
system verify
Step 9
• detail—Displays additional information at the card and processor level,
including actual numbers.
• report—Displays the same information as the default show system verify
command
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 33
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Preparing for Software Installation OperationsCommand or Action Purpose
Although most of the output should display the status “OK,” some
processes may show other output, such as “Warning.” This does not
specifically indicate a problem. Contact your Cisco technical support
representative for more information on the output of this command.
Note
Verifiesthat the system clock is correct. Software operations use certificates based
on router clock times.
show clock
Example:
RP/0/RSP0/CPU0:router# show
clock
Step 10
Related Topics
Activation and Deactivation Prerequisites, on page 27
Examples
Verifying That the ROM Monitor Version Is Correct: Example
In the following example, the ROM Monitor software version is displayed in the “ROMMON:” field for each
card.
For instructions to upgrade the ROM Monitor software, see Cisco ASR 9000 Series Aggregation Services
Router ROM Monitor Guide.
Note
RP/0/RSP0/CPU0:router# admin
RP/0/RSP0/CPU0:router(admin)# show diag
Mon Jun 22 12:55:10.554 PST
NODE module 0/RSP0/CPU0 :
MAIN: board type 0x100302
S/N: FOC1230803H
Top Assy. Number: 68-3160-04
PID: A2K-RSP-4G-HDD=
UDI_VID: VP4
HwRev: V4.8
New Deviation Number: 0
CLEI: IPUCARJBAA
Board State : IOS XR RUN
PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A
MONLIB: QNXFFS Monlib Version 3.2
ROMMON: Version 1.0(20081208:173612) [ASR9K ROMMON]
Board FPGA/CPLD/ASIC Hardware Revision:
Compact Flash : V1.0
XbarSwitch0 : V1.3
XbarSwitch1 : V1.3
XbarArbiter : V1.0
XbarInterface : V0.0
IntCtrl : V1.14
ClkCtrl : V1.13
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
34 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Preparing for Software Installation OperationsPuntFPGA : V1.5
HD : V3.0
USB0 : V77.20
USB1 : V77.20
CPUCtrl : V1.17
UTI : V1.6
LIU : V1.0
MLANSwitch : V0.0
EOBCSwitch : V2.0
CBC (active partition) : v1.2
CBC (inactive partition) : v1.1
NODE fantray 0/FT0/SP :
MAIN: board type 0x900211
S/N:
Top Assy. Number: 32-0000-00
PID:
UDI_VID:
HwRev: V32.0
New Deviation Number: 0
CLEI:
PLD: Motherboard: N/A, Processor: N/A, Power: N/A
ROMMON:
Board FPGA/CPLD/ASIC Hardware Revision:
CBC (active partition) : v4.0
CBC (inactive partition) : v0.13
NODE fantray 0/FT1/SP :
MAIN: board type 0x900211
S/N:
Top Assy. Number: 32-0000-00
PID:
UDI_VID:
HwRev: V32.0
New Deviation Number: 0
CLEI:
PLD: Motherboard: N/A, Processor: N/A, Power: N/A
ROMMON:
Board FPGA/CPLD/ASIC Hardware Revision:
CBC (active partition) : v4.0
CBC (inactive partition) : v0.13
NODE module 0/1/CPU0 :
MAIN: board type 0x20207
S/N: FOC123081J6
Top Assy. Number: 68-3182-03
PID: A9K-40GE-B
UDI_VID: V1D
HwRev: V0.0
New Deviation Number: 0
CLEI:
Board State : IOS XR RUN
PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A
ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON]
Board FPGA/CPLD/ASIC Hardware Revision:
NP0 : V3.194
NP1 : V3.194
NP2 : V3.194
NP3 : V3.194
XbarInterface : V18.4
Bridge0 : V0.38
Bridge1 : V0.38
CPUCtrl : V0.15
USB : V77.20
PortCtrl : V0.8
PHYCtrl : V0.6
40 Port Gigabit Ethernet Daughter board : V0.0
CBC (active partition) : v2.2
CBC (inactive partition) : v2.1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 35
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Preparing for Software Installation OperationsNODE module 0/4/CPU0 :
MAIN: board type 0x2020a
S/N: FOC123081JA
Top Assy. Number: 68-3183-02
PID: A9K-8T/4-B
UDI_VID: V1D
HwRev: V0.0
New Deviation Number: 0
CLEI: IPU3AE0CAA
Board State : IOS XR RUN
PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A
ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON]
Board FPGA/CPLD/ASIC Hardware Revision:
NP0 : V3.194
NP1 : V3.194
NP2 : V3.194
NP3 : V3.194
XbarInterface : V18.4
Bridge0 : V0.38
Bridge1 : V0.38
CPUCtrl : V0.15
USB : V77.20
PortCtrl : V0.10
PHYCtrl : V0.7
PHY0 : V0.16
PHY1 : V0.16
PHY2 : V0.16
PHY3 : V0.16
PHY4 : V0.16
PHY5 : V0.16
PHY6 : V0.16
PHY7 : V0.16
8 Port Ten Gigabit Ethernet Daughter board : V0.0
CBC (active partition) : v2.2
CBC (inactive partition) : v2.1
NODE module 0/6/CPU0 :
MAIN: board type 0x20208
S/N: FHH12250033
Top Assy. Number: 68-3184-02
PID: A9K-4T-B
UDI_VID: V1D
HwRev: V0.0
New Deviation Number: 0
CLEI:
Board State : IOS XR RUN
PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A
ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON]
Board FPGA/CPLD/ASIC Hardware Revision:
NP0 : V3.194
NP1 : V3.194
NP2 : V3.194
NP3 : V3.194
XbarInterface : V18.4
Bridge0 : V0.38
Bridge1 : V0.38
CPUCtrl : V0.15
USB : V77.20
PHY0 : V0.16
PHY1 : V0.16
PHY2 : V0.16
PHY3 : V0.16
PortCtrl : V0.10
PHYCtrl : V0.7
4 Port Ten Gigabit Ethernet Daughter board : V0.0
CBC (active partition) : v2.2
CBC (inactive partition) : v2.1
NODE power-module 0/PM0/SP :
MAIN: board type 0xf00188
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
36 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Preparing for Software Installation OperationsS/N:
Top Assy. Number: 341-00032-01
PID: A9K-3KW-AC
UDI_VID: V00
HwRev: V0.0
New Deviation Number: 0
CLEI: ACACACACAC
PLD: Motherboard: N/A, Processor: N/A, Power: N/A
ROMMON:
Board FPGA/CPLD/ASIC Hardware Revision:
NODE power-module 0/PM1/SP :
MAIN: board type 0xf00188
S/N:
Top Assy. Number: 341-00032-01
PID: A9K-3KW-AC
UDI_VID: V00
HwRev: V0.0
New Deviation Number: 0
CLEI: ACACACACAC
PLD: Motherboard: N/A, Processor: N/A, Power: N/A
ROMMON:
Board FPGA/CPLD/ASIC Hardware Revision:
NODE power-module 0/PM2/SP :
MAIN: board type 0xf00188
S/N:
Top Assy. Number: 341-00032-01
PID: A9K-3KW-AC
UDI_VID: V00
HwRev: V0.0
New Deviation Number: 0
CLEI: ACACACACAC
PLD: Motherboard: N/A, Processor: N/A, Power: N/A
ROMMON:
Board FPGA/CPLD/ASIC Hardware Revision:
Rack 0 - ASR-9010 Chassis, Includes Accessories
RACK NUM: 0
S/N:
PID: ASR-9010 Backplane
VID: 0.1
Desc: ASR-9010 Chassis, Includes Accessories
CLEI: NOCLEI
Top Assy. Number: 68-1234-56
Displaying the Active Software for the Entire System: Example
The following example displays the active packages for the entire system. Use this information to determine
if a software change is required:
RP/0/RSP0/CPU0:router(admin)# show install active summary
Mon Jun 22 13:01:46.438 PST
Default Profile:
SDRs:
Owner
Active Packages:
disk0:comp-asr9k-mini-3.9.0.12I
disk0:asr9k-fpd-3.9.0.12I
disk0:asr9k-k9sec-3.9.0.12I
disk0:asr9k-mcast-3.9.0.12I
disk0:asr9k-mgbl-3.9.0.12I
disk0:asr9k-mpls-3.9.0.12I
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 37
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Preparing for Software Installation OperationsDisplaying Information About the Contents of a PIE File: Example
In the following example, information is displayed about the manageability PIE. This command displays the
expiry date of the package, the cards supported by the package, and other details. Use this information to
verify the compatibility of the package with your system and other software packages.
A software activation is performed only after the automatic package compatibility and API version
compatibility checks have been passed. If a conflict is found, an on-screen error message is displayed.
Note
RP/0/RSP0/CPU0:router(admin)# show install pie-info disk1:/
asr9k-mgbl-p.pie-3.8.0 detail
Contents of pie file '/disk1:/asr9k-mgbl-p.pie-3.8.0':
Expiry date : Jan 19, 2007 02:55:56 UTC
Uncompressed size : 17892613
asr9k-mgbl-3.8.0
asr9k-mgbl V3.8.0[00] Manageability Package
Vendor : Cisco Systems
Desc : Manageability Package
Build : Built on Wed May 10 08:04:58 UTC 2006
Source : By edde-bld1 in /vws/aga/production/3.8.0/asr9k/workspace for c28
Card(s): RP, DRP, DRPSC
Restart information:
Default:
parallel impacted processes restart
Components in package asr9k-mgbl-3.8.0, package asr9k-mgbl:
manageability-cwi V[r33x/2] Craft Web Interface related binaries ae
asr9k-feature-ipsla V[r33x/1] IPSLA time stamping feature
doc-asr9k-mgbl V[r33x/2] Contains the man page documentation for asr9ks
--More--
Verifying That There Are No Corrupted Software Files: Example
The following sample output verifies the consistency of the currently active software against the file from
which it originated:
RP/0/RSP0/CPU0:router(admin)# install verify packages
Mon Jun 22 13:19:08.590 PST
Install operation 3 '(admin) install verify packages' started by user 'debbie'
via CLI at 13:19:08 DST Mon Jun 22 2009.
The install operation will continue asynchronously.
RP/0/RSP0/CPU0:router(admin)#Info:
This operation can take up to 2 minutes per package being verified.
Info: Please be patient.
Info: 0/6/CPU0 [LC] [SDR: Owner]
Info: meta-data: [SUCCESS] Verification Successful.
Info: /install/asr9k-scfclient-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-os-mbi-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-mpls-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-mcast-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-lc-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-fwdg-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-fpd-3.9.0.12I: [ERROR] Detected anomalies.
Info: /install/asr9k-diags-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-base-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-admin-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
38 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Preparing for Software Installation OperationsInfo: 0/1/CPU0 [LC] [SDR: Owner]
Info: meta-data: [SUCCESS] Verification Successful.
Info: /install/asr9k-scfclient-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-os-mbi-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-mpls-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-mcast-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-lc-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-fwdg-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-fpd-3.9.0.12I: [ERROR] Detected anomalies.
Info: /install/asr9k-diags-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-base-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-admin-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: 0/4/CPU0 [LC] [SDR: Owner]
Info: meta-data: [SUCCESS] Verification Successful.
Info: /install/asr9k-scfclient-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-os-mbi-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-mpls-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-mcast-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-lc-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-fwdg-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-fpd-3.9.0.12I: [ERROR] Detected anomalies.
Info: /install/asr9k-diags-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-base-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-admin-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: 0/RSP0/CPU0 [RP] [SDR: Owner]
Info: meta-data: [SUCCESS] Verification Successful.
Info: /install/asr9k-fpd-3.9.0.12I: [ERROR] Detected anomalies.
Info: /install/asr9k-mpls-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-mgbl-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-mcast-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-k9sec-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-os-mbi-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-base-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-admin-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-fwdg-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-lc-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-rout-3.9.0.12I: [SUCCESS] Verification Successful.
Info: /install/asr9k-diags-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: /install/asr9k-scfclient-3.9.0.12I: [SUCCESS] Verification
Info: Successful.
Info: Verification Summary:
Info: 0/6/CPU0: ERROR. Anomalies found.
Info: 0/1/CPU0: ERROR. Anomalies found.
Info: 0/4/CPU0: ERROR. Anomalies found.
Info: 0/RSP0/CPU0: ERROR. Anomalies found.
Info: Anomalies found on the primary RP.
Info: No standby RP is present.
Info: Please contact your technical services representative to repair
Info: the system.
Install operation 3 completed successfully at 13:21:29 DST Mon Jun 22 2009.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 39
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Preparing for Software Installation OperationsVerifying the Current System Status: Example
The following example shows how to prepare for system verification:
RP/0/RSP0/CPU0:router# show system verify start
Storing initial router status ...
done.
The following example shows output from running the show system verify command.
Although most of the output should display the status “OK,” some processes may show other output, such
as “Warning.” This does not specifically indicate a problem. Contact your Cisco technical support
representative for more information on the output of this command.
Note
RP/0/RSP0/CPU0:router# show system verify
Getting current router status ...
System Verification Report
==========================
- Verifying Memory Usage
- Verified Memory Usage : [OK]
- Verifying CPU Usage
- Verified CPU Usage : [OK]
- Verifying Blocked Processes
- Verified Blocked Processes : [OK]
- Verifying Aborted Processes
- Verified Aborted Processes : [OK]
- Verifying Crashed Processes
- Verified Crashed Processes : [OK]
- Verifying LC Status
- Verified LC Status : [OK]
- Verifying QNET Status
Unable to get current LC status info
- Verified QNET Status : [FAIL]
- Verifying GSP Fabric Status
- Verified GSP Fabric Status : [OK]
- Verifying GSP Ethernet Status
gsp WARNING messages for router
Current set of gsp ping nodes does not match initial set of nodes
- Verified GSP Ethernet Status : [WARNING]
- Verifying POS interface Status
- Verified POS interface Status : [OK]
- Verifying TenGigE interface Status
- Verified TenGigE interface Status : [OK]
- Verifying TCP statistics
- Verified TCP statistics : [OK]
- Verifying UDP statistics
tcp_udp_raw WARNING messages for router
UDP Packets sent has not increased during this period.
- Verified UDP statistics : [WARNING]
- Verifying RAW statistics
- Verified RAW statistics : [OK]
- Verifying RIB Status
- Verified RIB Status : [OK]
- Verifying CEF Status
- Verified CEF Status : [OK]
- Verifying CEF Consistency Status
- Verified CEF Consistency Status : [OK]
- Verifying BGP Status
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
40 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Preparing for Software Installation Operations- Verified BGP Status : [OK]
- Verifying ISIS Status
- Verified ISIS Status : [OK]
- Verifying OSPF Status
- Verified OSPF Status : [OK]
- Verifying Syslog Messages
- Verified Syslog Messages : [OK]
System may not be stable. Please look into WARNING messages.
Verifying That the System Clock Is Correct: Example
The following example displays the current system clock setting:
RP/0/RSP0/CPU0:router# show clock
02:14:51.474 PST Wed Jan 28 2009
Adding and Activating Packages
The procedure in this section describes how to upgrade or add Cisco IOS XR software PIE files that are stored
on a local storage device, such as flash disk1:, or on a remote TFTP, FTP, SFTP, or rcp server. The PIE
software file can include any of the following:
• The Cisco IOS XR Unicast Routing Core Bundle (six packages in one composite PIE file)
• Any of the optional packages (one package per PIE file)
• Software maintenance upgrades (SMUs)
When you need to add and activate two or more of the preceding package types, you should add and activate
them in the order listed above.
When adding and activating two or more packages, optional packages can be activated together. Also, if
the operation is a reload, multiple packages can be activated together. For example, five reload SMUs can
be activated together or the Cisco IOS XR Unicast Routing Core Bundle plus the SMUs and optional
packages can be activated together.
Note
For a description of the software management process, see the Related Topics section.
These instructions are also used to downgrade software packages.
By default, installation operations are performed asynchronously: the CLI prompt is returned before the
operation is complete, allowing the operator to continue work while the installation is completed in the
background. Use the synchronous keyword at the end of install commands to delay the return of the
CLI prompt until an installation operation is complete. See the Related Topicssection for more information.
Note
Before You Begin
Before upgrading or adding packages from flash disk1:, verify that the following prerequisites have been met:
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 41
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Adding and Activating Packages• Verify that the ROMMON version is correct. For instructions on upgrading ROM Monitor, see
Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Guide.
• All packages to be upgraded or added are present on a local storage device (flash disk1:) or a network
file server.
• Prerequisites for the activation of packages are met as described in the Prerequisites section.
• Complete the procedures described in the Preparing for Software Installation Operations, on page 31
section.
To use the automatic FPD upgrade feature, the fpd auto-upgrade command must be enabled in
administration configuration mode.
Note
SUMMARY STEPS
1. Connect to the console port and log in.
2. (Optional) dir device :
3. admin
4. Use one of the following commands:
• install add [source source-path | tar] device file [activate]
• install add [source source-path | tar] tftp:// hostname_or_ipaddress / directory-path / file [activate]
• install add [source source-path | tar] ftp:// username : password @ hostname_or_ipaddress /
directory-path / file [activate]
• install add [ source source-path | tar] rcp:// username @ hostname_or_ipaddress / directory-path
/ file [activate]
5. (Optional) show install inactive summary
6. install activate {id add-id | device package} [test] [location node-id] [pause sw-change] [prompt-level
{all | none}] [auto-abort-timer time
7. Repeat Step 4, on page 43 through Step 6, on page 44 until all packages are activated.
8. (Optional) show install active summary
9. (Optional) install verify packages
10. (Optional) exit
11. (Optional) show system verify start
12. admin
13. (Optional) install commit
14. Upgrade the field-programmable device (FPD) software, if necessary.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
42 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Adding and Activating PackagesDETAILED STEPS
Command or Action Purpose
Step 1 Connect to the console port and log in. Establishes a CLI management session with the SDR.
Connect to the console port for the active DSC.
For more information on console connections, see
Cisco ASR 9000 Series Aggregation Services Router Getting
Started Guide.
(Optional)
Displays the package files that are available for package
upgrades and additions.
dir device :
Example:
RP/0/RSP0/CPU0:router# dir disk1:
Step 2
Only PIE files can be added and activated using this
procedure.
Note
Step 3 admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Some show install commands can be entered in
EXEC mode on an SDR.
Note
Unpacks a PIE file from localstorage device or network server
and adds the package files to the boot device of the router. The
boot device is located on the DSC.
Step 4 Use one of the following commands:
• install add [source source-path | tar] device file
[activate]
• If the tar keyword is used, all PIE files contained in the
tar file are unpacked.
• install add [source source-path | tar] tftp://
hostname_or_ipaddress/ directory-path / file [activate]
• If the source keyword is used, the source-path specifies
the directory path that is used for multiple filenames in
the same directory.
• install add [source source-path | tar] ftp:// username
: password @ hostname_or_ipaddress / directory-path
/ file [activate]
The following arguments are used when adding a package from
a PIE file located on a network server:
• install add [ source source-path | tar] rcp:// username
@ hostname_or_ipaddress / directory-path / file
[activate]
• device:—Name of the localstorage device where the PIE
file is stored, such as disk1:.
Example:
RP/0/RSP0/CPU0:router(admin)# install add
• file—Name of the PIE file you want to add. If the tar
keyword is used, the file argument is the name of a tar
file containing one or more PIE files or directories
containing PIE files.
disk1:asr9k-mgbl.pie-3.8.30.1i
or
RP/0/RSP0/CPU0:router(admin)# install add source
• hostname_or_ipaddress—Host name or IP address of the
network file server.
tftp://10.1.1.1/images/ asr9k-k9sec-p.pie
asr9k-mpls-p.pie asr9k-mcast-p.pie
• directory-path—Network file server path that leads to
or
the PIE file to be added.
RP/0/RSP0/CPU0:router(admin)# install add
• username—Username that has access privileges to the
directory in which the PIE file is stored.
ftp://john:secret@10.1.1.1/images/asr9k-k9sec-p.pie
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 43
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Adding and Activating PackagesCommand or Action Purpose
• password—Password associated with the username that
has access privileges to the directory in which the PIE
file is stored.
or
RP/0/RSP0/CPU0:router(admin)# install add tar • activate—Automatically activates the software package
after it is successfully added.
rcp://john@10.1.1.1/images/asr9k-iosxr-3.6.0.tar
Multiple versions of a software package can be added
to the storage device without impacting the running
configuration, but only one version of a package can
be activated for a card.
Note
The automatic FPD upgrade occurs only when the FPD
pie is added and activated together with the install PIE.
Tip
(Optional)
Displays the inactive packages on the router. Verify that the
package added in the previous step appears in the display.
show install inactive summary
Example:
RP/0/RSP0/CPU0:router(admin)# show install inactive
summary
Step 5
Activates a package that was added to the router. Skip thisstep
if the package was activated earlier with the install add
command.
install activate {id add-id | device package} [test] [location
node-id] [pause sw-change] [prompt-level {all | none}]
[auto-abort-timer time
Step 6
Example:
RP/0/RSP0/CPU0:router(admin)# install activate
disk0:asr9k-mgbl-3.8.30
• id add-id—Specifies the package using the operation ID
of the install add operation in which you added the
package. The operation ID is provided in the output of
the install add command. You can also use show install
log to display installation operation IDs.
• device:package—Specifiesthe package by name. Replace
the device:package argument with the name of the boot
device and inactive package, which can be displayed as
described in the previous step.
Press ? after a partial package name to display
all possible matches available for activation. If
there is only one match, press [TAB] to fill in
the rest of the package name.
Note
• location node-id—Activates a package for a specific card
(node). To display a list of node IDs for the entire system,
enter the show platform command in administration
EXEC mode. A package cannot be activated on a single
node unless some version of the package being activated
is already active on all nodes.
By default, packages are activated for all cards
supported by that package.
Note
• pause sw-change—Pausesthe operation after preparatory
checks and before the configuration is locked for the
actual activation. This action enables you to hold the
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
44 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Adding and Activating PackagesCommand or Action Purpose
operation while you perform configuration changes, and
proceed with the activation whenever you choose. This
operation is useful, for example, if your workflow
involves configuring a router out of the network during
software installation and you want to minimize the time
that the router is out of the network. Follow the onscreen
instructions to control the pausing and completion of the
operation.
• prompt-level—Use a prompt-level of all to view all
stages of the installation process and to specify whether
to continue or not.
• auto-abort-timer—Specifies an abort timer value, in
minutes, which when expired loads the last committed
loadpath. The default is 60 minutes.The timer is disabled
by default.After the installation, if the activated software
is working correctly, use the install commit command
to cancel the timer and commit the new loadpath.
The package being activated must be compatible with
the currently active software to operate. When an
activation is attempted, the system runs an automatic
compatibility check to ensure that the package is
compatible with the other active software on the
router. The activation is permitted only after all
compatibility checks have been passed.
Note
When activating packages, use the test option to test
the effects of a command without impacting the running
system. After the activation process finishes, enter the
show install log command to display the process
results.
Tip
The automatic FPD upgrade occurs only when the FPD
pie is added and activated together with the install PIE.
Tip
Repeat Step 4, on page 43 through Step 6, on page 44 until Activates additional packages as required.
all packages are activated.
Step 7
(Optional)
Displays all active packages. Use this display to determine if
the correct packages are active:
show install active summary
Example:
RP/0/RSP0/CPU0:router(admin)# show install active
Step 8
(Optional)
Verifies the consistency of a installed software set with the
package file from which it originated. This command can be
install verify packages
Example:
RP/0/RSP0/CPU0:router(admin)# install verify
packages
Step 9
used as a debugging tool to verify the validity of the files that
constitute the packages, to determine if there are any corrupted
files. This command also checksfor corruptions of installation
state files and MBI image files. This command is particularly
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 45
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Adding and Activating PackagesCommand or Action Purpose
useful when issued after the activation of a package or
upgrading the Cisco IOS XR software to a major release.
The install verify packages command can take up
to two minutes per package to process.
Note
(Optional)
Exits administration EXEC mode and returns to EXEC mode.
exit
Example:
RP/0/RSP0/CPU0:router(admin)# exit
Step 10
(Optional)
Starts the system status check.
show system verify start
Example:
RP/0/RSP0/CPU0:router# show system verify start
Step 11
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 12
(Optional)
Commits the current set of packages on the router so that these
packages are used if the router is restarted.
install commit
Example:
RP/0/RSP0/CPU0:router# dir disk1:
RP/0/RSP0/CPU0:router(admin)# install commit
Step 13
For more information, see the Related Topics section.
Whenever a Cisco IOS XR software image is released that
supports SPAs and SIPs, a companion SPA or SIP FPD image
Upgrade the field-programmable device (FPD) software, if
necessary.
Step 14
is bundled with the Cisco IOS XR software release. Generally
, the FPD image is not automatically upgraded. You must
manually upgrade the FPD image running on the SPA or SIP
when you upgrade the Cisco IOS XR software image. FPD
versions must be compatible with the Cisco IOS XR software
that is running on the router.
If you have enabled the fpd auto-upgrade command
and add and activate the FPD PIE together with the
software installation PIE, the FPD image is
automatically upgraded before the router is rebooted.
Note
For information on FPDs, including instructions to upgrade
FPD images, see the Upgrading FPD Cisco IOS XR Software
section.
Related Topics
Obtaining and Placing Cisco IOS XR Software, on page 28
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
46 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Adding and Activating PackagesActivation and Deactivation Prerequisites, on page 27
Preparing for Software Installation Operations, on page 31
Information About Package Management, on page 20
Downgrading Packages, on page 23
PIE Filenames and Version Numbers, on page 19
Committing the Active Package Set, on page 49
Examples
Adding a Package: Example
The following example shows how to add the contents of a PIE file on disk1: to the boot device. Because the
software package is added to the boot device by default, it is not necessary to specify the destination device
in the CLI.
RP/0/RSP0/CPU0:router(admin)# install add disk1:asr9k-mpls-p.pie-3.7.2
synchronous
Install operation 4 'install add /disk1:asr9k-mpls.pie synchronous' started by user
'cisco' at 18:10:18 UTC Sat Apr 08 2009.
Info: The following package is now available to be activated:
Info:
Info: disk0:asr9k-mpls-3.7.2
Info:
Install operation 4 completed successfully at 18:14:11 UTC Sat Apr 08 2009.
The following example shows how to add the contents of a PIE file on a TFTP server to the boot device:
RP/0/RSP0/CPU0:router(admin)# install add tftp://209.165.201.1/
asr9k-mpls.pie synchronous
Install operation 4 '(admin) install add /tftp://209.165.201.1/asr9k-mpls.pie synchronous'
started by user 'cisco' at 18:16:18 UTC Thu Jan 03 2009.
Info: The following package is now available to be activated:
Info:
Info: disk0:asr9k-mpls-3.7.2
Info:
Install operation 4 completed successfully at 18:19:10 UTC Thu Jan 03 2009.
Activating a Package: Example
The following example shows the activation of the MPLS package. The package is activated on the boot
device disk0:.
RP/0/RSP0/CPU0:router(admin)# install activate disk0:
asr9k-mpls-3.7.2 synchronous
Install operation 15 'install activate disk0:asr9k-mpls-3.7.2 synchronous'
started by user 'lab' at 19:15:33 UTC Sat Apr 08 2009.
Info: The changes made to software configurations will not be persistent
Info: across system reloads. Use the command 'admin install commit' to make
Info: changes persistent.
Info: Please verify that the system is consistent following the software
Info: change using the following commands:
Info: show system verify
Info: install verify packages
Install operation 5 completed successfully at 19:16:18 UTC Sat Apr 08 2009.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 47
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Adding and Activating PackagesActivating a Package by Specifying an Operation ID: Example
The following example shows the activation of the MPLS package using the operation ID of the install add
operation that added the package:
RP/0/RSP0/CPU0:router(admin)# install activate id 4
Install operation 5 '(admin) install activate id 4' started by user 'lab' via
CLI at 18:20:17 UTC Thu Jan 03 2009.
Info: This operation will activate the following package:
Info: disk0:asr9k-mpls-3.7.2
Info: Install Method: Parallel Process Restart
The install operation will continue asynchronously.
Info: The changes made to software configurations will not be persistent
Info: across system reloads. Use the command '(admin) install commit' to
Info: make changes persistent.
Info: Please verify that the system is consistent following the software
Info: change using the following commands:
Info: show system verify
Info: install verify packages
Install operation 5 completed successfully at 18:21:30 UTC Thu Jan 03 2009.
Adding and Activating a Package from an FTP File Server with One Command: Example
To add and activate a package with a single command, enter the install add command with the activate
keyword. In the following example, the Manageability PIE located on disk1: is verified, unpacked, and added
to the boot device disk0. Because this operation is performed in administration EXEC mode, the package is
activated for all SDRs in the system.
RP/0/RSP0/CPU0:router(admin)# install add disk1:
asr9k-mgbl-p.pie-3.7.2 activate
Install operation 4 'install add /disk1:asr9k-mgbl-p.pie-3.7.2 activate' started
by user 'cisco' at 07:58:56 UTC Wed Mar 01 2009.
The install operation will continue asynchronously.
:router(admin)#Part 1 of 2 (add software): Started
Info: The following package is now available to be activated:
Info:
Info: disk0:asr9k-mgbl-3.7.2
Info:
Part 1 of 2 (add software): Completed successfully
Part 2 of 2 (activate software): Started
Info: The changes made to software configurations will not be
persistent across system reloads. Use the command 'admin install
Info: commit' to make changes persistent.
Info: Please verify that the system is consistent following
the software change using the following commands:
Info: show system verify
Info: install verify packages
Part 2 of 2 (activate software): Completed successfully
Part 1 of 2 (add software): Completed successfully
Part 2 of 2 (activate software): Completed successfully
Install operation 4 completed successfully at 08:00:24 UTC Wed Mar 01 2009.
Displaying the Active Packages: Example
The following example displays a summary of the active packages on a router. Because this operation is
performed in administration EXEC mode, the active packages for all SDRs are displayed.
RP/0/RSP0/CPU0:router(admin)# show install active summary
Mon Jun 22 23:41:19.509 PST
Default Profile:
SDRs:
Owner
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
48 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Adding and Activating PackagesActive Packages:
disk0:comp-asr9k-mini-3.9.0.12I
disk0:asr9k-fpd-3.9.0.12I
disk0:asr9k-k9sec-3.9.0.12I
disk0:asr9k-mcast-3.9.0.12I
disk0:asr9k-mgbl-3.9.0.12I
disk0:asr9k-mpls-3.9.0.12I
Committing the Active Package Set
When a package is activated, it becomes part of the current running configuration. To make the package
activation persistent across system-wide reloads, enter the install commit command. On startup, DSC of
the owner SDR loads this committed software set. If the system is reloaded before the current active software
is committed with the install commit command, the previously committed software set is used.
If the system is reloaded before the current active software is committed with the install commit command,
the previously committed software set is used.
Before committing a package set, verify that the SDR is operating correctly and is forwarding packets as
expected.
Tip
SUMMARY STEPS
1. admin
2. install commit
3. show install committed [detail | summary | verbose] [location node-id]
DETAILED STEPS
Command or Action Purpose
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 1
Commits the current set of packages on the router so
that these packages are used if the router is restarted.
install commit
Example:
RP/0/RSP0/CPU0:router(admin)# install commit
Step 2
show install committed [detail | summary | verbose] Displays which packages are committed.
[location node-id]
Step 3
Example:
RP/0/RSP0/CPU0:router(admin)# show install committed
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 49
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Committing the Active Package SetExamples
Committing the Active Package Set: Example
In the following example, the active software packages are committed on the router:
RP/0/RSP0/CPU0:router(admin)# install commit
Install operation 16 'install commit' started by user 'lab' at 19:18:58 UTC
Sat Apr 08 2009.
Install operation 16 completed successfully at 19:19:01 UTC Sat Apr 08 2009.
Displaying the Committed Package Versions: Example
In the following example, the committed packages are shown for the owner SDR:
RP/0/RSP0/CPU0:router(admin)# show install committed
Tue Jun 23 05:11:29.968 PST
Secure Domain Router: Owner
Node 0/RSP0/CPU0 [RP] [SDR: Owner]
Boot Device: disk0:
Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/mbiasr9k-rp.vm
Committed Packages:
disk0:comp-asr9k-mini-3.9.0.12I
disk0:asr9k-fpd-3.9.0.12I
disk0:asr9k-k9sec-3.9.0.12I
disk0:asr9k-mcast-3.9.0.12I
disk0:asr9k-mgbl-3.9.0.12I
disk0:asr9k-mpls-3.9.0.12I
Node 0/1/CPU0 [LC] [SDR: Owner]
Boot Device: mem:
Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/lc/mbiasr9k-lc.vm
Committed Packages:
disk0:comp-asr9k-mini-3.9.0.12I
disk0:asr9k-fpd-3.9.0.12I
disk0:asr9k-mcast-3.9.0.12I
disk0:asr9k-mpls-3.9.0.12I
Node 0/4/CPU0 [LC] [SDR: Owner]
Boot Device: mem:
Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/lc/mbiasr9k-lc.vm
Committed Packages:
disk0:comp-asr9k-mini-3.9.0.12I
disk0:asr9k-fpd-3.9.0.12I
disk0:asr9k-mcast-3.9.0.12I
disk0:asr9k-mpls-3.9.0.12I
Node 0/6/CPU0 [LC] [SDR: Owner]
Boot Device: mem:
Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/lc/mbiasr9k-lc.vm
Committed Packages:
disk0:comp-asr9k-mini-3.9.0.12I
disk0:asr9k-fpd-3.9.0.12I
disk0:asr9k-mcast-3.9.0.12I
disk0:asr9k-mpls-3.9.0.12I
As with the show install active command, the show install committed command may display a composite
package that represents all packages in the Cisco IOS XR Unicast Routing Core Bundle.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
50 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Committing the Active Package SetUpgrading to Cisco IOS XR Software Release 4.0
In Cisco IOS XR Software Release 4.0, the software packages were reorganized into functionally well-defined
and independently-releasable packages. For this reason, when you upgrade from a software release prior to
Release 4.0, you must perform the following procedure in order to synchronize all of the software packages
according to the reorganized structure. General information regarding the the addition and activation of
software packages is not covered in this procedure.
The main difference between the standard upgrade procedure and the procedure required to upgrade from
Release 3.x to 4.x is that the later requires the addition of one additional software package, known as the
upgrade package (asr9k-upgrade-p.pie).
Before You Begin
Before performing this procedure, see the adding and activating software package procedures described in
this module.
SUMMARY STEPS
1. admin
2. install add tftp:// hostname_or_ipaddress / directory-path / mandatory-bundle-pie
3. install add tftp:// hostname_or_ipaddress / directory-path / asr9k-upgrade-p.pie
4. install activate device:mandatory-bundle-pie device:upgrade-package
5. install deactivate device:upgrade-package
6. (Optional) install commit
7. install remove device:upgrade-package
DETAILED STEPS
Command or Action Purpose
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 1
Unpacks the mandatory bundle PIE file from a
network server and adds the package file to the boot
device of the router.
install add tftp:// hostname_or_ipaddress / directory-path /
mandatory-bundle-pie
Example:
RP/0/RSP0/CPU0:router(admin)# install add
tftp://10.1.1.1/auto/tftpboot/usr/400/asr9k-mini-p.pie
Step 2
Refer to the standard procedure to add and
activate packages to see other options of
PIE file locations and a description of the
various arguments for the install add
command.
Note
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 51
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Upgrading to Cisco IOS XR Software Release 4.0Command or Action Purpose
Unpacks the upgrade PIE file from a network server
and adds the package file to the boot device of the
router.
install add tftp:// hostname_or_ipaddress / directory-path /
asr9k-upgrade-p.pie
Example:
RP/0/RSP0/CPU0:router(admin)# install add
tftp://10.1.1.1/auto/tftpboot/usr/400/asr9k-upgrade-p.pie
Step 3
Activates the package that was added to the router
together with the upgrade package.
install activate device:mandatory-bundle-pie
device:upgrade-package
Step 4
Example:
RP/0/RSP0/CPU0:router(admin)# install activate
disk0:asr9k-mini-p-4.0.0 disk0:asr9k-upgrade-p-4.0.0
The bundle of mandatory packages and the
upgrade bundle are activated together to
perform the successful upgrade from release
3.x to 4.x.
Note
Deactivates the upgrade package on the router. For
specific information regarding the deactivation and
install deactivate device:upgrade-package
Example:
RP/0/RSP0/CPU0:router(admin)# install deactivate
disk0:asr9k-upgrade-p-4.0.0
Step 5
removal of software packages, refer to the general
procedure.
(Optional)
Commits the current set of packages so that these
packages are used if the router is restarted. Packages
install commit
Example:
RP/0/RSP0/CPU0:router(admin)# install commit
Step 6
can be removed only if the deactivation operation is
committed.
install remove device:upgrade-package Removes the inactive upgrade package.
Example:
RP/0/RSP0/CPU0:router(admin)# install remove
disk0:asr9k-upgrade-p-4.0.0
Step 7
The following example illustrates the upgrade operation:
RP/0/RSP0/CPU0:router(admin)# install add /tftp://223.255.254.254/auto/tftpboot/users/user/
asr9k-mini-p.pie
Fri Jul 9 03:53:11.052 UTCRP/0/RP1/CPU0:Jul 9 03:53:12.053 :
instdir[235]: %INSTALL-INSTMGR-6-INSTALL_OPERATION_STARTED :
Install operation 4 '(admin) install add
/tftp://223.255.254.254/auto/tftpboot/users/user/asr9k-mini-p.pie'
started by user 'lab'
Install operation 4 '(admin) install add
/tftp://223.255.254.254/auto/tftpboot/users/user/asr9k-mini-p.pie'
started by user 'lab' via CLI at 03:53:12 UTC Fri Jul 09 2010.
The install operation will continue asynchronously.
RP/0/RSP0/CPU0:router(admin)#
Info: The following package is now available to be activated:
Info: disk0:asr9k-mini-p-4.0.0
Info: The package can be activated across the entire router.
Info: RP/0/RP1/CPU0:Jul 9 04:32:26.152 : instdir[235]:
%INSTALL-INSTMGR-6-INSTALL_OPERATION_COMPLETED_SUCCESSFULLY :
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
52 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Upgrading to Cisco IOS XR Software Release 4.0Info: Install operation 4 completed successfully
Info: Install operation 4 completed successfully at 04:32:26 UTC Fri Jul 09 2010.
RP/0/RSP0/CPU0:router(admin)# install add /tftp://223.255.254.254/auto/tftpboot/users/user/
asr9k-mpls-p.pie
Fri Jul 9 05:07:52.237 UTCRP/0/RP1/CPU0:Jul 9 05:07:53.710 : instdir[235]:
%INSTALL-INSTMGR-6-INSTALL_OPERATION_STARTED :
Info: Install operation 5 '(admin) install add
/tftp://223.255.254.254/auto/tftpboot/users/user/asr9k-mpls-p.pie'
Info: started by user 'lab'
Info: Install operation 5 '(admin) install add
/tftp://223.255.254.254/auto/tftpboot/users/user/asr9k-mpls-p.pie'
Info: started by user 'lab' via CLI at 05:07:53 UTC Fri Jul 09 2010.
Info: The install operation will continue asynchronously.
RP/0/RSP0/CPU0:router(admin)#
Info: RP/0/RP1/CPU0:Jul 9 05:09:08.854 : instdir[235]:
%INSTALL-INSTMGR-6-INSTALL_OPERATION_COMPLETED_SUCCESSFULLY :
Install operation 5 completed successfully
Info: The following package is now available to be activated:
Info: disk0:asr9k-mpls-p-4.0.0
Info: The package can be activated across the entire router.
Info: Install operation 5 completed successfully at 05:09:08 UTC Fri Jul 09 2010.
RP/0/RSP0/CPU0:router# install add /tftp://223.255.254.254/auto/tftpboot/users/user/
asr9k-upgrade-p.pie
Fri Jul 9 05:10:31.133 UTCRP/0/RP1/CPU0:Jul 9 05:10:32.156 : instdir[235]:
%INSTALL-INSTMGR-6-INSTALL_OPERATION_STARTED :
Info: Install operation 6 '(admin) install add
/tftp://223.255.254.254/auto/tftpboot/users/user/asr9k-upgrade-p.pie'
Info: started by user 'lab'
Info: Install operation 6 '(admin) install add
/tftp://223.255.254.254/auto/tftpboot/users/user/asr9k-upgrade-p.pie'
Info: started by user 'lab' via CLI at 05:10:32 UTC Fri Jul 09 2010.
Info: The install operation will continue asynchronously.
RP/0/RSP0/CPU0:router(admin)#RP/0/RP1/CPU0:
Jul 9 05:11:55.634 : instdir[235]:
%INSTALL-INSTMGR-6-INSTALL_OPERATION_COMPLETED_SUCCESSFULLY :
Info: Install operation 6 completed successfully
Info: The following package is now available to be activated:
Info: disk0:asr9k-upgrade-p-4.0.0
Info: The package can be activated across the entire router.
Info: Install operation 6 completed successfully at 05:11:55 UTC Fri Jul 09 2010.
RP/0/RSP0/CPU0:router(admin)# install activate disk0:asr9k-mini-p-4.0.0
disk0:asr9k-upgrade-p-4.0.0 disk0:asr9k-mpls-p-4.0.0
Fri Jul 9 05:23:23.150 UTC
Install operation 7 '(admin) install activate disk0:asr9k-mini-p-4.0.0
disk0:asr9k-upgrade-p-4.0.0 disk0:asr9k-mpls-p-4.0.0'
Info: started by user 'lab'RP/0/RP1/CPU0:Jul 9 05:23:24.161 : instdir[235]:
%INSTALL-INSTMGR-6-INSTALL_OPERATION_STARTED :
Info: Install operation 7 '(admin) install activate disk0:asr9k-mini-p-4.0.0
disk0:asr9k-upgrade-p-4.0.0 disk0:asr9k-mpls-p-4.0.0'
Info: started by user 'lab' via CLI at 05:23:24 UTC Fri Jul 09 2010.\ 1% complete:
Info: The operation can still be aborted (ctrl-c for options)
Info: This operation will reload the following nodes in parallel:
Info: 0/RP1/CPU0 (HRP) (SDR: Owner)
Info: 0/SM0/SP (Fabric-SP) (Admin Resource)Proceed with this install operation (y/n)?
[y]|
Info: 1% complete: The operation can still be aborted (ctrl-c for options)
Info: Install Method: Parallel Reload/ 1% complete: The operation can still be aborted
(ctrl-c for options)
Info: The install operation will continue asynchronously.
RP/0/RSP0/CPU0:router(admin)#SP/0/SM0/SP:
Jul 9 05:36:41.152 : insthelper[62]: %INSTALL-INSTHELPER-6-RELOAD_NODE_INFO :
Info: As part of install operation 7 this node (0/SM0/SP) will now reload.
Info: The changes made to software configurations will not be persistent
Info: across system reloads. Use the command '(admin) install commit' to
Info: make changes persistent.
Info: Please verify that the system is consistent following the software
RP/0/RP1/CPU0:Jul 9 05:36:43.962 : instdir[235]:
%INSTALL-INSTMGR-6-INSTALL_OPERATION_COMPLETED_SUCCESSFULLY :
Info: Install operation 7 completed successfully
Info: change using the following commands:
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 53
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Upgrading to Cisco IOS XR Software Release 4.0Info: show system verify
Info: install verify packages
Info: Install operation 7 completed successfully at 05:36:43 UTC Fri Jul 09 2010.
rebooting .........................Initializing DDR SDRAM...found 4096 MB
Initializing ECC on bank 0Initializing ECC on bank 1
Initializing ECC on bank 2
Initializing ECC on bank 3
Turning off data cache, using DDR for first time
Initializing NVRAM...Testing a portion of DDR SDRAM ...done
Reading ID EEPROMs ............................
Initializing SQUID ...
Initializing PCI ...PCI0 device[1]: Vendor ID 0x10eePCI0 device[1]: Device ID 0x300ePCI1
device[1]:
Device ID 0x1100PCI1 device[1]: Vendor ID 0x1013PCI1 device[2]: Device ID 0x680PCI1 device[2]:
Vendor ID 0x1095PCI1 device[3]: Device ID 0x5618PCI1 device[3]: Vendor ID 0x14e4Configuring
MPPs ...
Configuring PCMCIA slots ...System Bootstrap, Version 1.53(20090311:225342) [CRS-1 ROMMON],
Copyright (c) 1994-2009 by Cisco Systems, Inc.
Acquiring backplane mastership ... successful
Preparing for fan initialization............. ready
Setting fan speed to 4000 RPMs successfulReading backplane EEPROM ...
Released backplane mastership ...Board type is 0x100002 (1048578)
Switch 0 initialized
Switch 0 Port fe1: link up (100Mb Full Duplex Copper)
Enabling watchdogG4(7457-NonSMP-MV64360 Rev 3) platform with 4096 MB of main memory....
CARD_RACK_NUMBER: 0 CARD_SLOT_NUMBER: 1 CPU_INSTANCE: 1
RACK_SERIAL_NUMBER: TBC08052402
MBI Validation starts ... using Control Plane Ethernet.
DEBUG : Driving up signal strength for Intel LXT971
Our MAC address is 0005.9a3e.89da
Interface link changed state to UP.
Interface link state up.
MBI validation sending request.
HIT CTRL-C to abort
MBI validation sending request.
HIT CTRL-C to abort
MBI validation sending request.
HIT CTRL-C to abort
MBI validation sending request.
HIT CTRL-C to abort
MBI validation sending request.
HIT CTRL-C to abort
No MBI confirmation received from dSCboot: booting from
bootflash:disk0/asr9k-os-mbi-4.0.0/mbiasr9k-rp.vm
....................................................................................
##################################################################################
Restricted Rights LegendUse, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software
- Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical
Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS XR Software for the Cisco XR Router, Version 4.0.0 Copyright (c) 2010 by Cisco
Systems, Inc.
Jul 09 05:39:21.334 : Install (Node Preparation): Booting with software activated by previous
install
operation,errno=2
RP/0/RP1/CPU0Jul 9 05:44:45.941: syslogd_helper: [89]: dsc_event_handler: Got SysMgr dSC
event : 1
RP/0/RP1/CPU0:Jul 9 05:45:11.354 : shelfmgr[306]: %PLATFORM-SHELFMGR-3-POWERDOWN_RESET :
Node 0/2/SP is powered off due to admin power off request ios con0/RP1/CPU0 is now available
Press RETURN to get started.
RP/0/RP1/CPU0:Jul 9 05:45:27.453 : instdir[216]:
%INSTALL-INSTMGR-4-ACTIVE_SOFTWARE_COMMITTED_INFO :
The currently active software is not committed. If the system reboots then the committed
software will be used.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
54 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Upgrading to Cisco IOS XR Software Release 4.0Use 'install commit' to commit the active software. SYSTEM CONFIGURATION IN PROCESS
The startup configuration for this device is presently loading.
This may take a few minutes. You will be notified upon completion.
Please do not attempt to reconfigure the device until this process is complete.
User Access VerificationUsername: labPassword:
RP/0/RSP0/CPU0:router# admin
Fri Jul 9 05:45:55.941 UTC
RP/0/RSP0/CPU0:router(admin)# show platform
Fri Jul 9 05:45:59.805 UTCNode Type PLIM State
Config State
---------------------------------------------------------------------------------------
0/2/SP MSC(SP) N/A UNPOWERED NPWR,NSHUT,MON
0/RP1/CPU0 RP(Active) N/A IOS XR RUN PWR,NSHUT,MON
0/SM0/SP FC-40G/S(SP) N/A MBI-RUNNING PWR,NSHUT,MON
0/SM1/* UNKNOWN N/A PRESENT PWR,NSHUT,MON
RP/0/RP1/CPU0:ios(admin)#
RP/0/RP1/CPU0:Jul 9 05:46:08.411 : instdir_lr[217]:
%INSTALL-INSTMGR-4-ACTIVE_SOFTWARE_COMMITTED_INFO :
The currently active software is not committed. If the system reboots then the committed
software will be used.
Use 'install commit' to commit the active software.
RP/0/RP1/CPU0:Jul 9 05:50:40.918 : placed[283]: LR-PLANE-READY DECLARATIONSYSTEM
CONFIGURATION COMPLETED
RP/0/RP1/CPU0:Jul 9 05:50:57.293 : ifmgr[213]: %PKT_INFRA-LINK-3-UPDOWN :
Interface MgmtEth0/RP1/CPU0/0, changed state to Down
RP/0/RP1/CPU0:Jul 9 05:50:57.313 : ifmgr[213]: %PKT_INFRA-LINK-3-UPDOWN :
Interface MgmtEth0/RP1/CPU0/0, changed state to Up
RP/0/RSP0/CPU0:router(admin)# show platform
Fri Jul 9 05:59:36.266 UTC
Node Type PLIM State Config State
---------------------------------------------------------------------------------------
0/2/SP MSC(SP) N/A UNPOWERED NPWR,NSHUT,MON
0/RP1/CPU0 RP(Active) N/A IOS XR RUN PWR,NSHUT,MON
0/SM0/SP FC-40G/S(SP) N/A IOS XR RUN PWR,NSHUT,MON
0/SM1/* UNKNOWN N/A PRESENT PWR,NSHUT,MON
RP/0/RSP0/CPU0:router(admin)# install commit
Fri Jul 9 05:59:41.851 UTC
Install operation 8 '(admin) install commit' started by user 'lab' via CLI at
05:59:43 UTC Fri Jul 09 2010./
20% complete: The operation can no longer be aborted (ctrl-c for options)-
20% complete: The operation can no longer be aborted (ctrl-c for options)\
100% complete:
The operation can no longer be aborted (ctrl-c for options)
RP/0/RP1/CPU0:Jul 9 05:59:46.402 : instdir[216]:
%INSTALL-INSTMGR-4-ACTIVE_SOFTWARE_COMMITTED_INFO :
The currently active software is now the same as the committed software.
Install operation 8 completed successfully at 05:59:46 UTC Fri Jul 09 2010.
RP/0/RSP0/CPU0:router(admin)# install deactivate disk0:
asr9k-upgrade-p-4.0.0
Fri Jul 9 05:59:58.082 UTC
Install operation 9 '(admin) install deactivate disk0:asr9k-upgrade-p-4.0.0'started
by user 'lab' via CLI at 05:59:59 UTC
Fri Jul 09 2010.
1% complete: The operation can still be aborted (ctrl-c for options)-
1% complete: The operation can still be aborted (ctrl-c for options)
Info: Install Method: Parallel Process Restart\
1% complete: The operation can still be aborted (ctrl-c for options)
The install operation will continue asynchronously.
RP/0/RSP0/CPU0:router(admin)#
Info: The changes made to software configurations will not be persistent
Info: across system reloads. Use the command '(admin) install commit' to
Info: make changes persistent.
Info: Please verify that the system is consistent following the software
Info: change using the following commands:
Info: show system verify
Info: install verify packages
RP/0/RP1/CPU0:Jul 9 06:01:45.662 : instdir[216]:
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 55
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Upgrading to Cisco IOS XR Software Release 4.0%INSTALL-INSTMGR-4-ACTIVE_SOFTWARE_COMMITTED_INFO :
The currently active software is not committed. If the system reboots then the committed
software will be used.
Use 'install commit' to commit the active software.
Install operation 9 completed successfully at 06:01:45 UTC Fri Jul 09 2010.
RP/0/RSP0/CPU0:router(admin)# install commit
Fri Jul 9 06:01:53.583 UTC
Install operation 10 '(admin) install commit' started by user 'lab' via CLI at06:01:54 UTC
Fri Jul 09 2010./
20% complete: The operation can no longer be aborted (ctrl-c for options)-
20% complete: The operation can no longer be aborted (ctrl-c for options)\
100% complete: The operation can no longer be aborted (ctrl-c for options)
RP/0/RP1/CPU0:Jul 9 06:01:57.807 : instdir[216]:
%INSTALL-INSTMGR-4-ACTIVE_SOFTWARE_COMMITTED_INFO :
The currently active software is now the same as the committed software.
Install operation 10 completed successfully at 06:01:57 UTC Fri Jul 09 2010.
RP/0/RSP0/CPU0:router(admin)#
RP/0/RSP0/CPU0:router(admin)#
RP/0/RSP0/CPU0:router(admin)# install remove disk0:
asr9k-upgrade-p-4.0.0
Fri Jul 9 06:04:57.676 UTC
Install operation 11 '(admin) install remove disk0:asr9k-upgrade-p-4.0.0'started
by user 'lab' via CLI at 06:04:58 UTC
Fri Jul 09 2010./
1% complete: The operation can no longer be aborted (ctrl-c for options)
Info: This operation will remove the following packages:
Info: disk0:asr9k-fpd-4.0.0
Info: disk0:asr9k-doc-4.0.0
Info: disk0:asr9k-k9sec-4.0.0
Info: disk0:asr9k-sbc-4.0.0
Info: disk0:asr9k-diags-4.0.0
Info: disk0:asr9k-mgbl-4.0.0
Info: disk0:asr9k-mcast-4.0.0
Info: disk0:asr9k-mpls-4.0.0
Info: disk0:asr9k-rout-4.0.0
Info: disk0:asr9k-fwdg-4.0.0
Info: disk0:asr9k-lc-4.0.0
Info: disk0:asr9k-admin-4.0.0
Info: disk0:asr9k-upgrade-p-4.0.0-
1% complete: The operation can no longer be aborted (ctrl-c for options)
Info: After this install remove the following install rollback point will
Info: no longer be reachable, as the required packages will not be present:
Info: 7\
1% complete: The operation can no longer be aborted (ctrl-c for options)
Proceed with removing these packages? [confirm]|
1% complete: The operation can no longer be aborted (ctrl-c for options)
The install operation will continue asynchronously.
RP/0/RSP0/CPU0:router(admin)#SP/0/SM0/SP:Jul
9 06:05:03.902 : envmon[117]: %PLATFORM-ENVMON-4-ALARM : MINOR_HI alarm
cleared by host__temp__Inlet0
Install operation 11 completed successfully at 06:05:33 UTC
Fri Jul 09 2010.
RP/0/RSP0/CPU0:router(admin)#
RP/0/RSP0/CPU0:router(admin)# show install act
Fri Jul 9 06:08:11.372 UTC
Secure Domain Router: Owner Node 0/RP1/CPU0 [HRP] [SDR: Owner]
Boot Device: disk0: Boot Image: /disk0/asr9k-os-mbi-4.0.0/mbiasr9k-rp.vm
Active Packages: disk0:asr9k-mpls-p-4.0.0 disk0:asr9k-mini-p-4.0.0
Admin Resources: Node 0/SM0/SP [Fabric-SP] [Admin Resource]
Boot Device: bootflash: Boot Image: /disk0/asr9k-os-mbi-4.0.0/sp/mbiasr9k-sp.vm
Active Packages: disk0:asr9k-mini-p-4.0.0
RP/0/RSP0/CPU0:router(admin)#
Related Topics
Activation and Deactivation Prerequisites, on page 27
Adding and Activating Packages, on page 41
Deactivating and Removing Cisco IOS XR Software Packages, on page 57
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
56 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Upgrading to Cisco IOS XR Software Release 4.0Deactivating and Removing Cisco IOS XR Software Packages
When a package is deactivated, it is no longer active on the router, but the package files remain on the boot
disk. The package files can be reactivated later, or they can be removed from the disk.
A package is deactivated using the following methods:
• When a newer version of a package is activated, the earlier version of the package is automatically
deactivated. See Related Topics for more information.
Activating a software maintenance upgrade (SMU) does not cause any earlier SMUs or
the package to which the SMU applies to be automatically deactivated.
Note
• When an earlier version of a package is activated, the newer version is deactivated automatically. See
Related Topics for more information.
• A specific package is deactivated using the install deactivate command. This command turns off the
package features for a card or card type.
Before You Begin
The following are the restrictions when deactivating and removing Cisco IOS XR Software packages:
• A package cannot be deleted if it is part of the running or committed software of the SDR.
• A package cannot be deactivated if that package is required by another active package. When a
deactivation is attempted, the system runs an automatic check to ensure that the package is not required
by other active packages. The deactivation is permitted only after all compatibility checks have been
passed.
• Router reloads: If the deactivation requires a router reload, a confirmation prompt appears. Use the
install deactivate command with the prompt-level none keywords to automatically ignore any reload
confirmation prompts and proceed with the package deactivation. The router reloads if required.
• Node reloads: If a software operation requires a node reload, the configuration register for that node
should be set to autoboot. If the config-register for the node is not set to autoboot, then the system
automatically changes the setting and the node reloads. A message describing the change is displayed.
• FPD versions must be compatible with the Cisco IOS XR software that is running on the router; if an
incompatibility exists between an FPD version and the Cisco IOS XR software, the device with the
field-programmable gate array (FPGA) may not operate properly until the incompatibility is resolved.
For information on FPDs, including instructions to upgrade FPD images, see the Upgrading FPD Cisco
IOS XR Software module of Cisco ASR 9000 Series Aggregation Services RouterInterface and Hardware
Component Configuration Guide.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 57
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Deactivating and Removing Cisco IOS XR Software PackagesSUMMARY STEPS
1. Connect to the console port and log in.
2. admin
3. install deactivate { id add-id | device : package } [ location node-id ][ test ] [ pause sw-change ]
4. (Optional) show install inactive summary
5. (Optional) install verify packages
6. exit
7. (Optional) show system verify start
8. (Optional) show system verify [ detail | report ]
9. admin
10. (Optional) install commit
11. (Optional) install remove { id add-id | device : package | inactive }[ test ]
DETAILED STEPS
Command or Action Purpose
Step 1 Connect to the console port and log in. Establishes a CLI management session with the SDR.
Connect to the console port for the active DSC.
For more information on console connections, see Cisco ASR 9000 Series
Aggregation Services Router Getting Started Guide.
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 2
install deactivate { id add-id | device : Deactivates a package on all SDRs a router.
package } [ location node-id ][ test ] [
pause sw-change ]
Step 3
• To deactivate all packagesthat were added in one or more specific install
add operations, orspecify packages by name, use the id add-id keyword
Example:
RP/0/RSP0/CPU0:router(admin)# install
deactivate
disk0:asr9k-diags-3.7.2
and argument. The operation ID of an install add operation is indicated
in the syslog displayed during the operation and in the output of the
show install log command.
• Use the location node-id keyword and argument to deactivate the
package for a specific node, if supported.
• Use the pause sw-change keywords to pause the operation after
preparatory checks and before the configuration is locked for the actual
deactivation. This enables you to hold the operation while you perform
configuration changes, and proceed with the deactivation whenever you
choose. This is useful, for example, if your workflow involves
configuring a router out of the network during software changes and
you want to minimize the time that the router is out of the network.
Follow the onscreen instructions to control the pausing and completion
of the operation.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
58 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Deactivating and Removing Cisco IOS XR Software PackagesCommand or Action Purpose
Press ? after a partial package name to display all possible matches
available for deactivation. If there is only one match, press [TAB]
to fill in the rest of the package name.
When a package is deactivated for an SDR from administration
EXEC mode, a notification message appears on the console for that
SDR, with information on the impact of the deactivation.
Note
(Optional)
Displays the inactive packages on the router.
show install inactive summary
Example:
RP/0/RSP0/CPU0:router(admin)# show
install inactive summary
Step 4
(Optional)
Verifies the consistency of an installed software set with the package file
from which it originated. This command can be used as a debugging tool to
install verify packages
Example:
RP/0/RSP0/CPU0:router(admin)# install
verify packages
Step 5
verify the validity of the files that constitute the packages, to determine if
there are any corrupted files. This command also checks for corruptions of
installation state files and MBI image files. This command is particularly
useful when issued after the activation of a package or upgrading the
Cisco IOS XR software to a major release.
The install verify packages command can take up to two minutes
per package to process.
Note
exit Exits administration EXEC mode and returns to EXEC mode.
Example:
RP/0/RSP0/CPU0:router(admin)# exit
Step 6
(Optional)
Starts the system status check.
show system verify start
Example:
RP/0/RSP0/CPU0:router# show system
verify start
Step 7
(Optional)
Displays system status information. A variety of information is displayed
including the memory and CPU usage, process status, protocol status, and
show system verify [ detail | report ]
Example:
RP/0/RSP0/CPU0:router# show system
verify
Step 8
other status information. Use this information to verify that the system is
stable.
• detail—Displays additional information at the card and processor level,
including actual numbers.
• report—Displays the same information as the default show system
verify command
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 59
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Deactivating and Removing Cisco IOS XR Software PackagesCommand or Action Purpose
Although most of the output should display the status “OK,” some
processes may show other output, such as “Warning.” This does not
specifically indicate a problem. Contact your Cisco technicalsupport
representative for more information on the output of this command.
Note
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 9
(Optional)
Commits the current set of packages so that these packages are used if the
router isrestarted. Packages can be removed only if the deactivation operation
is committed.
install commit
Example:
RP/0/RSP0/CPU0:router(admin)# install
commit
Step 10
This command is entered in administration EXEC
mode.
Note
(Optional)
Removes the inactive package.
install remove { id add-id | device :
package | inactive }[ test ]
Step 11
Example:
RP/0/RSP0/CPU0:router(admin)# install
• Only inactive packages can be removed.
• Packages can be removed only if they are deactivated from all cards in
the router.
remove
disk0:asr9k-diags-3.8.30
• The package deactivation must be committed.
• To remove a specific inactive package from a storage device, use the
install remove command with the device: package arguments.
• To remove all packages that were added in one or more specific install
add operations, use the id add-id keyword and argument. The operation
ID of an install add operation isindicated in the syslog displayed during
the operation and in the output of the show install log command. If you
specify packages according to operation ID, all the packages that were
added by the specified operation must still be on the router.
• To remove all inactive packages from all nodes in the system, use the
install remove command with the inactive keyword.
Related Topics
Adding and Activating Packages, on page 41
Committing the Active Package Set, on page 49
Committing the Active Package Set, on page 49
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
60 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Deactivating and Removing Cisco IOS XR Software PackagesExamples
In the following examples, a package is deactivated from the router. The changes are committed and the
inactive package is removed from the router.
Deactivating the Package: Example
RP/0/RSP0/CPU0:router(admin)# install deactivate disk0:asr9k
-diags-.7.2
Install operation 27 'install deactivate disk0:asr9k-diags-3.7.2' started by
user 'lab' at 23:29:37 UTC Sat Apr 15 2009.
The install operation will continue asynchronously.
Info: The changes made to software configuration
Info: across system reloads. Use the command 'admin install commit' to make
Info: changes persistent.
Info: Please verify that the system is consistent following the software
Info: change using the following commands:
Info: show system verify
Info: install verify packages
Install operation 27 completed successfully at 23:30:22 UTC Sat Apr 15 2009.
Committing the Active Software Set: Example
RP/0/RSP0/CPU0:router(admin)# install commit
Install operation 29 'install commit' started by user 'lab' at 23:39:21 UTC
Sat Apr 15 20090.
Install operation 29 completed successfully at 23:39:24 UTC Sat Apr 15 2009.
Displaying the Inactive Packages: Example
RP/0/RSP0/CPU0:router(admin)# show install inactive summary
Default Profile:
SDRs:
Owner
Inactive Packages:
disk0:asr9k-diags-3.7.2
Removing the Inactive Package from the Router: Example
The following example shows how to remove an inactive package. In this example, the operation is run in
test mode. The operation is confirmed and the package is removed.
RP/0/RSP0/CPU0:router(admin)# install remove disk0:asr9k-diags-3.7.2 test
Install operation 30 'install remove disk0:hfr-diags-3.7.2 test' started by
user 'lab' at 23:40:22 UTC Sat Apr 15 2009.
Warning: No changes will occur due to 'test' option being specified. The
Warning: following is the predicted output for this install command.
Info: This operation will remove the following package:
Info: disk0:asr9k-diags-3.7.2
Info: After this install remove the following install rollback points will
Info: no longer be reachable, as the required packages will not be present:
Info: 4, 9, 10, 14, 15, 17, 18
Proceed with removing these packages? [confirm] y
The install operation will continue asynchronously.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 61
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Deactivating and Removing Cisco IOS XR Software PackagesInstall operation 30 completed successfully at 23.
Pausing Before Configuration Lock: Example
The following example shows how to deactivate a package, pausing the operation before locking the
configuration for the actual software deactivation. While the operation is paused, you can enter a configuration
mode and perform configurations. When you want to complete the operation, enter the install operationid
complete command, or the install operation id attach synchronous command.
RP/0/RSP0/CPU0:router(admin)# install deactivate disk0:comp-asr9k
-3.7.2.07I.CSCsr09575-1.0.0 pause sw-change
Install operation 12 '(admin) install deactivate
disk0:comp-asr9k-3.7.2.07I.CSCsr09575-1.0.0 pause sw-change'
started by user 'admin' via CLI at 09:06:26 BST Mon Jul 07 2009.
Info: This operation will reload the following nodes in parallel:
Info: 0/0/CPU0 (RP) (SDR: Owner)
Info: 0/1/CPU0 (LC(E3-GE-4)) (SDR: Owner)
Info: 0/5/CPU0 (LC(E3-OC3-POS-4)) (SDR: Owner)
Proceed with this install operation (y/n)? [y]
The install operation will continue asynchronously.
Info: Install Method: Parallel Reload
Info: Install operation 12 is pausing before the config lock is applied for
Info: the software change as requested by the user.
Info: No further install operations will be allowed until the operation is resumed.
Info: Please continue the operation using one of the following steps:
Info: - run the command '(admin) install operation 12 complete'.
Info: - run the command '(admin) install operation 12 attach synchronous' and then
Info: answer the query.
Rolling Back to a Previous Software Set
Cisco IOS XR software allows you to roll back one or more SDRs to a previous committed or uncommitted
software set. Use the show install rollback ? command to view the available rollback points and use the
install rollback to command to roll back the SDR to a previous software set. You can also use the install
rollback to committed command to roll back to the most recent committed software set.
Note Rollback operations can be performed by running the command in administration EXEC or EXEC mode.
Displaying Rollback Points
A rollback point is created every time a software package is activated, deactivated, or committed. Use the
show install rollback ? command to display the eligible rollback points.
RP/0/RSP0/CPU0:router# admin
RP/0/RSP0/CPU0:router(admin)# show install rollback ?
0 ID of the rollback point to show package information for
2 ID of the rollback point to show package information for
In this example, the rollback points are 0 and 2. The rollback point with the highest number is the current
software point. For example, if the last installation operation was operation 3 (activating the MPLS package)
then the highest rollback point is 3, which is the same as the current software (MPLS package activated).
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
62 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Rolling Back to a Previous Software SetTo easily identify specific rollback points, you can assign a label or description to a rollback point using the
install label command.
You can enter the command in either administration EXEC mode or EXEC mode.
Displaying the Active Packages Associated with a Rollback Point
To display the active packages associated with a rollback point, use the show install rollback command
with the point-id argument. This command displays the packages that are active if you roll back one or more
SDRs to that installation point. For example, the show install rollback 2 command displays the packages
that are active if you roll back to rollback point 2.
RP/0/RSP0/CPU0:router(admin)# show install rollback 0
Tue Jun 23 06:25:06.493 PST
ID: 0, Label:
Timestamp: 23:11:20 UTC Sat Oct 28 2000
Secure Domain Router: Owner
Node 0/RSP0/CPU0 [RP] [SDR: Owner]
Boot Device: disk0:
Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/mbiasr9k-rp.vm
Rollback Packages:
disk0:comp-asr9k-mini-3.9.0.12I
Node 0/1/CPU0 [LC] [SDR: Owner]
Boot Device: mem:
Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/lc/mbiasr9k-lc.vm
Rollback Packages:
disk0:comp-asr9k-mini-3.9.0.12I
Node 0/4/CPU0 [LC] [SDR: Owner]
Boot Device: mem:
Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/lc/mbiasr9k-lc.vm
Rollback Packages:
disk0:comp-asr9k-mini-3.9.0.12I
Node 0/6/CPU0 [LC] [SDR: Owner]
Boot Device: mem:
Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/lc/mbiasr9k-lc.vm
Rollback Packages:
disk0:comp-asr9k-mini-3.9.0.12I
You can enter the command in either administration EXEC mode or EXEC mode.
For more information on the command options, see the Software Package Management Commands on
Cisco IOS XR Software module of Cisco ASR 9000 Series Aggregation Services Router System
Management Command Reference.
Note
Rolling Back to a Specific Rollback Point
You can roll back to a specific rollback point, including a noncommitted software set:
• If you roll back to the most recent noncommitted rollback point (with the highest number), you do not
need to reload the router.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 63
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Displaying the Active Packages Associated with a Rollback Point• You can repeat the rollback process one rollback point at a time without reloading if you always choose
the most recent rollback point.
• If you choose a rollback point that is older than the most recent point, the impacted nodes reload,
interrupting data traffic on those nodes. Before the reload occurs, you are prompted to confirm the install
rollback operation.
In the following example, the system is rolled back to noncommitted rollback point 8:
RP/0/RSP0/CPU0:router(admin)# install rollback to 8
Install operation 10 'install rollback to 8' started by user 'cisco' at 07:49:26
UTC Mon Nov 14 2009.
The install operation will continue asynchronously.
Info: The changes made to software configurations will not be persistent
Info: across system reloads. Use the command 'admin install commit' to make
Info: changes persistent.
Info: Please verify that the system is consistent following the software
Info: change using the following commands:
Info: show system verify
Info: install verify packages
The currently active software is the same as the committed software.
Install operation 10 completed successfully at 07:51:24 UTC Mon Nov 14 2009.
Rolling Back to the Last Committed Package Set
Use the install rollback to committed command to roll back to the last committed package set.
In the following example, the owner SDR is rolled back to the last committed package set:
RP/0/RSP0/CPU0:router(admin)# install rollback to committed
Install operation 27 'install rollback to committed' started by user 'lab' at
16:41:38 UTC Sat Nov 19 2009.
Info: The rollback to committed software will require a reload of impacted
Info: nodes because it is over multiple activation & deactivation
Info: operations.
Info: This operation will reload the following node:
Info: 0/RP1/CPU0 (RP) (SDR: Owner)
Info: This operation will reload all RPs in the Owner SDR, and thereby
Info: indirectly cause every node in the router to reload.
Proceed with this install operation? [confirm]
Updating Commit Database. Please wait...[OK]
Info: The changes made to software configurations will not be persistent
Info: across system reloads. Use the command 'admin install commit' to make
Info: changes persistent.
Info: Please verify that the system is consistent following the software
Info: change using the following commands:
Info: show system verify
Info: install verify packages
Install operation 27 completed successfully at 16:42:23 UTC Sat Nov 19 2009.
Additional References
The following sections provide referencesrelated to software package management on Cisco IOS XR software.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
64 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Rolling Back to the Last Committed Package SetRelated Documents
Related Topic Document Title
Software Package Management Commands on the
Cisco ASR 9000 Series Router module of
Cisco ASR 9000 Series Aggregation Services Router
System Management Command Reference
Cisco IOS XR install commands
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Cisco IOS XR getting started material
Cisco ASR 9000 Series Aggregation Services Router
Commands Master List
Cisco IOS XR master command index
Configuring AAA Services on the Cisco ASR 9000
Series Router module of Cisco ASR 9000 Series
Aggregation Services Router System Security
Configuration Guide
Information about user groups and task IDs
Cisco ASR 9000 Series Aggregation Services Router
ROM Monitor Guide
ROM Monitor
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the
Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 65
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Additional ReferencesRFCs
RFCs Title
No new or modified RFCs are supported by this —
feature, and support for existing RFCs has not been
modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
66 OL-26081-03
Upgrading and Managing Software on Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 4
Configuring Disk Mirroring on the Cisco ASR 9000
Series Router
This module describes the process to configure disk mirroring in Cisco IOS XR software.
For complete descriptions of the commands listed in this module, see Related Documents, on page 77. To
locate documentation for other commands that might appear in the course of performing a configuration
task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List.
Table 10: Feature History for Disk Mirroring for Cisco IOS XR Software
Release Modification
Release 3.7.2 Disk mirroring was introduced.
This module contains the following topics:
• Disk Mirroring Prerequisites, page 67
• Information About Disk Mirroring, page 68
• How to Enable Disk Mirroring, page 69
• Configuration Examples for Enabling Disk Mirroring, page 76
• Additional References, page 77
Disk Mirroring Prerequisites
Before enabling disk mirroring, the following conditions must be met:
• You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
• The secondary storage device specified for the mirroring must be installed in the same node as the
primary boot device. The supported storage devices are disk0: and disk1:.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 67• The secondary storage device must be the same size or larger than the designated primary storage device.
• The secondary storage device must be partitioned.
The primary partition on the secondary storage device must be large enough to contain all data on the
primary boot device. This can be an issue if the primary boot device has not yet been partitioned. For
example, in the situation where both the primary boot device and the secondary storage device are 1 GB
in size, the primary boot device contains 950 MB of data, and the secondary storage device is already
partitioned to 800 MB in the primary partition and 200 MB in the secondary partition. In such a case, the
950 MB of data from the primary boot device does not fit on the secondary storage device because of the
partition. Such a configuration is rejected and an error is displayed. You need to replace the secondary
storage device with a higher capacity device. For information about disk partition sizes,see Related Topics.
Note
Although compactflash: can be used as the secondary device on a Performance Route Processor (PRP–2),
there is an issue with the ROM Monitor not being able to boot the minimum boot image (MBI) from the
secondary device if the device is not disk0: or disk1:. In such a situation, you would need to go into
ROMMON mode and boot the PRP-2 manually using the MBI on the compactflash:.
Note
Related Topics
Information About Disk Mirroring, on page 68
Information About Disk Mirroring
The route switch processor (RSP) card has a primary storage device that is used to store installation packages
and configuration files. This primary storage device is referred to as the primary boot device and is essential
for booting the RSP and its normal operation.
Disk mirroring replicates the critical data on the primary boot device onto another storage device on the same
RSP, henceforth referred to as the secondary device. If the primary boot device fails, applications continue
to be serviced transparently by the secondary device, thereby avoiding a switchover to the standby RSP. The
failed primary storage device can be replaced or repaired without disruption of service.
Disk mirroring should only mirror critical data on the primary boot device onto a secondary storage device
and not any noncritical data such as logging data. To separate critical data from noncritical data, the disk
devices need to be partitioned. Disk0: is partitioned to disk0: and disk0a:; disk1: is partitioned to disk1: and
disk1a:. Disk0: and disk1: are used for critical data, whereas disk0a: and disk1a: are used for logging data
and other noncritical data. Before you can configure disk mirroring on the RSP, you must have partitioned
the secondary storage device. The sizes of disk partitions are related to the total disk size, and are provided
in Table 11: Size of Disk Partitions in Relation to Size of Disk, on page 68.
Table 11: Size of Disk Partitions in Relation to Size of Disk
Size of Disk Primary Partition Percentage Secondary Partition Percentage
less than 900 MB Partitioning not supported Partitioning not supported
900 MB to 1.5 GB 80% 20%
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
68 OL-26081-03
Configuring Disk Mirroring on the Cisco ASR 9000 Series Router
Information About Disk MirroringSize of Disk Primary Partition Percentage Secondary Partition Percentage
1.5 GB to 3 GB 60% 40%
more than 3 GB 50% 50%
How to Enable Disk Mirroring
The tasks in this section describe how to enable and manage disk mirroring.
Enabling Disk Mirroring
Complete the following instructions to enable disk mirroring. After disk mirroring is configured, if there is a
fault on the primary boot drive or it cannot be accessed for any reason, control is automatically transferred to
the secondary storage device.
SUMMARY STEPS
1. format secondary-device partition [ location node-id ]
2. Remove any noncritical data from the primary boot device.
3. configure
4. mirror location node-id Primary-device Secondary-device
5. Use one of these commands:
• end
• commit
6. show mirror [ location node-id ]
7. mirror verify location node-id
DETAILED STEPS
Command or Action Purpose
format secondary-device partition [ Partitions the secondary storage device into two partitions.
location node-id ]
Step 1
• If the device is already partitioned, you do not need to perform this
step.
Example:
RP/0/RSP0/CPU0:router# format disk1:
partition
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 69
Configuring Disk Mirroring on the Cisco ASR 9000 Series Router
How to Enable Disk MirroringCommand or Action Purpose
The primary boot device should contain installation packages and
configuration files only. Log files can be copied to the “a” partition of
the secondary device, for example disk1a: .
Remove any noncritical data from the primary
boot device.
Step 2
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 3
Enables disk mirroring of the primary-device to the secondary-device
.
mirror location node-id Primary-device
Secondary-device
Step 4
Example:
If the primary boot device is not partitioned, the following occurs:
• The contents of the primary device are replicated to the secondary
device
RP/0/RSP0/CPU0:router(config)# mirror
location 0/ rsp0/cpu0 disk0:disk1:
• Control of the mirroring server switches to the secondary storage
device.
• The primary device is partitioned.
• Data is replicated back to the primary boot device.
Step 5 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
70 OL-26081-03
Configuring Disk Mirroring on the Cisco ASR 9000 Series Router
Enabling Disk MirroringCommand or Action Purpose
Displays disk mirroring information for an RSP node. It also provides
the status of the synchronization between the primary and secondary
devices.
show mirror [ location node-id ]
Example:
RP/0/RSP0/CPU0:router# show mirror
location 0/ rsp0/cpu0
Step 6
mirror verify location node-id Verifies disk synchronization for disk mirroring on an RSP node.
Example:
Step 7
RP/0/RSP0/CPU0:router# mirror verify
location 0/ rsp0/cpu0
Replacing the Secondary Mirroring Device
Follow this procedure if you need to replace the secondary boot device used in the disk mirroring process.
SUMMARY STEPS
1. show mirror [location node-id]
2. mirror pause [location node-id]
3. show mirror [location node-id]
4. unmount secondary-device [location node-id]
5. Remove the device and insert a new device.
6. format secondary-device partition [location node-id]
7. show media [location node-id]
8. mirror resume [location node-id]
9. show mirror [location node-id]
DETAILED STEPS
Command or Action Purpose
Verifies that mirroring is active. In the output, the Current
Mirroring State should be redundant.
show mirror [location node-id]
Example:
RP/0/RSP0/CPU0:router# show mirror
Step 1
mirror pause [location node-id] Temporarily pauses disk mirroring.
Example:
RP/0/RSP0/CPU0:router# mirror pause
Step 2
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 71
Configuring Disk Mirroring on the Cisco ASR 9000 Series Router
Replacing the Secondary Mirroring DeviceCommand or Action Purpose
Verifies that mirroring has paused. In the output, the
Current Mirroring State should be paused.
show mirror [location node-id]
Example:
RP/0/RSP0/CPU0:router# show mirror
Step 3
unmount secondary-device [location node-id] Unmounts the secondary device.
Example:
RP/0/RSP0/CPU0:router# unmount disk1:
Step 4
Step 5 Remove the device and insert a new device.
format secondary-device partition [location node-id] Formats the device.
Example:
RP/0/RSP0/CPU0:router# format disk1: partition
Step 6
Verifies that the device is formatted. The output should
display the device that you formatted.
show media [location node-id]
Example:
RP/0/RSP0/CPU0:router# show media
Step 7
mirror resume [location node-id] Resumes mirroring.
Example:
RP/0/RSP0/CPU0:router# mirror resume
Step 8
Verifies that mirroring has restarted. In the output, the
Current Mirroring State should be Syncing.
show mirror [location node-id]
Example:
RP/0/RSP0/CPU0:router# show mirror
Step 9
It can take 15 to 30 minutes for the mirroring process to
complete. The exact time depends on the number of
packages or files on the boot device. When the mirroring
is complete, the Current Mirroring State should be
Redundant.
Replacing the Primary Mirroring Device
In the event that your primary boot disk is defective and you need to replace it while disk mirroring is enabled,
perform this task.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
72 OL-26081-03
Configuring Disk Mirroring on the Cisco ASR 9000 Series Router
Replacing the Primary Mirroring DeviceSUMMARY STEPS
1. show mirror [location node-id]
2. configure
3. mirror location node-id Primary-device Secondary-device
4. Use one of these commands:
• end
• commit
5. show mirror [location node-id]
6. mirror pause [location node-id]
7. show mirror
8. unmount secondary-device [location node-id]
9. Remove the device and insert a new device.
10. show media [location node-id]
11. (Optional) format secondary-device partition [location node-id]
12. mirror resume [location node-id]
13. show mirror [location node-id]
14. configure
15. mirror location node-id Primary-device Secondary-device
16. show mirror [location node-id]
DETAILED STEPS
Command or Action Purpose
Verifies that mirroring is in the redundant state. In the output, the
Current Mirroring State should be redundant. If mirroring is not in
show mirror [location node-id]
Example:
RP/0/RSP0/CPU0:router# show mirror
Step 1
the redundant state, you cannot proceed with the procedure. You
must wait until mirroring is in the redundant state.
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Swaps the device roles such that the primary mirroring device now
becomes the secondary device and the secondary mirroring device
becomes the primary device.
mirror location node-id Primary-device
Secondary-device
Example:
RP/0/RSP0/CPU0:router(config)# mirror
Step 3
location 0/
RSP0
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 73
Configuring Disk Mirroring on the Cisco ASR 9000 Series Router
Replacing the Primary Mirroring DeviceCommand or Action Purpose
/CPU0 disk1:disk0:
Step 4 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Verifies that the primary device is now the secondary device and
vice versa. In the output, if disk0: was the primary disk that you
want to replace, it should now be listed as the secondary device.
show mirror [location node-id]
Example:
RP/0/RSP0/CPU0:router# show mirror
Step 5
mirror pause [location node-id] Temporarily pauses disk mirroring.
Example:
RP/0/RSP0/CPU0:router# mirror pause
Step 6
Verifies that mirroring has paused. In the output, the Current
Mirroring State should be paused.
show mirror
Example:
RP/0/RSP0/CPU0:router# show mirror
Step 7
Unmounts the secondary device which is the device that you want
to replace. Initially, this was the primary device.
unmount secondary-device [location node-id]
Example:
RP/0/RSP0/CPU0:router# unmount disk1:
Step 8
Step 9 Remove the device and insert a new device.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
74 OL-26081-03
Configuring Disk Mirroring on the Cisco ASR 9000 Series Router
Replacing the Primary Mirroring DeviceCommand or Action Purpose
Verifies that the new disk is partitioned. You should see that the
new device is mounted. If the new device is not partitioned, format
the device as indicated in the next step.
show media [location node-id]
Example:
RP/0/RSP0/CPU0:router# show media
Step 10
(Optional)
Formats the device. You only need to perform this step if the new
device is not partitioned.
format secondary-device partition [location
node-id]
Example:
RP/0/RSP0/CPU0:router# format disk1:
partition
Step 11
mirror resume [location node-id] Resumes mirroring.
Example:
RP/0/RSP0/CPU0:router# mirror resume
Step 12
Verifies that mirroring has restarted. In the output, the Current
Mirroring State should be Syncing.
show mirror [location node-id]
Example:
RP/0/RSP0/CPU0:router# show mirror
Step 13
It can take 15 to 30 minutes for the mirroring process to complete.
The exact time depends on the number of packages or files on the
boot device. When the mirroring is complete, the Current Mirroring
State should be Redundant.
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 14
Swaps the device roles back so that the newly inserted device
becomes the primary device.
mirror location node-id Primary-device
Secondary-device
Example:
RP/0/RSP0/CPU0:router(config)# mirror
Step 15
location 0/
RSP0
/CPU0 disk0:disk1:
show mirror [location node-id] Verifies that the new device is now the primary device.
Example:
RP/0/RSP0/CPU0:router# show mirror
Step 16
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 75
Configuring Disk Mirroring on the Cisco ASR 9000 Series Router
Replacing the Primary Mirroring DeviceConfiguration Examples for Enabling Disk Mirroring
Enabling Disk Mirroring: Example
In the following example, disk mirroring is enabled on a router:
format disk1: partition
This operation will destroy all data on "disk1:" and partition device.
Continue? [confirm] y
Device partition disk1: is now formated and is available for use.
configure
mirror location 0/0/cpu0 disk0:disk1:
commit
show mirror Command Output: Example
RP/0/RSP0/CPU0:router(admin)# show mirror location all
Tue Dec 7 13:02:26.520 PST
Mirror Information for 0/RSP0/CPU0.
========================================================
Mirroring Enabled
Configured Primary: disk0:
Configured Secondary: disk1:
Current Mirroring State: Redundant
Current Physical Primary: disk0:
Current Physical Secondary: disk1:
Mirroring Logical Device: disk0:
Mirroring Logical Device2: disk1:
Physical Device State Flags
--------------------------------------------------------
disk0: Available Enabled
disk1: Available Enabled
compactflash: Available
(null) Available
disk0a: Available
disk1a: Available
compactflasha: Not Present
harddisk: Available
Mirroring Rommon Variable
BOOT_DEV_SEQ_CONF = disk0:;disk1:
BOOT_DEV_SEQ_OPER = disk0:;disk1:
MIRROR_ENABLE = Y
mirror verify Command Output: Example
RP/0/RSP0/CPU0:router# mirror verify
Mirror Verify Information for 0/0/CPU0.
========================================================
Primary device and secondary device are fully synchronized.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
76 OL-26081-03
Configuring Disk Mirroring on the Cisco ASR 9000 Series Router
Configuration Examples for Enabling Disk MirroringAdditional References
The following sections provide references related to disk mirroring configuration.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Initial system bootup and configuration information
for a router using the Cisco IOS XR software
Configuring AAA Services on the Cisco ASR 9000
Series Router module of Cisco ASR 9000 Series
Aggregation Services Router System Security
Configuration Guide
Information about user groups and task IDs
Cisco ASR 9000 Series Aggregation Services Router
Commands Master List
Cisco IOS XR command master list
Boot Commands on the Cisco ASR 9000 Series
Router module of Cisco ASR 9000 Series
Aggregation Services Router System Management
Command Reference
Cisco IOS XR boot commands
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the
Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 77
Configuring Disk Mirroring on the Cisco ASR 9000 Series Router
Additional ReferencesRFCs
RFCs Title
No new or modified RFCs are supported by this —
feature, and support for existing RFCs has not been
modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
78 OL-26081-03
Configuring Disk Mirroring on the Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 5
Software Entitlement on the Cisco ASR 9000
Series Router
Cisco IOS XR software contains all the supported features for a given release. Before the introduction of
software entitlement on Cisco IOS XR software, you could freely activate all available software packages
on your network devices and could enable all the bundled features. To enable the pay-as-you-grow
model—where you pay only for the features that you need today—but can upgrade when necessary while
keeping your investment safe, software entitlement has been introduced. Licensing enables you to purchase
individual software features and upgrade hardware capacity in a safe and reliable way.
For complete descriptions of the commands listed in this module, see Related Documents, on page 89. To
locate documentation for other commands that might appear in the course of performing a configuration
task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List.
Table 12: Feature History for Software Entitlement
Release Modification
Release 3.9.0 The software entitlement feature was introduced.
This model contains the following topics:
• Prerequisites for Configuring Software Entitlement, page 80
• Restrictions for Cisco IOS XR Software Entitlement, page 80
• Information About Cisco IOS XR Software Entitlement, page 80
• How to Configure Cisco IOS XR Software Entitlement, page 83
• Troubleshooting License Issues after a Software Upgrade, page 88
• Additional References, page 88
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 79Prerequisites for Configuring Software Entitlement
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Restrictions for Cisco IOS XR Software Entitlement
The following features may not work as expected unless the appropriate licenses are installed:
• Layer 3 VPN routing and forwarding (VRF)
• G.709 support for supported 10-Gigabit Ethernet line cards
• Video monitoring
If you configure and remove VRFs after installing the license, any VRFs configured prior to installing
the license are not recognized. You need to reconfigure these VRFs.
Note
Information About Cisco IOS XR Software Entitlement
To configure process placement policies, you need to understand the concepts described in this module.
What Is Software Entitlement?
Software entitlement is a system that consists of a license manager on a Cisco IOS XR device that manages
licenses for various software and hardware features. The license manager parses and authenticates a license
before accepting it. The software features on the router use the license manager APIs to check out and release
licenses. Licenses are stored in persistent storage on the router.
Core routing features are available for use without any license. The following features can be enabled on your
router using licenses:
Layer 3 VPN
Layer 3 (virtual private network) VPN can be configured only if there is an available Layer 3 VPN
license for the line card slot on which the feature is being configured. If the advanced IP license is
enabled, 4096 Layer 3 VPN routing and forwarding instances (VRFs) can be configured on a line card.
If the infrastructure VRF license is enabled, eight Layer 3 VRFs can be configured on the line card.
See the following modulesin Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration
Guide for information about Layer 3 VPN configurations:
• Implementing MPLS Layer 3 VPNs on the Cisco ASR 9000 Series Router
• Implementing Virtual Private LAN Services on the Cisco ASR 9000 Series Router
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
80 OL-26081-03
Software Entitlement on the Cisco ASR 9000 Series Router
Prerequisites for Configuring Software EntitlementG.709
If a G.709 license is available, G.709 can be enabled on 10-Gigabit Ethernet interfaces on the following
line cards:
• 2-port 10 Gigabit Ethernet / 20-port Gigabit Ethernet line card
• 8-port 10 Gigabit Ethernet line card
Refer to the Configuring Dense Wavelength Division Multiplexing Controllers on the Cisco ASR 9000
Series Router module in Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware
Component Configuration Guide.
Video Monitoring
Video monitoring can be enabled for the Cisco ASR 9000 chassis by using a video monitoring license.
Types of Licenses
The following types of licenses are currently defined:
• Permanent licenses—Licensesthat enable a designated feature permanently, aslong asthe license resides
on the router.
• Evaluation or metered licenses—Licenses that enable a feature for a limited period of time. The feature
stops working immediately on license expiry. If multiple evaluation licenses are added for the same
feature, the expiry period is counted from when the first evaluation license is added to the router.
Router License Pools
License pools are maintained by the router. By default, all added licenses are allocated to the owner SDR
license pool, and they can be freely allocated to any slot in the router. Features on cards belonging to the
owner SDR are granted licenses based on availability in the owner SDR license pool.
Chassis-Locked Licenses
Licenses are locked to a unique device identifier (UDI). The UDI is comprised of the chassis serial number,
along with a license operation ID number. The license operation ID is incremented by the license manager
every time there is a successful license add or remove operation. The complete set of UDI information can
be displayed using the show license udi command. The license manager parses the user-provided license
and verifies that it is valid for the chassis it is running on and determines if the license is being readded.
Slot-Based Licenses
Feature licenses are allocated to router slots and not cards. Therefore, if a card is replaced, the existing license
is applied to the newly inserted card. For example, if you have eight licenses for Layer 3 VPN in the system,
you can configure Layer 3 VPN features on any eight cards in the router, and the licenses are allocated to the
slots within which the cards are installed. If a card is removed from one of these licensed slots, say slot 3, and
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 81
Software Entitlement on the Cisco ASR 9000 Series Router
Types of Licensesentered into an empty slot with no license, say slot 5, the license remains with slot 3 and the feature cannot
be activated on slot 5 with the permanent license entered earlier by the user. In this case, you can release the
license to the appropriate license pool by removing the configuration of the card (while it is inserted), or by
using the license move slot command. When you configure the feature on slot 5, the license is checked out.
Features that Require Licenses After a Software Image Upgrade
When you upgrade your Cisco IOS XR software image from a release that does notsupportsoftware entitlement
to one that does, a warning message is displayed to the console port for each feature that requires a license.
You must acquire either an evaluation license or a permanent license in order to continue using any features
that require a license.
During an install activate operation, if the installation fails to acquire a license (through the license manager)
for a package that requires licensing then the install operation is allowed but a warning message similar to
the following is displayed:
Install operation 10 '(admin) install activate disk0:asr9k-optic-4.0.1.06I'
started by user 'root' via CLI at 09:57:15 pst Tue Aug 10 2010.
RP/0/RSP0/CPU0:Aug 10 09:57:15.058 : instdir[206]:
%INSTALL-INSTMGR-6-INSTALL_OPERATION_STARTED :
Install operation 10 '(admin) install activate disk0:asr9k-optic-4.0.1.06I' started by user
'root'
/ 1% complete: The operation can still be aborted (ctrl-c for options)RP/0/RSP0/CPU0:
Aug 10 09:57:18.691 : licmgr[237]: %LICENSE-LICMGR-4-PACKAGE_LICENSE_INVALID :
Package A9K-ADV-OPTIC-LIC activated without a valid license/ valid configuration
Warning: There is no valid license for the following package:
Warning:
Warning: disk0:asr9k-optics-supp-4.0.1.06I
Warning:
Info: Install Method: Parallel Process Restart
\ 1% complete: The operation can still be aborted (ctrl-c for options)RP/0/RSP0/CPU0:
Aug 10 09:57:18.692 : instdir[206]: %INSTALL-INSTMGR-4-INSTALL_OPERATION_WARNING :
A warning occurred during install operation 10. See 'show install log 10 detail' for more
information.
The install operation will continue asynchronously.
LC/0/0/CPU0:Aug 10 09:57:46.358 : sysmgr[87]: %OS-SYSMGR-7-INSTALL_NOTIFICATION :
notification of software installation received LC/0/0/CPU0:Aug 10 09:57:46.389 : sysmgr[87]:
%OS-SYSMGR-7-INSTALL_FINISHED : software installation is finished LC/0/1/CPU0:Aug 10
09:57:46.477 :
sysmgr[90]: %OS-SYSMGR-7-INSTALL_NOTIFICATION : notification of software installation
received
LC/0/1/CPU0:Aug 10 09:57:46.482 : sysmgr[90]: %OS-SYSMGR-7-INSTALL_FINISHED :
software installation is finished RP/0/RSP0/CPU0:Aug 10 09:58:01.402 : sysmgr[95]:
%OS-SYSMGR-7-INSTALL_NOTIFICATION : notification of software installation received
RP/0/RSP0/CPU0:
Aug 10 09:58:01.417 : sysmgr[95]: %OS-SYSMGR-7-INSTALL_FINISHED : software installation is
finished
Info: The changes made to software configurations will not be persistent
Info: across system reloads. Use the command '(admin) install commit' to
Info: make changes persistent.
Info: Please verify that the system is consistent following the software
Info: change using the following commands:
Info: show system verify
Info: install verify packages
RP/0/RSP0/CPU0:Aug 10 09:58:11.154 : instdir[206]:
%INSTALL-INSTMGR-4-ACTIVE_SOFTWARE_COMMITTED_INFO :
The currently active software is not committed. If the system reboots then the committed
software
will be used. Use 'install commit' to commit the active software.
RP/0/RSP0/CPU0:Aug 10 09:58:11.155 : instdir[206]:
%INSTALL-INSTMGR-6-INSTALL_OPERATION_COMPLETED_SUCCESSFULLY :
Install operation 10 completed successfully Install operation 10 completed successfully at
09:58:11
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
82 OL-26081-03
Software Entitlement on the Cisco ASR 9000 Series Router
Features that Require Licenses After a Software Image Upgradepst Tue Aug 10 2010.
If you activate an SMU whose corresponding package requires a license but a license was not acquired
successfully, then the install operation is allowed but a warning message similar to the following is displayed:
Wed Nov 25 15:02:23.418 PST
Install operation 8 started by user 'lab' via CLI at 14:59:46 PST Wed Nov 25 2009.
(admin) install activate id 7
Install operation 8 completed successfully at 15:02:13 PST Wed Nov 25 2009.
Install logs:
Install operation 8 '(admin) install activate id 7' started by user 'lab'
via CLI at 14:59:46 PST Wed Nov 25 2009.
Info: This operation will activate the following packages:
Info: disk0:comp-asr9k-4.0.0.3P.CSCee40001-1.0.0
Info: disk0:comp-asr9k-4.0.0.3P.CSCee30001-1.0.0
Info: disk0:comp-asr9k-4.0.0.3P.CSCee20001-1.0.0
Info: disk0:comp-asr9k-4.0.0.3P.CSCee10001-1.0.0
Info: The following SMUs are not being activated as they do not apply to
Info: any packages on the router:
Info:
Info: disk0:asr9k-diags-supp-4.0.0.3P.CSCee30001-1.0.0
Info: disk0:asr9k-fpd-4.0.0.3P.CSCee40001-1.0.0
Info:
Warning: There is no valid license found for package 'disk0:asr9k-mcast-supp-4.0.0.3P'
Warning: when activating SMU 'disk0:asr9k-mcast-supp-4.0.0.3P.CSCee10001-1.0.0'.
Warning: There is no valid license found for package 'disk0:asr9k-mgbl-supp-4.0.0.3P'
Warning: when activating SMU 'disk0:asr9k-mgbl-supp-4.0.0.3P.CSCee20001-1.0.0'.
Warning:
Info: The following sequence of sub-operations has been determined to minimize any
Info: impact:
Info: Sub-operation 1:
Info: Install Method: Parallel Process Restart
Info: asr9k-mcast-supp-4.0.0.3P.CSCee10001-1.0.0
Info:
Info: Sub-operation 2:
Info: Install Method: Parallel Process Restart
Info: asr9k-mgbl-supp-4.0.0.3P.CSCee20001-1.0.0
Info:
Info: The changes made to software configurations will not be persistent
Info: across system reloads. Use the command '(admin) install commit' to
Info: make changes persistent.
Info: Please verify that the system is consistent following the software
Info: change using the following commands:
Info: show system verify
Info: install verify packages
Install operation 8 completed successfully at 15:02:13 PST Wed Nov 25 2009.
Related Topics
Adding a License for a New Feature, on page 83
How to Configure Cisco IOS XR Software Entitlement
Adding a License for a New Feature
This task describes how to acquire a permanent license for a feature that you have purchased or an evaluation
license for a feature that you have arranged with your sales representative to try. Use this procedure to replace
evaluation licenses with permanent licenses.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 83
Software Entitlement on the Cisco ASR 9000 Series Router
How to Configure Cisco IOS XR Software EntitlementBefore You Begin
You must have purchased the feature for which you are adding the license. When you purchase the feature,
you are provided with a product authorization key (PAK) that you use to download the license.
SUMMARY STEPS
1. admin
2. show license udi
3. http://www.cisco.com/go/license
4. Copy the license to your TFTP server.
5. admin
6. license add license-name [ sdr sdr-name ]
7. license license-name location { all | node-id }
8. exit
DETAILED STEPS
Command or Action Purpose
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 1
Displays the UDI of the chassis. This consists of a product
identifier (PID), serial number (S/N), and operation identifier
(Operation ID).
show license udi
Example:
Step 2
RP/0/0/CPU0:router# admin
Mon Jul 13 04:36:30.715 PST
RP/0/RSP0/CPU0:router(admin)# show license
udi
Mon Jul 13 04:36:32.715 PST
Local Chassis UDI Information:
PID : ASR-9010-AC
S/N : FOX1232H67M
Operation ID: 1
Go to the license tool on Cisco.com. You must log in to the site
before you can access the license tool. Follow the instructions for
Step 3 http://www.cisco.com/go/license
product license registration. You are required to enter the feature
PAK and the chassis UDI to acquire the license.
If you are installing a permanent license, you should have
received the PAK when you purchased the feature. If you
are installing an evaluation license, your sales
representative should provide you with the PAK.
Note
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
84 OL-26081-03
Software Entitlement on the Cisco ASR 9000 Series Router
Adding a License for a New FeatureCommand or Action Purpose
You will be issued a license. You can copy the license and store
it on your computer, or alternatively, you can request that the
Step 4 Copy the license to your TFTP server.
license be sent to you in an e-mail. When you have received the
license, copy it to a TFTP server that is accessible by your router.
Enters administration EXEC mode on the router to which you
want to add the license.
admin
Example:
RP/0/RSP0/CPU0:router# admin
RP/0/RSP0/CPU0:router(admin)#
Step 5
Adds the license to the SDR license pool. By default, the license
is added to the owner SDR license pool.
license add license-name [ sdr sdr-name ]
Example:
Step 6
RP/0/RSP0/CPU0:router(admin)# license add
tftp://192.10.10.10/mylicenses/lc40g_lic
license license-name location { all | node-id } Binds the license to the slot where it is to be used.
Example:
RP/0/RSP0/CPU0:router(admin-config)# license
A9K-ADV-OPTIC-LIC location 0/0/CPU0
Step 7
exit Exits administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router(admin)# exit
Step 8
What to Do Next
To use the feature associated with the added license, you must configure it on your router. To configure
Layer 3 VPN,see the Implementing MPLS Layer 3 VPNs on Cisco IOS XR Software module in Cisco ASR 9000
Series Aggregation Services Router MPLS Configuration Guide.
To verify that your Layer 3 VPN configuration is operational, use the show rsi interface all global command.
Backing Up Licenses
When your router is configured with the licenses that you require, you should perform this task to back up all
licenses. Backing up licenses makes it easier to restore them if there is a problem.
SUMMARY STEPS
1. admin
2. license backup backup-file
3. show license backup backup-file
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 85
Software Entitlement on the Cisco ASR 9000 Series Router
Backing Up LicensesDETAILED STEPS
Command or Action Purpose
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 1
Backs up all licenses on the router to a backup file in
the specified location. The backup file can be a local
file or a remote file on a TFTP or RCP server.
license backup backup-file
Example:
RP/0/RSP0/CPU0:router(admin)# license backup
disk1:/license_back
Step 2
License command "license backup disk1:/license_back"
completed successfully.
show license backup backup-file Displays the contents of the backup file.
Example:
Step 3
RP/0/RSP0/CPU0:router(admin)# show license backup
disk1:/license_back
Examples
The following example shows sample output from the show license backup command.
RP/0/RSP0/CPU0:router(admin)# show license backup disk1:/license_back
Local Chassis UDI Information:
S/N : TBA09370035
Operation ID: 5
Licenses :
FeatureID Type #installed
CRS-MSC-40G Slot based, Permanent 2
XC-L3VPN Slot based, Permanent 1
RP/0/RSP0/CPU0:router(admin)# show license backup disk0:/lic_backup.pkg
Tue Jul 27 17:12:44.982 pst
Local Chassis UDI Information:
S/N : FOX1316G5TL
Operation ID: 9
FeatureID: A9K-ADV-OPTIC-LIC (Slot based, Permanent)
Total licenses 1
Pool: Owner 1
Allocated Node(s):
0/0/CPU0 1 [Owner]
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
86 OL-26081-03
Software Entitlement on the Cisco ASR 9000 Series Router
Backing Up LicensesFeatureID: A9K-ADV-VIDEO-LIC (Slot based, Evaluation)
Total licenses 1
Pool: Owner 1
Allocated Node(s):
0/RSP0/CPU0 1 [Owner]
FeatureID: A9K-AIP-LIC-B (Slot based, Permanent)
Total licenses 2
Pool: Owner 2
Allocated Node(s):
0/6/CPU0 1 [Owner]
0/1/CPU0 1 [Owner]
FeatureID: A9K-AIP-LIC-E (Slot based, Permanent)
Total licenses 2
Pool: Owner 2
Allocated Node(s):
0/4/CPU0 1 [Owner]
FeatureID: A9K-iVRF-LIC (Slot based, Permanent)
Total licenses 1
Pool: Owner 1
FeatureID: A9K-iVRF-LIC (Slot based, Evaluation)
Total licenses 3
Pool: Owner 3
Allocated Node(s):
0/1/CPU0 1 [Owner]
Restoring Licenses
If your licenses become corrupted, and you have previously created a backup of your licenses, you can perform
this task to restore the licenses to your router.
Before You Begin
You must have created a backup file of your licenses before you can restore them on your router.
SUMMARY STEPS
1. admin
2. show license backup backup-file
3. license restore backup-file
DETAILED STEPS
Command or Action Purpose
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 87
Software Entitlement on the Cisco ASR 9000 Series Router
Restoring LicensesCommand or Action Purpose
Displays the contents of the backup file. You should verify
the contents of the backup file before you restore your
licenses.
show license backup backup-file
Example:
RP/0/RSP0/CPU0:router(admin)# show license
backup disk1:/license_back
Step 2
Restores all licenses on the router from a backup file in the
specified location. This can be a local file, or a remote file
on a TFTP or RCP server.
license restore backup-file
Example:
RP/0/RSP0/CPU0:router(admin)# license restore
disk1:/license_back
Step 3
Examples
The following example shows sample output from the license restore command.
RP/0/RSP0/CPU0:router(admin)# license restore disk1:/license_back
Info: This command will erase all existing licenses.
Info: It is strongly recommended to backup existing licenses first.
Do you wish to proceed? [yes/no]: y
License command "license restore disk1:/license_back" completed successfully.
Troubleshooting License Issues after a Software Upgrade
In the instance that you were running Cisco IOS XR Release 3.9.0 and had the optic feature enabled on a
interface and the A9K-ADV-OPTIC-LIC license was active on a particular slot, when you upgrade to Cisco
IOS XR Release 4.0.0, the A9K-ADV-OPTIC-LIC license is still active, but you may get the following
warning message:
RP/0/RSP0/CPU0:Jul 27 14:22:22.594 : licmgr[236]:
%LICENSE-LICMGR-4-PACKAGE_LOCATION_LICENSE_INVALID :
Feature associated to package A9K-ADV-OPTIC-LIC configured
on node 0/4/CPU0 without a valid license
To solve this issue, configure the license command in administration EXEC mode. This binds the
A9K-ADV-OPTIC-LIC license to the slot on which you are using the license. For example:
RP/0/RSP0/CPU0:router(admin-config)# license A9K-ADV-OPTIC-LIC location 0/4/CPU0
RP/0/RSP0/CPU0:router(admin-config)# commit
Additional References
The following sections provide references related to Cisco IOS XR software entitlement.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
88 OL-26081-03
Software Entitlement on the Cisco ASR 9000 Series Router
Troubleshooting License Issues after a Software UpgradeRelated Documents
Related Topic Document Title
Software Entitlement Commands on the Cisco ASR 9000 Series
Router module of Cisco ASR 9000 Series Aggregation Services
Router System Management Command Reference
Cisco IOS XR software entitlement
commands
Implementing MPLS Layer 2 VPNs module of Cisco ASR 9000
Series Aggregation Services Router MPLS Configuration Guide
Layer 2 VPN configuration
Implementing MPLS Layer 3 VPNs on the Cisco ASR 9000 Series
Router module of Cisco ASR 9000 Series Aggregation Services
Router MPLS Configuration Guide
Layer 3 VPN configuration
Cisco ASR 9000 Series Aggregation Services Router Commands
Master List
Cisco IOS XR software commands
Cisco ASR 9000 Series Aggregation Services Router Getting
Started Guide
Information on getting started with
Cisco IOS XR software
Configuring AAA Services on the Cisco ASR 9000 Series Router
module of Cisco ASR 9000 Series Aggregation Services Router
System Security Configuration Guide
Information about user groups and task
IDs
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the
Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 89
Software Entitlement on the Cisco ASR 9000 Series Router
Additional ReferencesRFCs
RFCs Title
No new or modified RFCs are supported by this —
feature, and support for existing RFCs has not been
modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
90 OL-26081-03
Software Entitlement on the Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 6
Managing the Router Hardware
This chapter describes the command-line interface (CLI) techniques and commands used to manage and
configure the hardware components of a router running the Cisco IOS XR software.
For complete descriptions of the commands listed in this module, see Additional References, on page 119.
To locate documentation for other commands that might appear in the course of performing a configuration
task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List.
Table 13: Feature History for Managing Router Hardware with Cisco IOS XR Software
Release Modification
Release 3.7.2 This feature was introduced.
This module contains the following topics:
• Prerequisites for Managing Router Hardware, page 92
• Displaying Hardware Status, page 92
• RSP Redundancy and Switchover, page 107
• Reloading, Shutting Down, or Power Cycling a Node, page 111
• Flash Disk Recovery, page 115
• Using Controller Commands to Manage Hardware Components, page 115
• Formatting Hard Drives, Flash Drives, and Other Storage Devices, page 115
• Removing and Replacing Cards, page 116
• Upgrading the CPU Controller Bits, page 119
• Additional References, page 119
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 91Prerequisites for Managing Router Hardware
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Displaying Hardware Status
This section describes how to display different types of hardware status information.
Displaying SDR Hardware Version Information
To display hardware version information for the components assigned to a secure domain router (SDR),
connect to the designated shelf controller (DSC) and enter the show diag command in EXEC mode. The
displayed information includes the card serial number and the ROMMON software version.
The syntax for the show diag command in EXEC mode is:
show diag [node-id | details | summary]
In the following example, the show diag command displays information for all nodes in the SDR:
RP/0/RSP0/CPU0:router# show diag
Mon Jun 29 00:36:41.576 PST
NODE module 0/RSP0/CPU0 :
MAIN: board type 0x100302
S/N: FOC1230803H
Top Assy. Number: 68-3160-04
PID: A2K-RSP-4G-HDD=
UDI_VID: VP4
HwRev: V4.8
New Deviation Number: 0
CLEI: IPUCARJBAA
Board State : IOS XR RUN
PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A
MONLIB: QNXFFS Monlib Version 3.2
ROMMON: Version 1.0(20081208:173612) [ASR9K ROMMON]
Board FPGA/CPLD/ASIC Hardware Revision:
Compact Flash : V1.0
XbarSwitch0 : V1.3
XbarSwitch1 : V1.3
XbarArbiter : V1.0
XbarInterface : V0.0
IntCtrl : V1.14
ClkCtrl : V1.13
PuntFPGA : V1.5
HD : V3.0
USB0 : V77.20
USB1 : V77.20
CPUCtrl : V1.17
UTI : V1.6
LIU : V1.0
MLANSwitch : V0.0
EOBCSwitch : V2.0
CBC (active partition) : v1.2
CBC (inactive partition) : v1.1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
92 OL-26081-03
Managing the Router Hardware
Prerequisites for Managing Router HardwareNODE module 0/1/CPU0 :
MAIN: board type 0x20207
S/N: FOC123081J6
Top Assy. Number: 68-3182-03
PID: A9K-40GE-B
UDI_VID: V1D
HwRev: V0.0
New Deviation Number: 0
CLEI:
Board State : IOS XR RUN
PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A
ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON]
Board FPGA/CPLD/ASIC Hardware Revision:
NP0 : V3.194
NP1 : V3.194
NP2 : V3.194
NP3 : V3.194
XbarInterface : V18.4
Bridge0 : V0.38
Bridge1 : V0.38
CPUCtrl : V0.15
USB : V77.20
PortCtrl : V0.8
PHYCtrl : V0.6
40 Port Gigabit Ethernet Daughter board : V0.0
CBC (active partition) : v2.2
CBC (inactive partition) : v2.1
NODE module 0/4/CPU0 :
MAIN: board type 0x2020a
S/N: FOC123081JA
Top Assy. Number: 68-3183-02
PID: A9K-8T/4-B
UDI_VID: V1D
HwRev: V0.0
New Deviation Number: 0
CLEI: IPU3AE0CAA
Board State : IOS XR RUN
PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A
ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON]
Board FPGA/CPLD/ASIC Hardware Revision:
NP0 : V3.194
NP1 : V3.194
NP2 : V3.194
NP3 : V3.194
XbarInterface : V18.4
Bridge0 : V0.38
Bridge1 : V0.38
CPUCtrl : V0.15
USB : V77.20
PortCtrl : V0.10
PHYCtrl : V0.7
PHY0 : V0.16
PHY1 : V0.16
PHY2 : V0.16
PHY3 : V0.16
PHY4 : V0.16
PHY5 : V0.16
PHY6 : V0.16
PHY7 : V0.16
8 Port Ten Gigabit Ethernet Daughter board : V0.0
CBC (active partition) : v2.2
CBC (inactive partition) : v2.1
NODE module 0/6/CPU0 :
MAIN: board type 0x20208
S/N: FHH12250033
Top Assy. Number: 68-3184-02
PID: A9K-4T-B
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 93
Managing the Router Hardware
Displaying SDR Hardware Version InformationUDI_VID: V1D
HwRev: V0.0
New Deviation Number: 0
CLEI:
Board State : IOS XR RUN
PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A
ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON]
Board FPGA/CPLD/ASIC Hardware Revision:
NP0 : V3.194
NP1 : V3.194
NP2 : V3.194
NP3 : V3.194
XbarInterface : V18.4
Bridge0 : V0.38
Bridge1 : V0.38
CPUCtrl : V0.15
USB : V77.20
PHY0 : V0.16
PHY1 : V0.16
PHY2 : V0.16
PHY3 : V0.16
PortCtrl : V0.10
PHYCtrl : V0.7
4 Port Ten Gigabit Ethernet Daughter board : V0.0
CBC (active partition) : v2.2
CBC (inactive partition) : v2.1
In the following example, the show diag command displays information for a single node:
RP/0/RSP0/CPU0:router# show diag 0/6/cpu0
Mon Jun 29 00:41:43.450 PST
NODE module 0/6/CPU0 :
MAIN: board type 0x20208
S/N: FHH12250033
Top Assy. Number: 68-3184-02
PID: A9K-4T-B
UDI_VID: V1D
HwRev: V0.0
New Deviation Number: 0
CLEI:
Board State : IOS XR RUN
PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A
ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON]
Board FPGA/CPLD/ASIC Hardware Revision:
NP0 : V3.194
NP1 : V3.194
NP2 : V3.194
NP3 : V3.194
XbarInterface : V18.4
Bridge0 : V0.38
Bridge1 : V0.38
CPUCtrl : V0.15
USB : V77.20
PHY0 : V0.16
PHY1 : V0.16
PHY2 : V0.16
PHY3 : V0.16
PortCtrl : V0.10
PHYCtrl : V0.7
4 Port Ten Gigabit Ethernet Daughter board : V0.0
CBC (active partition) : v2.2
CBC (inactive partition) : v2.1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
94 OL-26081-03
Managing the Router Hardware
Displaying SDR Hardware Version InformationDisplaying System Hardware Version Information
To display hardware version information for all or some of the components assigned in a system, connect to
the designated shelf controller (DSC) and enter the show diag command in administration EXEC mode.
When this command is entered in administration EXEC mode, you can display information on RSPs, line
cards, and system components such as the chassis, fan trays, and power supplies.
If you enter the show diag command in EXEC mode, the software displays only the hardware assigned
to the SDR to which you are connected.
Note
The syntax for the show diag command in administration EXEC mode is:
show diag [node-id | chassis | details | fans | memory | power-supply | summary]
Tip For information on the software version, use the show version command.
In the following example, the show diag command displays information for all nodes in the system:
RP/0/RSP0/CPU0:router(admin)# show diag
Mon Jun 29 01:21:04.571 PST
NODE module 0/RSP0/CPU0 :
MAIN: board type 0x100302
S/N: FOC1230803H
Top Assy. Number: 68-3160-04
PID: A2K-RSP-4G-HDD=
UDI_VID: VP4
HwRev: V4.8
New Deviation Number: 0
CLEI: IPUCARJBAA
Board State : IOS XR RUN
PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A
MONLIB: QNXFFS Monlib Version 3.2
ROMMON: Version 1.0(20081208:173612) [ASR9K ROMMON]
Board FPGA/CPLD/ASIC Hardware Revision:
Compact Flash : V1.0
XbarSwitch0 : V1.3
XbarSwitch1 : V1.3
XbarArbiter : V1.0
XbarInterface : V0.0
IntCtrl : V1.14
ClkCtrl : V1.13
PuntFPGA : V1.5
HD : V3.0
USB0 : V77.20
USB1 : V77.20
CPUCtrl : V1.17
UTI : V1.6
LIU : V1.0
MLANSwitch : V0.0
EOBCSwitch : V2.0
CBC (active partition) : v1.2
CBC (inactive partition) : v1.1
NODE fantray 0/FT0/SP :
MAIN: board type 0x900211
S/N:
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 95
Managing the Router Hardware
Displaying System Hardware Version InformationTop Assy. Number: 32-0000-00
PID:
UDI_VID:
HwRev: V32.0
New Deviation Number: 0
CLEI:
PLD: Motherboard: N/A, Processor: N/A, Power: N/A
ROMMON:
Board FPGA/CPLD/ASIC Hardware Revision:
CBC (active partition) : v4.0
CBC (inactive partition) : v0.13
NODE fantray 0/FT1/SP :
MAIN: board type 0x900211
S/N:
Top Assy. Number: 32-0000-00
PID:
UDI_VID:
HwRev: V32.0
New Deviation Number: 0
CLEI:
PLD: Motherboard: N/A, Processor: N/A, Power: N/A
ROMMON:
Board FPGA/CPLD/ASIC Hardware Revision:
CBC (active partition) : v4.0
CBC (inactive partition) : v0.13
NODE module 0/1/CPU0 :
MAIN: board type 0x20207
S/N: FOC123081J6
Top Assy. Number: 68-3182-03
PID: A9K-40GE-B
UDI_VID: V1D
HwRev: V0.0
New Deviation Number: 0
CLEI:
Board State : IOS XR RUN
PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A
ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON]
Board FPGA/CPLD/ASIC Hardware Revision:
NP0 : V3.194
NP1 : V3.194
NP2 : V3.194
NP3 : V3.194
XbarInterface : V18.4
Bridge0 : V0.38
Bridge1 : V0.38
CPUCtrl : V0.15
USB : V77.20
PortCtrl : V0.8
PHYCtrl : V0.6
40 Port Gigabit Ethernet Daughter board : V0.0
CBC (active partition) : v2.2
CBC (inactive partition) : v2.1
NODE module 0/4/CPU0 :
MAIN: board type 0x2020a
S/N: FOC123081JA
Top Assy. Number: 68-3183-02
PID: A9K-8T/4-B
UDI_VID: V1D
HwRev: V0.0
New Deviation Number: 0
CLEI: IPU3AE0CAA
Board State : IOS XR RUN
PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A
ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON]
Board FPGA/CPLD/ASIC Hardware Revision:
NP0 : V3.194
NP1 : V3.194
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
96 OL-26081-03
Managing the Router Hardware
Displaying System Hardware Version InformationNP2 : V3.194
NP3 : V3.194
XbarInterface : V18.4
Bridge0 : V0.38
Bridge1 : V0.38
CPUCtrl : V0.15
USB : V77.20
PortCtrl : V0.10
PHYCtrl : V0.7
PHY0 : V0.16
PHY1 : V0.16
PHY2 : V0.16
PHY3 : V0.16
PHY4 : V0.16
PHY5 : V0.16
PHY6 : V0.16
PHY7 : V0.16
8 Port Ten Gigabit Ethernet Daughter board : V0.0
CBC (active partition) : v2.2
CBC (inactive partition) : v2.1
NODE module 0/6/CPU0 :
MAIN: board type 0x20208
S/N: FHH12250033
Top Assy. Number: 68-3184-02
PID: A9K-4T-B
UDI_VID: V1D
HwRev: V0.0
New Deviation Number: 0
CLEI:
Board State : IOS XR RUN
PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A
ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON]
Board FPGA/CPLD/ASIC Hardware Revision:
NP0 : V3.194
NP1 : V3.194
NP2 : V3.194
NP3 : V3.194
XbarInterface : V18.4
Bridge0 : V0.38
Bridge1 : V0.38
CPUCtrl : V0.15
USB : V77.20
PHY0 : V0.16
PHY1 : V0.16
PHY2 : V0.16
PHY3 : V0.16
PortCtrl : V0.10
PHYCtrl : V0.7
4 Port Ten Gigabit Ethernet Daughter board : V0.0
CBC (active partition) : v2.2
CBC (inactive partition) : v2.1
NODE power-module 0/PM0/SP :
MAIN: board type 0xf00188
S/N:
Top Assy. Number: 341-00032-01
PID: A9K-3KW-AC
UDI_VID: V00
HwRev: V0.0
New Deviation Number: 0
CLEI: ACACACACAC
PLD: Motherboard: N/A, Processor: N/A, Power: N/A
ROMMON:
Board FPGA/CPLD/ASIC Hardware Revision:
NODE power-module 0/PM1/SP :
MAIN: board type 0xf00188
S/N:
Top Assy. Number: 341-00032-01
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 97
Managing the Router Hardware
Displaying System Hardware Version InformationPID: A9K-3KW-AC
UDI_VID: V00
HwRev: V0.0
New Deviation Number: 0
CLEI: ACACACACAC
PLD: Motherboard: N/A, Processor: N/A, Power: N/A
ROMMON:
Board FPGA/CPLD/ASIC Hardware Revision:
NODE power-module 0/PM2/SP :
MAIN: board type 0xf00188
S/N:
Top Assy. Number: 341-00032-01
PID: A9K-3KW-AC
UDI_VID: V00
HwRev: V0.0
New Deviation Number: 0
CLEI: ACACACACAC
PLD: Motherboard: N/A, Processor: N/A, Power: N/A
ROMMON:
Board FPGA/CPLD/ASIC Hardware Revision:
Rack 0 - ASR-9010 Chassis, Includes Accessories
RACK NUM: 0
S/N:
PID: ASR-9010 Backplane
VID: 0.1
Desc: ASR-9010 Chassis, Includes Accessories
CLEI: NOCLEI
Top Assy. Number: 68-1234-56
In the following example, the show diag command displays information for a single system component:
RP/0/RSP0/CPU0:router(admin)# show diag chassis
Mon Jun 29 01:25:05.711 PST
Rack 0 - ASR-9010 Chassis, Includes Accessories
RACK NUM: 0
S/N:
PID: ASR-9010 Backplane
VID: 0.1
Desc: ASR-9010 Chassis, Includes Accessories
CLEI: NOCLEI
Top Assy. Number: 68-1234-56
Displaying Software and Hardware Information
The show version command displays a variety of system information, including the hardware and software
versions, router uptime, boot settings (including the configuration register), and active software.
The following is sample output from the show version command:
RP/0/RP0/CPU0:router# show version
Sat Aug 1 22:52:39.089 DST
Cisco IOS XR Software, Version 3.9.0.16I[DT_IMAGE]
Copyright (c) 2009 by Cisco Systems, Inc.
ROM: System Bootstrap, Version 1.1(20090521:183759) [ASR9K ROMMON],
router uptime is 1 day, 2 hours, 34 minutes
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
98 OL-26081-03
Managing the Router Hardware
Displaying Software and Hardware InformationSystem image file is "bootflash:disk0/asr9k-os-mbi-3.9.0.16I/mbiasr9k-rp.vm"
cisco ASR9K Series (MPC8641D) processor with 4194304K bytes of memory.
MPC8641D processor at 1333MHz, Revision 2.2
2 Management Ethernet
12 TenGigE
40 GigabitEthernet
219k bytes of non-volatile configuration memory.
975M bytes of compact flash card.
33994M bytes of hard disk.
1605616k bytes of disk0: (Sector size 512 bytes).
1605616k bytes of disk1: (Sector size 512 bytes).
Configuration register on node 0/RSP0/CPU0 is 0x102
Boot device on node 0/RSP0/CPU0 is disk0:
Package active on node 0/RSP0/CPU0:
asr9k-scfclient, V 3.9.0.16I[DT_IMAGE], Cisco Systems, at disk0:asr9k-scfclient-3.9.0.16I
Built on Thu Jul 30 12:09:40 DST 2009
By sjc-lds-208 in /auto/ioxbuild7/production/3.9.0.16I.DT_IMAGE/asr9k/workspace for
c4.2.1-p0
asr9k-adv-video, V 3.9.0.16I[DT_IMAGE], Cisco Systems, at disk0:asr9k-adv-video-3.9.0.16I
Built on Thu Jul 30 13:49:37 DST 2009
By sjc-lds-208 in /auto/ioxbuild7/production/3.9.0.16I.DT_IMAGE/asr9k/workspace for
c4.2.1-p0
asr9k-fpd, V 3.9.0.16I[DT_IMAGE], Cisco Systems, at disk0:asr9k-fpd-3.9.0.16I
Built on Thu Jul 30 12:26:21 DST 2009
By sjc-lds-208 in /auto/ioxbuild7/production/3.9.0.16I.DT_IMAGE/asr9k/workspace for
c4.2.1-p0
asr9k-diags, V 3.9.0.16I[DT_IMAGE], Cisco Systems, at disk0:asr9k-diags-3.9.0.16I
Built on Thu Jul 30 12:09:43 DST 2009
By sjc-lds-208 in /auto/ioxbuild7/production/3.9.0.16I.DT_IMAGE/asr9k/workspace for
c4.2.1-p0
asr9k-k9sec, V 3.9.0.16I[DT_IMAGE], Cisco Systems, at disk0:asr9k-k9sec-3.9.0.16I
Built on Thu Jul 30 12:25:25 DST 2009
By sjc-lds-208 in /auto/ioxbuild7/production/3.9.0.16I.DT_IMAGE/asr9k/workspace for
c4.2.1-p0
asr9k-mgbl, V 3.9.0.16I[DT_IMAGE], Cisco Systems, at disk0:asr9k-mgbl-3.9.0.16I
Built on Thu Jul 30 13:48:16 DST 2009
--More--
Displaying SDR Node IDs and Status
In EXEC mode, the show platform command displays information for all nodes assigned to the owner SDR.
For each node, this information includes the host card type, the operational state, and the configuration state.
To display information on a single node, enter the command with a node ID.
The syntax for the show platform command is:
show platform [node-id]
The following example displays the status for all nodes in the SDR to which you are connected:
RP/0/RSP0/CPU0:router# show platform
Mon Aug 3 07:39:01.416 DST
Node Type State Config State
-----------------------------------------------------------------------------
0/RSP0/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON
0/1/CPU0 A9K-40GE-B IOS XR RUN PWR,NSHUT,MON
0/4/CPU0 A9K-8T/4-B IOS XR RUN PWR,NSHUT,MON
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 99
Managing the Router Hardware
Displaying SDR Node IDs and Status0/6/CPU0 A9K-4T-B IOS XR RUN PWR,NSHUT,MON
The node-id appears in the rack/slot/module notation, and the node-id components are as follows:
• rack —In a single-shelf system the rack number is always “0.”
• slot —Number of the physical slot in which the card is installed.
• module —Subslot number of a system hardware component.
Table 14: Node ID Components, on page 100 summarizes the node-id for each type of card.
Table 14: Node ID Components
Module (the entity on the
card that is the target of
the command)
Slot (the physical slot in
which the card is
installed)
Card Type (the card to Rack (always “0”)
which your are issuing
commands)
Route switch processor 0 RSP0 and RSP1 CPU0
0-X (SFP and XFP
module number on the
line card)
4-7 (6-slot chassis)
0–7 (10-slot chassis)
40-Port Gigabit Ethernet 0-255
Line Card
8-Port 10-Gigabit
Ethernet Line Card
4-Port 10-Gigabit
Ethernet Line Card
PM0-PM5 (10-slot —
chassis)
PM0-PM2 (6-slot chassis
Power Modules 0
Fan controller cards 0 FC0–FC1 —
Displaying Router Node IDs and Status
In administration EXEC mode, the show platform command displays information for all router nodes. In
administration EXEC mode, the command display also includes additional node IDs such as those for fabric
cards, alarm modules, and fan controllers. For each node, this information includes the host card type, the
operational state, and the configuration state. To display information on a single node, enter the command
with a node ID.
The syntax for the show platform command is:
show platform [node-id]
The following example displays the status for all nodes in the system:
RP/0/RSP0/CPU0:router(admin)# show platform
Sat Mar 24 05:02:18.569 DST
Node Type State Config State
-----------------------------------------------------------------------------
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
100 OL-26081-03
Managing the Router Hardware
Displaying Router Node IDs and Status0/RSP0/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON
0/1/CPU0 A9K-40GE-B IOS XR RUN PWR,NSHUT,MON
0/4/CPU0 A9K-8T/4-B IOS XR RUN PWR,NSHUT,MON
0/6/CPU0 A9K-4T-B IOS XR RUN PWR,NSHUT,MON
The node-id appears in the rack/slot/module notation, and the node-id components are as follows:
• rack —In a single-shelf system the rack number is always “0.”
• slot —Number of the physical slot in which the card is installed.
• module —Subslot number of a system hardware component.
Table 14: Node ID Components, on page 100 summarizes the node-id argument for each type of card.
Displaying Router Environment Information
The show environment command displays hardware information for the system, including fan speeds, LED
indications, power supply voltage and current information, and temperatures.
The syntax for the show environment command is:
show environment [options]
You can use the show environment command options to limit the detail in the command display. To view
the command options, enter the show environment ? command. The following example shows the full
environment status report:
RP/0/RSP0/CPU0:router(admin)# show environment
Mon Jun 29 04:32:07.587 PST
Temperature Information
---------------------------------------------
R/S/I Modules Inlet Hotspot
Temperature Temperature
(deg C) (deg C)
0/1/*
host 31.5 39.5
0/RSP0/*
host 26.6 36.6
0/4/*
host 29.8 38.8
0/6/*
host 32.7 42.0
0/FT0/*
host 27.2 28.2
0/FT1/*
host 27.4 30.2
Voltage Information
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 101
Managing the Router Hardware
Displaying Router Environment Information---------------------------------------------
R/S/I Modules Sensor (mV) Margin
0/1/*
host IBV 10647 n/a
host 5.0V 4929 n/a
host VP3P3_CAN 3288 n/a
host 3.3V 3301 n/a
host 2.5V 2516 n/a
host 1.8VB 1810 n/a
host 1.2VB 1193 n/a
host 1.8VA 1800 n/a
host 0.9VB 884 n/a
host 1.2V_LDO_BRG0 1193 n/a
host 1.2V_LDO_BRG1 1195 n/a
host 1.8VC 1811 n/a
host 1.5VB 1505 n/a
host 1.5VA 1503 n/a
host 1.1V(1.05V_CPU) 1052 n/a
host 0.75VA 751 n/a
host 0.75VB_0.75VC 754 n/a
host 1.1VB 1102 n/a
host 1.2V_TCAM0 1003 n/a
host 1.2V_TCAM1 1000 n/a
host 1.0V_Bridge_LDO 998 n/a
host 1.0VB 1043 n/a
host 0.75VD_and_0.75VE 752 n/a
host 1.2V_TCAM2 1005 n/a
host 1.2V_TCAM3 1002 n/a
host 1.5VC 1504 n/a
host 1.8VD 1803 n/a
host 1.1VC 1099 n/a
host ZARLINK_3.3V 3272 n/a
host ZARLINK_1.8V 1808 n/a
host 1.2V_DB 1195 n/a
host 3.3V_DB 3316 n/a
host 2.5V_DB 2534 n/a
host 1.5V_DB 1509 n/a
0/RSP0/*
host 0.75VTT 749 n/a
host 0.9VTT_A 910 n/a
host 0.9VTT_B 904 n/a
host IBV 10586 n/a
host 5.0V 5013 n/a
host VP3P3_CAN 3277 n/a
host 3.3V 3299 n/a
host 2.5V 2518 n/a
host 1.8VB 1807 n/a
host 1.2VA 1205 n/a
host 1.2VB 1202 n/a
host 1.05V 1047 n/a
host 1.2VD 1205 n/a
host 1.8VA 1811 n/a
host 1.5V 1496 n/a
host 1.9V 1887 n/a
0/4/*
host IBV 10627 n/a
host 5.0V 4917 n/a
host VP3P3_CAN 3279 n/a
host 3.3V 3296 n/a
host 2.5V 2522 n/a
host 1.8VB 1805 n/a
host 1.2VB 1188 n/a
host 1.8VA 1796 n/a
host 0.9VB 881 n/a
host 1.2V_LDO_BRG0 1192 n/a
host 1.2V_LDO_BRG1 1195 n/a
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
102 OL-26081-03
Managing the Router Hardware
Displaying Router Environment Informationhost 1.8VC 1806 n/a
host 1.5VB 1510 n/a
host 1.5VA 1503 n/a
host 1.1V(1.05V_CPU) 1048 n/a
host 0.75VA 753 n/a
host 0.75VB_0.75VC 757 n/a
host 1.1VB 1105 n/a
host 1.2V_TCAM0 1003 n/a
host 1.2V_TCAM1 1000 n/a
host 1.0V_Bridge_LDO 997 n/a
host 1.0VB 1037 n/a
host 0.75VD_and_0.75VE 755 n/a
host 1.2V_TCAM2 1004 n/a
host 1.2V_TCAM3 1005 n/a
host 1.5VC 1505 n/a
host 1.8VD 1808 n/a
host 1.1VC 1104 n/a
host ZARLINK_3.3V 3285 n/a
host ZARLINK_1.8V 1806 n/a
host 1.2V_DB 1205 n/a
host 3.3V_DB 3318 n/a
host 2.5V_DB 2493 n/a
host 1.5V_DB 1497 n/a
host 1.8V_DB 1825 n/a
host 5.0V_XFP_DB 5001 n/a
host 1.2VB_DB 1228 n/a
0/6/*
host IBV 10628 n/a
host 5.0V 4893 n/a
host VP3P3_CAN 3281 n/a
host 3.3V 3297 n/a
host 2.5V 2524 n/a
host 1.8VB 1804 n/a
host 1.2VB 1204 n/a
host 1.8VA 1795 n/a
host 0.9VB 881 n/a
host 1.2V_LDO_BRG0 1194 n/a
host 1.2V_LDO_BRG1 1193 n/a
host 1.8VC 1815 n/a
host 1.5VB 1495 n/a
host 1.5VA 1503 n/a
host 1.1V(1.05V_CPU) 1052 n/a
host 0.75VA 752 n/a
host 0.75VB_0.75VC 749 n/a
host 1.1VB 1001 n/a
host 1.2V_TCAM0 999 n/a
host 1.2V_TCAM1 1002 n/a
host 1.0V_Bridge_LDO 995 n/a
host 1.0VB 1050 n/a
host 0.75VD_and_0.75VE 752 n/a
host 1.2V_TCAM2 1002 n/a
host 1.2V_TCAM3 995 n/a
host 1.5VC 1502 n/a
host 1.8VD 1802 n/a
host 1.1VC 1101 n/a
host ZARLINK_3.3V 3273 n/a
host ZARLINK_1.8V 1804 n/a
host 1.2V_DB 1200 n/a
host 3.3V_DB 3314 n/a
host 2.5V_DB 2496 n/a
host 1.5V_DB 1496 n/a
host 1.8V_DB 1824 n/a
host 5.0V_XFP_DB 5004 n/a
host 1.2VB_DB 1227 n/a
LED Information
---------------------------------------------
R/S/I Modules LED Status
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 103
Managing the Router Hardware
Displaying Router Environment Information0/RSP0/*
host Critical-Alarm Off
host Major-Alarm Off
host Minor-Alarm Off
host ACO Off
Fan Information
---------------------------------------------
Fan speed (rpm):
FAN0 FAN1 FAN2 FAN3 FAN4 FAN5 FAN6 FAN7 FAN8 FAN9
FAN10 FAN11
0/FT0/*
3510 3510 3510 3540 3510 3570 3480 3570 3510 3510
3510 3510
0/FT1/*
3540 3510 3450 3540 3480 3600 3480 3450 3540 3540
3480 3540
Power Supply Information
---------------------------------------------
R/S/I Modules Sensor Watts
0/PM0/*
host PM 3000
0/PM1/*
host PM 3000
0/PM2/*
host PM 3000
Power Shelves Type: AC
Total Power Capacity: 9000W
Protected Power Capacity: 4500W
Worst Case Power Used: 3145W
Slot Max Watts
---- ---------
0/1/CPU0 375
0/RSP0/CPU0 250
0/RSP1/CPU0 350
0/4/CPU0 375
0/6/CPU0 375
0/FT0/SP 710 (default)
0/FT1/SP 710 (default)
Worst Case Protected Power Available: 1355W
Displaying RP Redundancy Status
The show redundancy command displays the redundancy status of the route switch processors (RSPs). This
command also displays the boot and switch-over history for the RSPs.
The show redundancy operates in EXEC and administration EXEC mode.
In the following example, the show redundancy command displays the redundancy status for a redundant
RSP pair:
RP/0/RSP0/CPU0:router(admin)# show redundancy
Mon Jun 29 04:49:26.098 PST
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
104 OL-26081-03
Managing the Router Hardware
Displaying RP Redundancy StatusRedundancy information for node 0/RSP0/CPU0:
==========================================
Node 0/RSP0/CPU0 is in ACTIVE role
Node 0/RSP0/CPU0 has no valid partner
Reload and boot info
----------------------
A9K-RSP-4G reloaded Thu Jun 11 15:20:50 2009: 2 weeks, 3 days, 13 hours, 28 minutes ago
Active node booted Thu Jun 11 15:20:50 2009: 2 weeks, 3 days, 13 hours, 28 minutes ago
Active node reload "Cause: Turboboot completed successfully"
Displaying Field-Programmable Device Compatibility
The show hw-module fpd command displaysfield-programmable device (FPD) compatibility for all modules
or a specific module.
The syntax for the show hw-module fpd command is:
show hw-module fpd location {all | node-id}
The show hw-module fpd operates in EXEC and administration EXEC mode.
The following example shows how to display FPD compatibility for all modules in the router:
RP/0/RSP1/CPU0:router# show hw-module fpd location all
Mon Jun 29 05:38:50.332 PST
===================================== ==========================================
Existing Field Programmable Devices
==========================================
HW Current SW Upg/
Location Card Type Version Type Subtype Inst Version Dng?
============ ======================== ======= ==== ======= ==== =========== ====
0/RSP0/CPU0 A9K-RSP-4G 4.8 lc fpga3 0 1.13 No
lc fpga1 0 1.5 No
lc fpga2 0 1.14 No
lc cbc 0 1.2 No
lc fpga4 0 1.6 No
lc rommon 0 1.0 No
--------------------------------------------------------------------------------
0/RSP0/CPU0 ASR-9010-FAN 1.0 lc cbc 1 4.0 No
--------------------------------------------------------------------------------
0/RSP0/CPU0 ASR-9010-FAN 1.0 lc cbc 2 4.0 No
--------------------------------------------------------------------------------
0/1/CPU0 A9K-40GE-B 1.0 lc fpga1 0 0.38 No
lc fpga2 0 0.8 No
lc cbc 0 2.2 No
lc cpld1 0 0.15 No
lc rommon 0 1.0 No
--------------------------------------------------------------------------------
0/1/CPU0 A9K-40GE-B 1.0 lc fpga1 1 0.38 No
--------------------------------------------------------------------------------
0/4/CPU0 A9K-8T/4-B 1.0 lc fpga1 0 0.38 No
lc fpga2 0 0.10 No
lc cbc 0 2.2 No
lc cpld2 0 0.7 No
lc cpld1 0 0.15 No
lc cpld3 0 0.3 No
lc rommon 0 1.0 No
lc fpga3 0 14.42 No
--------------------------------------------------------------------------------
0/4/CPU0 A9K-8T/4-B 1.0 lc fpga1 1 0.38 No
--------------------------------------------------------------------------------
0/6/CPU0 A9K-4T-B 1.0 lc fpga1 0 0.38 No
lc fpga2 0 0.10 No
lc cbc 0 2.2 No
lc cpld2 0 0.7 No
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 105
Managing the Router Hardware
Displaying Field-Programmable Device Compatibilitylc cpld1 0 0.15 No
lc cpld3 0 0.3 No
lc rommon 0 1.0 No
lc fpga3 0 14.42 No
--------------------------------------------------------------------------------
0/6/CPU0 A9K-4T-B 1.0 lc fpga1 1 0.38 No
--------------------------------------------------------------------------------
The following example shows how to display FPD compatibility for a specific module in the router:
RP/0/RSP1/CPU0:router# show hw-module fpd location 0/4/cpu0
Thu Nov 19 21:43:49.599 UTC
===================================== ==========================================
Existing Field Programmable Devices
==========================================
HW Current SW Upg/
Location Card Type Version Type Subtype Inst Version Dng?
============ ======================== ======= ==== ======= ==== =========== ====
0/4/CPU0 A9K-SIP-700 1.13 lc fpga1 0 0.22 No
lc cbc 0 3.03 No
lc hsbi 0 3.00 No
lc rommon 0 1.02 No
lc fpga2 0 5.14 No
lc cpld1 0 0.14 No
--------------------------------------------------------------------------------
Table 15: show hw-module fpd Field Descriptions
Field Description
Location of the module in the rack/slot/module
notation.
Location
Card Type Module part number.
HW Version Hardware model version for the module.
Hardware type. Can be one of the following types:
• spa—Shared port adapter
• lc—Line card
Type
FPD type. Can be one of the following types:
• fabldr—Fabric downloader
• fpga1—Field-programmable gate array
• fpga2—Field-programmable gate array 2
• fpga3—Field-programmable gate array 3
• fpga4—Field-programmable gate array 4
• fpga5—Field-programmable gate array 5
• rommonA—Read-only memory monitor A
• rommon—Read-only memory monitor B
Subtype
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
106 OL-26081-03
Managing the Router Hardware
Displaying Field-Programmable Device CompatibilityField Description
FPD instance. The FPD instance uniquely identifies
an FPD and is used by the FPD process to register an
FPD.
Inst
Current SW Version Currently running FPD image version.
Specifies whether an FPD upgrade or downgrade is
required. A downgrade isrequired in rare cases when
the version of the FPD image has a higher major
revision than the version of the FPD image in the
current Cisco IOS XR software package.
Upg/Dng?
RSP Redundancy and Switchover
This section describes RSP redundancy and switchover commands and issues.
Establishing RSP Redundancy
Your router has two slots for RSPs: RSP0 and RSP1 (see Figure 3: Redundant Set of RSPs Installed in Slots
RSP0 and RSP1 in an 8-Slot Chassis, on page 108). RSP0 is the slot on the left, facing the fron of the chassis,
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 107
Managing the Router Hardware
RSP Redundancy and Switchoverand RSP1 isthe slot on right. These slots are configured for redundancy by default, and the redundancy cannot
be eliminated. To establish RSP redundancy, install RSPs into both slots.
Figure 3: Redundant Set of RSPs Installed in Slots RSP0 and RSP1 in an 8-Slot Chassis
Determining the Active RP in a Redundant Pair
During system startup, one RSP in each redundant pair becomes the active RSP. You can tell which RSP is
the active RSP in the following ways:
• The active RSP can be identified by the green Primary LED on the faceplate of the card. The active RSP
is indicated when the Primary LED is on. The alphanumeric LED display on the RSP displays ACTV
RP.
• The slot of the active RSP is indicated in the CLI prompt. For example:
RP/0/RSP1/CPU0:router#
In this example, the prompt indicates that you are communicating with the active RSP in slot RSP1. See
Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide for a complete description
of the CLI prompt.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
108 OL-26081-03
Managing the Router Hardware
Determining the Active RP in a Redundant Pair• Enter the show redundancy command in EXEC mode to display a summary of the active and standby
RSP status. For example:
RP/0/RSP0/CPU0:router(admin)# show redundancy
Mon Jun 29 04:49:26.098 PST
Redundancy information for node 0/RSP0/CPU0:
==========================================
Node 0/RSP0/CPU0 is in ACTIVE role
Node 0/RSP0/CPU0 has no valid partner
Reload and boot info
----------------------
A9K-RSP-4G reloaded Thu Jun 11 15:20:50 2009: 2 weeks, 3 days, 13 hours, 28 minutes
ago
Active node booted Thu Jun 11 15:20:50 2009: 2 weeks, 3 days, 13 hours, 28 minutes ago
Active node reload "Cause: Turboboot completed successfully"
Role of the Standby RSP
The second RSP to boot in a redundant pair automatically becomes the standby RSP. While the active RSP
manages the system and communicates with the user interface, the standby RSP maintains a complete backup
of the software and configurations for all cards in the system. If the active RSP fails or goes off line for any
reason, the standby RSP immediately takes control of the system.
Summary of Redundancy Commands
RSP redundancy is enabled by default in the Cisco IOS XR software, but you can use the commands described
in Table 16: RSP Redundancy Commands, on page 109 to display the redundancy status of the cards or force
a manual switchover.
Table 16: RSP Redundancy Commands
Command Description
Displays the redundancy status of the RSPs. This
command also displays the boot and switch-over
history for the RSPs.
show redundancy
Forces a manualswitchover to the standby RSP. This
command works only if the standby RSP is installed
and in the “ready” state.
redundancy switchover
Displaysthe statusfor node, including the redundancy
status of the RSP cards. In EXEC mode, this
command displays status for the nodes assigned to
the SDR. In administration EXEC mode, this
command displays status for all nodes in the system.
show platform
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 109
Managing the Router Hardware
Role of the Standby RSPAutomatic Switchover
Automatic switchover from the active RSP to the standby RSP occurs only if the active RSP encounters a
serious system error, such as the loss of a mandatory process or a hardware failure. When an automatic
switchover occurs, the RSPs respond as follows:
• If a standby RSP is installed and “ready” for switchover, the standby RSP becomes the active RSP. The
original active RSP attempts to reboot.
• If the standby RSP is not in “ready” state, then both RSPs reboot. The first RSP to boot successfully
assumes the role of active RSP.
RSP Redundancy During RSP Reload
The reload command causes the active RSP to reload the Cisco IOS XR software. When an RSP reload
occurs, the RSPs respond as follows:
• If a standby RSP is installed and “ready” for switchover, the standby RSP becomes the active RSP. The
original active RSP reboots and becomes the standby RSP.
• If the standby RSP is not in the “ready” state, then both RSPs reboot. The first RSP to boot successfully
assumes the role of active RSP.
You should not use the reload command to force an RSP switchover because the result could be a
significant loss of router operations. Instead, use the redundancy switchover command to fail over to
the standby RSP, then use the hw-module location node-id reload command to reload the new standby
RSP.
Caution
Related Topics
Reloading, Shutting Down, or Power Cycling a Node, on page 111
Manual Switchover
You can force a manualswitchover from the active RSP to the standby RSP using the redundancy switchover
command.
If a standby RSP is installed and ready for switchover, the standby RSP becomes the active RSP. The original
active RSP becomes the standby RSP. In the following example, partial output for a successful redundancy
switchover operation is shown:
RP/0/RSP0/CPU0:router# show redundancy
This node (0/RSP0/CPU0) is in ACTIVE role
Partner node (0/RSP1/CPU0) is in STANDBY role
Standby node in 0/RSP1/CPU0 is ready
RP/0/RSP0/CPU0:router# redundancy switchover
Updating Commit Database. Please wait...[OK]
Proceed with switchover 0/RSP0/CPU0 -> 0/RSP1/CPU0? [confirm]
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
110 OL-26081-03
Managing the Router Hardware
Automatic SwitchoverInitiating switch-over.
RP/0/RSP0/CPU0:router#
In the preceding example, the Telnet connection is lost when the previously active RP resets. To continue
management of the router, you must connect to the newly activated RP as shown in the following example:
User Access Verification
Username: xxxxx
Password: xxxxx
Last switch-over Sat Apr 15 12:26:47 2009: 1 minute ago
RP/0/RSP1/CPU0:router#
If the standby RSP is not in “ready” state, the switchover operation is not allowed. In the following example,
partial output for a failed redundancy switchover attempt is shown:
RP/0/RSP0/CPU0:router# show redundancy
Redundancy information for node 0/RP1/CPU0:
==========================================
Node 0/RSP0/CPU0 is in ACTIVE role
Partner node (0/RSP1/CPU0) is in UNKNOWN role
Reload and boot info
----------------------
RP reloaded Wed Mar 29 17:22:08 2009: 2 weeks, 2 days, 19 hours, 14 minutes ago
Active node booted Sat Apr 15 12:27:58 2009: 8 minutes ago
Last switch-over Sat Apr 15 12:35:42 2009: 1 minute ago
There have been 4 switch-overs since reload
RP/0/RSP0/CPU0:router# redundancy switchover
Switchover disallowed: Standby node is not ready.
Communicating with a Standby RP
The active RSP automatically synchronizes all system software, settings, and configurations with the standby
RSP.
If you connect to the standby RSP through the console port, you can view the status messages for the standby
RSP. The standby RSP does not display a CLI prompt, so you cannot manage the standby card while it is in
standby mode.
If you connect to the standby RSP through the management Ethernet port, the prompt that appears is for the
active RSP, and you can manage the router the same asif you had connected through the management Ethernet
port on the active RSP.
Reloading, Shutting Down, or Power Cycling a Node
Use the commands described in this section to reload the Cisco IOS XR software on the active RSP or on any
specified node in the system. This section also describes the commands used to administratively shut down
a node and power a node on or off.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 111
Managing the Router Hardware
Communicating with a Standby RPTable 17: Commands to Reload, Shut Down, or Power Cycle a Node, on page 112 summarizes the commands
described in this section.
Table 17: Commands to Reload, Shut Down, or Power Cycle a Node
Command Description
This command administratively turns the power off
for a node. It is entered in administration
configuration mode. The changes do not take effect
until you enter the commit command.
To power on a node, use the no form of this
command.
This command cannot be used to disable
power on the RSP from which the command
is entered.
Note
hw-module location node-id power disable
This command works in EXEC mode and reloads the
Cisco IOS XR software on a specific node or all
nodes. To specify all nodes, enter the all keyword
in place of the node-id argument. The node reloads
with the current running configuration and active
software set for that node.
hw-module location node-id reload
This command must be entered in administration
configuration mode and administratively shuts down
the specified node. Nodesthat are shut down still have
power but cannot load or operate Cisco IOS XR
software.
To return a node to the up state, use the no form of
this command.
This command cannot be used to shut down
the RSP from which the command is entered.
Note
hw-module shutdown location node-id
Causes the active RSP to reload the Cisco IOS XR
software according to the configuration register
setting (for example, 0x0 to enter ROMMON
bootstrap mode and 0x2102 to reload the RSP to
EXEC mode). The reload command can be entered
in EXEC or administration EXEC modes, and you
can see additional options by entering the reload ?
command. See the Reloading the Active RSP , on
page 113 for more information.
reload
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
112 OL-26081-03
Managing the Router Hardware
Reloading, Shutting Down, or Power Cycling a NodeCommand Description
Displays the configuration register setting for the
router.
• Use this command in administration EXEC
mode to see the variables for both RSPs.
• The configuration register setting determines
how the router boots during a system reset. The
most common configuration register settings
are:
? 0x2102: The active RSP loads the
Cisco IOS XR software and default
configuration on the next system boot.
After logging in, the user can access
EXEC mode.
? 0x0: The active RSP enters the bootstrap
ROM Monitor (rommon B1>) on the next
system boot.
show variables boot
Reloading the Active RSP
The reload command causes the active RSP to reload the Cisco IOS XR software according to the
configuration register setting. This setting determines how the active RSP acts when reloaded.
This section contains instructions to reload the Cisco IOS XR software and return to EXEC mode. For
instructions to use the reload command for entering ROM Monitor bootstrap mode, see Cisco ASR 9000
Series Aggregation Services Router ROM Monitor Guide.
Because the reload command causes the active RSP to go off line and either reload the Cisco IOS XR
software or enter ROM Monitor mode, the router experiences a loss of service unless a redundant standby
RSP is installed and in “ready” state. To display the status of the standby RSP, use the show redundancy
command in EXEC mode.
Caution
SUMMARY STEPS
1. show redundancy
2. admin
3. show variables boot
4. (Optional) config-register 0x2102
5. admin
6. reload
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 113
Managing the Router Hardware
Reloading the Active RSPDETAILED STEPS
Command or Action Purpose
Step 1 show redundancy Displays the RSP redundancy status.
Example:
RP/0/RSP0/CPU0:router# show
redundancy
• If a standby RSP is in “ready” redundancy state, the reload command
also causes the router to gracefully fail over to the standby RSP.
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 2
Step 3 show variables boot Displays the configuration register setting.
Example:
RP/0/RSP0/CPU0:router(admin)# show
variables boot
• Enter this command in administration EXEC mode.
• For normal operations, the configuration registersetting is 0x2102, which
causes the active RSP to reload the Cisco IOS XR software.
• Verify that the configuration register setting is 0x2102. If it is not,
complete Step 4, on page 114 to reset the configuration register to
0x2102.
For instructions on how to enter ROM Monitor bootstrap mode, see
Cisco ASR 9000 Series Aggregation Services Router ROM Monitor
Guide.
Note
(Optional)
Sets the configuration register to 0x2102. This step is necessary only if the
register is not set to 0x2102 in the running configuration.
config-register 0x2102
Example:
RP/0/RSP0/CPU0:router(admin)#
config-register 0x2102
Step 4
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 5
Step 6 reload Reloads the active RSP according to the configuration register setting.
Example:
RP/0/RSP0/CPU0:router# reload
• If the setting is 0x2102, then the RSP reloadsthe Cisco IOS XR software.
• If the standby RSP is in “ready” redundancy state, the router switches
over to the standby RSP.
• If a standby RSP is not installed or not in a “ready” state, the router
experiences a loss of service while the active RSP is reloading the
Cisco IOS XR software.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
114 OL-26081-03
Managing the Router Hardware
Reloading the Active RSPFlash Disk Recovery
When an RSP is power cycled or experiences an ungraceful reset, the boot disk (PCMCIA flash disk used to
boot the card) may experience a file-system corruption. If this occurs, an error message is displayed and the
RSP fails to boot. The corrupted flash disk is automatically reformatted and the Cisco IOS XR software is
restored from the designated system controller (DSC) for the system.
For example, if a flash disk for an RSP is corrupted, the RP fails to boot and the following error message is
displayed:
#########################################################
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS XR Software for the Cisco XR Cisco ASR 9000 Series Router-mbirp,
Copyright (c) 2009 by Cisco Systems, Inc.
Unable to mount /disk0:, filesystem is corrupted.
Check fsck log at /tmp/chkfs_fd0.log
init: special_commands:wait for disk0: failed
If this occurs, then the flash disk is automatically reformatted and the Cisco IOS XR software is restored to
the flash disk.
If the flash disk is badly damaged and cannot be reformatted, the disk must be replaced.
If the corrupted flash disk is the DSC, then the router fails over to the standby DSC. If no standby DSC
is installed, then the system fails to boot.
Note
Using Controller Commands to Manage Hardware Components
The controller , controllers , and show controllers commands are used to manage and display settings
for various hardware components, including the switch fabric management, Ethernet control plane, and
interface manager. These commands are primarily diagnostic and related to driver-level details. The information
available with these commands varies widely and is hardware specific.
For information on the use of these commands, see Cisco ASR 9000 Series Aggregation Services Router
Interface and Hardware Component Command Reference.
Formatting Hard Drives, Flash Drives, and Other Storage Devices
To format a storage device on the router, use the format command in EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 115
Managing the Router Hardware
Flash Disk RecoveryCaution Formatting a storage device deletes all data on that device.
The following command syntax is used:
format filesystem: [options]
Table 18: format command Syntax Description, on page 116 describes the format command syntax.
Table 18: format command Syntax Description
Variable Description
Specifiesthe memory device to format. The supported
file systems are:
• bootflash:
• compactflash:
• configflash:
• harddisk:
• harddiska:
• disk0:
• disk1:
Enter format ? to see the devices supported on your
router.
filesystem
Enter format filesystem: ? to see the available
options.
For more information, see Cisco ASR 9000 Series
Aggregation Services Router System Management
Command Reference.
options
In the following example, the format command is used to format the hard disk:
RP/0/RSP0/CPU0:router# format harddisk:
Removing and Replacing Cards
This section describes card replacement issues and procedures.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
116 OL-26081-03
Managing the Router Hardware
Removing and Replacing CardsRemoving Line Cards
Line cards are designed for online insertion and removal (OIR). A line card is a single card that contains all
service processing functions and physical line interfaces.
The OIR feature allows you to remove and replace cards without removing power to the card or chassis.
Removing a card interrupts all traffic passing through the card, but it does not remove the card configuration.
When you remove a card, the configuration remains for all interfaces, but the interfaces do not appear in the
output of the show interfaces command. You can view interface configurations by entering the show
running-config command. The following example shows how the configuration appears when a card is
removed:
RP/0/RSP0/CPU0:router# show running-config
Building configuration...
hostname router
router ospf 3269
area 0
interface POS0/3/0/0
cost 20
!
interface preconfigure POS0/3/0/0
ipv4 address 10.10.50.1 255.255.255.0
!
interface preconfigure POS0/3/0/1
description POS0/3/0/1
shutdown
!
interface preconfigure POS0/3/0/2
description POS0/3/0/2
shutdown
!
interface preconfigure POS0/3/0/3
description POS0/3/0/3
shutdown
!
In this example, the line card in slot 3 isremoved, and the interface configuration for all four interfaces changes
to “interface preconfigure.” However, the “router ospf” reference to a slot 3 interface does not change. If you
replace a line card with another line card that uses the same media type and port count, the configuration
becomes active on the replacement card.
To remove the configuration for a slot after a card is removed, use the no interface preconfigure command
to remove all interface configuration statements for that card in the running configuration. In addition, search
the configuration for any references to the removed interfaces, such as the “router ospf” reference to slot 3 in
the preceding example.
To remove the configuration for a slot when a card is installed, use the no interface command to remove
all interface configuration statements for that card in the running configuration. In addition, search the
configuration for any references to the removed interfaces.
Each line card supports a specific media type (Packet over SONET/SDH [POS] or Ethernet, for example) and
port count. If you replace a line card with one that supports a different media type or port count, you should
review the configuration and revise it to support the replacement line card.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 117
Managing the Router Hardware
Removing Line CardsReplacing a Line Card with the Same Media Type and Port Count
When you replace a line card or PLIM with a card that is of the same media type and has the same port count
asthe replaced card, the guidelinesin the Removing Line Cards, on page 117 apply. Because the replacement
card is of the same media type and port count, no special procedures are required for card removal and
replacement.
Replacing a Line Card with the Same Media Type and a Different Port Count
When you replace a line card with a card that is of the same media type with a different port count, the
guidelines in Removing Line Cards , on page 117 apply.
If the new card has a greater port count than the replaced card, the configuration applies to the corresponding
lower port numbers, and the ports that did not exist on the replaced card have no configuration and come up
in the shutdown state.
If the new card supports fewer ports, the existing configuration for the corresponding number of ports on the
new card set is applied. The previous configuration for the removed ports remains in interface preconfigure
state, as shown in the following example:
RP/0/RSP0/CPU0:router# show running-config
Building configuration...
hostname rtp-gsr1
interface POS0/3/0/0
ipv4 address 10.10.50.1 255.255.255.0
!
interface preconfigure POS0/3/0/1
description POS0/3/0/1
shutdown
!
interface preconfigure POS0/3/0/2
description POS0/3/0/2
shutdown
!
interface preconfigure POS0/3/0/3
description POS0/3/0/3
shutdown
!
In the preceding example, a four-port card has been replaced with a single-port card. The configuration from
port 1 on the four-port card is applied to the single port on the replacement card, and the remaining port
configurations change to “interface preconfigure.” To remove the configuration for the missing interfaces,
use the no interface preconfigure command. In addition,search for and remove any configuration references
to the removed interfaces.
Whenever you replace a line card with the same media type and a different port count, review the running
configuration in the router and revise the configuration as necessary.
Replacing a Line Card or PLIM with a Different Media Type
When you replace a line card or PLIM with a card that is of a different media type (for example, if you replace
a POS PLIM with an Ethernet PLIM), the guidelines in Removing Line Cards , on page 117 apply. Review
the running configuration in the router and revise the configuration as necessary for the new media type.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
118 OL-26081-03
Managing the Router Hardware
Removing Line CardsUpgrading the CPU Controller Bits
Use this procedure to upgrade the CPU controller bits on all nodes that are installed in the router or on a
specific node.
SUMMARY STEPS
1. admin
2. upgrade cpuctrlbits {all | location node-id}
DETAILED STEPS
Command or Action Purpose
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 1
Step 2 upgrade cpuctrlbits {all | location node-id} Upgrades the CPU controller bits on all nodes in the router.
Example:
RP/0/RSP0/CPU0:router(admin)# upgrade
cpuctrlbits all
Use the location node-id keyword and argument to upgrade
the CPU controller bits on a specific node.
Examples
The following example shows how to upgrade the CPU controller bits on all nodes in a router:
RP/0/RSP0/CPU0:router# admin
RP/0/RSP0/CPU0:router(admin)# upgrade cpucrtlbits all
Please do not power cycle, reload the router or reset any nodes until all upgrades are
completed.
Please check the syslog to make sure that all nodes are upgraded successfully.
If you need to perform multiple upgrades, please wait for current upgrade to be completed
before proceeding to another upgrade. Failure to do so may render the cards under upgrade
to be unusable.
Additional References
The following sections provide references related to hardware management on Cisco IOS XR software.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 119
Managing the Router Hardware
Upgrading the CPU Controller BitsRelated Documents
Related Topic Document Title
Hardware Redundancy and Node Administration
Commands on the Cisco ASR 9000 Series Router
module of Cisco ASR 9000 Series Aggregation
Services Router System Management Command
Reference
Cisco IOS XR hardware commands
See Cisco Carrier Routing System Install and
Upgrade Guides at:
http://www.cisco.com/en/US/products/ ps5763/
prod_installation_guides_list.html
Cisco IOS XR hardware documentation
Cisco ASR 9000 Series Aggregation Services
Router Getting Started Guide
Information about getting started with Cisco IOS XR
software
Cisco ASR 9000 Series Aggregation Services
Router ROM Monitor Guide
ROM Monitor
Cisco ASR 9000 Series Aggregation Services
Router Commands Master List
Cisco IOS XR command master list
Configuring AAA Services on the Cisco ASR 9000
Series Router module of Cisco ASR 9000 Series
Aggregation Services Router System Security
Configuration Guide
Information about user groups and task IDs
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the
Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
120 OL-26081-03
Managing the Router Hardware
Additional ReferencesRFCs
RFCs Title
No new or modified RFCs are supported by this —
feature, and support for existing RFCs has not been
modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 121
Managing the Router Hardware
Additional References Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
122 OL-26081-03
Managing the Router Hardware
Additional ReferencesC H A P T E R 7
Upgrading FPD on the Cisco ASR 9000 Series
Router
In general terms, field-programmable devices (FPDs) are hardware devices implemented on router cards
thatsupportseparate software upgrades. A field-programmable gate array (FPGA) is a type of programmable
memory device that exists on most hardware components of the router. The term FPD has been introduced
to collectively and generically describe any type of programmable hardware device on SIPs and shared port
adapters(SPAs), including FPGAs and the read-only memory monitor (ROMMON). Cisco IOS XR software
provides the Cisco FPD upgrade feature to manage the upgrade of FPD images on SIPs and SPAs.
This chapter describes the information that you must know to verify image versions and to perform an
upgrade for SPA or SIP FPD images when incompatibilities arise.
For complete descriptions of the FPD commands listed in this module, see Related Documents, on page
141. To locate documentation for other commandsthat might appear in the course of performing a configuration
task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List.
Table 19: Feature History for Upgrading FPD Software on Cisco IOS XR Software
Release Modification
Release 3.9.0 Support for FPD upgrades was introduced.
This module contains the following topics:
• Prerequisites for FPD Image Upgrades, page 124
• Overview of FPD Image Upgrade Support, page 124
• How to Upgrade FPD Images, page 125
• Configuration Examples for FPD Image Upgrade, page 128
• Troubleshooting Problems with FPD Image Upgrades, page 140
• Additional References, page 141
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 123Prerequisites for FPD Image Upgrades
Before upgrading the FPD on your router you must install and activate the Cisco ASR 9000 Series
Router-fpd.pie. For information about performing this task, see the Upgrading and Managing the
Cisco ASR 9000 Series Router module in Cisco ASR 9000 Series Aggregation Services Router System
Management Configuration Guide.
Overview of FPD Image Upgrade Support
An FPD image is used to upgrade the software on an FPD. Whenever a Cisco IOS XR Software image is
released thatsupports SIPs and SPAs, a companion SIP and SPA FPD image is bundled with the Cisco IOS XR
software release. Generally, the FPD image is not automatically upgraded. You must manually upgrade the
FPD image running on the SPA or SIP when you upgrade the Cisco IOS XR software image.
FPD versions must be compatible with the Cisco IOS XR software that is running on the router; if an
incompatibility exists between an FPD version and the Cisco IOS XR software, the device with the FPGA
may not operate properly until the incompatibility is resolved. An FPGA incompatibility on a SPA does not
necessarily affect the running of the SPA interfaces; an FPD incompatibility on a SIP disables all interfaces
for all SPAs in the SIP until the incompatibility is addressed.
Use the show hw-module fpd command to determine if an FPD upgrade is required. A value of ‘Yes’ in
the Upg/Dng? (upgrade/downgrade) column indicates that an upgrade or downgrade is required.
The Cisco ASR 9000 Series Router supports upgrades for FPGA devices on its SIPs and SPAs. FPGA and
ROMMON software upgrades are part of an FPD image package that correspondsto a Cisco IOS XR software
image. SIPs and SPAs support manual upgrades for FPGA devices using the Cisco FPD upgrade feature that
is further described in this chapter.
Related Topics
show hw-module fpd Command Output: Example, on page 128
Automatic FPD Upgrade
By default, the FPD image is not automatically upgraded. Generally, you must manually upgrade the FPD
image running on the SPA or SIP when you upgrade the Cisco IOS XR software image. However, if you
enable the fpd auto-upgrade command in administration configuration mode, FPD images are automatically
updated whenever you perform a software upgrade. For the automatic FPD upgrade to work, the following
conditions must be met:
• The FPD package installation envelope (PIE) must already be installed on the router.
• The FPD PIE must be activated together with the new Cisco IOS XR image.
• The fpd auto-upgrade command must be enabled.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
124 OL-26081-03
Upgrading FPD on the Cisco ASR 9000 Series Router
Prerequisites for FPD Image UpgradesAlthough the FPD upgrade is performed during the install operation, there is no install commit performed.
Therefore, once the FPD has been upgraded, if the image is rolled back to the original version, the FPD
version is not downgraded to the previous version.
Note
The automatic FPD upgrade is not performed in the following instances:
• Line cards or other cards such as RSPs, SPAs or alarm cards are added to an existing router.
• A non-reload software maintenance upgrade (SMU) or PIE installation is performed, even where the
FPD image version changes. Since a non-reload installation is, by definition, not supposed to reload the
router, and an FPD upgrade requires a router reload, the automatic FPD upgrade is repressed.
In all cases where the automatic FPD upgrade is not performed, you must perform a manual FPD upgrade
using the upgrade hw-module fpd command.
Note
How to Upgrade FPD Images
You must determine if an FPD image upgrade is needed using the show hw-module fpd command and
perform the upgrade, if needed, under the following circumstances:
• You migrate the software to a later Cisco IOS XR software release.
• You swap SPAs or SIPs from a system running a different Cisco IOS XR software release.
• You insert a new SPA or SIP.
In the event that there is an FPD incompatibility with your card, you may receive an error message. If you
upgrade to a newer version of the Cisco IOS XR software and there is an FPD incompatibility, you receive
the following message:
LC/0/1/CPU0:Dec 23 16:33:47.945 : spa_192_jacket_v2[203]: %PLATFORM-UPGRADE_FPD-4-DOWN_REV
: spa fpga2 instance 0 is down-rev (V0.6), upgrade to (V1.0). Use the "upgrade hw-module
fpd" CLI in admin mode.
If the FPD image on the card is newer then what is required by the currently running Cisco IOS XR software
image on the router, you receive the following error message:
LC/0/1/CPU0:Dec 23 16:33:47.955 : spa_192_jacket_v2[203]: %PLATFORM-UPGRADE_FPD-4-UP_REV :
spa fpga instance 1 is severely up-rev (V2.1), downgrade to (V1.6). Use the "upgrade hw-module
fpd" CLI in admin mode.
You should perform the FPD upgrade procedure if you receive such messages. Cards may not function properly
if FPD incompatibilities are not resolved.
Before You Begin
• Before upgrading the FPD, you must install and activate the asr9k-fpd.pie. For information about
performing this task, see the Upgrading and Managing Cisco IOS XR Software module.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 125
Upgrading FPD on the Cisco ASR 9000 Series Router
How to Upgrade FPD Images• The FPD upgrade procedure is performed while the card is online. At the end of the procedure the card
must be reloaded before the FPD upgrade is complete. To automatically reload the card, you can use
the hw-module reload command during your next maintenance window. The upgrade procedure is not
complete until the card is reloaded.
• During the FPD upgrade, you must not do the following:
? Reload, perform an online insertion and removal (OIR) of a line card (LC), or power down the
chassis. Doing so may cause the node to enter an unusable state.
? Press Ctrl-C if the console appears to hang without any output. Doing so may abort the upgrade.
• If you are not sure whether a card requires an FPD upgrade, you can install the card and use the
show hw-module fpd command to determine if the FPD image on the card is compatible with the
currently running Cisco IOS XR software release.
SUMMARY STEPS
1. show hw-module fpd location {all | node-id}
2. admin
3. (Optional) show fpd package
4. upgrade hw-module fpd {all | fpga-type} [force] location [all | node-id]
5. exit
6. (Optional) hw-module {location node-id | subslot subslot-id} reload
7. show platform
DETAILED STEPS
Command or Action Purpose
Displays the current FPD image versions for the specified card or all cards
installed in the router. Use this command to determine if you must upgrade
the FPD image on your card.
show hw-module fpd location {all |
node-id}
Example:
RP/0/RSP0/CPU0:router# show hw-module
fpd location all
Step 1
or
RP/0/RSP0/CPU0:router# show hw-module
fpd location 0/4/cpu0
admin Enters administration EXEC mode.
Example:
RP/0/RSP0/CPU0:router# admin
Step 2
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
126 OL-26081-03
Upgrading FPD on the Cisco ASR 9000 Series Router
How to Upgrade FPD ImagesCommand or Action Purpose
(Optional)
Displays which cards are supported with your current Cisco IOS XR software
release, which FPD image you need for each card, and what the minimum
show fpd package
Example:
RP/0/RSP0/CPU0:router(admin)# show
fpd package
Step 3
hardware requirements are for the various modules. (A minimum hardware
requirement version of 0.0 indicates that all hardware can support this FPD
image version.)
If there are multiple FPD imagesfor your card, use this command to determine
which FPD image to use if you want to upgrade only a specific FPD type.
Upgrades all the current FPD images that must be upgraded on the specified
card with new images.
upgrade hw-module fpd {all | fpga-type}
[force] location [all | node-id]
Step 4
Example:
RP/0/RSP0/CPU0:router(admin)# upgrade
Before continuing to the next step, wait for confirmation that the FPD upgrade
has successfully completed. Status messages, similar to these, are displayed
to the screen until the FPD upgrade is completed:
FPD upgrade started.
hw-module fpd all force location
0/3/1
.
. FPD upgrade in progress..
.
FPD upgrade in progress..
Successfully upgraded 1 FPD for
SPA-2XOC48POS/RPR on location 0/3/1 FPD upgrade sent to location xxxx
FPD upgrade sent to location yyyy
FPD upgrade in progress..
FPD upgrade finished for location xxx
FPD upgrade in progress..
FPD upgrade finished for location yyyy
FPD upgrade completed.
The “FPD upgrade in progress.” message is printed every minute. These logs
are information logs, and as such, are displayed if the logging console
informational command is configured.
If Ctrl-C is pressed while the FPD upgrade isin progress, the following warning
message is displayed:
FPD upgrade in progress on some hardware, aborting now is not
recommended
as it might cause HW programming failure and result in RMA of the
hardware.
Do you want to continue? [Confirm(y/n)]
If you confirm that you want to abort the FPD upgrade procedure, this message
is displayed:
FPD upgrade process has been aborted, please check the status
of the hardware and reissue the upgrade command if required.
If your card supports multiple FPD images, you can use the show
fpd package admin command to determine what specific image to
upgrade in the upgrade hw-module fpd command.
Note
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 127
Upgrading FPD on the Cisco ASR 9000 Series Router
How to Upgrade FPD ImagesCommand or Action Purpose
exit Exits administration EXEC mode and returns to EXEC mode.
Example:
RP/0/RSP0/CPU0:router(admin)# exit
Step 5
(Optional)
Use the hw-module subslot reload command to reload a SPA and the
hw-module location reload command to reload a SIP or line card.
hw-module {location node-id | subslot
subslot-id} reload
Example:
RP/0/RSP0/CPU0:router# hw-module
subslot 0/3/1 reload
Step 6
or
RP/0/RSP0/CPU0:router# hw-module
location 0/3/cpu0 reload
Verifies that the FPD image on the card has been successfully upgraded by
displaying the status of all cards in the system.
show platform
Example:
RP/0/RSP0/CPU0:router# show platform
Step 7
Configuration Examples for FPD Image Upgrade
The following examples indicates the use of commands associated with the FPD image upgrade procedure.
show hw-module fpd Command Output: Example
Use the show hw-module fpd to display the current version of FPD images on the SPAs, SIPs and other cards
installed on your router.
This command can be used to identify information about FPDs on any card. If you enter the location of a line
card that is not a SPA, the output displays information about any programmable devices on that line card.
The following example shows how to display FPD compatibility for all modules in the router:
RP/0/RSP1/CPU0:router# show hw-module fpd location all
Mon Jun 29 05:38:50.332 PST
===================================== ==========================================
Existing Field Programmable Devices
==========================================
HW Current SW Upg/
Location Card Type Version Type Subtype Inst Version Dng?
============ ======================== ======= ==== ======= ==== =========== ====
0/RSP0/CPU0 A9K-RSP-4G 4.8 lc fpga3 0 1.13 No
lc fpga1 0 1.5 No
lc fpga2 0 1.14 No
lc cbc 0 1.2 No
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
128 OL-26081-03
Upgrading FPD on the Cisco ASR 9000 Series Router
Configuration Examples for FPD Image Upgradelc fpga4 0 1.6 No
lc rommon 0 1.0 No
--------------------------------------------------------------------------------
0/RSP0/CPU0 ASR-9010-FAN 1.0 lc cbc 1 4.0 No
--------------------------------------------------------------------------------
0/RSP0/CPU0 ASR-9010-FAN 1.0 lc cbc 2 4.0 No
--------------------------------------------------------------------------------
0/1/CPU0 A9K-40GE-B 1.0 lc fpga1 0 0.38 No
lc fpga2 0 0.8 No
lc cbc 0 2.2 No
lc cpld1 0 0.15 No
lc rommon 0 1.0 No
--------------------------------------------------------------------------------
0/1/CPU0 A9K-40GE-B 1.0 lc fpga1 1 0.38 No
--------------------------------------------------------------------------------
0/4/CPU0 A9K-8T/4-B 1.0 lc fpga1 0 0.38 No
lc fpga2 0 0.10 No
lc cbc 0 2.2 No
lc cpld2 0 0.7 No
lc cpld1 0 0.15 No
lc cpld3 0 0.3 No
lc rommon 0 1.0 No
lc fpga3 0 14.42 No
--------------------------------------------------------------------------------
0/4/CPU0 A9K-8T/4-B 1.0 lc fpga1 1 0.38 No
--------------------------------------------------------------------------------
0/6/CPU0 A9K-4T-B 1.0 lc fpga1 0 0.38 No
lc fpga2 0 0.10 No
lc cbc 0 2.2 No
lc cpld2 0 0.7 No
lc cpld1 0 0.15 No
lc cpld3 0 0.3 No
lc rommon 0 1.0 No
lc fpga3 0 14.42 No
--------------------------------------------------------------------------------
0/6/CPU0 A9K-4T-B 1.0 lc fpga1 1 0.38 No
--------------------------------------------------------------------------------
The following example shows how to display FPD compatibility for a specific module in the router:
RP/0/RSP1/CPU0:router# show hw-module fpd location 0/4/cpu0
Thu Nov 19 21:43:49.599 UTC
===================================== ==========================================
Existing Field Programmable Devices
==========================================
HW Current SW Upg/
Location Card Type Version Type Subtype Inst Version Dng?
============ ======================== ======= ==== ======= ==== =========== ====
0/4/CPU0 A9K-SIP-700 1.13 lc fpga1 0 0.22 No
lc cbc 0 3.03 No
lc hsbi 0 3.00 No
lc rommon 0 1.02 No
lc fpga2 0 5.14 No
lc cpld1 0 0.14 No
--------------------------------------------------------------------------------
Table 20: show hw-module fpd Field Descriptions
Field Description
Location of the module in the rack/slot/module
notation.
Location
Card Type Module part number.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 129
Upgrading FPD on the Cisco ASR 9000 Series Router
show hw-module fpd Command Output: ExampleField Description
HW Version Hardware model version for the module.
Hardware type. Can be one of the following types:
• spa—Shared port adapter
• lc—Line card
Type
FPD type. Can be one of the following types:
• fabldr—Fabric downloader
• fpga1—Field-programmable gate array
• fpga2—Field-programmable gate array 2
• fpga3—Field-programmable gate array 3
• fpga4—Field-programmable gate array 4
• fpga5—Field-programmable gate array 5
• rommonA—Read-only memory monitor A
• rommon—Read-only memory monitor B
Subtype
FPD instance. The FPD instance uniquely identifies
an FPD and is used by the FPD process to register an
FPD.
Inst
Current SW Version Currently running FPD image version.
Specifies whether an FPD upgrade or downgrade is
required. A downgrade isrequired in rare cases when
the version of the FPD image has a higher major
revision than the version of the FPD image in the
current Cisco IOS XR software package.
Upg/Dng?
show fpd package Command Output: Example
Use the show fpd package command in administration EXEC mode to find out which SPAs and SIPs are
supported with your current Cisco IOS XR software release, which FPD image package you need for each
SPA or SIP, and what the minimum hardware requirements are for each module. If multiple FPD images are
available for your card, they are listed as Subtype fpga2, fpga3, and so on.
The following example shows sample output from the show fpd package command:
RP/0/RP1/CPU0:router(admin)# show fpd package
Thu Jul 7 04:34:48.351 DST
=============================== ================================================
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
130 OL-26081-03
Upgrading FPD on the Cisco ASR 9000 Series Router
show fpd package Command Output: ExampleField Programmable Device Package
================================================
SW Min Req Min Req
Card Type FPD Description Type Subtype Version SW Ver HW Vers
==================== ========================== ==== ======= =========== ======== =========
A9K-40GE-B Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1
CPUCtrl LC2 lc cpld1 1.00 0.0 0.1
PHYCtrl LC2 lc cpld2 0.06 0.0 0.1
PortCtrl LC2 lc fpga2 0.10 0.0 0.1
Bridge LC2 lc fpga1 0.43 0.0 0.1
ROMMONA LC2 lc rommonA 1.05 0.0 0.1
ROMMONB LC2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-4T-B Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1
CPUCtrl LC2 lc cpld1 1.00 0.0 0.1
PHYCtrl LC2 lc cpld2 0.08 0.0 0.1
LCClkCtrl LC2 lc cpld3 0.03 0.0 0.1
PortCtrl LC2 lc fpga2 0.10 0.0 0.1
PHY LC2 lc fpga3 14.44 0.0 0.1
Bridge LC2 lc fpga1 0.43 0.0 0.1
ROMMONB LC2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-8T/4-B Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1
CPUCtrl LC2 lc cpld1 1.00 0.0 0.1
PHYCtrl LC2 lc cpld2 0.08 0.0 0.1
LCClkCtrl LC2 lc cpld3 0.03 0.0 0.1
PortCtrl LC2 lc fpga2 0.10 0.0 0.1
PHY LC2 lc fpga3 14.44 0.0 0.1
Bridge LC2 lc fpga1 0.43 0.0 0.1
ROMMONB LC2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-2T20GE-B Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1
CPUCtrl LC2 lc cpld1 1.00 0.0 0.1
PHYCtrl LC2 lc cpld2 0.11 0.0 0.1
LCClkCtrl LC2 lc cpld3 0.09 0.0 0.1
PortCtrl LC2 lc fpga2 0.16 0.0 0.1
Bridge LC2 lc fpga1 0.43 0.0 0.1
ROMMONB LC2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-40GE-E Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1
CPUCtrl LC2 lc cpld1 1.00 0.0 0.1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 131
Upgrading FPD on the Cisco ASR 9000 Series Router
show fpd package Command Output: ExamplePHYCtrl LC2 lc cpld2 0.06 0.0 0.1
PortCtrl LC2 lc fpga2 0.10 0.0 0.1
Bridge LC2 lc fpga1 0.43 0.0 0.1
ROMMONA LC2 lc rommonA 1.05 0.0 0.1
ROMMONB LC2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-4T-E Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1
CPUCtrl LC2 lc cpld1 1.00 0.0 0.1
PHYCtrl LC2 lc cpld2 0.08 0.0 0.1
LCClkCtrl LC2 lc cpld3 0.03 0.0 0.1
PortCtrl LC2 lc fpga2 0.10 0.0 0.1
PHY LC2 lc fpga3 14.44 0.0 0.1
Bridge LC2 lc fpga1 0.43 0.0 0.1
ROMMONB LC2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-8T/4-E Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1
CPUCtrl LC2 lc cpld1 1.00 0.0 0.1
PHYCtrl LC2 lc cpld2 0.08 0.0 0.1
LCClkCtrl LC2 lc cpld3 0.03 0.0 0.1
PortCtrl LC2 lc fpga2 0.10 0.0 0.1
PHY LC2 lc fpga3 14.44 0.0 0.1
Bridge LC2 lc fpga1 0.43 0.0 0.1
ROMMONB LC2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-2T20GE-E Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1
CPUCtrl LC2 lc cpld1 1.00 0.0 0.1
PHYCtrl LC2 lc cpld2 0.11 0.0 0.1
LCClkCtrl LC2 lc cpld3 0.09 0.0 0.1
PortCtrl LC2 lc fpga2 0.16 0.0 0.1
Bridge LC2 lc fpga1 0.43 0.0 0.1
ROMMONB LC2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-8T-B Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1
CPUCtrl LC3 lc cpld1 1.02 0.0 0.1
PHYCtrl LC3 lc cpld2 0.08 0.0 0.1
LCClkCtrl LC3 lc cpld3 0.03 0.0 0.1
DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1
PortCtrl LC3 lc fpga2 0.11 0.0 0.1
Raven LC3 lc fpga1 1.02 0.0 0.1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
132 OL-26081-03
Upgrading FPD on the Cisco ASR 9000 Series Router
show fpd package Command Output: ExampleROMMONB LC3 lc rommon 1.03 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-16T/8-B Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1
CPUCtrl LC3 lc cpld1 1.02 0.0 0.1
PHYCtrl LC3 lc cpld2 0.04 0.0 0.1
LCClkCtrl LC3 lc cpld3 0.01 0.0 0.1
DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1
PortCtrl LC3 lc fpga2 0.01 0.0 0.1
Raven LC3 lc fpga1 1.02 0.0 0.1
ROMMONB LC3 lc rommon 1.03 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-16T/8-B Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1
CPUCtrl LC3 lc cpld1 1.02 0.0 0.1
PHYCtrl LC3 lc cpld2 0.04 0.0 0.1
LCClkCtrl LC3 lc cpld3 0.01 0.0 0.1
DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1
PortCtrl LC3 lc fpga2 0.01 0.0 0.1
Raven LC3 lc fpga1 1.02 0.0 0.1
ROMMONB LC3 lc rommon 1.03 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-8T-E Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1
CPUCtrl LC3 lc cpld1 1.02 0.0 0.1
PHYCtrl LC3 lc cpld2 0.08 0.0 0.1
LCClkCtrl LC3 lc cpld3 0.03 0.0 0.1
CPUCtrl LC3 lc cpld4 1.03 0.0 0.1
PortCtrl LC3 lc fpga2 0.11 0.0 0.1
Raven LC3 lc fpga1 1.02 0.0 0.1
ROMMONB LC3 lc rommon 1.03 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-16T/8-E Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1
CPUCtrl LC3 lc cpld1 1.02 0.0 0.1
PHYCtrl LC3 lc cpld2 0.04 0.0 0.1
LCClkCtrl LC3 lc cpld3 0.01 0.0 0.1
DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1
PortCtrl LC3 lc fpga2 0.01 0.0 0.1
Raven LC3 lc fpga1 1.02 0.0 0.1
ROMMONB LC3 lc rommon 1.03 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-16T/8-E Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 133
Upgrading FPD on the Cisco ASR 9000 Series Router
show fpd package Command Output: ExampleCPUCtrl LC3 lc cpld1 1.02 0.0 0.1
PHYCtrl LC3 lc cpld2 0.04 0.0 0.1
LCClkCtrl LC3 lc cpld3 0.01 0.0 0.1
DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1
PortCtrl LC3 lc fpga2 0.01 0.0 0.1
Raven LC3 lc fpga1 1.02 0.0 0.1
ROMMONB LC3 lc rommon 1.03 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-40GE-L Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1
CPUCtrl LC2 lc cpld1 1.00 0.0 0.1
PHYCtrl LC2 lc cpld2 0.06 0.0 0.1
PortCtrl LC2 lc fpga2 0.10 0.0 0.1
Bridge LC2 lc fpga1 0.43 0.0 0.1
ROMMONB LC2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-4T-L Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1
CPUCtrl LC2 lc cpld1 1.00 0.0 0.1
PHYCtrl LC2 lc cpld2 0.08 0.0 0.1
LCClkCtrl LC2 lc cpld3 0.03 0.0 0.1
PortCtrl LC2 lc fpga2 0.10 0.0 0.1
Serdes Upgrade LC2 lc fpga3 14.44 0.0 0.1
Bridge LC2 lc fpga1 0.43 0.0 0.1
ROMMONB LC2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-8T/4-L Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1
CPUCtrl LC2 lc cpld1 1.00 0.0 0.1
PHYCtrl LC2 lc cpld2 0.08 0.0 0.1
LCClkCtrl LC2 lc cpld3 0.03 0.0 0.1
PortCtrl LC2 lc fpga2 0.10 0.0 0.1
Serdes Upgrade LC2 lc fpga3 14.44 0.0 0.1
Bridge LC2 lc fpga1 0.43 0.0 0.1
ROMMONB LC2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-2T20GE-L Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1
CPUCtrl LC2 lc cpld1 1.00 0.0 0.1
PHYCtrl LC2 lc cpld2 0.11 0.0 0.1
LCClkCtrl LC2 lc cpld3 0.09 0.0 0.1
Tomcat LC2 lc fpga2 0.16 0.0 0.1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
134 OL-26081-03
Upgrading FPD on the Cisco ASR 9000 Series Router
show fpd package Command Output: ExampleBridge LC2 lc fpga1 0.43 0.0 0.1
ROMMONB LC2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-8T-L Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1
CPUCtrl LC3 lc cpld1 1.02 0.0 0.1
PHYCtrl LC3 lc cpld2 0.08 0.0 0.1
LCClkCtrl LC3 lc cpld3 0.03 0.0 0.1
CPUCtrl LC3 lc cpld4 1.03 0.0 0.1
PortCtrl LC3 lc fpga2 0.11 0.0 0.1
Raven LC3 lc fpga1 1.02 0.0 0.1
ROMMONB LC3 lc rommon 1.03 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-16T/8-L Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1
CPUCtrl LC3 lc cpld1 1.02 0.0 0.1
PHYCtrl LC3 lc cpld2 0.04 0.0 0.1
LCClkCtrl LC3 lc cpld3 0.01 0.0 0.1
DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1
PortCtrl LC3 lc fpga2 0.01 0.0 0.1
Raven LC3 lc fpga1 1.02 0.0 0.1
ROMMONB LC3 lc rommon 1.03 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-SIP-700 Can Bus Ctrl (CBC) LC5 lc cbc 3.05 0.0 0.1
CPUCtrl LC5 lc cpld1 0.15 0.0 0.1
QFPCPUBridge LC5 lc fpga2 5.14 0.0 0.1
NPUXBarBridge LC5 lc fpga1 0.22 0.0 0.1
ROMMONA LC5 lc rommonA 1.03 0.0 0.1
ROMMONB LC5 lc rommon 1.03 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-SIP-500 Can Bus Ctrl (CBC) LC5 lc cbc 3.05 0.0 0.1
CPUCtrl LC5 lc cpld1 0.15 0.0 0.1
QFPCPUBridge LC5 lc fpga2 5.14 0.0 0.1
NPUXBarBridge LC5 lc fpga1 0.22 0.0 0.1
ROMMONA LC5 lc rommonA 1.03 0.0 0.1
ROMMONB LC5 lc rommon 1.03 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-RSP-2G Can Bus Ctrl (CBC) RSP2 lc cbc 1.02 0.0 0.1
CPUCtrl RSP2 lc cpld2 1.17 0.0 0.1
IntCtrl RSP2 lc fpga2 1.15 0.0 0.1
ClkCtrl RSP2 lc fpga3 1.23 0.0 0.1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 135
Upgrading FPD on the Cisco ASR 9000 Series Router
show fpd package Command Output: ExampleUTI RSP2 lc fpga4 3.08 0.0 0.1
PUNT RSP2 lc fpga1 1.05 0.0 0.1
HSBI RSP2 lc hsbi 4.00 0.0 0.1
ROMMONA RSP2 lc rommonA 1.05 0.0 0.1
ROMMONB RSP2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-RSP-4G Can Bus Ctrl (CBC) RSP2 lc cbc 1.02 0.0 0.1
CPUCtrl RSP2 lc cpld2 1.17 0.0 0.1
IntCtrl RSP2 lc fpga2 1.15 0.0 0.1
ClkCtrl RSP2 lc fpga3 1.23 0.0 0.1
UTI RSP2 lc fpga4 3.08 0.0 0.1
PUNT RSP2 lc fpga1 1.05 0.0 0.1
HSBI RSP2 lc hsbi 4.00 0.0 0.1
ROMMONA RSP2 lc rommonA 1.05 0.0 0.1
ROMMONB RSP2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-RSP-8G Can Bus Ctrl (CBC) RSP2 lc cbc 1.02 0.0 0.1
CPUCtrl RSP2 lc cpld2 1.17 0.0 0.1
IntCtrl RSP2 lc fpga2 1.15 0.0 0.1
ClkCtrl RSP2 lc fpga3 1.23 0.0 0.1
UTI RSP2 lc fpga4 3.08 0.0 0.1
PUNT RSP2 lc fpga1 1.05 0.0 0.1
HSBI RSP2 lc hsbi 4.00 0.0 0.1
ROMMONA RSP2 lc rommonA 1.05 0.0 0.1
ROMMONB RSP2 lc rommon 1.05 0.0 0.1
----------------------------------------------------------------------------------------------
ASR-9010-FAN Can Bus Ctrl (CBC) FAN lc cbc 4.00 0.0 0.1
----------------------------------------------------------------------------------------------
ASR-9006-FAN Can Bus Ctrl (CBC) FAN lc cbc 5.00 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-BPID2-10-SLOT Can Bus Ctrl (CBC) BP2 lc cbc 7.103 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-BPID2-6-SLOT Can Bus Ctrl (CBC) BP2 lc cbc 7.103 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-ISM-100 Can Bus Ctrl (CBC) LC6 lc cbc 18.05 0.0 0.1
CPUCtrl LC6 lc cpld1 0.01 0.0 0.1
Maintenance LC6 lc fpga2 1.00 0.0 0.1
Amistad LC6 lc fpga1 0.25 0.0 0.20
ROMMONA LC6 lc rommonA 1.02 0.0 0.1
ROMMONB LC6 lc rommon 1.02 0.0 0.1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
136 OL-26081-03
Upgrading FPD on the Cisco ASR 9000 Series Router
show fpd package Command Output: Example----------------------------------------------------------------------------------------------
A9K-8T-B CPUCtrl LC3 lc cpld1 1.02 0.0 0.1
PHYCtrl LC3 lc cpld2 0.08 0.0 0.1
DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1
PortCtrl LC3 lc fpga2 0.11 0.0 0.1
Raven LC3 lc fpga1 1.02 0.0 0.1
----------------------------------------------------------------------------------------------
A9K-8T-E CPUCtrl LC3 lc cpld1 1.02 0.0 0.1
DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1
PortCtrl LC3 lc fpga2 0.11 0.0 0.1
Raven LC3 lc fpga1 1.02 0.0 0.1
----------------------------------------------------------------------------------------------
SPA-4XT3/E3 SPA E3 Subrate FPGA spa fpga2 1.04 0.0 0.0
SPA T3 Subrate FPGA spa fpga3 1.04 0.0 0.0
SPA I/O FPGA spa fpga1 1.01 0.0 0.0
SPA ROMMON spa rommon 2.12 0.0 0.0
----------------------------------------------------------------------------------------------
SPA-2XT3/E3 SPA E3 Subrate FPGA spa fpga2 1.04 0.0 0.0
SPA T3 Subrate FPGA spa fpga3 1.04 0.0 0.0
SPA I/O FPGA spa fpga1 1.01 0.0 0.0
SPA ROMMON spa rommon 2.12 0.0 0.0
----------------------------------------------------------------------------------------------
SPA-4XCT3/DS0 SPA T3 Subrate FPGA spa fpga2 0.11 0.0 0.100
SPA T3 Subrate FPGA spa fpga2 1.04 0.0 0.200
SPA I/O FPGA spa fpga1 2.08 0.0 0.100
SPA ROMMON spa rommon 2.12 0.0 0.100
----------------------------------------------------------------------------------------------
SPA-2XCT3/DS0 SPA T3 Subrate FPGA spa fpga2 0.11 0.0 0.100
SPA T3 Subrate FPGA spa fpga2 1.04 0.0 0.200
SPA I/O FPGA spa fpga1 2.08 0.0 0.100
SPA ROMMON spa rommon 2.12 0.0 0.100
----------------------------------------------------------------------------------------------
SPA-1XCHSTM1/OC3 SPA T3 Subrate FPGA spa fpga2 1.04 0.0 0.0
SPA I/O FPGA spa fpga1 1.08 0.0 0.0
SPA ROMMON spa rommon 2.12 0.0 0.0
----------------------------------------------------------------------------------------------
SPA-1XCHOC48/DS3 SPA I/O FPGA spa fpga2 1.00 0.0 0.49
SPA I/O FPGA spa fpga3 1.00 0.0 0.52
SPA I/O FPGA spa fpga1 1.36 0.0 0.49
SPA ROMMON spa rommon 2.02 0.0 0.49
----------------------------------------------------------------------------------------------
SPA-2XCHOC12/DS0 SPA FPGA2 swv1.00 spa fpga2 1.00 0.0 0.0
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 137
Upgrading FPD on the Cisco ASR 9000 Series Router
show fpd package Command Output: ExampleSPA FPGA swv1.36 spa fpga1 1.36 0.0 0.49
SPA ROMMON swv2.2 spa rommon 2.02 0.0 0.49
----------------------------------------------------------------------------------------------
SPA-8XOC12-POS SPA FPGA swv1.0 spa fpga1 1.00 0.0 0.5
----------------------------------------------------------------------------------------------
SPA-8XCHT1/E1 SPA I/O FPGA spa fpga1 2.08 0.0 0.0
SPA ROMMON spa rommon 2.12 0.0 0.140
----------------------------------------------------------------------------------------------
SPA-OC192POS-XFP SPA FPGA swv1.2 hwv2 spa fpga1 1.02 0.0 2.0
----------------------------------------------------------------------------------------------
SPA-2XOC48POS/RPR SPA FPGA swv1.0 spa fpga1 1.00 0.0 0.0
----------------------------------------------------------------------------------------------
SPA-8XOC3-POS SPA FPGA swv1.0 spa fpga1 1.00 0.0 0.5
----------------------------------------------------------------------------------------------
SPA-10X1GE-V2 SPA FPGA swv1.10 spa fpga1 1.10 0.0 0.0
----------------------------------------------------------------------------------------------
SPA-5X1GE-V2 SPA FPGA swv1.10 spa fpga1 1.10 0.0 0.0
----------------------------------------------------------------------------------------------
SPA-1X10GE-L-V2 SPA FPGA swv1.9 spa fpga1 1.09 0.0 0.0
----------------------------------------------------------------------------------------------
SPA-4XOC3-POS-V2 SPA FPGA swv1.0 spa fpga1 1.00 0.0 0.5
----------------------------------------------------------------------------------------------
SPA-1X10GE-WL-V2 SPA FPGA swv1.9 spa fpga1 1.09 0.0 0.0
----------------------------------------------------------------------------------------------
This table describes the significant fields shown in the display:
Table 21: show fpd package Field Descriptions
Field Description
Card Type Module part number.
FPD Description Description of all FPD images available for the SPA.
Hardware type. Possible types can be:
• spa—Shared port adapter
• lc—Line card
Type
FPD subtype. These values are used in the upgrade
hw-module fpd command to indicate a specific FPD image
type to upgrade.
Subtype
FPD software version recommended for the associated module
running the current Cisco IOS XR software.
SW Version
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
138 OL-26081-03
Upgrading FPD on the Cisco ASR 9000 Series Router
show fpd package Command Output: ExampleField Description
Minimum required FPD image software version to operate
the card. Version 0.0 indicatesthat a minimum required image
was not programmed into the card.
Min Req SW Vers
Minimum required hardware version for the associated FPD
image. A minimum hardware requirement of version 0.0
indicates that all hardware can support this FPD image
version.
Min Req HW Vers
In the show fpd package command output, the “subtype” column shows the FPDs that correspond with
each SPA image. To upgrade a specific FPD with the upgrade hw-module fpd command, replace the
fpga-type argument with the appropriate FPD from the “subtype” column, as shown in the following
example:
RP/0/RSP0/CPU0:router(admin)# upgrade hw-module fpd fpga2 location 0/3/1 reload
Note
upgrade hw-module fpd Command Output: Example
Use the upgrade hw-module fpd command to upgrade the FPD image on a SPA, SIP or line card.
The following example shows how to force the update of the FPGA on the SPA at location 0/1/cpu0.
RP/0/RSP0/CPU0:router# admin
RP/0/RSP0/CPU0:router(admin)# upgrade hw-module fpd fpga force location 0/1/cpu0
Mon Jan 12 05:44:37.611 PST
% RELOAD REMINDER: - The upgrade operation of the target module will not interrupt its
normal
operation. However, for the changes to take effect, the target module
will need to be manually reloaded after the upgrade operation. This can
be accomplished with the use of "hw-module reload" command.
- If automatic reload operation is desired after the upgrade, please use
the "reload" option at the end of the upgrade command.
- The output of "show hw-module fpd location" command will not display
correct version information after the upgrade if the target module is
not reloaded.
Continue? [confirm] y
Starting the upgrade/download of following FPD:
=========== ==== ======= ======= =========== =========
Current Upg/Dng
Location Type Subtype Upg/Dng Version Version
=========== ==== ======= ======= =========== =========
0/1/CPU0 lc fpga upg 0.40 0.40
------------------------------------------------------
LC/0/1/CPU0:Jan 12 05:44:43.700 : lc_fpd_upgrade[192]: %PLATFORM-UPGRADE_FPD-6-START :
Starting to upgrade fpga subtype image from 0.4 to 0.4 for for this card on location
0/1/CPU0
SP/0/1/SP:Jan 12 05:44:41.150 : upgrade_daemon[280]: programming...with file
/net/node0_RP1_CPU0/disk0:/asr9k-fpd-3.9.0.25I/fpd/ucode/fpga_jacket_hw80_sw0.4.xsvf
LC/0/1/CPU0:Jan 12 05:44:42.990 : fabricq_mgr[152]: EES:Internal clock detect IDLE
period(-106461) more than threshold(1200000)
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 139
Upgrading FPD on the Cisco ASR 9000 Series Router
upgrade hw-module fpd Command Output: ExampleLC/0/1/CPU0:Jan 12 05:44:42.990 : ingressq[179]: EES:Internal clock detect IDLE
period(-106461) more than threshold(1200000)
LC/0/1/CPU0:Jan 12 05:45:09.240 : fabricq_mgr[152]: EES:Internal clock detect IDLE
period(-105945) more than threshold(1200000)
LC/0/1/CPU0:Jan 12 05:45:09.241 : ingressq[179]: EES:Internal clock detect IDLE
period(-105944) more than threshold(1200000)
SP/0/1/SP:Jan 12 05:45:16.020 : upgrade_daemon[280]: ...programming...
SP/0/1/SP:Jan 12 05:45:16.034 : upgrade_daemon[280]: ...it will take a while...
SP/0/1/SP:Jan 12 05:45:16.053 : upgrade_daemon[280]: ...it will take a while...
SP/0/1/SP:Jan 12 05:47:42.967 : upgrade_daemon[280]: ...programming...
SP/0/1/SP:Jan 12 05:47:42.981 : upgrade_daemon[280]: ...it will take a while...
% SLC/0/1/CPU0:Jan 12 05:48:08.737 : lc_fpd_upgrade[192]: %PLATFORM-UPGRADE_FPD-6-PASSED :
Successfully upgrade fpga subtype image for for this card on location 0/1/CPU0
show platform Command Output: Example
Use the show platform command to verify that the SPA is up and running.
RP/0/RSP0/CPU0:router# show platform
Sat Jul 25 12:26:38.905 DST
Node Type State Config State
-----------------------------------------------------------------------------
0/RSP0/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON
0/FT0/SP FAN TRAY READY
0/FT1/SP FAN TRAY READY
0/1/CPU0 A9K-40GE-B IOS XR RUN PWR,NSHUT,MON
0/4/CPU0 A9K-8T/4-B IOS XR RUN PWR,NSHUT,MON
0/6/CPU0 A9K-4T-B IOS XR RUN PWR,NSHUT,MON
0/PM0/SP A9K-3KW-AC READY PWR,NSHUT,MON
0/PM1/SP A9K-3KW-AC READY PWR,NSHUT,MON
0/PM2/SP A9K-3KW-AC READY PWR,NSHUT,MON
Troubleshooting Problems with FPD Image Upgrades
This section contains information to help troubleshoot problems that can occur during the upgrade process.
Power Failure or Removal of a SPA During an FPD Image Upgrade
If the FPD upgrade operation is interrupted by a power failure or the removal of the SPA, it could corrupt the
FPD image. This corruption of the FPD image file makes the SPA unusable by the router and the system
displays the following messages when it tries to power up the SPA. When it cannot successfully power up
the SPA, it places it in the failed state, as shown in the following example:
LC/0/3/CPU0:Feb 4 08:23:16.672 : spa_192_jacket[188]: %L2-SPA-5-OIR_INSERTED : SPA discovered
in bay 0
LC/0/3/CPU0:Feb 4 08:23:23.349 : spa_192_jacket[188]: %L2-SPA-5-OIR_ERROR : SPA (0): An
error occurred (0x1002), error recovery action: reset SPA
LC/0/3/CPU0:Feb 4 08:23:26.431 : spa_192_jacket[188]: %L2-SPA-5-OIR_INSERTED : SPA
discovered in bay 0
LC/0/3/CPU0:Feb 4 08:23:32.593 : spa_192_jacket[188]: %L2-SPA-5-OIR_ERROR : SPA (0): Too
many retries, error recovery stopped
LC/0/3/CPU0:Feb 4 08:23:32.593 : spa_192_jacket[188]: %L2-SPA-5-OIR_ERROR : SPA (0): An
error occurred (0x1002), error recovery action: hold SPA in reset
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
140 OL-26081-03
Upgrading FPD on the Cisco ASR 9000 Series Router
show platform Command Output: ExampleWhen a SPA is in the failed state, it may not register itself with the FPD upgrade mechanism. In this case,
you do not see the SPA listed when you use the show hw-module fpd command. To verify the state of a
SPA, use the show hw-module subslot error command and the show hw-module subslotstatus command.
Performing a SPA FPD Recovery Upgrade
To recover a SPA from the failed state because of a corrupted FPD image, you must manually shut down the
SPA. Use the hw-module subslot subslot-id shutdown command in global configuration mode to
administratively shutdown the SPA. After the SPA is shut down, you can use the upgrade hw-module fpd
command in administration EXEC mode, with the force option, to restart the FPD upgrade process, asshown
in the following example:
RP/0/RSP0/CPU0:router# admin
RP/0/RSP0/CPU0:router(admin)# upgrade hw-module fpd fpga force location 0/3/0
Performing a SPA FPD recovery upgrade as well as using the force keyword with the upgrade
hw-module fpd command works only if the SPA has power. If the SPA is in the SHUT, NPWR state
(you can determine the state by checking the output of the show platform command), the upgrade in
general, as well as the force keyword,will not work.
Note
Performing a SIP FPD Recovery Upgrade
If a SIP upgrade fails for whatever reason, do not reload the SIP. Try to perform the upgrade procedure again.
You can perform the upgrade procedure multiple times, aslong as you do not reload the SIP. The FPD upgrade
procedure takes several minutes to complete; do not interrupt the procedure. If you reload the SIP when the
FPD image is corrupted, the SIP malfunctions and you must contact Cisco technical support for assistance.
To recover a SIP from the failed state because of a corrupted FPD image, you must contact Cisco technical
support.
To recover a SIP from the failed state because of a corrupted FPD image, you must turn off the automatic
reset of the SIP card. Use the hw-module reset auto disable command in administration configuration mode,
as shown in the following example:
RP/0/RSP0/CPU0:router(admin-config)# hw-module reset auto disable location 0/1/4
Additional References
The following sections provide references related to FPD software upgrade.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router
Commands Master List
Cisco IOS XR command master list
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 141
Upgrading FPD on the Cisco ASR 9000 Series Router
Performing a SPA FPD Recovery UpgradeRelated Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router
System Management Command Reference
Cisco IOS XR FPD upgrade-related commands
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Initial system bootup and configuration information
for a router using the Cisco IOS XR Software.
Configuring AAA Services on the Cisco ASR 9000
Series Router module of Cisco ASR 9000 Series
Aggregation Services Router System Security
Configuration Guide
Information about user groups and task IDs
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs for selected platforms
using Cisco IOS XR Software, use the Cisco MIB
Locator found at the following URL: http://cisco.com/
public/sw-center/netmgmt/cmtk/mibs.shtml
There are no applicable MIBs for this module.
RFCs
RFCs Title
No new or modified RFCs are supported by this —
feature, and support for existing RFCs has not been
modified by this feature.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
142 OL-26081-03
Upgrading FPD on the Cisco ASR 9000 Series Router
Additional ReferencesTechnical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 143
Upgrading FPD on the Cisco ASR 9000 Series Router
Additional References Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
144 OL-26081-03
Upgrading FPD on the Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 8
Configuring Manageability on Cisco ASR 9000
Series Router
This module describes the configuration required to enable the Extensible Markup Language (XML) agent
services. The XML Parser Infrastructure provides parsing and generation of XML documents with Document
Object Model (DOM), Simple Application Programming Interface (API) for XML (SAX), and Document
Type Definition (DTD) validation capabilities:
• DOM allows customers to programmatically create, manipulate, and generate XML documents.
• SAX supports user-defined functions for XML tags.
• DTD allows for validation of defined document types.
Table 22: Feature History for Configuring Manageability on Cisco IOS XR Software
Release 3.7.2 This feature was introduced
The ability to enable XML requests over Secure Socket Layer (SSL) was introduced.
The ability to configure an idle timeout for the XML agent was introduced.
Release 3.9.0
The ability to configure a dedicated agent to receive and send messages via a specified
VPN routing and forwarding (VRF) instance was introduced.
The ability to control CPU time used by the XML agent was introduced.
Release 4.0.0
This module contains the following topics:
• Information About XML Manageability, page 146
• How to Configure Manageability, page 146
• Configuration Examples for Manageability, page 147
• Additional References, page 148
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 145Information About XML Manageability
The Cisco IOS XR Extensible Markup Language (XML) API provides a programmable interface to the router
for use by external management applications. This interface provides a mechanism for router configuration
and monitoring utilizing XML formatted request and response streams. The XML interface is built on top of
the Management Data API (MDA), which provides a mechanism for Cisco IOS XR components to publish
their data models through MDA schema definition files.
Cisco IOS XR software provides the ability to access the router via XML using a dedicated TCP connection,
Secure Socket Layer (SSL), or a specific VPN routing and forwarding (VRF) instance.
How to Configure Manageability
Configuring the XML Agent
SUMMARY STEPS
1. xml agent [ssl]
2. iteration on size iteration-size
3. session timeout timeout
4. throttle {memory size | process-rate tags}
5. vrf { default | vrf-name} [access-list access-list-name]
DETAILED STEPS
Command or Action Purpose
Enables Extensible Markup Language (XML) requests over a
dedicated TCP connection and enters XML agent configuration
xml agent [ssl]
Example:
Step 1
mode. Use the ssl keyword to enable XML requests over
RP/0/RSP0/CPU0:router:router(config)# xml agent Secure Socket Layer (SSL).
Configures the iteration size for large XML agent responses in
KBytes. The default is 48.
iteration on size iteration-size
Example:
Step 2
RP/0/RSP0/CPU0:router:router(config-xml-agent)#
iteration on size 500
Configures an idle timeout for the XML agent in minutes. By
default, there is no timeout.
session timeout timeout
Example:
Step 3
RP/0/RSP0/CPU0:router:router(config-xml-agent)#
session timeout 5
Step 4 throttle {memory size | process-rate tags} Configures the XML agent processing capabilities.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
146 OL-26081-03
Configuring Manageability on Cisco ASR 9000 Series Router
Information About XML ManageabilityCommand or Action Purpose
Example:
• Specify the memory size in Mbytes. Values can range
from 100 to 600. The default is 300.
RP/0/RSP0/CPU0:router:router(config-xml-agent)#
throttle memory 300
• Specify the process-rate as the number of tags that the
XML agent can process per second. Values can range
from 1000 to 30000. By default the process rate is not
throttled.
Configures the dedicated agent or SSL agent to receive and
send messages via the specified VPN routing and forwarding
(VRF) instance.
vrf { default | vrf-name} [access-list access-list-name]
Example:
RP/0/RSP0/CPU0:router:router(config-xml-agent)#
vrf my-vrf
Step 5
Configuration Examples for Manageability
Enabling VRF on an XML Agent: Examples
The following example illustrates how to configure the dedicated XML agent to receive and send messages
via VRF1, VRF2 and the default VRF:
RP/0/RSP0/CPU0:router:router(config)# xml agent
RP/0/RSP0/CPU0:router:router(config-xml-agent)# vrf VRF1
RP/0/RSP0/CPU0:router:router(config-xml-agent)# vrf VRF2
The following example illustrates how to remove access to VRF2 from the dedicated agent:
RP/0/RSP0/CPU0:router:router(config)# xml agent
RP/0/RSP0/CPU0:router:router(config-xml-agent)# no vrf VRF2
The following example shows how to configure the XML SSL agent to receive and send messages through
VRF1, VRF2 and the default VRF:
RP/0/RSP0/CPU0:router:router(config)# xml agent ssl
RP/0/RSP0/CPU0:router:router(config-xml-agent)# vrf VRF1
RP/0/RSP0/CPU0:router:router(config-xml-agent)# vrf VRF2
The following example removes access for VRF2 from the dedicated XML agent:
RP/0/RSP0/CPU0:router:router(config)# xml agent ssl
RP/0/RSP0/CPU0:router:router(config-xml-agent)# no vrf VRF2
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 147
Configuring Manageability on Cisco ASR 9000 Series Router
Configuration Examples for ManageabilityAdditional References
The following sections provide references related to configuring manageability on Cisco IOS XR software.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router
Commands Master List
Cisco IOS XR commands
Configuring AAA Services on Cisco IOS XR Software
module of Cisco ASR 9000 Series Aggregation
Services Router System Security Configuration Guide
Information about user groups and task IDs
Standards and RFCs
Standard/RFC Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIB MIBs Link
To locate and download MIBsforselected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs
—
RFCs
RFCs Title
No new or modified RFCs are supported by this —
feature, and support for existing RFCs has not been
modified by this feature.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
148 OL-26081-03
Configuring Manageability on Cisco ASR 9000 Series Router
Additional ReferencesTechnical Assistance
Description Link
The Cisco Support website provides extensive online http://www.cisco.com/support
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 149
Configuring Manageability on Cisco ASR 9000 Series Router
Additional References Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
150 OL-26081-03
Configuring Manageability on Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 9
Configuring Call Home on the Cisco ASR 9000
Series Router
This module describes the configuring of the Call Home feature.
Table 23: Feature History for Configuring Call Home
Release Modification
Release 4.1.0 Call Home was introduced
This model contains the following topics:
• About Call Home, page 151
• Configuring Call Home, page 155
• Configuring Contact Information, page 155
• Configuring and Activating Destination Profiles, page 158
• Associating an Alert Group with a Destination Profile, page 160
• Configuring Email, page 163
• Enabling Call Home, page 165
About Call Home
Call Home provides an email-based notification for critical system policies. A range of message formats are
available for compatibility with pager services or XML-based automated parsing applications. You can use
this feature to page a network support engineer, email a Network Operations Center, or use Cisco Smart Call
Home services to generate a case with the Technical Assistance Center.
The Call Home feature can deliver alert messages containing information about diagnostics and environmental
faults and events.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 151The Call Home feature can deliver alerts to multiple recipients, referred to as Call Home destination profiles.
Each profile includes configurable message formats and content categories. A predefined destination profile
is provided for sending alerts to the Cisco TAC, but you also can define your own destination profiles.
When you configure Call Home to send messages, the appropriate CLI show command is executed and the
command output is attached to the message.
Call Home messages are delivered in the following formats:
• Short text format which provides a one or two line description of the fault that is suitable for pagers or
printed reports.
• Full text format which provides fully formatted message with detailed information that is suitable for
human reading.
• XML machine readable format that uses Extensible Markup Language (XML) and Adaptive Messaging
Language (AML) XML schema definition (XSD). The AML XSD is published on the Cisco.com website
at http://www.cisco.com/. The XML format enables communication with the Cisco Systems Technical
Assistance Center.
Destination Profiles
A destination profile includes the following information:
• One or more alert groups—The group of alerts that trigger a specific Call Home message if the alert
occurs.
• One or more e-mail destinations—The list of recipients for the Call Home messages generated by alert
groups assigned to this destination profile.
• Message format—The format for the Call Home message (short text, full text, or XML).
• Message severity level—The Call Home severity level that the alert must meet before a Call Home
message is sent to all e-mail addresses in the destination profile. An alert is not generated if the Call
Home severity level of the alert is lower than the message severity level set for the destination profile.
You can also configure a destination profile to allow periodic inventory update messages by using the inventory
alert group that will send out periodic messages daily, weekly, or monthly.
The following predefined destination profiles are supported:
• CiscoTAC-1—Supports the Cisco-TAC alert group in XML message format.
Call Home Alert Groups
An alert group is a predefined subset of alerts or events that Call Home detects and reports to one or more
destinations. Alert groups allow you to select the set of alerts that you want to send to a predefined or custom
destination profile. Alerts are sent to e-mail destinations in a destination profile only if that alert belongs to
one of the alert groups associated with that destination profile and if the alert has a Call Home message severity
at or above the message severity set in the destination profile.
The following table lists supported alert groups and the default CLI command output included in Call Home
messages generated for the alert group.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
152 OL-26081-03
Configuring Call Home on the Cisco ASR 9000 Series Router
Destination ProfilesTable 24: Alert Groups and Executed Commands
Alert Group Description Executed Commands
show environment
show logging
show ineventory
show environment trace
show diag
Events related to power, fan, and
environment-sensing elementssuch
as temperature alarms.
Environmental
admin show platform
admin show version
admin show diag
admin show inventory oid
Inventory status that is provided
whenever a unit is cold booted, or
when FRUs are inserted or
removed. This alert is considered
a noncritical event, and the
information is used for status and
entitlement.
Inventory
admin show version
admin show logging
admin show inventory
Events generated by specific
interesting syslog messages
Syslog
Call Home maps the syslog severity level to the corresponding Call Home severity level for syslog port group
messages.
Call Home Message Levels
Call Home allows you to filter messages based on their level of urgency. You can associate each destination
profile (predefined and user-defined) with a Call Home message level threshold. The Call Home message
level rangesfrom 0 (lowest level of urgency) to 9 (highest level of urgency). Call Home messages are generated
if they have a severity level equal to or greater than the Call Home message level threshold for the destination
profile.
Call Home messages that are sent for syslog alert groups have the syslog severity level mapped to the Call
Home message level.
Note Call Home does not change the syslog message level in the message text.
The following table lists each Call Home message level keyword and the corresponding syslog level for the
syslog port alert group.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 153
Configuring Call Home on the Cisco ASR 9000 Series Router
Call Home Message LevelsTable 25: Severity and syslog Level Mapping
Call Home Level Keyword syslog Level Description
Network-wide
catastrophic failure.
9 Catastrophic N/A
Significant network
impact.
8 Disaster N/A
7 Fatal Emergency (0) System is unusable.
Critical conditions that
indicate that immediate
attention is needed.
6 Critical Alert (1)
5 Major Critical (2) Major conditions.
4 Minor Error (3) Minor conditions.
3 Warning Warning (4) Warning conditions.
Basic notification and
informational messages.
Possibly independently
insignificant.
2 Notification Notice (5)
Normal event signifying
return to normal state.
1 Normal Information (6)
0 Debugging Debug (7) Debugging messages.
Obtaining Smart Call Home
If you have a service contract directly with Cisco Systems, you can register your devices for the Smart Call
Home service. Smart Call Home providesfast resolution ofsystem problems by analyzing Call Home messages
sent from your devices and providing background information and recommendations. For issues that can be
identified as known, particularly GOLD diagnostics failures, Automatic Service Requests will be generated
with the Cisco-TAC.
Smart Call Home offers the following features:
• Continuous device health monitoring and real-time diagnostic alerts.
• Analysis of Call Home messages from your device and, where appropriate, Automatic Service Request
generation, routed to the appropriate TAC team, including detailed diagnostic information to speed
problem resolution.
• Secure message transport directly from your device or through a downloadable Transport Gateway (TG)
aggregation point. You can use a TG aggregation point in cases that require support for multiple devices
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
154 OL-26081-03
Configuring Call Home on the Cisco ASR 9000 Series Router
Obtaining Smart Call Homeor in cases where security requirements mandate that your devices may not be connected directly to the
Internet.
• Web-based accessto Call Home messages and recommendations, inventory and configuration information
for all Call Home devices. Provides accessto associated field notices,security advisories and end-of-life
information.
You need the following items to register:
• The SMARTnet contract number for your device
• Your e-mail address
• Your Cisco.com ID
For more information about Smart Call Home, see the Smart Call Home page at this URL: http://
www.cisco.com/go/smartcall/
Configuring Call Home
The tasks in this module describe how to configure the sending of Call Home messages. The following steps
are involved:
1 Assign contact information.
2 Configure and enable one or more destination profiles.
3 Associate one or more alert groups to each profile.
4 Configure the email server options.
5 Enable Call Home.
Configuring Contact Information
Each router must include a contact e-mail address. You can optionally include other identifying information
for your system installation.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 155
Configuring Call Home on the Cisco ASR 9000 Series Router
Configuring Call HomeSUMMARY STEPS
1. configure
2. call-home
3. contact-email-addr email-address
4. (Optional) contract-id contract-id-string
5. (Optional) customer-id customer-id-string
6. (Optional) phone-number phone-number-string
7. (Optional) street-address street-address
8. (Optional) site-id site-id-string
9. Use one of these commands:
• end
• commit
10. show call-home
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
call-home Enters call home configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# call-home
RP/0/RSP0/CPU0:router(config-call-home)#
Step 2
Configures the customer email address. Enter up to 200 characters
in email address format with no spaces.
contact-email-addr email-address
Example:
RP/0/RSP0/CPU0:router(config-call-home)#
contact-email-addr user1@cisco.com
Step 3
(Optional)
Configures the contract ID. Enter up to 64 characters. If you include
spaces, you must enclose the entry in quotes ("").
contract-id contract-id-string
Example:
RP/0/RSP0/CPU0:router(config-call-home)#
contract-id Contract-identifier
Step 4
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
156 OL-26081-03
Configuring Call Home on the Cisco ASR 9000 Series Router
Configuring Contact InformationCommand or Action Purpose
(Optional)
Configuresthe customer ID. Enter up to 64 characters. If you include
spaces, you must enclose the entry in quotes ("").
customer-id customer-id-string
Example:
RP/0/RSP0/CPU0:router(config-call-home)#
customer-id Customer1
Step 5
(Optional)
Configures the customer phone number. The number must begin
with a plus(+) prefix, and may contain only dashes(-) and numbers.
Enter up to 16 characters.
phone-number phone-number-string
Example:
RP/0/RSP0/CPU0:router(config-call-home)#
phone-number +405-123-4567
Step 6
(Optional)
Configures the customer street address where RMA equipment can
be shipped. Enter up to 200 characters. If you include spaces, you
must enclose the entry in quotes ("").
street-address street-address
Example:
RP/0/RSP0/CPU0:router(config-call-home)#
Step 7
street-address "300 E. Tasman Dr. San
Jose, CA 95134"
(Optional)
Configures the site ID for the system. Enter up to 200 characters. If
you include spaces, you must enclose the entry in quotes ("").
site-id site-id-string
Example:
RP/0/RSP0/CPU0:router(config-call-home)#
site-id SJ-RouterRoom1
Step 8
Step 9 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 157
Configuring Call Home on the Cisco ASR 9000 Series Router
Configuring Contact InformationCommand or Action Purpose
show call-home Displays information about the system contacts.
Example:
RP/0/RSP0/CPU0:router# show call-home
Step 10
Configuring and Activating Destination Profiles
You must have at least one activated destination profile for Call Home messages to be sent. The CiscoTAC-1
profile exists by default but is not active.
SUMMARY STEPS
1. configure
2. call-home
3. profile profile-name
4. destination address email email-address
5. destination message-size-limit max-size
6. destination preferred-msg-format {short-text | long-text | xml}
7. destination transport-method email
8. active
9. Use one of these commands:
• end
• commit
10. show call-home profile {all | profile-name}
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
158 OL-26081-03
Configuring Call Home on the Cisco ASR 9000 Series Router
Configuring and Activating Destination ProfilesCommand or Action Purpose
call-home Enters call home configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# call-home
RP/0/RSP0/CPU0:router(config-call-home)#
Step 2
Enters call home profile configuration mode to configure a
new or existing profile.
profile profile-name
Example:
RP/0/RSP0/CPU0:router(config-call-home)# profile
Step 3
my_profile
RP/0/RSP0/CPU0:router(config-call-home-profile)#
Configures an email address to which Call Home messages
are sent for this profile.
destination address email email-address
Example:
RP/0/RSP0/CPU0:router(config-call-home-profile)#
destination address email support_me@cisco.com
Step 4
Configures the maximum size of Call Home messages for
this profile. Values can be between 50 and 3145728
characters.
destination message-size-limit max-size
Example:
RP/0/RSP0/CPU0:router(config-call-home-profile)#
destination message-size-limit 1000
Step 5
Configures the message format for this profile. The default
is xml.
destination preferred-msg-format {short-text | long-text
| xml}
Example:
RP/0/RSP0/CPU0:router(config-call-home-profile)#
destination preferred-msg-format xml
Step 6
Configures the transport method for this profile. Email is the
only supported method.
destination transport-method email
Example:
RP/0/RSP0/CPU0:router(config-call-home-profile)#
destination transport-method email
Step 7
Step 8 active Activates the destination profile.
Example:
RP/0/RSP0/CPU0:router(config-call-home-profile)#
active
At least one destination profile must be active for
Call Home messages to be sent.
Note
Step 9 Use one of these commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 159
Configuring Call Home on the Cisco ASR 9000 Series Router
Configuring and Activating Destination ProfilesCommand or Action Purpose
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
show call-home profile {all | profile-name} Displays information about the destination profile.
Example:
RP/0/RSP0/CPU0:router# show call-home profile
all
Step 10
Associating an Alert Group with a Destination Profile
An alert is sent only to destination profiles that have subscribed to the Call Home alert group.
Before You Begin
Use the show call-home alert-group command to view available alert groups.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
160 OL-26081-03
Configuring Call Home on the Cisco ASR 9000 Series Router
Associating an Alert Group with a Destination ProfileSUMMARY STEPS
1. configure
2. call-home
3. profile profile-name
4. subscribe-to-alert-group environment [severity severity-level
5. subscribe-to-alert-group inventory [periodic {daily | monthly day-of-month | weekly day-of-week}
hh:mm
6. subscribe-to-alert-group syslog severity severity-level pattern string
7. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
call-home Enters call home configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# call-home
RP/0/RSP0/CPU0:router(config-call-home)#
Step 2
Enters call home profile configuration mode to configure a new
or existing profile.
profile profile-name
Example:
RP/0/RSP0/CPU0:router(config-call-home)# profile
Step 3
my_profile
RP/0/RSP0/CPU0:router(config-call-home-profile)#
Configures a destination profile to receive messages for the
environment alert group. Alerts with a severity the same or greater
subscribe-to-alert-group environment [severity
severity-level
Step 4
than the specified severity level are sent. The default severity is
debugging.
Example:
RP/0/RSP0/CPU0:router(config-call-home-profile)# • catastrophic—Includes network-wide catastrophic events
subscribe-to-alert-group environment severity in the alert. This is the highest severity.
major
• critical—Includes events requiring immediate attention
(system log level 1).
• debugging—Includes debug events (system log level 7).
This is the lowest severity.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 161
Configuring Call Home on the Cisco ASR 9000 Series Router
Associating an Alert Group with a Destination ProfileCommand or Action Purpose
• disaster—Includes events with significant network impact.
• fatal—Includes events where the system is unusable (system
log level 0).
• major—Includes events classified as major conditions
(system log level 2).
• minor—Includes events classified as minor conditions
(system log level 3)
• normal—Specifies the normal state and includes events
classified as informational (system log level 6). This is the
default.
• notification—Includes eventsinformational message events
(system log level 5).
• warning—Includes events classified as warning conditions
(system log level 4).
Configures a destination profile to receive messages for the
inventory alert group. Either alerts are sent periodically, or any
non-normal event triggers an alert.
subscribe-to-alert-group inventory [periodic {daily |
monthly day-of-month | weekly day-of-week} hh:mm
Example:
RP/0/RSP0/CPU0:router(config-call-home-profile)#
Step 5
subscribe-to-alert-group inventory periodic
monthly 1 10:00
Configures a destination profile to receive messages for the syslog
alert group. Alerts with a severity the same or greater than the
specified severity level are sent.
subscribe-to-alert-group syslog severity severity-level
pattern string
Example:
RP/0/RSP0/CPU0:router(config-call-home-profile)#
Step 6
• catastrophic—Includes network-wide catastrophic events
in the alert. This is the highest severity.
subscribe-to-alert-group syslog severity major
pattern • critical—Includes events requiring immediate attention
(system log level 1).
• debugging—Includes debug events (system log level 7).
This is the lowest severity.
• disaster—Includes events with significant network impact.
• fatal—Includes events where the system is unusable (system
log level 0).
• major—Includes events classified as major conditions
(system log level 2).
• minor—Includes events classified as minor conditions
(system log level 3)
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
162 OL-26081-03
Configuring Call Home on the Cisco ASR 9000 Series Router
Associating an Alert Group with a Destination ProfileCommand or Action Purpose
• normal—Specifies the normal state and includes events
classified as informational (system log level 6). This is the
default.
• notification—Includes eventsinformational message events
(system log level 5).
• warning—Includes events classified as warning conditions
(system log level 4).
You can specify a pattern to be matched in the syslog message. If
the pattern contains spaces, you must enclose it in quotes ("").
Step 7 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
What to Do Next
Use the show call-home profile command to view the profile configurations.
Configuring Email
Call Home messages are sent via email. You must configure your email server before Call Home messages
can be sent.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 163
Configuring Call Home on the Cisco ASR 9000 Series Router
Configuring EmailSUMMARY STEPS
1. configure
2. call-home
3. (Optional) sender from email-address
4. (Optional) sender reply-to email-address
5. mail-server address priority priority
6. rate-limit events-count
7. Use one of these commands:
• end
• commit
8. show call-home mail-server status
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
call-home Enters call home configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# call-home
RP/0/RSP0/CPU0:router(config-call-home)#
Step 2
(Optional)
Specifies the email message “from” address.
sender from email-address
Example:
RP/0/RSP0/CPU0:router(config-call-home)#
sender from my_email@cisco.com
Step 3
(Optional)
Specifies the email message “reply-to” address.
sender reply-to email-address
Example:
RP/0/RSP0/CPU0:router(config-call-home)#
sender reply-to my_email@cisco.com
Step 4
Specifies the mail server to use to send Call Home messages. You
can specify an IP address or mail server name. You can specify up
mail-server address priority priority
Example:
RP/0/RSP0/CPU0:router(config-call-home)#
mail-server 198.51.100.10 priority 1
Step 5
to five mail servers to use. The server with the lower priority is
tried first.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
164 OL-26081-03
Configuring Call Home on the Cisco ASR 9000 Series Router
Configuring EmailCommand or Action Purpose
Specifies the maximum trigger rate per minute. The default is five
events per minute and the maximum is also five.
rate-limit events-count
Example:
RP/0/RSP0/CPU0:router(config-call-home)#
rate-limit 4
Step 6
Step 7 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
show call-home mail-server status Displays the status of the specified mail server.
Example:
RP/0/RSP0/CPU0:router# show call-home
mail-server status
Step 8
Enabling Call Home
By default the sending of Call Home messages is disabled. You must peform this task to enable the sending
of Call Home messages.
Before You Begin
Before enabling the sending of Call Home messages, you should complete the configuration tasks described
in this module. Specifically, you must have enabled a destination profile for any Call Home messages to be
sent.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 165
Configuring Call Home on the Cisco ASR 9000 Series Router
Enabling Call HomeSUMMARY STEPS
1. configure
2. call-home
3. service active
4. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
call-home Enters call home configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# call-home
RP/0/RSP0/CPU0:router(config-call-home)#
Step 2
service active Enables the sending of Call Home messages.
Example:
RP/0/RSP0/CPU0:router(config-call-home)#
service active
Step 3
Step 4 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
166 OL-26081-03
Configuring Call Home on the Cisco ASR 9000 Series Router
Enabling Call HomeCommand or Action Purpose
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 167
Configuring Call Home on the Cisco ASR 9000 Series Router
Enabling Call Home Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
168 OL-26081-03
Configuring Call Home on the Cisco ASR 9000 Series Router
Enabling Call HomeC H A P T E R 10
Implementing NTP on the Cisco ASR 9000 Series
Router
Network Time Protocol (NTP) is a protocol designed to time-synchronize devices within a network.
Cisco IOS XR software implements NTPv4. NTPv4 retains backwards compatibility with the older versions
of NTP, including NTPv3 and NTPv2 but excluding NTPv1, which has been discontinued due to security
vulnerabilities.
This module describes the tasks you need to implement NTP on the Cisco IOS XR software.
For more information about NTP on the Cisco IOS XR software and complete descriptions of the NTP
commands listed in this module, see Related Documents, on page 189. To locate documentation for other
commands that might appear in the course of running a configuration task, search online in Cisco ASR 9000
Series Aggregation Services Router Commands Master List.
Table 26: Feature History for Implementing NTP on Cisco IOS XR Software
Release Modification
Release 3.7.2 This feature was introduced.
Support was added for IPv6 addresses, VRFs, multicast-based associations, and burst
and iburst modes for poll-based associations.
Release 3.9.0
This module contains the following topics:
• Prerequisites for Implementing NTP on Cisco IOS XR Software, page 170
• Information About Implementing NTP, page 170
• How to Implement NTP on Cisco IOS XR Software, page 171
• Configuration Examples for Implementing NTP, page 186
• Additional References, page 189
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 169Prerequisites for Implementing NTP on Cisco IOS XR Software
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Information About Implementing NTP
NTP synchronizes timekeeping among a set of distributed time servers and clients. This synchronization
allows events to be correlated when system logs are created and other time-specific events occur.
NTP uses the User Datagram Protocol (UDP) as its transport protocol. All NTP communication uses
Coordinated Universal Time (UTC). An NTP network usually receives its time from an authoritative time
source, such as a radio clock or an atomic clock attached to a time server. NTP distributes this time across
the network. NTP is extremely efficient; no more than one packet per minute is necessary to synchronize two
machines to within a millisecond of each other.
NTP usesthe concept of a “stratum” to describe how many NTP “hops” away a machine isfrom an authoritative
time source. A “stratum 1” time server typically has an authoritative time source (such as a radio or atomic
clock, or a GPS time source) directly attached, a “stratum 2” time server receives its time via NTP from a
“stratum 1” time server, and so on.
NTP avoids synchronizing to a machine whose time may not be accurate, in two ways. First, NTP never
synchronizes to a machine that is not synchronized itself. Second, NTP compares the time reported by several
machines and does not synchronize to a machine whose time is significantly different than the others, even
if its stratum is lower. This strategy effectively builds a self-organizing tree of NTP servers.
The Cisco implementation of NTP does not support stratum 1 service; in other words, it is not possible to
connect to a radio or atomic clock (for some specific platforms, however, you can connect a GPS time-source
device). We recommend that time service for your network be derived from the public NTP servers available
in the IP Internet.
If the network isisolated from the Internet, the Cisco implementation of NTP allows a machine to be configured
so that it acts as though it is synchronized via NTP, when in fact it has determined the time using other means.
Other machines can then synchronize to that machine via NTP.
Several manufacturers include NTP software for their host systems, and a publicly available version for
systemsrunning UNIX and its various derivativesis also available. Thissoftware also allows UNIX-derivative
serversto acquire the time directly from an atomic clock, which would subsequently propagate time information
along to Cisco routers.
The communications between machinesrunning NTP (known as associations) are usually statically configured;
each machine is given the IP address of all machines with which it should form associations. Accurate
timekeeping is made possible by exchanging NTP messages between each pair of machines with an association.
The Cisco implementation of NTP supportstwo waysthat a networking device can obtain NTP time information
on a network:
• By polling host servers
• By listening to NTP broadcasts
In a LAN environment, NTP can be configured to use IP broadcast messages. As compared to polling, IP
broadcast messagesreduce configuration complexity, because each machine can simply be configured to send
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
170 OL-26081-03
Implementing NTP on the Cisco ASR 9000 Series Router
Prerequisites for Implementing NTP on Cisco IOS XR Softwareor receive broadcast or multicast messages. However, the accuracy of timekeeping is marginally reduced
because the information flow is one-way only.
An NTP broadcast client listens for broadcast messages sent by an NTP broadcast server at a designated IPv4
address. The client synchronizes the local clock using the first received broadcast message.
The time kept on a machine is a critical resource, so we strongly recommend that you use the security features
of NTP to avoid the accidental or malicioussetting of incorrect time. Two mechanisms are available: an access
list-based restriction scheme and an encrypted authentication mechanism.
When multiple sources of time (VINES, hardware clock, manual configuration) are available, NTP is always
considered to be more authoritative. NTP time overrides the time set by any other method.
How to Implement NTP on Cisco IOS XR Software
Configuring Poll-Based Associations
Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP.
You can configure the following types of poll-based associations between the router and other devices (which
may also be routers):
• Client mode
• Symmetric active mode
The client and the symmetric active modes should be used when NTP is required to provide a high level of
time accuracy and reliability.
When a networking device is operating in the client mode, it polls its assigned time serving hosts for the
current time. The networking device then picks a host from all the polled time servers to synchronize with.
Because the relationship that is established in this case is a client-host relationship, the host does not capture
or use any time information sent by the local client device. This mode is most suited for file-server and
workstation clients that are not required to provide any form of time synchronization to other local clients.
Use the server command to individually specify the time-serving hoststhat you want your networking device
to consider synchronizing with and to set your networking device to operate in the client mode.
When a networking device is operating in the symmetric active mode, it polls its assigned time-serving hosts
for the current time and it responds to polls by its hosts. Because this is a peer-to-peer relationship, the host
also retains time-related information about the local networking device that it is communicating with. This
mode should be used when there are several mutually redundant servers that are interconnected via diverse
network paths. Most stratum 1 and stratum 2 servers on the Internet today adopt this form of network setup.
Use the peer command to individually specify the time-serving hosts that you want your networking device
to consider synchronizing with and to set your networking device to operate in the symmetric active mode.
When the router pollsseveral other devicesfor the time, the routerselects one device with which to synchronize.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 171
Implementing NTP on the Cisco ASR 9000 Series Router
How to Implement NTP on Cisco IOS XR SoftwareTo configure a peer-to-peer association between the router and another device, you must also configure
the router as a peer on the other device.
You can configure multiple peers and servers, but you cannot configure a single IP address as both a peer
and a server at the same time.
To change the configuration of a specific IP address from peer to server or from server to peer, use the
no form of the peer or server command to remove the current configuration before you perform the
new configuration. If you do not remove the old configuration before performing the new configuration,
the new configuration does not overwrite the old configuration.
Note
SUMMARY STEPS
1. configure
2. ntp
3. server ip-address [version number] [key key-id] [minpoll interval] [maxpoll interval] [source type
interface-path-id] [prefer] [burst] [iburst]
4. peer ip-address [version number] [key key-id] [minpoll interval] [maxpoll interval] [source type
interface-path-id] [prefer]
5. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
ntp Enters NTP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# ntp
Step 2
Forms a server association with another system. This step can be
repeated as necessary to form associations with multiple devices.
server ip-address [version number] [key key-id]
[minpoll interval] [maxpoll interval] [source type
interface-path-id] [prefer] [burst] [iburst]
Step 3
Example:
RP/0/RSP0/CPU0:router(config-ntp)# server
172.16.22.44
minpoll 8 maxpoll 12
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
172 OL-26081-03
Implementing NTP on the Cisco ASR 9000 Series Router
Configuring Poll-Based AssociationsCommand or Action Purpose
Forms a peer association with another system. This step can be
repeated as necessary to form associations with multiple systems.
peer ip-address [version number] [key key-id]
[minpoll interval] [maxpoll interval] [source type
interface-path-id] [prefer]
Step 4
To complete the configuration of a peer-to-peer association
between the router and the remote device, the router must
also be configured as a peer on the remote device.
Note
Example:
RP/0/RSP0/CPU0:router(config-ntp)# peer
192.168.22.33
minpoll 8 maxpoll 12 source pos 0/0/0/1
Step 5 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-ntp)# end
exiting(yes/no/cancel)?
[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ntp)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring Broadcast-Based NTP Associates
In a broadcast-based NTP association, an NTP server propagates NTP broadcast packetsthroughout a network.
Broadcast clients listen for the NTP broadcast packets propagated by the NTP server and do not engage in
any polling.
Broadcast-based NTP associationsshould be used when time accuracy and reliability requirements are modest
and if your network is localized and has a large number of clients (more than 20). Broadcast-based NTP
associations also are recommended for use on networks that have limited bandwidth, system memory, or CPU
resources. Time accuracy is marginally reduced in broadcast-based NTP associations because information
flows only one way.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 173
Implementing NTP on the Cisco ASR 9000 Series Router
Configuring Broadcast-Based NTP AssociatesUse the broadcast client command to set your networking device to listen for NTP broadcast packets
propagated through a network. For broadcast client mode to work, the broadcast server and its clients must
be located on the same subnet. The time server that is transmitting NTP broadcast packets must be enabled
on the interface of the given device using the broadcast command.
Use the broadcast command to set your networking device to send NTP broadcast packets.
Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP.
SUMMARY STEPS
1. configure
2. ntp
3. (Optional) broadcastdelay microseconds
4. interface type interface-path-id
5. broadcast client
6. broadcast [destination ip-address] [key key-id] [version number]
7. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
ntp Enters NTP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# ntp
Step 2
(Optional)
Adjusts the estimated round-trip delay for NTP broadcasts.
broadcastdelay microseconds
Example:
RP/0/RSP0/CPU0:router(config-ntp)#
broadcastdelay 5000
Step 3
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
174 OL-26081-03
Implementing NTP on the Cisco ASR 9000 Series Router
Configuring Broadcast-Based NTP AssociatesCommand or Action Purpose
interface type interface-path-id Enters NTP interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-ntp)#
interface POS 0/1/0/0
Step 4
Step 5 broadcast client Configures the specified interface to receive NTP broadcast packets.
Example:
RP/0/RSP0/CPU0:router(config-ntp-int)#
broadcast client
Go to Step 6, on page 175 to configure the interface to send
NTP broadcast packets.
Note
broadcast [destination ip-address] [key key-id] Configures the specified interface to send NTP broadcast packets.
[version number]
Step 6
Go to Step 5, on page 175 to configure the interface to
receive NTP broadcast packets.
Note
Example:
RP/0/RSP0/CPU0:router(config-ntp-int)#
broadcast destination 10.50.32.149
Step 7 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-ntp-int)# end
exiting(yes/no/cancel)?
[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ntp-int)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 175
Implementing NTP on the Cisco ASR 9000 Series Router
Configuring Broadcast-Based NTP AssociatesConfiguring NTP Access Groups
Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP.
The access list-based restriction scheme allows you to grant or deny certain access privileges to an entire
network, a subnet within a network, or a host within a subnet.
The access group options are scanned in the following order, from least restrictive to most restrictive:
1 peer—Allows time requests and NTP control queries and allows the system to synchronize itself to a
system whose address passes the access list criteria.
2 serve—Allows time requests and NTP control queries, but does not allow the system to synchronize itself
to a system whose address passes the access list criteria.
3 serve-only—Allows only time requests from a system whose address passes the access list criteria.
4 query-only—Allows only NTP control queriesfrom a system whose address passesthe accesslist criteria.
If the source IP address matches the access lists for more than one access type, the first type is granted. If no
access groups are specified, all access types are granted to all systems. If any access groups are specified,
only the specified access types are granted.
For details on NTP control queries, see RFC 1305 (NTP version 3).
SUMMARY STEPS
1. configure
2. ntp
3. access-group{peer | query-only | serve | serve-only} access-list-name
4. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
ntp Enters NTP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# ntp
Step 2
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
176 OL-26081-03
Implementing NTP on the Cisco ASR 9000 Series Router
Configuring NTP Access GroupsCommand or Action Purpose
Creates an access group and applies a basic IPv4 or IPv6 access list to
it.
access-group{peer | query-only | serve |
serve-only} access-list-name
Example:
RP/0/RSP0/CPU0:router(config-ntp)#
access-group peer access1
Step 3
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-ntp)# end
exiting(yes/no/cancel)?
[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ntp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring NTP Authentication
This task explains how to configure NTP authentication.
Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP.
The encrypted NTP authentication scheme should be used when a reliable form of access control is required.
Unlike the access-list-based restriction scheme that is based on IP addresses, the encrypted authentication
scheme uses authentication keys and an authentication process to determine if NTP synchronization packets
sent by designated peers or servers on a local network are deemed as trusted, before the time information that
it carries along is accepted.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 177
Implementing NTP on the Cisco ASR 9000 Series Router
Configuring NTP AuthenticationThe authentication process begins from the moment an NTP packet is created. A message authentication code
(MAC) is computed using the MD5 Message Digest Algorithm and the MAC is embedded into an NTP
synchronization packet. The NTP synchronization packet together with the embedded MAC and key number
are transmitted to the receiving client. If authentication is enabled and the key is trusted, the receiving client
computes the MAC in the same way. If the computed MAC matches the embedded MAC, the system is
allowed to sync to the server that uses this key in its packets.
After NTP authentication is properly configured, your networking device only synchronizes with and provides
synchronization to trusted time sources.
SUMMARY STEPS
1. configure
2. ntp
3. authenticate
4. authentication-key key-number md5 [clear | encrypted] key-name
5. trusted-key key-number
6. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
ntp Enters NTP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# ntp
Step 2
authenticate Enables the NTP authentication feature.
Example:
RP/0/RSP0/CPU0:router(config-ntp)#
authenticate
Step 3
authentication-key key-number md5 [clear | Defines the authentication keys.
encrypted] key-name
Step 4
• Each key has a key number, a type, a value, and, optionally, a
name. Currently the only key type supported is md5.
Example:
RP/0/RSP0/CPU0:router(config-ntp)#
authentication-key 42 md5 clear key1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
178 OL-26081-03
Implementing NTP on the Cisco ASR 9000 Series Router
Configuring NTP AuthenticationCommand or Action Purpose
Step 5 trusted-key key-number Defines trusted authentication keys.
Example:
RP/0/RSP0/CPU0:router(config-ntp)#
trusted-key 42
• If a key is trusted, this router only synchronizes to a system that
uses this key in its NTP packets.
Step 6 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-ntp)# end
exiting(yes/no/cancel)?
[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ntp)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Disabling NTP Services on a Specific Interface
NTP services are disabled on all interfaces by default.
NTP is enabled globally when any NTP commands are entered. You can selectively prevent NTP packets
from being received through a specific interface by turning off NTP on a given interface.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 179
Implementing NTP on the Cisco ASR 9000 Series Router
Disabling NTP Services on a Specific InterfaceSUMMARY STEPS
1. configure
2. ntp
3. Use one of the following commands:
• no interface type interface-path-id
• interface type interface-path-id disable
4. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
ntp Enters NTP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# ntp
Step 2
Step 3 Use one of the following commands: Disables NTP services on the specified interface.
• no interface type interface-path-id
• interface type interface-path-id disable
Example:
RP/0/RSP0/CPU0:router(config-ntp)# no
interface pos 0/0/0/1
or
RP/0/RSP0/CPU0:router(config-ntp)# interface
POS 0/0/0/1 disable
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• commit
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
180 OL-26081-03
Implementing NTP on the Cisco ASR 9000 Series Router
Disabling NTP Services on a Specific InterfaceCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-ntp)# end
exiting(yes/no/cancel)?
[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ntp)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring the Source IP Address for NTP Packets
By default, the source IP address of an NTP packet sent by the router is the address of the interface through
which the NTP packet is sent. Use this procedure to set a different source address.
Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP.
SUMMARY STEPS
1. configure
2. ntp
3. source type interface-path-id
4. Use one of the following commands:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 181
Implementing NTP on the Cisco ASR 9000 Series Router
Configuring the Source IP Address for NTP PacketsDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
ntp Enters NTP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# ntp
Step 2
Step 3 source type interface-path-id Configures an interface from which the IP source address is taken.
Example:
RP/0/RSP0/CPU0:router(config-ntp)#
source POS 0/0/0/1
This interface is used for the source address for all packets sent to all
destinations. If a source addressisto be used for a specific association,
use the source keyword in the peer or server command shown
in Configuring Poll-Based Associations, on page 171.
Note
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-ntp)#
end
exiting(yes/no/cancel)?
[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ntp)#
commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Configuring the System as an Authoritative NTP Server
You can configure the router to act as an authoritative NTP server, even if the system is not synchronized to
an outside time source.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
182 OL-26081-03
Implementing NTP on the Cisco ASR 9000 Series Router
Configuring the System as an Authoritative NTP ServerNote No specific command enables NTP; the first NTP configuration command that you issue enables NTP.
SUMMARY STEPS
1. configure
2. ntp
3. master stratum
4. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
ntp Enters NTP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# ntp
Step 2
Step 3 master stratum Makes the router an authoritative NTP server.
Example:
RP/0/RSP0/CPU0:router(config-ntp)#
master 9
Use the master command with caution. It is very easy to override
valid time sources using this command, especially if a low stratum
number is configured. Configuring multiple machines in the same
network with the master command can cause instability in
timekeeping if the machines do not agree on the time.
Note
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-ntp)#
end
exiting(yes/no/cancel)?
[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ntp)#
commit
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 183
Implementing NTP on the Cisco ASR 9000 Series Router
Configuring the System as an Authoritative NTP ServerCommand or Action Purpose
? Entering no exits the configuration session and returns the router to
EXEC mode without committing the configuration changes.
? Entering cancel leavesthe router in the current configuration session
without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Updating the Hardware Clock
On devices that have hardware clocks (system calendars), you can configure the hardware clock to be
periodically updated from the software clock. This is advisable for devices using NTP, because the time and
date on the software clock (set using NTP) is more accurate than the hardware clock. The time setting on the
hardware clock has the potential to drift slightly over time.
Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP.
SUMMARY STEPS
1. configure
2. ntp
3. update-calendar
4. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
184 OL-26081-03
Implementing NTP on the Cisco ASR 9000 Series Router
Updating the Hardware ClockCommand or Action Purpose
ntp Enters NTP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# ntp
Step 2
Configuresthe router t o update itssystem calendar from the software clock
at periodic intervals.
update-calendar
Example:
RP/0/RSP0/CPU0:router(config-ntp)#
update-calendar
Step 3
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-ntp)#
end
exiting(yes/no/cancel)?
[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ntp)#
commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Verifying the Status of the External Reference Clock
This task explains how to verify the status of NTP components.
Note The commands can be entered in any order.
SUMMARY STEPS
1. show ntp associations [detail] [location node-id]
2. show ntp status [location node-id]
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 185
Implementing NTP on the Cisco ASR 9000 Series Router
Verifying the Status of the External Reference ClockDETAILED STEPS
Command or Action Purpose
show ntp associations [detail] [location node-id] Displays the status of NTP associations.
Example:
RP/0/RSP0/CPU0:router# show ntp associations
Step 1
show ntp status [location node-id] Displays the status of NTP.
Example:
RP/0/RSP0/CPU0:router# show ntp status
Step 2
Examples
The following is sample output from the show ntp associations command:
RP/0/RSP0/CPU0:router# show ntp associations
address ref clock st when poll reach delay offset disp
+~127.127.1.1 127.127.1.1 5 5 1024 37 0.0 0.00 438.3
*~172.19.69.1 172.24.114.33 3 13 1024 1 2.0 67.16 0.0
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
The following is sample output from the show ntp status command:
RP/0/RSP0/CPU0:router# show ntp status
Clock is synchronized, stratum 4, reference is 172.19.69.1
nominal freq is 1000.0000 Hz, actual freq is 999.9988 Hz, precision is 2**26
reference time is C54C131B.9EECF6CA (07:26:19.620 UTC Mon Nov 24 2008)
clock offset is 66.3685 msec, root delay is 7.80 msec
root dispersion is 950.04 msec, peer dispersion is 3.38 msec
Configuration Examples for Implementing NTP
Configuring Poll-Based Associations: Example
The following example shows an NTP configuration in which the router’s system clock is configured to form
a peer association with the time server host at IP address 192.168.22.33, and to allow the system clock to be
synchronized by time server hosts at IP address 10.0.2.1 and 172.19.69.1:
ntp
server 10.0.2.1 minpoll 5 maxpoll 7
peer 192.168.22.33
server 172.19.69.1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
186 OL-26081-03
Implementing NTP on the Cisco ASR 9000 Series Router
Configuration Examples for Implementing NTPConfiguring Broadcast-Based Associations: Example
The following example shows an NTP client configuration in which Gigabit Ethernet interface 0/2/0/0 is
configured to receive NTP broadcast packets, and the estimated round-trip delay between an NTP client and
an NTP broadcast server is set to 2 microseconds:
ntp
interface GigabitEthernet 0/2/0/0
broadcast client
exit
broadcastdelay 2
The following example shows an NTP server configuration where Gigabit Ethernet interface 0/2/0/2 is
configured to be a broadcast server:
ntp
interface GigabitEthernet 0/2/0/2
broadcast
Configuring NTP Access Groups: Example
The following example shows a NTP access group configuration where the following access group restrictions
are applied:
• Peer restrictions are applied to IP addresses that pass the criteria of the access list named peer-acl.
• Serve restrictions are applied to IP addresses that pass the criteria of access list named serve-acl.
• Serve-only restrictions are applied to IP addresses that pass the criteria of the access list named
serve-only-acl.
• Query-only restrictions are applied to IP addresses that pass the criteria of the access list named
query-only-acl.
ntp
peer 10.1.1.1
peer 10.1.1.1
peer 10.2.2.2
peer 10.3.3.3
peer 10.4.4.4
peer 10.5.5.5
peer 10.6.6.6
peer 10.7.7.7
peer 10.8.8.8
access-group peer peer-acl
access-group serve serve-acl
access-group serve-only serve-only-acl
access-group query-only query-only-acl
exit
ipv4 access-list peer-acl
10 permit ip host 10.1.1.1 any
20 permit ip host 10.8.8.8 any
exit
ipv4 access-list serve-acl
10 permit ip host 10.4.4.4 any
20 permit ip host 10.5.5.5 any
exit
ipv4 access-list query-only-acl
10 permit ip host 10.2.2.2 any
20 permit ip host 10.3.3.3 any
exit
ipv4 access-list serve-only-acl
10 permit ip host 10.6.6.6 any
20 permit ip host 10.7.7.7 any
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 187
Implementing NTP on the Cisco ASR 9000 Series Router
Configuration Examples for Implementing NTPexit
Configuring NTP Authentication: Example
The following example shows an NTP authentication configuration. In this example, the following is configured:
• NTP authentication is enabled.
• Two authentication keys are configured (key 2 and key 3).
• The router is configured to allow its software clock to be synchronized with the clock of the peer (or
vice versa) at IP address 10.3.32.154 using authentication key 2.
• The router is configured to allow its software clock to be synchronized with the clock by the device at
IP address 10.32.154.145 using authentication key 3.
• The router is configured to synchronize only to systems providing authentication key 3 in their NTP
packets.
ntp
authenticate
authentication-key 2 md5 encrypted 06120A2D40031D1008124
authentication-key 3 md5 encrypted 1311121E074110232621
trusted-key 3
server 10.3.32.154 key 3
peer 10.32.154.145 key 2
Disabling NTP on an Interface: Example
The following example shows an NTP configuration in which Gigabit Ethernet 0/2/0/0 interface is disabled:
ntp
interface GigabitEthernet0/2/0/0
disable
exit
authentication-key 2 md5 encrypted 06120A2D40031D1008124
authentication-key 3 md5 encrypted 1311121E074110232621
authenticate
trusted-key 3
server 10.3.32.154 key 3
peer 10.32.154.145 key 2
Configuring the Source IP Address for NTP Packets: Example
The following example shows an NTP configuration in which Ethernet management interface 0/0/CPU0/0 is
configured as the source address for NTP packets:
ntp
authentication-key 2 md5 encrypted 06120A2D40031D1008124
authentication-key 3 md5 encrypted 1311121E074110232621
authenticate
trusted-key 3
server 10.3.32.154 key 3
peer 10.32.154.145 key 2
source MgmtEth0/0/CPU0/0
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
188 OL-26081-03
Implementing NTP on the Cisco ASR 9000 Series Router
Configuration Examples for Implementing NTPConfiguring the System as an Authoritative NTP Server: Example
The following example shows a NTP configuration in which the router is configured to use its own NTP
master clock to synchronize with peers when an external NTP source becomes unavailable:
ntp
master 6
Updating the Hardware Clock: Example
The following example shows an NTP configuration in which the router is configured to update its hardware
clock from the software clock at periodic intervals:
ntp
server 10.3.32.154
update-calendar
Additional References
The following sections provide references related to implementing NTP on Cisco IOS XR software.
Related Documents
Related Topic Document Title
Clock Commands on the Cisco ASR 9000 Series
Router module of Cisco ASR 9000 Series
Aggregation Services Router System Management
Command Reference
Cisco IOS XR clock commands
NTP Commands on module of Cisco ASR 9000
Series Aggregation Services Router System
Management Command Reference
Cisco IOS XR NTP commands
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Information about getting started with Cisco IOS XR
Software
Cisco ASR 9000 Series Aggregation Services Router
Commands Master List
Cisco IOS XR master command index
Configuring AAA Services on the Cisco ASR 9000
Series Router module of Cisco ASR 9000 Series
Aggregation Services Router System Security
Configuration Guide
Information about user groups and task IDs
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 189
Implementing NTP on the Cisco ASR 9000 Series Router
Additional ReferencesStandards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the
Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
RFCs
RFCs Title
RFC 1059 Network Time Protocol, Version 1: Specification and Implementation
RFC 1119 Network Time Protocol, Version 2: Specification and Implementation
Network Time Protocol, Version 3: Specification, Implementation, and
Analysis
RFC 1305
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
190 OL-26081-03
Implementing NTP on the Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 11
Implementing Object Tracking on Cisco IOS XR
Software
This module describes the configuration of object tracking on your Cisco IOS XR network. For information
about its application in IPSec, see Cisco ASR 9000 Series Aggregation Services Router System Security
Configuration Guide.
For complete descriptions of the commands listed in this module, see Related Documents, on page 206. To
locate documentation for other commands that might appear in the course of performing a configuration
task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List.
Table 27: Feature History for Implementing Object Tracking on Cisco IOS XR Software Contents
Release Modification
Release 4.2.1 This feature was introduced.
This module contains the following topics:
• Prerequisites for Implementing Object Tracking, page 191
• Information About Object Tracking, page 192
• How to Implement Object Tracking, page 192
• Configuration Examples for Configuring Object Tracking, page 204
• Additional References, page 206
Prerequisites for Implementing Object Tracking
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 191Information About Object Tracking
Object tracking is a mechanism to track an object and to take an action on another object with no relationship
to the tracked objects, based on changes to the properties of the object being tracked.
Each tracked object is identified by a unique name specified on the tracking command-line interface (CLI).
Cisco IOS XR processes then use this name to track a specific object.
The tracking process periodically polls the tracked object and reports any changes to its state in terms of its
being up or down, either immediately or after a delay, as configured by the user.
Multiple objects can also be tracked by means of a list, using a flexible method for combining objects with
Boolean logic. This functionality includes:
• Boolean AND function—When a tracked list has been assigned a Boolean AND function, each object
defined within a subset must be in an up state, so that the tracked object can also be in the up state.
• Boolean OR function—When the tracked list has been assigned a Boolean OR function, it means that
at least one object defined within a subset must also be in an up state, so that the tracked object can also
be in the up state.
How to Implement Object Tracking
This section describes the various object tracking procedures.
Tracking Whether an Interface Is Up or Down
Perform this optional task in global configuration mode to track, in increments of from 1 to 10 seconds,
whether the state of an interface is up or down.
When the tracked object state changes to down, the tracking object (in the case of IPSec, this is the service
virtual interface [SVI]) is brought down, which results in the following:
• All existing tunnels on the SVI are torn down.
• New tunnels cannot be established on this SVI.
• All the routes, whether static or dynamic, pointing to the SVI are removed, including reverse-route
injections (RRI).
SUMMARY STEPS
1. configure
2. track track-name
3. (Optional) delay {up seconds|down seconds}
4. Use one of the following commands:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
192 OL-26081-03
Implementing Object Tracking on Cisco IOS XR Software
Information About Object TrackingDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 track track-name Enters track configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# track
track1
• track-name—Specifies a name for the object to be tracked.
(Optional)
Schedules the delay that can occur between tracking whether the object is
up or down.
delay {up seconds|down seconds}
Example:
RP/0/RSP0/CPU0:router(config-track)#
delay up 10
Step 3
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-track)#
end
exiting(yes/no/cancel)?
[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-track)#
commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Tracking the Line Protocol State of an Interface
Perform this task in global configuration mode to track the line protocol state of an interface.
A tracked object is considered up when a line protocol of the interface is up.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 193
Implementing Object Tracking on Cisco IOS XR Software
Tracking the Line Protocol State of an InterfaceAfter configuring the tracked object, you may associate the interface whose state should be tracked and specify
the number of seconds to wait before the tracking object polls the interface for its state.
SUMMARY STEPS
1. configure
2. track track-name
3. type line-protocol state
4. interface type interface-path-id
5. (Optional) delay {up seconds|down seconds}
6. interface { service-gre numeric-name | service-ipsec numeric-name}
7. line-protocol track object-name
8. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 track track-name Enters track configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# track track1
• track-name—Specifies a name for the object to be
tracked.
type line-protocol state Creates a track based on the line protocol of an interface.
Example:
RP/0/RSP0/CPU0:router(config-track)# type line-protocol
state
Step 3
Step 4 interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-track-line-prot)#interface
atm 0/2/0/0.1
• type—Specifies the interface type. For more
information, use the question mark (?) online help
function.
• interface-path-id—Identifies a physical interface
or a virtual interface.
Use the show interfaces command to see a list
of all possible interfaces currently configured
on the router.
Note
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
194 OL-26081-03
Implementing Object Tracking on Cisco IOS XR Software
Tracking the Line Protocol State of an InterfaceCommand or Action Purpose
The loopback and null interfaces are always in
the up state and, therefore, cannot be tracked.
Note
(Optional)
Schedules the delay that can occur between tracking
whether the object is up or down.
delay {up seconds|down seconds}
Example:
RP/0/RSP0/CPU0:router(config-track)# delay up 10
Step 5
Enters the service-ipsec interface mode, in which you
associate a service-ipsec interface with the interface
interface { service-gre numeric-name | service-ipsec
numeric-name}
Step 6
whose state should be tracked. For example, if the state
Example:
RP/0/RSP0/CPU0:router(config-track)# interface
service-ipsec 23
of the selected interface, such as, ATM, goes down or
up, the state of the service-ipsec interface follows suit.
• numeric-name—Numeric name of the service-ipsec
interface, which can be from 1-65535.
Although service-gre interfaces can be tracked
as an interface object, it is currently unsupported
as a means to monitor the state of another
interface object.
Note
Associates a specific track to an IP Sec or GRE interface.
The state of the interface changes when the state of the
track changes.
line-protocol track object-name
Example:
RP/0/RSP0/CPU0:router(config-if)# line-protocol track
track12
Step 7
Step 8 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
• commit
Example:
RP/0/RSP0/CPU0:router(config-track)# end
before exiting(yes/no/cancel)?
[cancel]:
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config-track)# commit
configuration session, and returns the router
to EXEC mode.
? Entering no exits the configuration session
and returnsthe router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the
current configuration session without exiting
or committing the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 195
Implementing Object Tracking on Cisco IOS XR Software
Tracking the Line Protocol State of an InterfaceCommand or Action Purpose
• Use the commit command to save the configuration
changes to the running configuration file and
remain within the configuration session.
Tracking IP Route Reachability
When a host or a network goes down on a remote site, routing protocols notify the router and the routing table
is updated accordingly. The routing process is configured to notify the tracking process when the route state
changes due to a routing update.
A tracked object is considered up when a routing table entry exists for the route and the route is accessible.
SUMMARY STEPS
1. configure
2. track track-name
3. type route reachability
4. Use one of the following commands:
• vrf vrf-table-name
• route ipv4 IP-prefix/mask
5. (Optional) delay {up seconds|down seconds}
6. interface { service-gre numeric-name | service-ipsec numeric-name}
7. line-protocol track object-name
8. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 track track-name Enters track configuration mode.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
196 OL-26081-03
Implementing Object Tracking on Cisco IOS XR Software
Tracking IP Route ReachabilityCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config)# track track1
• track-name—Specifies a name for the object to be tracked.
Configures the routing process to notify the tracking process when
the state of the route changes due to a routing update.
type route reachability
Example:
RP/0/RSP0/CPU0:router(config-track)# type
route reachability vrf internet
Step 3
Configures the type of IP route to be tracked, which can consist of
either of the following, depending on your router type:
Step 4 Use one of the following commands:
• vrf vrf-table-name
• vrf-table-name—A VRF table name.
• route ipv4 IP-prefix/mask
• IP-prefix/mask—An IP prefix consisting of the network and
subnet mask (for example, 10.56.8.10/16).
Example:
RP/0/RSP0/CPU0:router(config-track-route)#
vrf vrf-table-4
or
RP/0/RSP0/CPU0:router(config-track-route)#
route ipv4 10.56.8.10/16
(Optional)
Schedulesthe delay that can occur between tracking whether the object
is up or down.
delay {up seconds|down seconds}
Example:
RP/0/RSP0/CPU0:router(config-track)# delay
up 10
Step 5
Enters the service-ipsec interface mode, in which you associate a
service-ipsec interface with the interface whose state should be tracked.
interface { service-gre numeric-name |
service-ipsec numeric-name}
Step 6
For example, if the state of the selected interface, such as, ATM, goes
down or up, the state of the service-ipsec interface follows suit.
Example:
RP/0/RSP0/CPU0:router(config-track)#
interface service-ipsec 23
• numeric-name—Numeric name of the service-ipsec interface,
which can be from 1-65535.
Although service-gre interfaces can be tracked as an interface
object, it is currently unsupported as a means to monitor the
state of another interface object.
Note
Associates the track with an IPSec or GRE interface. The state of the
interface changes when the state of the track changes.
line-protocol track object-name
Example:
RP/0/RSP0/CPU0:router(config-if)#
line-protocol track track1
Step 7
Step 8 Use one of these commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 197
Implementing Object Tracking on Cisco IOS XR Software
Tracking IP Route ReachabilityCommand or Action Purpose
• When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Building a Track Based on a List of Objects
Perform this task in the global configuration mode to create a tracked list of objects (which, in this case, are
lists of interfaces or prefixes) using a Boolean expression to determine the state of the list.
A tracked list contains one or more objects. The Boolean expression enables two types of calculations by
using either AND or OR operators. For example, when tracking two interfaces, using the AND operator, up
means that both interfaces are up, and down means that either interface is down.
An object must exist before it can be added to a tracked list.
The NOT operator is specified for one or more objects and negates the state of the object.
Note
After configuring the tracked object, you must associate the interface whose state should be tracked and you
may optionally specify the number of seconds to wait before the tracking object polls the interface for its
state.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
198 OL-26081-03
Implementing Object Tracking on Cisco IOS XR Software
Building a Track Based on a List of ObjectsSUMMARY STEPS
1. configure
2. track track-name
3. type list boolean { and | or }
4. object object-name [ not ]
5. (Optional) delay {up seconds|down seconds}
6. interface { service-gre numeric-name | service-ipsec numeric-name}
7. line-protocol track object-name
8. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 track track-name Enters track configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# track
track1
• track-name—Specifies a name for the object to be tracked.
Step 3 type list boolean { and | or } Configures a Boolean list object and enterstrack list configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-track-list)#
type list boolean and
• boolean—Specifies that the state of the tracked list is based on a
Boolean calculation.
• and—Specifies that the list is up if all objects are up, or down if
one or more objects are down. For example when tracking two
interfaces, up means that both interfaces are up, and down means
that either interface is down.
• or—Specifies that the list is up if at least one object is up. For
example, when tracking two interfaces, up means that either
interface is up, and down means that both interfaces are down.
Step 4 object object-name [ not ] Specifies the object to be tracked by the list
Example:
RP/0/RSP0/CPU0:router(config-track-list)#
object 3 not
• obect-name—Name of the object to track.
• not—Negates the state of the object.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 199
Implementing Object Tracking on Cisco IOS XR Software
Building a Track Based on a List of ObjectsCommand or Action Purpose
(Optional)
Schedules the delay that can occur between tracking whether the object
is up or down.
delay {up seconds|down seconds}
Example:
RP/0/RSP0/CPU0:router(config-track)# delay
up 10
Step 5
Enters the service-ipsec interface mode, in which you associate a
service-ipsec interface with the interface whose state should be tracked.
interface { service-gre numeric-name |
service-ipsec numeric-name}
Step 6
For example, if the state of the selected interface, such as, ATM, goes
down or up, the state of the service-ipsec interface follows suit.
Example:
RP/0/RSP0/CPU0:router(config-track)#
interface service-ipsec 23
• numeric-name—Numeric name of the service-ipsec interface,
which can be from 1-65535.
Although service-gre interfaces can be tracked as an interface
object, it is currently unsupported as a means to monitor the
state of another interface object.
Note
Associates the track to an IP Sec or GRE interface. The state of the
interface changes when the state of the track changes.
line-protocol track object-name
Example:
RP/0/RSP0/CPU0:router(config-if)#
line-protocol track track1
Step 7
Step 8 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-track)# end
exiting(yes/no/cancel)?
[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-track)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
200 OL-26081-03
Implementing Object Tracking on Cisco IOS XR Software
Building a Track Based on a List of ObjectsBuilding a Track Based on a List of Objects - Threshold Percentage
Perform this task in the global configuration mode to create a tracked list of objects (which, in this case, are
lists of interfaces or prefixes) using a threshold percentage to determine the state of the list.
SUMMARY STEPS
1. configure
2. track track-name
3. type list threshold percentage
4. object object-name
5. threshold percentage up percentage down percentage
6. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 track track-name Enters track configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# track track1
• track-name—Specifies a name for the object to be
tracked.
type list threshold percentage Configures a track of type threshold percentage list.
Example:
RP/0/RSP0/CPU0:router(config-track-list)# type list
threshold percentage
Step 3
Configures object 1, object 2, object 3 and object 4 as
members of track type track1.
object object-name
Example:
RP/0/RSP0/CPU0:router(config-track-list-threshold)#
Step 4
object 1
RP/0/RSP0/CPU0:router(config-track-list-threshold)#
object 2
RP/0/RSP0/CPU0:router(config-track-list-threshold)#
object 3
RP/0/RSP0/CPU0:router(config-track-list-threshold)#
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 201
Implementing Object Tracking on Cisco IOS XR Software
Building a Track Based on a List of Objects - Threshold PercentageCommand or Action Purpose
object 4
Configures the percentage of objects that need to be UP or
DOWN for the list to be considered UP or Down
respectively.
threshold percentage up percentage down percentage
Example:
RP/0/RSP0/CPU0:router(config-track-list-threshold)#
threshold percentage up 50 down 33
Step 5
For example, if object 1, object 2, and object 3 are in the
UP state and object 4 is in the DOWN state, the list is
considered to be in the UP state.
Step 6 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-track)# end
exiting(yes/no/cancel)?
[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-track)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Building a Track Based on a List of Objects - Threshold Weight
Perform this task in the global configuration mode to create a tracked list of objects (which, in this case, are
lists of interfaces or prefixes) using a threshold weight to determine the state of the list.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
202 OL-26081-03
Implementing Object Tracking on Cisco IOS XR Software
Building a Track Based on a List of Objects - Threshold WeightSUMMARY STEPS
1. configure
2. track track-name
3. type list threshold weight
4. object object-nameweight weight
5. threshold weight up weight down weight
6. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 track track-name Enters track configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# track track1
• track-name—Specifies a name for the object to be
tracked.
type list threshold weight Configures a a track of type, threshold weighted list.
Example:
RP/0/RSP0/CPU0:router(config-track-list)# type list
threshold weight
Step 3
Configures object 1, object 2 and object 3 as members of
track t1 and with weights 10, 5 and 3 respectively.
object object-nameweight weight
Example:
Step 4
RP/0/RSP0/CPU0:router(config-track-list-threshold)#
object 1 weight 10
RP/0/RSP0/CPU0:router(config-track-list-threshold)#
object 2 weight 5
RP/0/RSP0/CPU0:router(config-track-list-threshold)#
object 3 weight 3
Configures the range of weights for the objects that need to
be UP or DOWN for the list to be considered UP or DOWN
threshold weight up weight down weight
Example:
RP/0/RSP0/CPU0:router(config-track-list-threshold)#
threshold weight up 10 down 5
Step 5
respectively. In this example, the list is considered to be in
the DOWN state because objects 1 and 2 are in the UP state
and the cumulative weight is 15 (not in the 10-5 range).
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 203
Implementing Object Tracking on Cisco IOS XR Software
Building a Track Based on a List of Objects - Threshold WeightCommand or Action Purpose
Step 6 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-track)# end
exiting(yes/no/cancel)?
[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-track)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Configuration Examples for Configuring Object Tracking
For examples illustrating how to use object tracking in a variety of scenarios in IPSec, see the Implementing
IPSec Network Security on Cisco IOS XR Software module in Cisco ASR 9000 Series Aggregation Services
Router System Monitoring Configuration Guide.
Tracking Whether the Interface Is Up or Down: Example
track connection100
type list boolean and
object object3 not
delay up 10
!
interface service-ipsec 23
line-protocol track connection100
!
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
204 OL-26081-03
Implementing Object Tracking on Cisco IOS XR Software
Configuration Examples for Configuring Object TrackingTracking the Line Protocol State of an Interface: Example
In this example, traffic arrives from interface service-ipsec1 and exits through interface GigabitEthernet
0/0/0/3:
track IPSec1
type line-protocol state
interface gigabitethernet0/0/0/3
!
interface service-ipsec 1
ipv4 address 70.0.0.1 255.255.255.0
profile vrf1_profile_ipsec
line-protocol track IPSec1
tunnel source 80.0.0.1
tunnel destination 80.0.0.2
service-location preferred-active 0/0/1
!
Displaying the Line Protocol State of an Interface: Example
This example displays the output from the show track command after performing the previous example:
RP/0/RSP0/CPU0:router# show track
Track IPSec1
Interface GigabitEthernet0_0_0_3 line-protocol
!
Line protocol is UP
1 change, last change 10:37:32 UTC Thu Sep 20 2007
Tracked by:
service-ipsec1
!
Tracking IP Route Reachability: Example
In this example, traffic arriving from interface service-ipsec1 has its destination in network 7.0.0.0/24. This
tracking procedure follows the state of the routing protocol prefix to signal when there are changes in the
routing table.
track PREFIX1
type route reachability
route ipv4 7.0.0.0/24
!
interface service-ipsec 1
vrf 1
ipv4 address 70.0.0.2 255.255.255.0
profile vrf_1_ipsec
line-protocol track PREFIX1
tunnel source 80.0.0.2
tunnel destination 80.0.0.1
service-location preferred-active 0/2/0
Building a Track Based on a List of Objects: Example
In this example, traffic arriving from interface service-ipsec1 exits through interface GigabitEthernet 0/0/0/3
and interface ATM 0/2/0/0.1. The destination of the traffic is at network 7.0.0.0/24.
If either one of the interfaces or the remote network goes down, the flow of traffic must stop. To do this, we
use a Boolean AND expression.
track LIST2
type list boolean and
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 205
Implementing Object Tracking on Cisco IOS XR Software
Configuration Examples for Configuring Object Trackingobject IPSec1
object IPSec2
object PREFIX1
!
track IPSec1
type line-protocol state
interface GigabitEthernet0/0/0/3
!
track IPSec2
type line-protocol state
interface ATM0/2/0.1
!
track PREFIX1
type route reachability
route ipv4 7.0.0.0/24
!
interface service-ipsec1
vrf 1
ipv4 address 70.0.0.2 255.255.255.0
profile vrf_1_ipsec
line-protocol track LIST2
tunnel source 80.0.0.2
tunnel destination 80.0.0.1
service-location preferred-active 0/2/0
!
Additional References
The following sections provide referencesrelated to implementing object tracking for IPSec network security.
Related Documents
Related Topic Document Title
IPSec Network Security Commands on the
Cisco ASR 9000 Series Router module in
Cisco ASR 9000 Series Aggregation Services Router
System Security Configuration Guide
IPSec network security commands
Internet Key Exchange Security Protocol Commands
on the Cisco ASR 9000 Series Router module in
Cisco ASR 9000 Series Aggregation Services Router
System Security Command Reference
Internet Key Exchange (IKE) security protocol
commands
Cisco ASR 9000 Series Aggregation Services Router
System Management Command Reference
IP-Sec-related object tracking commands
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
206 OL-26081-03
Implementing Object Tracking on Cisco IOS XR Software
Additional ReferencesMIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the
Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
RFCs
RFCs Title
RFC 2401 Security Architecture for the Internet Protocol
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 207
Implementing Object Tracking on Cisco IOS XR Software
Additional References Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
208 OL-26081-03
Implementing Object Tracking on Cisco IOS XR Software
Additional ReferencesC H A P T E R 12
Implementing Physical and Virtual Terminals on
the Cisco ASR 9000 Series Router
Line templates define standard attribute settings for incoming and outgoing transport over physical and
virtual terminal lines (vtys). Vty pools are used to apply template settings to ranges of vtys.
Before creating or modifying the vty pools, enable the telnet server using the telnet server command in
global configuration mode. See Cisco ASR 9000 Series Aggregation Services Router IP Addresses and
Services Configuration Guide and Cisco ASR 9000 Series Aggregation Services Router IP Addresses and
Services Command Reference for more information.
Note
This module describes the new and revised tasks you need to implement physical and virtual terminals on
your Cisco IOS XR network.
For more information about physical and virtual terminals on the Cisco IOS XR software and complete
descriptions of the terminal services commands listed in this module, see Related Documents, on page 219.
To locate documentation for other commands that might appear in the course of running a configuration
task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List.
Table 28: Feature History for Implementing Physical and Virtual Templates on Cisco IOS XR Software
Release Modification
Release 3.7.2 This feature was introduced.
This module contains the following topics:
• Prerequisites for Implementing Physical and Virtual Terminals, page 210
• Information About Implementing Physical and Virtual Terminals, page 210
• How to Implement Physical and Virtual Terminals on Cisco IOS XR Software, page 212
• Configuration Examples for Implementing Physical and Virtual Terminals, page 217
• Additional References, page 219
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 209Prerequisites for Implementing Physical and Virtual Terminals
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Information About Implementing Physical and Virtual Terminals
To implement physical and virtual terminals, you need to understand the concepts in this section.
Line Templates
The following line templates are available in the Cisco IOS XR software.
• Default line template—The default line template that applies to a physical and virtual terminal lines.
• Console line template—The line template that applies to the console line.
• User-defined line templates—User-defined line templatesthat can be applied to a range of virtual terminal
lines.
Line Template Configuration Mode
Changes to line template attributes are made in line template configuration mode. To enter line template
configuration mode, issue the line command from global configuration mode, specifying the template to be
modified. The line templates that are available to be configured with the line command can be displayed
using the online help feature ( ? ):
RP/0/RSP0/CPU0:router(config)# line ?
console console template
default default template
template user defined template
After you specify a template with the line command, the router will enter line template configuration mode
where you can set the terminal attributes that will apply to specified line template. This example shows how
to specify the console template and to enter line template configuration mode for the console template:
RP/0/RSP0/CPU0:router(config)# line console
RP/0/RSP0/CPU0:router(config-line)#
From line template configuration mode, the following terminal attribute setting commands can be configured:
RP/0/RSP0/CPU0:router# ?
absolute-timeout Set absolute timeout for line disconnection.
access-class Filter connections based on an IP access list
accounting Accounting parameters
authorization Authorization parameters
clear Clear the uncommitted configuration
clear Clear the configuration
cli Set the behaviour of cli.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
210 OL-26081-03
Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router
Prerequisites for Implementing Physical and Virtual Terminalscommit Commit the configuration changes to running
databits Set the number of databits.
describe Describe a command without taking real actions
disconnect-character Define the disconnect character
do Run an exec command
escape-character Change the current line template's escape character
exec-timeout Set EXEC timeout
exit Exit from this submode
flowcontrol Configure flow control.
interactive Interactive behaviour
length Set number of lines on a screen.
login Line login configuration
no Negate a command or set its defaults
parity Set the parity used.
password Specify the password for the user
pwd Commands used to reach current submode
root Exit to the global configuration mode
secret Provide a secure one way encrypted password
session-limit Set the number of outgoing connections
session-timeout Set interval for closing connection when there is no input traffic
show Show contents of configuration
stopbits Set the stopbits used.
telnet Telnet protocol-specific configuration
timeout Timeouts for the line
timestamp To enable timestamp printing before each command.
transport Define transport protocols for line
users Users characteristics
width Set width of the display terminal
Line Template Guidelines
The following guidelines apply to modifying the console template and to configuring a user-defined template:
• Modify the templates for the physical terminal lines on the router (the console port) from line template
configuration mode. Use the line console command from global configuration mode to enter line
template configuration mode for the console template.
• Modify the template for virtual lines by configuring a user-defined template with the line template-name
command, configuring the terminal attributes for the user-defined template from line template
configuration, and applying the template to a range of virtual terminal lines using the vty pool command.
Attributes not defined in the console template, or any virtual template, are taken from the default template.
The default settings for the default template are described for all commands in line template configuration
mode in the Terminal Services Commands on the Cisco ASR 9000 Series Router module in Cisco ASR 9000
Series Aggregation Services Router System Management Command Reference.
Before creating or modifying the vty pools, enable the telnet server using the telnet server command in
global configuration mode. See Cisco ASR 9000 Series Aggregation Services Router IP Addresses and
Services Configuration Guide and Cisco ASR 9000 Series Aggregation Services Router IP Addresses and
Services Command Reference for more information.
Note
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 211
Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router
Line Template GuidelinesTerminal Identification
The physical terminal lines for the console port is identified by its location, expressed in the format of
rack/slot/module , on the active or standby route processor (RP) where the respective console port resides.
For virtual terminals, physical location is not applicable; the Cisco IOS XR software assigns a vty identifier
to vtys according to the order in which the vty connection has been established.
vty Pools
Each virtual line is a member of a pool of connections using a common line template configuration. Multiple
vty pools may exist, each containing a defined number of vtys as configured in the vty pool. The Cisco IOS XR
software supports the following vty pools by default:
• Default vty pool—The default vty pool consists of five vtys (vtys 0 through 4) that each reference the
default line template.
• Default fault manager pool—The default fault manager pool consists of six vtys (vtys 100 through 105)
that each reference the default line template.
In addition to the default vty pool and default fault manager pool, you can also configure a user-defined vty
pool that can reference the default template or a user-defined template.
When configuring vty pools, follow these guidelines:
• The vty range for the default vty pool must start at vty 0 and must contain a minimum of five vtys.
• The vty range from 0 through 99 can reference the default vty pool.
• The vty range from 5 through 99 can reference a user-defined vty pool.
• The vty range from 100 is reserved for the fault manager vty pool.
• The vty range for fault manager vty pools must start at vty 100 and must contain a minimum of six vtys.
• A vty can be a member of only one vty pool. A vty pool configuration will fail if the vty pool includes
a vty that is already in another pool.
• If you attempt to remove an active vty from the active vty pool when configuring a vty pool, the
configuration for that vty pool will fail.
How to Implement Physical and Virtual Terminals on Cisco IOS
XR Software
Modifying Templates
Thistask explains how to modify the terminal attributesfor the console and default line templates. The terminal
attributes that you set will modify the template settings for the specified template.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
212 OL-26081-03
Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router
Terminal IdentificationSUMMARY STEPS
1. configure
2. line {console | default}
3. Configure the terminal attribute settings for the specified template using the commands in line template
configuration mode.
4. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 line {console | default} Enters line template configuration mode for the specified line template.
Example:
RP/0/RSP0/CPU0:router(config)# line
console
• console—Enters line template configuration mode for the console
template.
• default —Enters line template configuration mode for the default
or
line template.
RP/0/RSP0/CPU0:router(config)# line
default
Configure the terminal attribute settings for the —
specified template using the commands in line
template configuration mode.
Step 3
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-line)# end
exiting(yes/no/cancel)?
[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-line)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 213
Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router
Modifying TemplatesCommand or Action Purpose
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Creating and Modifying vty Pools
This task explains how to create and modify vty pools.
You can omit Step 3, on page 215 to Step 5, on page 215 if you are configuring the default line template to
reference a vty pool.
SUMMARY STEPS
1. configure
2. telnet {ipv4 | ipv6} server max-servers limit
3. line template template-name
4. Configure the terminal attribute settingsfor the specified line template using the commandsin line template
configuration mode.
5. exit
6. vty-pool {default | pool-name | eem} first-vty last-vty [line-template {default | template-name}]
7. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
214 OL-26081-03
Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router
Creating and Modifying vty PoolsCommand or Action Purpose
Specifies the number of allowable Telnet servers. Up to 100 Telnet servers
are allowed.
telnet {ipv4 | ipv6} server max-servers limit
Example:
RP/0/RSP0/CPU0:router(config)# telnet
Step 2
By default no Telnet servers are allowed. You must configure this
command in order to enable the use of Telnet servers.
Note
ipv4 server max-servers 10
line template template-name Enters line template configuration mode for a user-defined template.
Example:
RP/0/RSP0/CPU0:router(config)# line
template 1
Step 3
Configure the terminal attribute settings for —
the specified line template using the
Step 4
commands in line template configuration
mode.
Exits line template configuration mode and returns the router to global
configuration mode.
exit
Example:
RP/0/RSP0/CPU0:router(config-line)#
exit
Step 5
vty-pool {default | pool-name | eem} first-vty Creates or modifies vty pools.
last-vty [line-template {default |
template-name}]
Step 6
• If you do notspecify a line template with the line-template keyword,
a vty pool defaults to the default line template.
Example:
RP/0/RSP0/CPU0:router(config)# vty-pool
• default —Configures the default vty pool.
? The default vty pool must start at vty 0 and must contain a
minimum of five vtys (vtys 0 through 4).
default 0 5 line-template default
or
RP/0/RSP0/CPU0:router(config)# vty-pool
? You can resize the default vty pool by increasing the range of
vtys that compose the default vty pool.
pool1 5 50 line-template template1 • pool-name —Creates a user-defined vty pool.
or
RP/0/RSP0/CPU0:router(config)# vty-pool
? A user-defined pool must start at least at vty 5, depending on
whether the default vty pool has been resized.
eem 100 105 line-template template1 ? If the range of vtys for the default vty pool has been resized, use
the first range value free from the default line template. For
example, if the range of vtys for the default vty pool has been
configured to include 10 vtys (vty 0 through 9), the range value
for the user-defined vty pool must start with vty 10.
• eem —Configures the embedded event manager pool.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 215
Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router
Creating and Modifying vty PoolsCommand or Action Purpose
? The default embedded event manager vty pool must start at vty
100 and must contain a minimum of six vtys (vtys 100 through
105).
• line-template template-name —Configures the vty pool to reference
a user-defined template.
Step 7 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Monitoring Terminals and Terminal Sessions
Thistask explains how to monitor terminals and terminalsessions using the show EXEC commands available
for physical and terminal lines.
Note The commands can be entered in any order.
SUMMARY STEPS
1. (Optional) show line [aux location node-id | console location node-id | vty number]
2. (Optional) show terminal
3. (Optional) show users
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
216 OL-26081-03
Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router
Monitoring Terminals and Terminal SessionsDETAILED STEPS
Command or Action Purpose
(Optional)
Displays the terminal parameters of terminal lines.
show line [aux location node-id | console
location node-id | vty number]
Step 1
Example:
RP/0/RSP0/CPU0:router# show line
• Specifying the show line aux location node-id EXEC command
displays the terminal parameters of the auxiliary line.
• Specifying the show line console location node-id EXEC command
displays the terminal parameters of the console.
? For the location node-id keyword and argument, enter the location
of the Route Processor (RP) on which the respective auxiliary or
console port resides.
? The node-id argument is expressed in the format of
rack/slot/module .
• Specifying the show line vty number EXEC command displays the
terminal parameters for the specified vty.
(Optional)
Displays the terminal attribute settings for the current terminal line.
show terminal
Example:
RP/0/RSP0/CPU0:router# show terminal
Step 2
(Optional)
Displays information about the active lines on the router.
show users
Example:
RP/0/RSP0/CPU0:router# show users
Step 3
Configuration Examples for Implementing Physical and Virtual
Terminals
Modifying the Console Template: Example
This configuration example shows how to modify the terminal attribute settings for the console line template:
line console
exec-timeout 0 0
escape-character 0x5a
session-limit 10
disconnect-character 0x59
session-timeout 100
transport input telnet
transport output telnet
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 217
Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router
Configuration Examples for Implementing Physical and Virtual TerminalsIn this configuration example, the following terminal attributes are applied to the console line template:
• The EXEC time out for terminal sessions is set to 0 minutes, 0 seconds. Setting the EXEC timeout to 0
minutes and 0 seconds disables the EXEC timeout function; thus, the EXEC session for the terminal
session will never time out.
• The escape character is set to the 0x5a hexadecimal value (the 0x5a hexadecimal value translates into
the “Z” character).
• The session limit for outgoing terminal sessions is set to 10 connections.
• The disconnect character is set to 0x59 hexadecimal value (the 0x59 hexidecimal character translates
into the “Y” character).
• The session time out for outgoing terminal sessions is set to 100 minutes (1 hour and 40 minutes).
• The allowed transport protocol for incoming terminal sessions is Telnet.
• The allowed transport protocol for outgoing terminal sessions is Telnet.
To verify that the terminal attributes for the console line template have been applied to the console, use the
show line command:
RP/0/RSP0/CPU0:router# show line console location 0/0/CPU0
Tty Speed Modem Uses Noise Overruns Acc I/O
* con0/0/CPU0 9600 - - - 0/0 -/-
Line con0_0_CPU0, Location "Unknown", Type "Unknown"
Length: 24 lines, Width: 80 columns
Baud rate (TX/RX) is 9600, 1 parity, 2 stopbits, 8 databits
Template: console
Config:
Allowed transports are telnet.
Modifying the Default Template: Example
This configuration example shows how to override the terminal settings for the default line template:
line default
exec-timeout 0 0
width 512
length 512
In this example, the following terminal attributes override the default line template default terminal attribute
settings:
• The EXEC timeout for terminal sessions is set to 0 minutes and 0 seconds. Setting the EXEC timeout
to 0 minutes and 0 seconds disables the EXEC timeout function; thus, the EXEC session for the terminal
session will never time out (the default EXEC timeout for the default line template is 10 minutes).
• The width of the terminal screen for the terminals referencing the default template is set to 512 characters
(the default width for the default line template is 80 characters).
• The length, the number of lines that will display at one time on the terminal referencing the default
template, is set to 512 lines (the default length for the default line template is 24 lines).
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
218 OL-26081-03
Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router
Configuration Examples for Implementing Physical and Virtual TerminalsConfiguring a User-Defined Template to Reference the Default vty Pool: Example
This configuration example shows how to configure a user-defined line template (named test in this example)
for vtys and to configure the line template test to reference the default vty pool:
line template test
exec-timeout 100 0
width 100
length 100
exit
vty-pool default 0 4 line-template test
Configuring a User-Defined Template to Reference a User-Defined vty Pool: Example
This configuration example shows how to configure a user-defined line template (named test2 in this example)
for vtys and to configure the line template test to reference a user-defined vty pool (named pool1 in this
example):
line template test2
exec-timeout 0 0
session-limit 10
session-timeout 100
transport input all
transport output all
exit
vty-pool pool1 5 50 line-template test2
Configuring a User-Defined Template to Reference the Fault Manager vty Pool: Example
This configuration example shows how to configure a user-defined line template (named test3 in this example)
for vtys and to configure the line template test to reference the fault manager vty pool:
line template test3
width 110
length 100
session-timeout 100
exit
vty-pool eem 100 106 line-template test3
Additional References
The following sections provide references related to implementing physical and virtual terminals on
Cisco IOS XR software.
Related Documents
Related Topic Document Title
Terminal Services Commands on the
Cisco ASR 9000 Series Router module of
Cisco ASR 9000 Series Aggregation Services Router
System Management Command Reference
Cisco IOS XR terminal services commands
Cisco ASR 9000 Series Aggregation Services Router
Commands Master List
Cisco IOS XR command master index
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 219
Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router
Additional ReferencesRelated Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Information about getting started with Cisco IOS XR
software
Configuring AAA Services on the Cisco ASR 9000
Series Router module of Cisco ASR 9000 Series
Aggregation Services Router System Security
Configuration Guide
Information about user groups and task IDs
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the
Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
RFCs
RFCs Title
No new or modified RFCs are supported by this —
feature, and support for existing RFCs has not been
modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
220 OL-26081-03
Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router
Additional ReferencesCisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 221
Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router
Additional References Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
222 OL-26081-03
Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 13
Implementing SNMP on the Cisco ASR 9000
Series Router
Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a message
format for communication between SNMP managers and agents. SNMP provides a standardized framework
and a common language used for the monitoring and management of devices in a network.
This module describes the new and revised tasks you need to implement SNMP on your Cisco IOS XR
network.
For detailed conceptual information about SNMP on the Cisco IOS XR software and complete descriptions
of the SNMP commandslisted in this module,see Related Documents, on page 251. To locate documentation
for other commands that might appear in the course of performing a configuration task, search online in
Cisco ASR 9000 Series Aggregation Services Router Commands Master List.
Table 29: Feature History for Implementing SNMP on Cisco IOS XR Software
Release Modification
Release 3.7.2 This feature was introduced.
Support was added for 3DES and AES encryption.
The ability to preserve ENTITY-MIB and
CISCO-CLASS-BASED-QOS-MIB data was added.
Release 3.9.0
Release 4.2.0 Support was added for SNMP over IPv6.
This module contains the following topics:
• Prerequisites for Implementing SNMP, page 224
• Restrictions for SNMP Use on Cisco IOS XR Software, page 224
• Information About Implementing SNMP, page 224
• How to Implement SNMP on Cisco IOS XR Software, page 231
• Configuration Examples for Implementing SNMP, page 247
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 223• Additional References, page 251
Prerequisites for Implementing SNMP
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Restrictions for SNMP Use on Cisco IOS XR Software
SNMP outputs are only 32-bits wide and therefore cannot display any information greater than 2
32
. 2
32
is
equal to 4.29 Gigabits. Note that a 10 Gigabit interface is greater than this and so if you are trying to display
speed information regarding the interface, you might see concatenated results.
Information About Implementing SNMP
To implement SNMP, you need to understand the concepts described in this section.
SNMP Functional Overview
The SNMP framework consists of three parts:
• SNMP manager
• SNMP agent
• Management Information Base (MIB)
SNMP Manager
The SNMP manager is the system used to control and monitor the activities of network hosts using SNMP.
The most common managing system is called a network management system (NMS). The term NMS can be
applied to either a dedicated device used for network management, or the applications used on such a device.
A variety of network management applications are available for use with SNMP. These features range from
simple command-line applications to feature-rich graphical user interfaces (such as the CiscoWorks 2000 line
of products).
SNMP Agent
The SNMP agent is the software component within the managed device that maintains the data for the device
and reports these data, as needed, to managing systems. The agent and MIB reside on the router. To enable
the SNMP agent, you must define the relationship between the manager and the agent.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
224 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
Prerequisites for Implementing SNMPMIB
The Management Information Base (MIB) is a virtual information storage area for network management
information, which consists of collections of managed objects. Within the MIB there are collections of related
objects, defined in MIB modules. MIB modules are written in the SNMP MIB module language, as defined
in STD 58, RFC 2578, RFC 2579, and RFC 2580. Note that individual MIB modules are also referred to as
MIBs; for example, the Interfaces Group MIB (IF-MIB) is a MIB module within the MIB on your system.
The SNMP agent contains MIB variables whose values the SNMP manager can request or change through
Get or Set operations. A manager can get a value from an agent or store a value into that agent. The agent
gathers data from the MIB, the repository for information about device parameters and network data. The
agent can also respond to manager requests to get or set data.
Figure 4: Communication Between an SNMP Agent and Manager, on page 225 illustratesthe communications
relationship between the SNMP manager and agent. A manager can send the agent requests to get and set
MIB values. The agent can respond to these requests. Independent of this interaction, the agent can send
unsolicited notifications (traps) to the manager to notify the manager of network conditions.
Figure 4: Communication Between an SNMP Agent and Manager
Related Topics
Additional References, on page 251
SNMP Notifications
A key feature of SNMP is the ability to generate notifications from an SNMP agent. These notifications do
not require that requests be sent from the SNMP manager. On Cisco IOS XR software, unsolicited
(asynchronous) notifications can be generated only as traps. Traps are messages alerting the SNMP manager
to a condition on the network. Notifications can indicate improper user authentication, restarts, the closing of
a connection, loss of connection to a neighbor router, or other significant events.
Note Inform requests (inform operations) are not supported in Cisco IOS XR software.
Traps are less reliable than informs because the receiver does not send any acknowledgment when it receives
a trap. The sender cannot determine if the trap was received. An SNMP manager that receives an inform
request acknowledges the message with an SNMP response protocol data unit (PDU). If the manager does
not receive an inform request, it does not send a response. If the sender never receives a response, the inform
request can be sent again. Thus, informs are more likely to reach their intended destination.
However, traps are often preferred because informs consume more resources in the router and in the network.
Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in memory until a
response is received or the request times out. Also, traps are sent only once, and an inform may be retried
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 225
Implementing SNMP on the Cisco ASR 9000 Series Router
SNMP Notificationsseveral times. The retries increase traffic and contribute to a higher overhead on the network. Thus, traps and
inform requests provide a trade-off between reliability and resources.
In this illustration, the agent router sends a trap to the SNMP manager. Although the manager receives the
trap, it does notsend any acknowledgment to the agent. The agent has no way of knowing that the trap reached
its destination.
Figure 5: Trap Received by the SNMP Manager
In this illustration, the agent sends a trap to the manager, but the trap does not reach the manager. Because
the agent has no way of knowing that the trap did not reach its destination, the trap is not sent again. The
manager never receives the trap.
Figure 6: Trap Not Received by the SNMP Manager
SNMP Versions
Cisco IOS XR software supports the following versions of SNMP:
• Simple Network Management Protocol Version 1 (SNMPv1)
• Simple Network Management Protocol Version 2c (SNMPv2c)
• Simple Network Management Protocol Version 3 (SNMPv3)
Both SNMPv1 and SNMPv2c use a community-based form of security. The community of managers able to
access the agent MIB is defined by an IP address access control list and password.
SNMPv2c support includes a bulk retrieval mechanism and more detailed error message reporting to
management stations. The bulk retrieval mechanism supports the retrieval of tables and large quantities of
information, minimizing the number of round-trips required. The SNMPv2c improved error handling support
includes expanded error codesthat distinguish different kinds of error conditions; these conditions are reported
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
226 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
SNMP Versionsthrough a single error code in SNMPv1. Error return codes now report the error type. Three kinds of exceptions
are also reported: no such object exceptions, no such instance exceptions, and end of MIB view exceptions.
SNMPv3 is a security model. A security model is an authentication strategy that is set up for a user and the
group in which the user resides. A security level is the permitted level of security within a security model. A
combination of a security model and a security level will determine which security mechanism is employed
when an SNMP packet is handled. See Table 31: SNMP Security Models and Levels, on page 228 for a list
of security levels available in SNMPv3. The SNMPv3 feature supports RFCs 3411 to 3418.
You must configure the SNMP agent to use the version of SNMP supported by the management station. An
agent can communicate with multiple managers; for thisreason, you can configure the Cisco IOS-XR software
to support communications with one managementstation using the SNMPv1 protocol, one using the SNMPv2c
protocol, and another using SMNPv3.
Comparison of SNMPv1, v2c, and v3
SNMP v1, v2c, and v3 all support the following operations:
• get-request—Retrieves a value from a specific variable.
• get-next-request—Retrieves the value following the named variable; this operation is often used to
retrieve variables from within a table. With this operation, an SNMP manager does not need to know
the exact variable name. The SNMP manager searches sequentially to find the needed variable from
within the MIB.
• get-response—Operation that replies to a get-request, get-next-request, and set-request sent by an NMS.
• set-request—Operation that stores a value in a specific variable.
• trap—Unsolicited message sent by an SNMP agent to an SNMP manager when some event has occurred.
Table 30: SNMPv1, v2c, and v3 Feature Support, on page 227 identifies other key SNMP features supported
by the SNMP v1, v2c, and v3.
Table 30: SNMPv1, v2c, and v3 Feature Support
Feature SNMP v1 SNMP v2c SNMP v3
Get-Bulk Operation No Yes Yes
Yes (No on the
Cisco IOS XR software)
Yes (No on the
Cisco IOS XR software)
Inform Operation No
64 Bit Counter No Yes Yes
Textual Conventions No Yes Yes
Authentication No No Yes
Privacy (Encryption) No No Yes
Authorization and Access No No Yes
Controls (Views)
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 227
Implementing SNMP on the Cisco ASR 9000 Series Router
SNMP VersionsSecurity Models and Levels for SNMPv1, v2, v3
The security level determines if an SNMP message needs to be protected from disclosure and if the message
needs to be authenticated. The various security levels that exist within a security model are as follows:
• noAuthNoPriv—Security level that does not provide authentication or encryption.
• authNoPriv—Security level that provides authentication but does not provide encryption.
• authPriv—Security level that provides both authentication and encryption.
Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. The security model combined with
the security level determine the security mechanism applied when the SNMP message is processed.
Table 31: SNMP Security Models and Levels, on page 228 identifies what the combinations ofsecurity models
and levels mean.
Table 31: SNMP Security Models and Levels
Model Level Authentication Encryption What Happens
Uses a community
string match for
authentication.
v1 noAuthNoPriv Community string No
Uses a community
string match for
authentication.
v2c noAuthNoPriv Community string No
Uses a username
match for
authentication.
v3 noAuthNoPriv Username No
Provides
authentication based
on the
HMAC
2
-MD5
3
algorithm or the
HMAC-SHA
4
.
HMAC-MD5 or No
HMAC-SHA
v3 authNoPriv
Provides
authentication based
on the HMAC-MD5
or HMAC-SHA
algorithms. Provides
DES
5
56-bit
encryption in
addition to
authentication based
on the CBC
6
DES
(DES-56) standard.
HMAC-MD5 or DES
HMAC-SHA
v3 authPriv
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
228 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
SNMP VersionsModel Level Authentication Encryption What Happens
Provides
authentication based
on the HMAC-MD5
or HMAC-SHA
algorithms. Provides
168-bit 3DES
7
level
of encryption.
HMAC-MD5 or 3DES
HMAC-SHA
v3 authPriv
Provides
authentication based
on the HMAC-MD5
or HMAC-SHA
algorithms. Provides
128-bit AES
8
level
of encryption.
HMAC-MD5 or AES
HMAC-SHA
v3 authPriv
2 Hash-Based Message Authentication Code
3 Message Digest 5
4
Secure Hash Algorithm
5 Data Encryption Standard
6
Cipher Block Chaining
7
Triple Data Encryption Standard
8 Advanced Encryption Standard
Use of 3DES and AES encryption standards requires that the security package (k9sec) be installed. For
information on installing software packages, see Upgrading and Managing Cisco IOS XR Software.
SNMPv3 Benefits
SNMPv3 provides secure access to devices by providing authentication, encryption and access control. These
added security benefits secure SNMP against the following security threats:
• Masquerade—The threat that an SNMP user may assume the identity of another SNMP user to perform
management operations for which that SNMP user does not have authorization.
• Message stream modification—The threat that messages may be maliciously reordered, delayed, or
replayed (to an extent that is greater than can occur through the natural operation of a subnetwork service)
to cause SNMP to perform unauthorized management operations.
• Disclosure—The threat that exchanges between SNMP engines could be eavesdropped. Protecting
against this threat may be required as a matter of local policy.
In addition, SNMPv3 provides access control over protocol operations on SNMP managed objects.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 229
Implementing SNMP on the Cisco ASR 9000 Series Router
SNMPv3 BenefitsSNMPv3 Costs
SNMPv3 authentication and encryption contribute to a slight increase in the response time when SNMP
operations on MIB objects are performed. This cost is far outweighed by the security advantages provided
by SNMPv3.
Table 32: Order of Response Times from Least to Greatest, on page 230 shows the order of response time
(from least to greatest) for the various security model and security level combinations.
Table 32: Order of Response Times from Least to Greatest
Security Model Security Level
SNMPv2c noAuthNoPriv
SNMPv3 noAuthNoPriv
SNMPv3 authNoPriv
SNMPv3 authPriv
User-Based Security Model
SNMPv3 User-Based Security Model (USM) refers to SNMP message-level security and offers the following
services:
• Message integrity—Ensuresthat messages have not been altered or destroyed in an unauthorized manner
and that data sequences have not been altered to an extent greater than can occur nonmaliciously.
• Message origin authentication—Ensures that the claimed identity of the user on whose behalf received
data was originated is confirmed.
• Message confidentiality—Ensures that information is not made available or disclosed to unauthorized
individuals, entities, or processes.
SNMPv3 authorizes management operations only by configured users and encrypts SNMP messages.
USM uses two authentication protocols:
• HMAC-MD5-96 authentication protocol
• HMAC-SHA-96 authentication protocol
USM uses Cipher Block Chaining (CBC)-DES (DES-56) as the privacy protocol for message encryption.
View-Based Access Control Model
The View-Based Access Control Model (VACM) enables SNMP users to control access to SNMP managed
objects by supplying read, write, or notify access to SNMP objects. It prevents access to objects restricted by
views. These access policies can be set when user groups are configured with the snmp-server group
command.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
230 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
SNMPv3 CostsMIB Views
For security reasons, it is often valuable to be able to restrict the access rights of some groups to only a subset
of the management information within the management domain. To provide this capability, access to a
management object is controlled through MIB views, which contain the set of managed object types (and,
optionally, the specific instances of object types) that can be viewed.
Access Policy
Access policy determines the access rights of a group. The three types of access rights are as follows:
• read-view access—The set of object instances authorized for the group when objects are read.
• write-view access—The set of object instances authorized for the group when objects are written.
• notify-view access—The set of object instances authorized for the group when objects are sent in a
notification.
IP Precedence and DSCP Support for SNMP
SNMP IP Precedence and differentiated services code point (DSCP) support delivers QoS specifically for
SNMP traffic. You can change the priority setting so that SNMP traffic generated in a router is assigned a
specific QoS class. The IP Precedence or IP DSCP code point value is used to determine how packets are
handled in weighted random early detection (WRED).
After the IP Precedence or DSCP is set for the SNMP traffic generated in a router, different QoS classes
cannot be assigned to different types of SNMP traffic in that router.
The IP Precedence value is the first three bits in the type of service (ToS) byte of an IP header. The IP DSCP
code point value is the first six bits of the differentiate services (DiffServ Field) byte. You can configure up
to eight different IP Precedence markings or 64 different IP DSCP markings.
How to Implement SNMP on Cisco IOS XR Software
This section describes how to implement SNMP.
The snmp-server commands enable SNMP on Management Ethernet interfaces by default. For information
on how to enable SNMP server support on other inband interfaces, see the Implementing Management Plane
Protection on Cisco IOS XR Software module in Cisco ASR 9000 Series Aggregation Services Router System
Security Configuration Guide.
Configuring SNMPv3
This task explains how to configure SNMPv3 for network management and monitoring.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 231
Implementing SNMP on the Cisco ASR 9000 Series Router
IP Precedence and DSCP Support for SNMPNo specific command enables SNMPv3; the first snmp-server global configuration command that you
issue enables SNMPv3. Therefore, the sequence in which you issue the snmp-server commands for this
task does not matter.
Note
SUMMARY STEPS
1. configure
2. (Optional) snmp-server engineid local engine-id
3. snmp-server view view-name oid-tree {included | excluded}
4. snmp-server group name {v1 | v2c | v3 {auth | noauth | priv}} [read view] [write view] [notify view]
[access-list-name]
5. snmp-server user username groupname {v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted}
auth-password [priv des56 {clear | encrypted} priv-password]]} [access-list-name]
6. Use one of these commands:
• end
• commit
7. (Optional) show snmp
8. (Optional) show snmp engineid
9. (Optional) show snmp group
10. (Optional) show snmp users
11. (Optional) show snmp view
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
(Optional)
Specifiesthe identification number of the local SNMP engine.
snmp-server engineid local engine-id
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
Step 2
engineID local
00:00:00:09:00:00:00:a1:61:6c:20:61
snmp-server view view-name oid-tree {included | Creates or modifies a view record.
excluded}
Step 3
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
232 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
Configuring SNMPv3Command or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server view
view_name 1.3.6.1.2.1.1.5 included
Configures a new SNMP group or a table that maps SNMP
users to SNMP views.
snmp-server group name {v1 | v2c | v3 {auth | noauth
| priv}} [read view] [write view] [notify view]
[access-list-name]
Step 4
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server group
group_name v3 noauth read view_name1 write
view_name2
snmp-server user username groupname Configures a new user to an SNMP group.
{v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted}
Step 5
auth-password [priv des56 {clear | encrypted}
priv-password]]} [access-list-name]
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server user
noauthuser group_name v3
Step 6 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 233
Implementing SNMP on the Cisco ASR 9000 Series Router
Configuring SNMPv3Command or Action Purpose
(Optional)
Displays information about the status of SNMP.
show snmp
Example:
RP/0/RSP0/CPU0:router# show snmp
Step 7
(Optional)
Displays information about the local SNMP engine.
show snmp engineid
Example:
RP/0/RSP0/CPU0:router# show snmp engineid
Step 8
(Optional)
Displaysinformation about each SNMP group on the network.
show snmp group
Example:
RP/0/RSP0/CPU0:router# show snmp group
Step 9
(Optional)
Displays information about each SNMP username in the
SNMP users table.
show snmp users
Example:
RP/0/RSP0/CPU0:router# show snmp users
Step 10
(Optional)
Displays information about the configured views, including
the associated MIB view family name, storage type, and
status.
show snmp view
Example:
RP/0/RSP0/CPU0:router# show snmp view
Step 11
Configuring SNMP Trap Notifications
This task explains how to configure the router to send SNMP trap notifications.
You can omit Step 2, on page 232 to Step 4, on page 233 if you have already completed the steps
documented under the Configuring SNMPv3, on page 231 task.
Note
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
234 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
Configuring SNMP Trap NotificationsSUMMARY STEPS
1. configure
2. (Optional) snmp-server engineid local engine-id
3. snmp-server group name {v1 | v2c | v3 {auth | noauth | priv}} [read view] [write view] [notify view]
[access-list-name]
4. snmp-server user username groupname {v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted}
auth-password [priv des56 {clear | encrypted} priv-password]]} [access-list-name]
5. snmp-server host address [traps] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string [udp-port
port] [notification-type]
6. snmp-server traps [notification-type]
7. Use one of these commands:
• end
• commit
8. (Optional) show snmp host
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
(Optional)
Specifies the identification number of the local SNMP engine.
snmp-server engineid local engine-id
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
Step 2
engineID local
00:00:00:09:00:00:00:a1:61:6c:20:61
Configures a new SNMP group or a table that maps SNMP users
to SNMP views.
snmp-server group name {v1 | v2c | v3 {auth | noauth
| priv}} [read view] [write view] [notify view]
[access-list-name]
Step 3
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
group group_name v3 noauth read view_name1
write view_name2
snmp-server user username groupname Configures a new user to an SNMP group.
{v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted}
Step 4
auth-password [priv des56 {clear | encrypted}
priv-password]]} [access-list-name]
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 235
Implementing SNMP on the Cisco ASR 9000 Series Router
Configuring SNMP Trap NotificationsCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server user
noauthuser group_name v3
Specifies SNMP trap notifications, the version of SNMP to use,
the security level of the notifications, and the recipient (host) of
the notifications.
snmp-server host address [traps] [version {1 | 2c | 3
[auth | noauth | priv]}] community-string [udp-port
port] [notification-type]
Example:
RP/0/RP0/CPU0:router(config)# snmp-server host
12.26.25.61 traps version 3 noauth
userV3noauth
Step 5
Enables the sending of trap notifications and specifies the type
of trap notifications to be sent.
snmp-server traps [notification-type]
Example:
RP/0/RP0/CPU0:router(config)# snmp-server traps
bgp
Step 6
• If a trap is not specified with the notification-type
argument, all supported trap notifications are enabled on
the router. To display which trap notifications are available
on your router, enter the snmp-server traps ? command.
Step 7 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
(Optional)
Displays information about the configured SNMP notification
recipient (host), port number, and security model.
show snmp host
Example:
RP/0/RSP0/CPU0:router# show snmp host
Step 8
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
236 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
Configuring SNMP Trap NotificationsSetting the Contact, Location, and Serial Number of the SNMP Agent
This task explains how to set the system contact string, system location string, and system serial number of
the SNMP agent.
Note The sequence in which you issue the snmp-server commands for this task does not matter.
SUMMARY STEPS
1. configure
2. (Optional) snmp-server contact system-contact-string
3. (Optional) snmp-server location system-location
4. (Optional) snmp-server chassis-id serial-number
5. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
(Optional)
Sets the system contact string.
snmp-server contact system-contact-string
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
Step 2
contact Dial System Operator at beeper #
27345
(Optional)
Sets the system location string.
snmp-server location system-location
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
location Building 3/Room 214
Step 3
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 237
Implementing SNMP on the Cisco ASR 9000 Series Router
Setting the Contact, Location, and Serial Number of the SNMP AgentCommand or Action Purpose
(Optional)
Sets the system serial number.
snmp-server chassis-id serial-number
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
chassis-id 1234456
Step 4
Step 5 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Defining the Maximum SNMP Agent Packet Size
This task shows how to configure the largest SNMP packet size permitted when the SNMP server is receiving
a request or generating a reply.
Note The sequence in which you issue the snmp-server commands for this task does not matter.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
238 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
Defining the Maximum SNMP Agent Packet SizeSUMMARY STEPS
1. configure
2. (Optional) snmp-server packetsize byte-count
3. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
(Optional)
Sets the maximum packet size.
snmp-server packetsize byte-count
Example:
RP/0/RSP0/CPU0:router(config)#
snmp-server packetsize 1024
Step 2
Step 3 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 239
Implementing SNMP on the Cisco ASR 9000 Series Router
Defining the Maximum SNMP Agent Packet SizeChanging Notification Operation Values
After SNMP notifications have been enabled, you can specify a value other than the default for the source
interface, message queue length, or retransmission interval.
This task explains how to specify a source interface for trap notifications, the message queue length for each
host, and the retransmission interval.
Note The sequence in which you issue the snmp-server commands for this task does not matter.
SUMMARY STEPS
1. configure
2. (Optional) snmp-server trap-source type interface-path-id
3. (Optional) snmp-server queue-length length
4. (Optional) snmp-server trap-timeout seconds
5. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
(Optional)
Specifies a source interface for trap notifications.
snmp-server trap-source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
trap-source POS 0/0/1/0
Step 2
(Optional)
Establishes the message queue length for each notification.
snmp-server queue-length length
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
queue-length 20
Step 3
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
240 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
Changing Notification Operation ValuesCommand or Action Purpose
(Optional)
Defines how often to resend notifications on the retransmission queue.
snmp-server trap-timeout seconds
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
trap-timeout 20
Step 4
Step 5 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Setting IP Precedence and DSCP Values
This task describes how to configure IP Precedence or IP DSCP for SNMP traffic.
Before You Begin
SNMP must be configured.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 241
Implementing SNMP on the Cisco ASR 9000 Series Router
Setting IP Precedence and DSCP ValuesSUMMARY STEPS
1. configure
2. Use one of the following commands:
• snmp-server ipv4 precedence value
• snmp-server ipv4 dscp value
3. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 Use one of the following commands: Configures an IP precedence or IP DSCP value for SNMP traffic.
• snmp-server ipv4 precedence value
• snmp-server ipv4 dscp value
Example:
RP/0/RSP0/CPU0:router(config)#
snmp-server dscp 24
Step 3 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
242 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
Setting IP Precedence and DSCP ValuesCommand or Action Purpose
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Configuring MIB Data to be Persistent
Many SNMP MIB definitions define arbitrary 32-bit indices for their object tables. MIB implementations
often do a mapping from the MIB indices to some internal data structure that is keyed by some other set of
data. In these MIB tables the data contained in the table are often other identifiers of the element being
modelled. For example, in the ENTITY-MIB, entries in the entPhysicalTable are indexed by the 31-bit value,
entPhysicalIndex, but the entities could also be identified by the entPhysicalName or a combination of the
other objects in the table.
Because of the size of some MIB tables, significant processing is required to discover all the mappings from
the 32-bit MIB indices to the other data which the network management station identifies the entry. For this
reason, it may be necessary for some MIB indices to be persistent across process restarts, switchovers, or
device reloads. The ENTITY-MIB entPhysicalTable and CISCO-CLASS-BASED-QOS-MIB are two such
MIBs that often require index values to be persistent.
Also, because of query response times and CPU utilization during CISCO-CLASS-BASED-QOS-MIB statistics
queries, it is desirable to cache service policy statistics.
SUMMARY STEPS
1. (Optional) snmp-server entityindex persist
2. (Optional) snmp-server mibs cbqosmib persist
3. (Optional) snmp-server cbqosmib cache refresh time time
4. (Optional) snmp-server cbqosmib cache service-policy count count
5. snmp-server ifindex persist
DETAILED STEPS
Command or Action Purpose
(Optional)
Enables the persistent storage of ENTITY-MIB data.
snmp-server entityindex persist
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server entityindex
persist
Step 1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 243
Implementing SNMP on the Cisco ASR 9000 Series Router
Configuring MIB Data to be PersistentCommand or Action Purpose
(Optional)
Enables persistent storage of the
CISCO-CLASS-BASED-QOS-MIB data.
snmp-server mibs cbqosmib persist
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server mibs
cbqosmib persist
Step 2
(Optional)
Enables QoS MIB caching with a specified cache
refresh time.
snmp-server cbqosmib cache refresh time time
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server mibs
cbqosmib cache refresh time 45
Step 3
(Optional)
Enables QoS MIB caching with a limited number of
service policies to cache.
snmp-server cbqosmib cache service-policy count count
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server mibs
cbqosmib cache service-policy count 50
Step 4
Enables ifIndex persistence globally on all Simple
Network Management Protocol (SNMP) interfaces.
snmp-server ifindex persist
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server ifindex
persist
Step 5
Configuring LinkUp and LinkDown Traps for a Subset of Interfaces
By specifying a regular expression to represent the interfaces for which you are interested in setting traps,
you can enable or disable linkUp and linkDown traps for a large number of interfaces simultaneously.
Before You Begin
SNMP must be configured.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
244 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
Configuring LinkUp and LinkDown Traps for a Subset of InterfacesSUMMARY STEPS
1. configure
2. snmp-server interface subset subset-number regular-expression expression
3. notification linkupdown disable
4. Use one of these commands:
• end
• commit
5. (Optional) show snmp interface notification subset subset-number
6. (Optional) show snmp interface notification regular-expression expression
7. (Optional) show snmp interface notification type interface-path-id
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters snmp-server interface mode for the interfaces identified by
the regular expression.
snmp-server interface subset subset-number
regular-expression expression
Step 2
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
The subset-number argument identifies the set of interfaces, and
also assigns a priority to the subset in the event that an interface is
included in more than one subset. Lower numbers have higher
priority and their configuration takes precedent over interface
subsets with higher numbers.
interface subset 10
regular-expression
"^Gig[a-zA-Z]+[0-9/]+\."
RP/0/RSP0/CPU0:router(config-snmp-if-subset)#
The expression argument must be entered surrounded by double
quotes.
Refer to the Understanding Regular Expressions, Special
Characters, and Patterns module in Cisco ASR 9000 Series
Aggregation Services Router Getting Started Guide for more
information regarding regular expressions.
Disables linkUp and linkDown traps for all interfaces being
configured. To enable previously disabled interfaces, use the no
form of this command.
notification linkupdown disable
Example:
RP/0/RSP0/CPU0:router(config-snmp-if-subset)#
notification linkupdown disable
Step 3
Step 4 Use one of these commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 245
Implementing SNMP on the Cisco ASR 9000 Series Router
Configuring LinkUp and LinkDown Traps for a Subset of InterfacesCommand or Action Purpose
• When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional)
Displays the linkUp and linkDown notification status for all
interfaces identified by the subset priority.
show snmp interface notification subset
subset-number
Example:
RP/0/RSP0/CPU0:router# show snmp interface
notification subset 10
Step 5
(Optional)
Displays the linkUp and linkDown notification status for all
interfaces identified by the regular expression.
show snmp interface notification regular-expression
expression
Example:
RP/0/RSP0/CPU0:router# show snmp interface
Step 6
notification
regular-expression
"^Gig[a-zA-Z]+[0-9/]+\."
(Optional)
Displays the linkUp and linkDown notification status for the
specified interface.
show snmp interface notification type
interface-path-id
Example:
RP/0/RSP0/CPU0:router# show snmp interface
Step 7
notification
GigabitEthernet0/4/0/3.10
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
246 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
Configuring LinkUp and LinkDown Traps for a Subset of InterfacesConfiguration Examples for Implementing SNMP
Configuring SNMPv3: Examples
Setting an Engine ID
This example shows how to set the identification of the local SNMP engine:
snmp-server engineID local 00:00:00:09:00:00:00:a1:61:6c:20:61
Note After the engine ID has been configured, the SNMP agent restarts.
Verifying the Identification of the Local SNMP Engines
This example shows how to verify the identification of the local SNMP engine:
config
show snmp engineid
SNMP engineID 00000009000000a1ffffffff
Creating a View
There are two ways to create a view:
• You can include the object identifier (OID) of an ASN.1 subtree of a MIB family from a view by using
the included keyword of the snmp-server view command.
• You can exclude the OID subtree of the ASN.1 subtree of a MIB family from a view by using the
excluded keyword of the snmp-server view command.
This example shows how to create a view that includes the sysName (1.3.6.1.2.1.1.5) object:
config
snmp-server view view_name 1.3.6.1.2.1.1.5 included
This example shows how to create a view that includes all the OIDs of a system group:
config
snmp-server view view_name 1.3.6.1.2.1.1 included
This example shows how to create a view that includes all the OIDs under the system group except the sysName
object (1.3.6.1.2.1.1.5), which has been excluded:
config
snmp-server view view_name 1.3.6.1.2.1.1 included
snmp-server view view_name 1.3.6.1.2.1.1.5 excluded
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 247
Implementing SNMP on the Cisco ASR 9000 Series Router
Configuration Examples for Implementing SNMPVerifying Configured Views
This example shows how to display information about the configured views:
RP/0/RSP0/CPU0:router# show snmp view
v1default 1.3.6.1 - included nonVolatile active
view_name 1.3.6.1.2.1.1 - included nonVolatile active
view_name 1.3.6.1.2.1.1.5 - excluded nonVolatile active
Creating Groups
If you do not explicitly specify a notify, read, or write view, the Cisco IOS XR software uses the v1 default
(1.3.6.1). This example shows how to create a group that utilizes the default view:
RP/0/RSP0/CPU0:router(config)# snmp-server group group-name v3 auth
The following configuration example shows how to create a group that has read access to all the OIDs in the
system except the sysUpTime object (1.3.6.1.2.1.1.3), which has been excluded from the view applied to the
group, but write access only to the sysName object (1.3.6.1.2.1.1.5):
!
snmp-server view view_name1 1.3.6.1.2.1.1 included
snmp-server view view_name1 1.3.6.1.2.1.1.3 excluded
snmp-server view view_name2 1.3.6.1.2.1.1.5 included
snmp-server group group_name v3 auth read view_name1 write view_name2
!
Verifying Groups
This example shows how to verify the attributes of configured groups:
RP/0/RSP0/CPU0:router# show snmp group
groupname: group_name security model:usm
readview : view_name1 writeview: view_name2
notifyview: v1default
row status: nonVolatile
Creating and Verifying Users
Given the following SNMPv3 view and SNMPv3 group configuration:
!
snmp-server view view_name1 1.3.6.1.2.1.1 included
snmp-server group group_name v3 noauth read view_name write view-name
!
This example shows how to create a noAuthNoPriv user with read and write view access to a system group:
config
snmp-server user noauthuser group_name v3
Note The user must belong to a noauth group before a noAuthNoPriv user can be created.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
248 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
Configuring SNMPv3: ExamplesThis example shows how to verify the attributes that apply to the SNMP user:
RP/0/RSP0/CPU0:router# show snmp user
User name: noauthuser
Engine ID: localSnmpID
storage-type: nonvolatile active
Given the following SNMPv3 view and SNMPv3 group configuration:
!
snmp-server view view_name 1.3.6.1.2.1.1 included
snmp group group_name v3 priv read view_name write view_name
!
This example shows how to create authNoPriv user with read and write view access to a system group:
RP/0/RSP0/CPU0:router(config)# snmp-server user authuser group_name v3 auth md5 clear
auth_passwd
Because the group is configured at a security level of Auth, the user must be configured as “auth” at a
minimum to access this group (“priv” users could also access this group). The authNoPriv user configured
in this group, authuser, must supply an authentication password to access the view. In the example,
auth_passwd is set as the authentication password string. Note that clear keyword is specified before the
auth_passwd password string. The clear keyword indicates that the password string being supplied is
unencrypted.
Note
This example shows how to verify the attributes that apply to SNMP user:
RP/0/RSP0/CPU0:router# show snmp user
User name: authuser
Engine ID: localSnmpID
storage-type: nonvolatile active
Given the following SNMPv3 view and SNMPv3 group configuration:
!
snmp view view_name 1.3.6.1.2.1.1 included
snmp group group_name v3 priv read view_name write view_name
!
This example shows how to create an authPriv user with read and write view access to a system group:
config
snmp-server user privuser group_name v3 auth md5 clear auth_passwd priv des56 clear
priv_passwd
Because the group has a security level of Priv, the user must be configured as a “priv” user to access this
group. In this example, the user, privuser, must supply both an authentication password and privacy
password to access the OIDs in the view.
Note
This example shows how to verify the attributes that apply to the SNMP user:
RP/0/RSP0/CPU0:router# show snmp user
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 249
Implementing SNMP on the Cisco ASR 9000 Series Router
Configuring SNMPv3: ExamplesUser name: privuser
Engine ID: localSnmpID
storage-type: nonvolatile active
Configuring Trap Notifications: Example
The following example configures an SNMP agent to send out different types of traps. The configuration
includes a v2c user, a noAuthNoPriv user, anauthNoPriv user, and an AuthPriv user.
The default User Datagram Protocol (UDP) port is 161. If you do not a specify a UDP port with the
udp-port keyword and port argument, then the configured SNMP trap notifications are sent to port 161.
Note
!
snmp-server host 10.50.32.170 version 2c userv2c udp-port 2345
snmp-server host 10.50.32.170 version 3 auth userV3auth udp-port 2345
snmp-server host 10.50.32.170 version 3 priv userV3priv udp-port 2345
snmp-server host 10.50.32.170 version 3 noauth userV3noauth udp-port 2345
snmp-server user userv2c groupv2c v2c
snmp-server user userV3auth groupV3auth v3 auth md5 encrypted 140F0A13
snmp-server user userV3priv groupV3priv v3 auth md5 encrypted 021E1C43 priv des56 encrypted
1110001C
snmp-server user userV3noauth groupV3noauth v3 LROwner
snmp-server view view_name 1.3 included
snmp-server community public RW
snmp-server group groupv2c v2c read view_name
snmp-server group groupV3auth v3 auth read view_name
snmp-server group groupV3priv v3 priv read view_name
snmp-server group groupV3noauth v3 noauth read view_name
!
This example shows how to verify the configuration SNMP trap notification recipients host, the recipients of
SNMP trap notifications. The output displays the following information:
• IP address of the configured notification host
• UDP port where SNMP notification messages are sent
• Type of trap configured
• Security level of the configured user
• Security model configured
config
show snmp host
Notification host: 10.50.32.170 udp-port: 2345 type: trap
user: userV3auth security model: v3 auth
Notification host: 10.50.32.170 udp-port: 2345 type: trap
user: userV3noauth security model: v3 noauth
Notification host: 10.50.32.170 udp-port: 2345 type: trap
user: userV3priv security model: v3 priv
Notification host: 10.50.32.170 udp-port: 2345 type: trap
user: userv2c security model: v2c
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
250 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
Configuring Trap Notifications: ExampleSetting an IP Precedence Value for SNMP Traffic: Example
The following example shows how to set the SNMP IP Precedence value to 7:
configure
snmp-server ipv4 precedence 7
exit
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: y
Setting an IP DSCP Value for SNMP Traffic: Example
The following example shows how to set the IP DSCP value of SNMP traffic to 45:
configure
snmp-server ipv4 dscp 45
exit
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: y
Additional References
The following sections provide references related to Implementing SNMP on Cisco IOS XR software.
Related Documents
Related Topic Document Title
SNMP Server Commands on the Cisco ASR 9000
Series Router module of Cisco ASR 9000 Series
Aggregation Services Router System Management
Command Reference
Cisco IOS XR SNMP commands
Cisco ASR 9000 Series Aggregation Services Router
Commands Master List
Cisco IOS XR commands
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Getting started with Cisco IOS XR software
Configuring AAA Services on the Cisco ASR 9000
Series Router module of Cisco ASR 9000 Series
Aggregation Services Router System Security
Configuration Guide
Information about user groups and task IDs
Cisco ASR 9000 Series Aggregation Services Router
Modular Quality of Service Configuration Guide
Cisco IOS XR Quality of Service
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 251
Implementing SNMP on the Cisco ASR 9000 Series Router
Setting an IP Precedence Value for SNMP Traffic: ExampleStandards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the
Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
RFCs
RFCs Title
An Architecture for Describing Simple Network
Management Protocol (SNMP) Management
Frameworks
RFC 3411
Message Processing and Dispatching for the Simple
Network Management Protocol (SNMP)
RFC 3412
Simple Network Management Protocol (SNMP)
Applications
RFC 3413
User-based Security Model (USM) for version 3 of
the Simple Network Management Protocol (SNMPv3)
RFC 3414
View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP)
RFC 3415
Version 2 of the Protocol Operations for the Simple
Network Management Protocol (SNMP)
RFC 3416
Transport Mappings for the Simple Network
Management Protocol (SNMP)
RFC 3417
Management Information Base (MIB) for the Simple
Network Management Protocol (SNMP)
RFC 3418
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
252 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
Additional ReferencesTechnical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 253
Implementing SNMP on the Cisco ASR 9000 Series Router
Additional References Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
254 OL-26081-03
Implementing SNMP on the Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 14
Configuring Periodic MIB Data Collection and
Transfer on the Cisco ASR 9000 Series Router
This document describes how to periodically transfer selected MIB data from your router to a specified
Network Management System (NMS). The periodic MIB data collection and transfer feature is also known
as bulk statistics.
Table 33: Feature History for Periodic MIB Data Collection and Transfer
Release Modification
The periodic MIB data collection and transfer feature wasintroduced and supported
the IF-MIB only.
Release 4.2.0
Release 4.2.1 Additional MIBs were supported.
This module contains the following topics:
• Prerequisites for Periodic MIB Data Collection and Transfer, page 255
• Information About Periodic MIB Data Collection and Transfer, page 256
• How to Configure Periodic MIB Data Collection and Transfer, page 257
• Periodic MIB Data Collection and Transfer: Example, page 265
Prerequisites for Periodic MIB Data Collection and Transfer
To use periodic MIB data collection and transfer, you should be familiar with the Simple Network Management
Protocol (SNMP) model of management information. You should also know what MIB information you want
to monitor on your network devices, and the OIDs or object names for the MIB objects to be monitored.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 255Information About Periodic MIB Data Collection and Transfer
SNMP Objects and Instances
A type (or class) of SNMP management information is called an object. A specific instance from a type of
management information is called an object instance (or SNMP variable). To configure a bulk statistics
collection, you must specify the object types to be monitored using a bulk statistics object list and the specific
instances of those objects to be collected using a bulk statistics schema.
MIBs, MIB tables, MIB objects, and object indices can all be specified using a series of numbers called an
object identifier (OID). OIDs are used in configuring a bulk statistics collection in both the bulk statistics
object lists (for general objects) and in the bulk statistics schemas (for specific object instances).
Bulk Statistics Object Lists
To group the MIB objects to be polled, you need to create one or more object lists. A bulk statistics object
list is a user-specified set of MIB objects that share the same MIB index. Object lists are identified using a
name that you specify. Named bulk statistics object lists allow the same configuration to be reused in different
bulk statistics schemas.
All the objects in an object list must share the same MIB index. However, the objects do not need to be in the
same MIB and do not need to belong to the same MIB table. For example, it is possible to group ifInOctets
and a CISCO-IF-EXTENSION-MIB object in the same schema, because the containing tablesfor both objects
are indexed by the ifIndex.
Bulk Statistics Schemas
Data selection for the Periodic MIB Data Collection and Transfer Mechanism requires the definition of a
schema with the following information:
• Name of an object list.
• Instance (specific instance or series of instances defined using a wild card) that needs to be retrieved for
objects in the specified object list.
• How often the specified instances need to be sampled (polling interval). The default polling interval is
5 minutes.
A bulk statistics schema is also identified using a name that you specify. This name is used when configuring
the transfer options.
Bulk Statistics Transfer Options
After configuring the data to be collected, a single virtual file (VFile or bulk statistics file) with all collected
data is created. This file can be transferred to a network management station using FTP or TFTP. You can
specify how often this file should be transferred. The default transfer interval is once every 30 minutes. You
can also configure a secondary destination for the file to be used if, for whatever reason, the file cannot be
transferred to the primary network management station.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
256 OL-26081-03
Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router
Information About Periodic MIB Data Collection and TransferThe value of the transfer interval is also the collection period (collection interval) for the local bulk statistics
file. After the collection period ends, the bulk statistics file is frozen, and a new local bulk statistics file is
created for storing data. The frozen bulk statistics file is then transferred to the specified destination.
By default, the local bulk statistics file is deleted after successful transfer to an network management station.
Benefits of Periodic MIB Data Collection and Transfer
Periodic MIB data collection and transfer (bulk statistics feature) allows many of the same functions as the
bulk file MIB (CISCO-BULK-FILE-MIB.my), but offers some key advantages. The main advantage is that
this feature can be configured through the CLI and does not require an external monitoring application.
Periodic MIB data collection and transfer is mainly targeted for medium to high-end platforms that have
sufficient local storage (volatile or permanent) to store bulk statistics files. Locally storing bulk statistics files
helps minimize loss of data during temporary network outages.
This feature also has more powerful data selection features than the bulk file MIB; it allows grouping of MIB
objectsfrom different tablesinto data groups(object lists). It also incorporates a more flexible instance selection
mechanism, where the application is not restricted to fetching an entire MIB table.
How to Configure Periodic MIB Data Collection and Transfer
Configuring a Bulk Statistics Object List
The first step in configuring the Periodic MIB Data Collection and Transfer Mechanism is to configure one
or more object lists.
SUMMARY STEPS
1. configure
2. snmp-server mib bulkstat object-list list-name
3. add {oid | object-name}
4. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 257
Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router
Benefits of Periodic MIB Data Collection and TransferCommand or Action Purpose
Defines an SNMP bulk statistics object list and enters bulk statistics
object list configuration mode.
snmp-server mib bulkstat object-list list-name
Example:
snmp-server mib bulkstat object-list ifMib
Step 2
Adds a MIB object to the bulk statistics object list. Repeat as desired
until all objects to be monitored in this list are added.
add {oid | object-name}
Example:
RP/0/RSP0/CPU0:router(config-bulk-objects)#
Step 3
All the objectsin a bulk statistics object list have to be indexed
by the same MIB index. However, the objects in the object
list do not need to belong to the same MIB or MIB table.
When specifying an object name instead of an OID (using the
add command), only object names with mappings shown in
the show snmp mib object command output can be used.
Note
add 1.3.6.1.2.1.2.2.1.11
RP/0/RSP0/CPU0:router(config-bulk-objects)#
add ifAdminStatus
RP/0/RSP0/CPU0:router(config-bulk-objects)#
add ifDescr
Step 4 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
What to Do Next
Configure a bulk statistics schema.
Configuring a Bulk Statistics Schema
The second step in configuring periodic MIB data collection and transfer is to configure one or more schemas.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
258 OL-26081-03
Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router
Configuring a Bulk Statistics SchemaBefore You Begin
The bulk statistics object list to be used in the schema must be defined.
SUMMARY STEPS
1. configure
2. snmp-server mib bulkstat schema schema-name
3. object-list list-name
4. Do one of the following:
• instance exact {interface interface-id [sub-if] | oid oid}
• instance wild {interface interface-id [sub-if] | oid oid}
• instance range start oid end oid
• instance repetition oid max repeat-number
5. poll-interval minutes
6. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
snmp-server mib bulkstatschema schema-name Namesthe bulk statisticsschema and enters bulk statisticsschema mode.
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
Step 2
mib bulkstat schema intE0
RP/0/RSP0/CPU0:router(config-bulk-sc)#
Specifies the bulk statistics object list to be included in this schema.
Specify only one object list perschema. If multiple object-list commands
are executed, the earlier ones are overwritten by newer commands.
object-list list-name
Example:
RP/0/RSP0/CPU0:router(config-bulk-sc)#
object-list ifMib
Step 3
Step 4 Do one of the following: Specifies the instance information for objects in this schema:
• instance exact {interface interface-id
[sub-if] | oid oid}
• The instance exact command indicatesthat the specified instance,
when appended to the object list, represents the complete OID.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 259
Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router
Configuring a Bulk Statistics SchemaCommand or Action Purpose
• The instance wild command indicates that all subindices of the
specified OID belong to this schema. The wild keyword allows
you to specify a partial, “wild carded” instance.
• instance wild {interface interface-id
[sub-if] | oid oid}
• instance range start oid end oid
• The instance range command indicates a range of instances on
which to collect data.
• instance repetition oid max repeat-number
• The instance repetition command indicates data collection to
repeat for a certain number of instances of a MIB object.
Example:
RP/0/RSP0/CPU0:router(config-bulk-sc)#
instance wild oid 1 Only one instance command can be configured per schema.
If multiple instance commands are executed, the earlier ones
are overwritten by new commands.
Note
or
RP/0/RSP0/CPU0:router(config-bulk-sc)#
instance exact interface FastEthernet
0/1.25
or
RP/0/RSP0/CPU0:router(config-bulk-sc)#
instance range start 1 end 2
or
RP/0/RSP0/CPU0:router(config-bulk-sc)#
instance repetition 1 max 4
Sets how often data should be collected from the object instances
specified in thisschema, in minutes. The default is once every 5 minutes.
The valid range is from 1 to 20000.
poll-interval minutes
Example:
RP/0/RSP0/CPU0:router(config-bulk-sc)#
poll-interval 10
Step 5
Step 6 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
260 OL-26081-03
Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router
Configuring a Bulk Statistics SchemaWhat to Do Next
Configure the bulk statistics transfer options.
Configuring Bulk Statistics Transfer Options
The final step in configuring periodic MIB data collection and transfer is to configure the transfer options.
The collected MIB data are kept in a local file-like entity called a VFile (virtual file, referred to as a bulk
statisticsfile in this document). Thisfile can be transferred to a remote network managementstation at intervals
you specify.
Before You Begin
The bulk statistics object lists and bulk statistics schemas must be defined before configuring the bulk statistics
transfer options.
SUMMARY STEPS
1. configure
2. snmp-server mib bulkstat transfer-id transfer-id
3. buffer-size bytes
4. format {bulkBinary | bulkASCII | schemaASCII}
5. schema schema-name
6. transfer-interval minutes
7. url primary url
8. url secondary url
9. retry number
10. retain minutes
11. enable
12. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 261
Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router
Configuring Bulk Statistics Transfer OptionsCommand or Action Purpose
Identifies the transfer configuration with a name (transfer-id argument)
and enters bulk statistics transfer configuration mode.
snmp-server mib bulkstat transfer-id
transfer-id
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
mib bulkstat transfer bulkstat1
Step 2
(Optional) Specifies the maximum size for the bulk statistics data file,
in bytes. The valid range is from 1024 to 2147483647 bytes. The default
buffer size is 2048 bytes.
buffer-size bytes
Example:
RP/0/RSP0/CPU0:router(config-bulk-tr)#
buffersize 3072
Step 3
If the maximum buffer size for a bulk statistics file is reached
before the transfer interval time expires, all additional data
received is deleted. To correct this behavior, you can decrease
the polling frequency, or increase the size of the bulk statistics
buffer.
Note
(Optional) Specifies the format of the bulk statistics data file (VFile).
The default is schemaASCII.
format {bulkBinary | bulkASCII |
schemaASCII}
Step 4
Example:
RP/0/RSP0/CPU0:router(config-bulk-tr)#
format schemaASCII
Transfers can only be performed using schemaASCII
(cdcSchemaASCII) format. SchemaASCII is a human-readable
format that contains parser-friendly hintsfor parsing data values.
Note
Specifies the bulk statistics schema to be transferred. Repeat this
command as desired. Multiple schemas can be associated with a single
schema schema-name
Example:
RP/0/RSP0/CPU0:router(config-bulk-tr)#
Step 5
transfer configuration; all collected data are placed in a single bulk data
file (VFile).
schema ATM2/0-IFMIB
RP/0/RSP0/CPU0:router(config-bulk-tr)#
schema ATM2/0-CAR
RP/0/RSP0/CPU0:router(config-bulk-tr)#
schema Ethernet2/1-IFMIB
(Optional) Specifies how often the bulk statistics file are transferred, in
minutes. The default value is once every 30 minutes. The transfer interval
is the same as the collection interval.
transfer-interval minutes
Example:
RP/0/RSP0/CPU0:router
RP/0/RSP0/CPU0:router(config-bulk-tr)#
transfer-interval 20
Step 6
Specifies the network management system (host) that the bulk statistics
data file is transferred to, and the protocol to use for transfer. The
url primary url
Example:
RP/0/RSP0/CPU0:router(config-bulk-tr)#
url primary
ftp://user:password@host/folder/bulkstat1
Step 7
destination is specified as a Uniform Resource Locator (URL). FTP or
TFTP can be used for the bulk statistics file transfer.
(Optional) Specifies a backup transfer destination and protocol for use
in the event that transfer to the primary location fails. FTP or TFTP can
be used for the bulk statistics file transfer.
url secondary url
Example:
RP/0/RSP0/CPU0:router(config-bulk-tr)#
url secondary
tftp://10.1.0.1/tftpboot/user/bulkstat1
Step 8
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
262 OL-26081-03
Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router
Configuring Bulk Statistics Transfer OptionsCommand or Action Purpose
(Optional) Specifiesthe number of transmission retries. The default value
is 0 (in other words, no retries). If an attempt to send the bulk statistics
retry number
Example:
RP/0/RSP0/CPU0:router(config-bulk-tr)#
retry 1
Step 9
file fails, the system can be configured to attempt to send the file again
using this command.
One retry includes an attempt first to the primary destination then, if the
transmission fails, to the secondary location. For example, if the retry
value is 1, an attempt is made first to the primary URL, then to the
secondary URL, then to the primary URL again, then to the secondary
URL again. The valid range is from 0 to 100.
If all retries fail, the next normal transfer occurs after the configured
transfer-interval time.
(Optional) Specifies how long the bulk statistics file should be kept in
system memory, in minutes, after the completion of the collection interval
retain minutes
Example:
RP/0/RSP0/CPU0:router(config-bulk-tr)#
retain 60
Step 10
and a transmission attempt is made. The default value is 0. Zero (0)
indicatesthat the file is deleted immediately after the transfer is attempted.
The valid range is from 0 to 20000.
If the retry command is used, you should configure a retain
interval larger than 0. The interval between retries is the retain
interval divided by the retry number. For example, if retain 10
and retry 2 are configured, two retries are attempted once every
5 minutes. Therefore, if retain 0 is configured, no retries are
attempted.
Note
Begins the bulk statistics data collection and transfer process for this
configuration.
enable
Example:
RP/0/RSP0/CPU0:router(config-bulk-tr)#
enable
Step 11
• For successful execution of this action, at least one schema with
non-zero number of objects must be configured.
• Periodic collection and file transfer begins only if this command is
configured. Conversely, the no enable command stopsthe collection
process. A subsequent enable starts the operations again.
• Each time the collection process is started using the enable
command, data is collected into a new bulk statistics file. When
the no enable command is used, the transfer process for any
collected data immediately begins(in other words, the existing bulk
statistics file is transferred to the specified management station).
Step 12 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 263
Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router
Configuring Bulk Statistics Transfer OptionsCommand or Action Purpose
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
What to Do Next
If the maximum buffer size for a bulk statistics file is reached before the transfer interval time expires,
the transfer operation isstill initiated, but any bulk statistics data received after the file wasfull, and before
it wastransferred, are deleted. To correct this behavior, you can decrease the polling frequency, or increase
the size of the bulk statistics buffer.
If retain 0 is configured, no retries are attempted. This is because the interval between retries is the retain
value divided by the retry value. For example, if retain 10 and retry 2 are configured, retries are attempted
once every 5 minutes. Therefore, if you configure the retry command, you should also configure an
appropriate value for the retain command.
Note
Monitoring Periodic MIB Data Collection and Transfer
SUMMARY STEPS
1. show snmp mib bulkstat transfer transfer-name
DETAILED STEPS
Command or Action Purpose
(Optional) The show command for this feature lists all bulk statistics virtual files (VFiles) on the
system that have finished collecting data. (Data files that are not complete are not displayed.)
show snmp mib
bulkstat transfer
transfer-name
Step 1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
264 OL-26081-03
Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router
Monitoring Periodic MIB Data Collection and TransferCommand or Action Purpose
The output lists all of the completed local bulk statistics files, the remaining time left before the bulk
statistics file is deleted (remaining retention period), and the state of the bulk statistics file.
The “STATE” of the bulk statistics file is one of the following:
• Queued--Indicates that the data collection for this bulk statistics file is completed (in other
words, the transfer interval has been met) and that the bulk statistics file is waiting for transfer
to the configured destination(s).
• Retry--Indicates that one or more transfer attempts have failed and that the file transfer will
be attempted again. The number of retry attempts remaining are displayed in parenthesis.
• Retained--Indicates that the bulk statistics file has either been successfully transmitted or that
the configured number of retries have been completed.
To display only the status of a named transfer (as opposed to all configured transfers), specify the
name of the transfer in the transfer-name argument.
show snmp mib bulkstat transfer Sample Output
RP/0/RSP0/CPU0:router# show snmp mib bulkstat transfer
Transfer Name : ifmib
Retained files
File Name : Time Left (in seconds) :STATE
---------------------------------------------------------------------
ifmib_Router_020421_100554683 : 173 : Retry (2 Retry attempt(s) Left)
Periodic MIB Data Collection and Transfer: Example
This example shows how to configure periodic MIB data collection and transfer:
snmp-server mib bulkstat object-list cempo
add cempMemPoolName
add cempMemPoolType
!
snmp-server mib bulkstat schema cempWild
object-list cempo
instance wild oid 8695772
poll-interval 1
!
snmp-server mib bulkstat schema cempRepeat
object-list cempo
instance repetition 8695772.1 max 4294967295
poll-interval 1
!
snmp-server mib bulkstat transfer-id cempt1
enable
url primary tftp://223.255.254.254/auto/tftp-sjc-users3/dseeniva/dumpdcm
schema cempWild
schema cempRepeat
transfer-interval 2
!
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 265
Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router
Periodic MIB Data Collection and Transfer: ExampleThis example shows sample bulk statistics file content:
Schema-def cempt1.cempWild "%u, %s, %s, %d" Epochtime instanceoid
1.3.6.1.4.1.9.9.221.1.1.1.1.3 1.3.6.1.4.1.9.9.221.1.1.1.1.2
cempt1.cempWild: 1339491515, 8695772.1, processor, 2
cempt1.cempWild: 1339491515, 8695772.2, reserved, 11
cempt1.cempWild: 1339491515, 8695772.3, image, 12
cempt1.cempWild: 1339491575, 8695772.1, processor, 2
cempt1.cempWild: 1339491575, 8695772.2, reserved, 11
cempt1.cempWild: 1339491575, 8695772.3, image, 12
Schema-def cempt1.cempRepeat "%u, %s, %s, %d" Epochtime instanceoid
1.3.6.1.4.1.9.9.221.1.1.1.1.3 1.3.6.1.4.1.9.9.221.1.1.1.1.2
cempt1.cempRepeat: 1339491515, 8695772.1, processor, 2
cempt1.cempRepeat: 1339491515, 8695772.2, reserved, 11
cempt1.cempRepeat: 1339491515, 8695772.3, image, 12
cempt1.cempRepeat: 1339491515, 26932192.1, processor, 2
cempt1.cempRepeat: 1339491515, 26932192.2, reserved, 11
cempt1.cempRepeat: 1339491515, 26932192.3, image, 12
cempt1.cempRepeat: 1339491515, 35271015.1, processor, 2
cempt1.cempRepeat: 1339491515, 35271015.2, reserved, 11
cempt1.cempRepeat: 1339491515, 35271015.3, image, 12
cempt1.cempRepeat: 1339491515, 36631989.1, processor, 2
cempt1.cempRepeat: 1339491515, 36631989.2, reserved, 11
cempt1.cempRepeat: 1339491515, 36631989.3, image, 12
cempt1.cempRepeat: 1339491515, 52690955.1, processor, 2
cempt1.cempRepeat: 1339491515, 52690955.2, reserved, 11
cempt1.cempRepeat: 1339491515, 52690955.3, image, 12
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
266 OL-26081-03
Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router
Periodic MIB Data Collection and Transfer: ExampleC H A P T E R 15
Implementing CDP on the Cisco ASR 9000 Series
Router
Cisco Discovery Protocol (CDP) is a media- and protocol-independent protocol that runs on all
Cisco-manufactured equipment including routers, bridges, access and communication servers, and switches.
Using CDP, you can view information about all the Cisco devices that are directly attached to the device.
This module describesthe new and revised tasks you need to implement CDP on your Cisco IOS XR network.
For more information about CDP on the Cisco IOS XR software and complete descriptions of the CDP
commandslisted in this module, refer to Related Documents, on page 276. To locate documentation for other
commands that might appear in the course of running a configuration task, search online in Cisco ASR 9000
Series Aggregation Services Router Commands Master List.
Table 34: Feature History for Implementing CDP on Cisco IOS XR Software
Release Modification
Release 3.7.2 This feature was introduced.
This module contains the following topics:
• Prerequisites for Implementing CDP, page 267
• Information About Implementing CDP, page 268
• How to Implement CDP on Cisco IOS XR Software, page 269
• Configuration Examples for Implementing CDP, page 275
• Additional References, page 275
Prerequisites for Implementing CDP
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 267Information About Implementing CDP
CDP is primarily used to obtain protocol addresses of neighboring devices and discover the platform of those
devices. CDP can also be used to display information about the interfaces your router uses. CDP is mediaand protocol-independent, and runs on all equipment manufactured by Cisco, including routers, bridges, access
servers, and switches.
Use of SNMP with the CDP MIB allows network management applications to learn the device type and the
SNMP agent address of neighboring devices and to send SNMP queries to those devices. CDP uses the
CISCO-CDP-MIB.
CDP runs on all media that support Subnetwork Access Protocol (SNAP), including LAN, Frame Relay, and
ATM physical media. CDP runs over the data link layer only. Therefore, two systems that support different
network-layer protocols can learn about each other.
Each device configured for CDP sends periodic messages, known as advertisements, to a multicast address.
Each device advertises at least one address at which it can receive SNMP messages. The advertisements also
contain time-to-live, or hold-time, information, which indicates the length of time a receiving device holds
CDP information before discarding it. Each device also listens to the periodic CDP messages sent by others
to learn about neighboring devices and determine when their interfaces to the media go up or down.
CDP Version-2 (CDPv2) is the most recent release of the protocol and provides more intelligent device
tracking features. These features include a reporting mechanism that allows for more rapid error tracking,
thereby reducing costly downtime. Reported error messages can be sent to the console or to a logging server,
and can cover instances of unmatching native VLAN IDs(IEEE 802.1Q) on connecting ports, and unmatching
port duplex states between connecting devices.
CDPv2 show commands can provide detailed output on VLAN Trunking Protocol (VTP) management
domain and duplex modes of neighbor devices, CDP-related counters, and VLAN IDs of connecting ports.
Type-length-value fields (TLVs) are blocks of information embedded in CDP advertisements. Table 35:
Type-Length-Value Definitions for CDPv2, on page 268 summarizes the TLV definitions for CDP
advertisements.
Table 35: Type-Length-Value Definitions for CDPv2
TLV Definition
Device-ID TLV Identifies the device name in the form of a character string.
Contains a list of network addresses of both receiving and sending
devices.
Address TLV
Port-ID TLV Identifies the port on which the CDP packet is sent.
Describes the functional capability for the device in the form of a
device type; for example, a switch.
Capabilities TLV
Contains information about the software release version on which the
device is running.
Version TLV
Describes the hardware platform name of the device, for example,
Cisco 4500.
Platform TLV
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
268 OL-26081-03
Implementing CDP on the Cisco ASR 9000 Series Router
Information About Implementing CDPTLV Definition
Advertises the system’s configured VTP management domain
name-string. Used by network operators to verify VTP domain
configuration in adjacent network nodes.
VTP Management Domain TLV
Indicates, per interface, the assumed VLAN for untagged packets on
the interface. CDP learns the native VLAN for an interface. This
feature is implemented only for interfaces that support the
IEEE 802.1Q protocol.
Native VLAN TLV
Indicates status (duplex configuration) of CDP broadcast interface.
Used by network operatorsto diagnose connectivity problems between
adjacent network elements.
Full/Half Duplex TLV
How to Implement CDP on Cisco IOS XR Software
Enabling CDP
To enable CDP, you must first enable CDP globally on the router and then enable CDP on a per-interface
basis. This task explains how to enable CDP globally on the router and then enable CDP on an interface.
SUMMARY STEPS
1. configure
2. cdp
3. interface type interface-path-id
4. cdp
5. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 269
Implementing CDP on the Cisco ASR 9000 Series Router
How to Implement CDP on Cisco IOS XR SoftwareCommand or Action Purpose
cdp Enables CDP globally.
Example:
RP/0/RSP0/CPU0:router(config)# cdp
Step 2
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)#
interface pos 0/0/0/1
Step 3
cdp Enables CDP on an interface.
Example:
RP/0/RSP0/CPU0:router(config-if)# cdp
Step 4
Step 5 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Modifying CDP Default Settings
This task explains how to modify the default version, hold-time setting, and timer settings.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
270 OL-26081-03
Implementing CDP on the Cisco ASR 9000 Series Router
Modifying CDP Default SettingsNote The commands can be entered in any order.
SUMMARY STEPS
1. configure
2. cdp advertise v1
3. cdp holdtime seconds
4. cdp timer seconds
5. Use one of these commands:
• end
• commit
6. (Optional) show cdp
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Configures CDP to use only version 1 (CDPv1) in communicating with neighboring
devices.
cdp advertise v1
Example:
RP/0/RSP0/CPU0:router(config)#
cdp advertise v1
Step 2
• By default, when CDP is enabled, the router sends CDPv2 packets. CDP also
sends and receives CDPv1 packetsif the device with which CDP isinteracting
does not process CDPv2 packets.
• In this example, the router is configured to send and receive only CDPv1
packets.
Specifies the amount of time that the receiving networking device will hold a CDP
packet sent from the router before discarding it.
cdp holdtime seconds
Example:
RP/0/RSP0/CPU0:router(config)#
cdp holdtime 30
Step 3
• By default, when CDP is enabled, the receiving networking device holds a
CDP packet for 180 seconds before discarding it.
The CDP hold time must be set to a higher number of seconds than
the time between CDP transmissions, which is set with the cdp
timer command.
Note
• In this example, the value of hold-time for the seconds argument is set to
30.
Step 4 cdp timer seconds Specifies the frequency at which CDP update packets are sent.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 271
Implementing CDP on the Cisco ASR 9000 Series Router
Modifying CDP Default SettingsCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config)#
cdp timer 20
• By default, when CDP is enabled, CDP update packets are sent at a frequency
of once every 60 seconds.
Note A lower timersetting causes CDP updatesto be sent more frequently.
• In this example, CDP update packets are configured to be sent at a frequency
of once every 20 seconds.
Step 5 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)#
end
? Entering yes saves configuration changes to the running configuration
file, exits the configuration session, and returns the router to EXEC
or mode.
RP/0/RSP0/CPU0:router(config)#
commit
? Entering no exits the configuration session and returns the router to
EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration session
without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the running
configuration file and remain within the configuration session.
(Optional)
Displays global CDP information.
show cdp
Example:
RP/0/RSP0/CPU0:router# show cdp
Step 6
The output displays the CDP version running on the router, the hold time setting,
and the timer setting.
Monitoring CDP
This task shows how to monitor CDP.
Note The commands can be entered in any order.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
272 OL-26081-03
Implementing CDP on the Cisco ASR 9000 Series Router
Monitoring CDPSUMMARY STEPS
1. show cdp entry {* | entry-name} [protocol | version]
2. show cdp interface [type interface-path-id | location node-id]
3. show cdp neighbors [type interface-path-id | location node-id] [detail]
4. show cdp traffic [location node-id]
DETAILED STEPS
Command or Action Purpose
Displays information about a specific neighboring
device or all neighboring devices discovered using
CDP.
show cdp entry {* | entry-name} [protocol | version]
Example:
RP/0/RSP0/CPU0:router# show cdp entry *
Step 1
Displays information about the interfaces on which
CDP is enabled.
show cdp interface [type interface-path-id | location node-id]
Example:
RP/0/RSP0/CPU0:router# show cdp interface pos
0/0/0/1
Step 2
Displays detailed information about neighboring
devices discovered using CDP.
show cdp neighbors [type interface-path-id | location
node-id] [detail]
Example:
RP/0/RSP0/CPU0:router# show cdp neighbors
Step 3
Displaysinformation about the traffic gathered between
devices using CDP.
show cdp traffic [location node-id]
Example:
RP/0/RSP0/CPU0:router# show cdp traffic
Step 4
Examples
The following is sample output for the show cdp neighbors command:
RP/0/RSP0/CPU0:router# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
router1 Mg0/0/CPU0/0 177 T S WS-C2924M Fa0/12
router2 PO0/4/0/0 157 R 12008/GRP PO0/4/0/1
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 273
Implementing CDP on the Cisco ASR 9000 Series Router
Monitoring CDPThe following is sample output for the show cdp neighbors command. In this example, the optional type
instance arguments are used in conjunction with the detail optional keyword to display detailed information
about a CDP neighbor. The output includes information on both IPv4 and IPv6 addresses.
RP/0/RSP0/CPU0:router# show cdp neighbors POS 0/4/0/0 detail
-------------------------
Device ID: uut-user
SysName : uut-user
Entry address(es):
IPv4 address: 1.1.1.1
IPv6 address: 1::1
IPv6 address: 2::2
Platform: cisco 12008/GRP, Capabilities: Router
Interface: POS0/4/0/3
Port ID (outgoing port): POS0/2/0/3
Holdtime : 177 sec
Version :
Cisco IOS XR Software, Version 0.0.0[Default]
Copyright (c) 2005 by cisco Systems, Inc.
advertisement version: 2
The following is sample output for the show cdp entry command. In this example, the optional entry
argument is used to display entry information related to a specific CDP neighbor.
RP/0/RSP0/CPU0:router# show cdp entry router2
advertisement version: 2
-------------------------
Device ID: router2
SysName : router2
Entry address(es):
Platform: cisco 12008/GRP, Capabilities: Router
Interface: POS0/4/0/0
Port ID (outgoing port): POS0/4/0/1
Holdtime : 145 sec
Version :
Cisco IOS XR Software, Version 0.48.0[Default]
Copyright (c) 2004 by cisco Systems, Inc.
advertisement version: 2
The following is sample output for the show cdp interface command. In this example, CDP information
related to Packet over SONET/SDH (POS) interface 0/4/0/0 is displayed.
RP/0/RSP0/CPU0:router# show cdp interface pos 0/4/0/0
POS0/4/0/0 is Up
Encapsulation HDLC
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
The following is sample output for the show cdp traffic command:
RP/0/RSP0/CPU0:router# show cdp traffic
CDP counters :
Packets output: 194, Input: 99
Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
No memory: 0, Invalid packet: 0, Truncated: 0
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 194, Input: 99
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
274 OL-26081-03
Implementing CDP on the Cisco ASR 9000 Series Router
Monitoring CDPUnrecognize Hdr version: 0, File open failed: 0
The following is sample output for the show cdp traffic command. In this example, the optional location
keyword and node-id argument are used to display information about the traffic gathered between devices
using CDP from the specified node.
RP/0/RSP0/CPU0:router# show cdp traffic location 0/4/cpu0
CDP counters :
Packets output: 16, Input: 13
Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
No memory: 0, Invalid packet: 0, Truncated: 0
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 16, Input: 13
Unrecognize Hdr version: 0, File open failed: 0
Configuration Examples for Implementing CDP
Enabling CDP: Example
The following example shows how to configure CDP globally and then enable CDP on Packet over
SONET/SDH (POS) interface 0/3/0/0:
cdp
interface POS0/3/0/0
cdp
Modifying Global CDP Settings: Example
The following example shows how to modify global CDP settings. In this example, the timer setting is set to
20 seconds, the hold-time setting is set to 30 seconds, and the version of CDP used to communicate with
neighboring devices is set to CDPv1:
cdp timer 20
cdp holdtime 30
cdp advertise v1
The following example shows how to use the show cdp command to verify the CDP global settings:
RP/0/RSP0/CPU0:router# show cdp
Global CDP information:
Sending CDP packets every 20 seconds
Sending a holdtime value of 30 seconds
Sending CDPv2 advertisements is not enabled
Additional References
The following sections provide references related to implementing CDP on Cisco IOS XR software.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 275
Implementing CDP on the Cisco ASR 9000 Series Router
Configuration Examples for Implementing CDPRelated Documents
Related Topic Document Title
CDP Commands on Cisco IOS XR Software module
of Cisco ASR 9000 Series Aggregation Services
Router System Management Command Reference
Cisco IOS XR CDP commands
Cisco ASR 9000 Series Aggregation Services Router
Commands Master List
Cisco IOS XR commands
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Getting started with Cisco IOS XR Software
Configuring AAA Services on Cisco IOS XR Software
module of Cisco ASR 9000 Series Aggregation
Services Router System Security Configuration Guide
Information about user groups and task IDs
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the
Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
RFCs
RFCs Title
No new or modified RFCs are supported by this —
feature, and support for existing RFCs has not been
modified by this feature.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
276 OL-26081-03
Implementing CDP on the Cisco ASR 9000 Series Router
Additional ReferencesTechnical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 277
Implementing CDP on the Cisco ASR 9000 Series Router
Additional References Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
278 OL-26081-03
Implementing CDP on the Cisco ASR 9000 Series Router
Additional ReferencesI N D E X
A
access-group command 176, 177
admin configure command 3, 5, 32, 46, 49, 60, 84, 86, 87, 114, 119, 126
admin-config submode, See admin configure command
alert group 152, 160
asdf 5
associating an alert group with 160
authenticate command 178
authentication-key command 178
B
broadcast client command 174, 175
broadcast command 174, 175
broadcastdelay command 174
bulk statistics 255, 256, 258
object lists 256
prerequisites 255
schema 256, 258
transfer options 256
C
call home 154
smart call home feature 154
Call Home 151, 152, 155, 158, 160, 163, 165
alert group 152
contact information 155
configure 155
destination profile 158, 160
associating an alert group with 160
configure and activate 158
email 163
configure 163
enable 165
introduction 151
Call Home messages 153
configuring levels 153
CDP 268, 269, 270, 272
enabling 269
functional overview 268
modifying default settings 270
monitoring 272
cdp (global) command 269, 270
cdp (interface) command 269, 270
cdp advertise v1 command 271
cdp holdtime command 271
cdp timer command 271
Cisco IOS XR Software Selector tool 28
committing packages 49
config-register command 113, 114
controllers command 115
copy ftp command 30
copy rcp command 30
copy tftp command 30
CPU controller bits 119
D
Designated Shelf Controller, See DSC
destination profile for Call Home 158
configure and activate 158
drives, formatting 115
DSC 12
definition 12
F
field programmable device (FPD) images 42, 46
field programmable devices 123
See FPD images 123
File Transfer Protocol (FTP) 29
format command 115
formatting drives 115
FPD images 42, 46, 123, 124, 126, 127, 128, 140, 141
troubleshooting 140, 141
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 IN-1FPD images (continued)
upgrade 127, 128
verifying 128
description 123
displaying 126, 127
default information 127
minimum and current versions 126
overview for SPAs 124
upgrade 127, 128
FPGA 124
devices, methods of upgrading 124
FTP 29
H
hardware 92
displaying status 92
hw-module reload command 126, 128
I
install activate command 42, 44, 51, 52
install rollback to committed command 62, 64
install verify packages command 32, 33
interface preconfigure command 117, 118
L
line card 117, 118
removal 117
replacement 118
line command 210
line console command 210, 213
line default command 210
line template command 210, 214, 215
line template configuration submode 210
See also line command
description 210
See also line command
M
master command 183
MIB data collection 255
prerequisites 255
MIB object 256
MIB, description 225
N
node 111
power cycle 111
reload 111
shutdown 111
NTP 171, 173, 176, 177, 179, 181, 182, 184
configuring an authoritative NTP server 182
configuring broadcast-based NTP associations 173
configuring NTP access groups 176
configuring NTP authentication 177
configuring poll-based associations 171
configuring the source IP address 181
disabling NTP services on an interface 179
updating the hardware clock 184
O
object identifier 256
object instance 256
object lists 256
bulk statistics 256
OID 256
online insertion and removal, See OIR
P
package 21, 22, 49, 57
addition, introduction 21
deactivation 57
rollback 22
set 49
committing 49
periodic mib data collection and transfer 255
physical terminals 210, 211, 212
aux line template 212
modifying 212
console line template 210, 212
description 210
modifying 212
default line template 210, 212
description 210
modifying 212
line template configuration submode, description 210
line template guidelines 211
PIE files 19
names 19
version numbers 19
PLIM 118
replacement 118
different media type 118
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
IN-2 OL-26081-03
IndexPLIM (continued)
replacement (continued)
same media type and port count 118
same media type, different port count 118
power cycle 111
R
rcp 29
redundancy 108, 109, 110
commands 109
manual switchover 110
primary RP 108
standby RP 109
redundancy switchover command 110
reload command 110, 113
reloading software 111
Remote Copy Protocol (rcp) 29
RFC 3411, An Architecture for Describing Simple Network
Management Protocol (SNMP) Management Frameworks 252
RFC 3412, Message Processing and Dispatching for the Simple
Network Management Protocol (SNMP) 252
RFC 3413, Simple Network Management Protocol (SNMP)
Applications 252
RFC 3414, User-based Security Model (USM) for version 3 of
the Simple Network Management Protocol (SNMPv3) 252
RFC 3415, View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP) 252
RFC 3416, Version 2 of the Protocol Operations for the Simple
Network Management Protocol (SNMP) 252
RFC 3417, Transport Mappings for the Simple Network
Management Protocol (SNMP) 252
RFC 3418, Management Information Base (MIB) for the Simple
Network Management Protocol (SNMP) 252
rollback 22, 62, 63, 64
packages 22, 62, 63, 64
displaying rollback points 62
introduction 22
last committed set 64
rolling back to points 63
ROM Monitor mode 16
RP reload 110
S
sample output 128, 130, 139, 140
schema 256
bulk statistics 256
server command 172
SFTP 29
show cdp command 271, 272
show cdp entry command 273
show cdp interface command 273
show cdp neighbors command 273
show cdp traffic command 273
show clock command 32, 34
show controllers command 115
show diag command 92, 95
show environment command 101
show fpd package command 126, 127, 130
show hw-module fpd command 126, 128
show hw-module subslot command 126, 128
show install active command 32
show install pie-info command 32, 33
show install rollback command 62, 63
show interfaces command 117
show line command 216, 217
show platform command 100, 140
administration EXEC mode 100
show redundancy command 104, 113, 114
show running-config command 117
show snmp command 232, 234
show snmp engineid command 232, 234
show snmp group command 232, 234
show snmp host command 235, 236
show snmp users command 232, 234
show snmp view command 232, 234
show system verify command 32, 33, 42, 46, 58, 59
show terminal command 216, 217
show users command 216, 217
show variables boot command 113, 114
show version command 98
shutting down a node 111
smart call home 154
description 154
registration requirements 154
Transport Gateway (TG) aggregation point 154
SMARTnet 154
smart call home registration 154
SMU 17
filenames 17
version numbers 17
SNMP (Simple Network Management Protocol) 224, 225, 226,
227, 228, 229, 230, 231, 234
manager, description 224
agent, description 224
MIB, description 225
trap notifications 234
configuring 234
versions 226, 227, 228, 229, 230, 231
security models and levels 228
SNMPv1,v2c, and v3 comparison 227
SNMPv3 benefits 229
SNMPv3 costs 230
SNMPv3, configuring 231
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
OL-26081-03 IN-3
Indexsnmp-server chassis-id command 237, 238
snmp-server contact command 237
snmp-server enable traps command 235, 236
snmp-server engineid local command 232, 235
snmp-server group command 232, 233, 235
snmp-server host command 235, 236
snmp-server ipv4 dscp command 242
snmp-server ipv4 precedence command 242
snmp-server location command 237
snmp-server packetsize command 239
snmp-server queue-length command 240
snmp-server trap source command 240
snmp-server trap-timeout command 240, 241
snmp-server user command 232, 233, 235
snmp-server view command 232
software packages 17, 19, 20, 23, 24, 27, 28, 49, 63, 64
activation 24, 27
impact on system 24
prerequisites 27
Cisco IOS XR Software Selector tool 28
committing 49
deactivation 24, 27
impact on system 24
prerequisites 27
downgrading 23
impact of version changes 24
management overview 20
rollback 63, 64
SMUs 17
upgrading 23
version numbers 19
source command 181, 182
SPA (shared port adapter) 124, 125
See also FPD images
See also FPD images 124
SPA (shared port adapter) (continued)
See also FPD images
SSH File Transfer Protocol 29
T
TFTP 29
trap notifications 225
Trivial File Transfer Protocol (TFTP) 29
trusted-key command 178, 179
U
update-calendar command 184, 185
upgrade cpuctrlbits command 119
upgrade hw-module fpd command 126, 127, 139
V
virtual terminals 210, 212, 214
default line template 210, 212
description 210
modifying 212
line template configuration submode 210
description 210
user-defined line templates 210
description 210
vty pools 212, 214
description 212
creating 214
modifying 214
vm files 16
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x
IN-4 OL-26081-03
Index
Cisco ASR 9000 Series Aggregation Services Router Routing
Configuration Guide, Release 4.2.x
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-26048-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown
for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S
P r e f a c e Preface xxi
Changes to This Document xxi
Obtaining Documentation and Submitting a Service Request xxi
C H A P T E R 1 Implementing BGP on Cisco ASR 9000 Series Router 1
Prerequisites for Implementing BGP 2
Information About Implementing BGP 3
BGP Functional Overview 3
BGP Router Identifier 3
BGP Default Limits 4
BGP Next Hop Tracking 4
Scoped IPv4/VPNv4 Table Walk 6
Reordered Address Family Processing 6
New Thread for Next-Hop Processing 6
show, clear, and debug Commands 6
Autonomous System Number Formats in BGP 7
2-byte Autonomous System Number Format 7
4-byte Autonomous System Number Format 7
as-format Command 7
BGP Configuration 7
Configuration Modes 7
Router Configuration Mode 8
Router Address Family Configuration Mode 8
Neighbor Configuration Mode 8
Neighbor Address Family Configuration Mode 8
VRF Configuration Mode 8
VRF Address Family Configuration Mode 8
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 iiiVRF Neighbor Configuration Mode 9
VRF Neighbor Address Family Configuration Mode 9
VPNv4 Address Family Configuration Mode 9
L2VPN Address Family Configuration Mode 9
Neighbor Submode 9
Configuration Templates 10
Template Inheritance Rules 12
Viewing Inherited Configurations 15
show bgp neighbors 15
show bgp af-group 16
show bgp session-group 18
show bgp neighbor-group 18
No Default Address Family 20
Routing Policy Enforcement 20
Table Policy 22
Update Groups 22
BGP Update Generation and Update Groups 23
BGP Update Group 23
BGP Cost Community 23
How BGP Cost Community Influences the Best Path Selection Process 23
Cost Community Support for Aggregate Routes and Multipaths 24
Influencing Route Preference in a Multiexit IGP Network 26
BGP Cost Community Support for EIGRP MPLS VPN PE-CE with Back-door
Links 26
Adding Routes to the Routing Information Base 27
BGP Best Path Algorithm 28
Comparing Pairs of Paths 28
Order of Comparisons 30
Best Path Change Suppression 31
Administrative Distance 31
Multiprotocol BGP 33
Route Dampening 35
Minimizing Flapping 36
BGP Routing Domain Confederation 36
BGP Route Reflectors 36
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
iv OL-26048-02
ContentsDefault Address Family for show Commands 40
Distributed BGP 40
MPLS VPN Carrier Supporting Carrier 41
BGP Keychains 42
BGP Nonstop Routing 42
BGP Prefix Independent Convergence Unipath Primary/Backup 43
BGP Local Label Retention 44
Command Line Interface (CLI) Consistency for BGP Commands 44
BGP Additional Paths 44
iBGP Multipath Load Sharing 45
Accumulated Interior Gateway Protocol Attribute 45
Per VRF and Per CE Label for IPv6 Provider Edge 46
IPv4 BGP-Policy Accounting on Cisco ASR 9000's A9K-SIP-700 46
IPv6 Unicast Routing on Cisco ASR 9000's A9K-SIP-700 46
IPv6 uRPF Support on Cisco ASR 9000's A9K-SIP-700 47
Remove and Replace Private AS Numbers from AS Path in BGP 47
Selective VRF Download 48
Line Card Roles and Filters 48
BGP DMZ Link Bandwidth for Unequal Cost Recursive Load Balancing 49
BFD Multihop Support for BGP 49
BGP Multi-Instance/Multi-AS Support 49
BGP Prefix Origin Validation Based on RPKI 49
BGP 3107 PIC Updates for Global Prefixes 50
BGP Prefix Independent Convergence for RIB and FIB 51
How to Implement BGP on Cisco IOS XR Software 51
Enabling BGP Routing 51
Configuring a Routing Domain Confederation for BGP 55
Resetting an eBGP Session Immediately Upon Link Failure 57
Logging Neighbor Changes 57
Adjusting BGP Timers 57
Changing the BGP Default Local Preference Value 59
Configuring the MED Metric for BGP 60
Configuring BGP Weights 62
Tuning the BGP Best-Path Calculation 64
Indicating BGP Back-door Routes 66
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 v
ContentsConfiguring Aggregate Addresses 67
Redistributing iBGP Routes into IGP 69
Redistributing Prefixes into Multiprotocol BGP 71
Configuring BGP Route Dampening 73
Applying Policy When Updating the Routing Table 78
Setting BGP Administrative Distance 80
Configuring a BGP Neighbor Group and Neighbors 82
Configuring a Route Reflector for BGP 85
Configuring BGP Route Filtering by Route Policy 87
Configuring BGP Next-Hop Trigger Delay 89
Disabling Next-Hop Processing on BGP Updates 91
Configuring BGP Community and Extended-Community Advertisements 93
Configuring the BGP Cost Community 95
Configuring Software to Store Updates from a Neighbor 99
Configuring Distributed BGP 101
Configuring a VPN Routing and Forwarding Instance in BGP 104
Defining the Virtual Routing and Forwarding Tables in Provider Edge Routers 104
Configuring the Route Distinguisher 106
Configuring PE-PE or PE-RR Interior BGP Sessions 108
Configuring Route Reflector to Hold Routes That Have a Defined Set of RT
Communities 111
Configuring BGP as a PE-CE Protocol 113
Redistribution of IGPs to BGP 118
Configuring Keychains for BGP 121
Disabling a BGP Neighbor 123
Resetting Neighbors Using BGP Inbound Soft Reset 124
Resetting Neighbors Using BGP Outbound Soft Reset 125
Resetting Neighbors Using BGP Hard Reset 126
Clearing Caches, Tables, and Databases 127
Displaying System and Network Statistics 128
Displaying BGP Process Information 129
Monitoring BGP Update Groups 131
Configuring BGP Nonstop Routing 132
Installing Primary Backup Path for Prefix Independent Convergence (PIC) 133
Retaining Allocated Local Label for Primary Path 135
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
vi OL-26048-02
ContentsConfiguring BGP Additional Paths 137
Configuring iBGP Multipath Load Sharing 139
Originating Prefixes with AiGP 141
Enabling BGP Unequal Cost Recursive Load Balancing 143
Configuring RPKI Cache 146
Configuring RPKI Prefix Validation 149
Configuring RPKI Bestpath Computation 150
Configuration Examples for Implementing BGP 152
Enabling BGP: Example 152
Displaying BGP Update Groups: Example 153
BGP Neighbor Configuration: Example 154
BGP Confederation: Example 155
BGP Route Reflector: Example 157
BGP Nonstop Routing Configuration: Example 157
Primary Backup Path Installation: Example 157
Allocated Local Label Retention: Example 157
iBGP Multipath Loadsharing Configuration: Example 158
Configuring BGP Additional Paths: Example 158
Originating Prefixes With AiGP: Example 158
BGP Unequal Cost Recursive Load Balancing: Example 159
Where to Go Next 161
Additional References 161
C H A P T E R 2 Implementing EIGRP on Cisco ASR 9000 Series Router 165
Prerequisites for Implementing EIGRP 166
Restrictions for Implementing EIGRP 166
Information About Implementing EIGRP 166
EIGRP Functional Overview 166
EIGRP Features 167
EIGRP Components 167
EIGRP Configuration Grouping 168
EIGRP Configuration Modes 168
EIGRP Interfaces 169
Redistribution for an EIGRP Process 169
Metric Weights for EIGRP Routing 170
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 vii
ContentsMismatched K Values 170
Goodbye Message 171
Percentage of Link Bandwidth Used for EIGRP Packets 171
Floating Summary Routes for an EIGRP Process 171
Split Horizon for an EIGRP Process 173
Adjustment of Hello Interval and Hold Time for an EIGRP Process 174
Stub Routing for an EIGRP Process 174
Route Policy Options for an EIGRP Process 175
EIGRP Layer 3 VPN PE-CE Site-of-Origin 176
Router Interoperation with the Site-of-Origin Extended Community 176
EIGRP v4/v6 Authentication Using Keychain 177
How to Implement EIGRP 177
Enabling EIGRP Routing 177
Configuring Route Summarization for an EIGRP Process 180
Redistributing Routes for EIGRP 182
Creating a Route Policy and Attaching It to an EIGRP Process 184
Configuring Stub Routing for an EIGRP Process 187
Configuring EIGRP as a PE-CE Protocol 189
Redistributing BGP Routes into EIGRP 192
Monitoring EIGRP Routing 194
Configuring an EIGRP Authentication Keychain 197
Configuring an Authentication Keychain for an IPv4/IPv6 Interface on a Default
VRF 198
Configuring an Authentication Keychain for an IPv4/IPv6 Interface on a Nondefault
VRF 199
Configuration Examples for Implementing EIGRP 201
Configuring a Basic EIGRP Configuration: Example 201
Configuring an EIGRP Stub Operation: Example 202
Configuring an EIGRP PE-CE Configuration with Prefix-Limits: Example 202
Configuring an EIGRP Authentication Keychain: Example 203
Additional References 203
C H A P T E R 3 Implementing IS-IS on Cisco ASR 9000 Series Router 205
Prerequisites for Implementing IS-IS 206
Restrictions for Implementing IS-IS 206
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
viii OL-26048-02
ContentsInformation About Implementing IS-IS 206
IS-IS Functional Overview 206
Key Features Supported in the Cisco IOS XR IS-IS Implementation 207
IS-IS Configuration Grouping 207
IS-IS Configuration Modes 207
Router Configuration Mode 207
Router Address Family Configuration Mode 208
Interface Configuration Mode 208
Interface Address Family Configuration Mode 208
IS-IS Interfaces 208
Multitopology Configuration 209
IPv6 Routing and Configuring IPv6 Addressing 209
Limit LSP Flooding 209
Flood Blocking on Specific Interfaces 209
Mesh Group Configuration 210
Maximum LSP Lifetime and Refresh Interval 210
Single-Topology IPv6 Support 210
Multitopology IPv6 Support 210
IS-IS Authentication 210
Nonstop Forwarding 211
Multi-Instance IS-IS 212
Multiprotocol Label Switching Traffic Engineering 212
Overload Bit on Router 212
Overload Bit Configuration During Multitopology Operation 213
IS-IS Overload Bit Avoidance 213
Default Routes 213
Attached Bit on an IS-IS Instance 214
IS-IS Support for Route Tags 214
Multicast-Intact Feature 214
Multicast Topology Support Using IS-IS 215
MPLS Label Distribution Protocol IGP Synchronization 215
MPLS LDP-IGP Synchronization Compatibility with LDP Graceful Restart 215
MPLS LDP-IGP Synchronization Compatibility with IGP Nonstop Forwarding 216
Label Distribution Protocol IGP Auto-configuration 216
MPLS TE Forwarding Adjacency 216
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 ix
ContentsMPLS TE Interarea Tunnels 216
IP Fast Reroute 217
How to Implement IS-IS 217
Enabling IS-IS and Configuring Level 1 or Level 2 Routing 217
Configuring Single Topology for IS-IS 219
Configuring Multitopology Routing 225
Restrictions for Configuring Multitopology Routing 225
Information About Multitopology Routing 225
Configuring a Global Topology and Associating It with an Interface 225
Enabling an IS-IS Topology 227
Placing an Interface in a Topology in IS-IS 229
Configuring a Routing Policy 230
Configuring Multitopology for IS-IS 232
Controlling LSP Flooding for IS-IS 232
Configuring Nonstop Forwarding for IS-IS 236
Configuring Authentication for IS-IS 239
Configuring Keychains for IS-IS 241
Configuring MPLS Traffic Engineering for IS-IS 243
Tuning Adjacencies for IS-IS 246
Setting SPF Interval for a Single-Topology IPv4 and IPv6 Configuration 249
Customizing Routes for IS-IS 252
Configuring MPLS LDP IS-IS Synchronization 255
Enabling Multicast-Intact 256
Tagging IS-IS Interface Routes 258
Setting the Priority for Adding Prefixes to the RIB 260
Configuring IP/LDP Fast Reroute 262
Configuring IS-IS Overload Bit Avoidance 266
Configuration Examples for Implementing IS-IS 266
Configuring Single-Topology IS-IS for IPv6: Example 267
Configuring Multitopology IS-IS for IPv6: Example 267
Redistributing IS-IS Routes Between Multiple Instances: Example 267
Tagging Routes: Example 268
Configuring IS-IS Overload Bit Avoidance: Example 268
Where to Go Next 269
Additional References 269
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
x OL-26048-02
ContentsC H A P T E R 4 Implementing OSPF on Cisco ASR 9000 Series Router 273
Prerequisites for Implementing OSPF 274
Information About Implementing OSPF 274
OSPF Functional Overview 275
Key Features Supported in the Cisco IOS XR Software OSPF Implementation 276
Comparison of Cisco IOS XR Software OSPFv3 and OSPFv2 276
OSPF Hierarchical CLI and CLI Inheritance 277
OSPF Routing Components 277
Autonomous Systems 278
Areas 278
Backbone Area 279
Stub Area 279
Not-so-Stubby Area 279
Routers 279
Area Border Routers 279
Autonomous System Boundary Routers (ASBR) 280
Interior Routers 280
OSPF Process and Router ID 280
Supported OSPF Network Types 281
Route Authentication Methods for OSPF 281
Plain Text Authentication 281
MD5 Authentication 281
Authentication Strategies 281
Key Rollover 282
Neighbors and Adjacency for OSPF 282
Designated Router (DR) for OSPF 282
Default Route for OSPF 282
Link-State Advertisement Types for OSPF Version 2 283
Link-State Advertisement Types for OSPFv3 283
Virtual Link and Transit Area for OSPF 285
OSPFv2 Sham Link Support for MPLS VPN 285
OSPF SPF Prefix Prioritization 287
Route Redistribution for OSPF 289
OSPF Shortest Path First Throttling 289
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 xi
ContentsNonstop Forwarding for OSPF Version 2 290
Graceful Restart for OSPFv3 290
Modes of Graceful Restart Operation 291
Restart Mode 291
Helper Mode 291
Graceful Restart Requirements and Restrictions 292
Warm Standby and Nonstop Routing for OSPF Version 2 293
Warm Standby for OSPF Version 3 293
Multicast-Intact Support for OSPF 293
Load Balancing in OSPF Version 2 and OSPFv3 294
Multi-Area Adjacency for OSPF Version 2 294
Label Distribution Protocol IGP Auto-configuration for OSPF 295
OSPF Authentication Message Digest Management 295
GTSM TTL Security Mechanism for OSPF 296
Path Computation Element for OSPFv2 296
OSPF IP Fast Reroute Loop Free Alternate 296
Management Information Base (MIB) for OSPFv3 297
How to Implement OSPF 297
Enabling OSPF 297
Configuring Stub and Not-So-Stubby Area Types 300
Configuring Neighbors for Nonbroadcast Networks 303
Configuring Authentication at Different Hierarchical Levels for OSPF Version 2 308
Controlling the Frequency That the Same LSA Is Originated or Accepted for OSPF 312
Creating a Virtual Link with MD5 Authentication to Area 0 for OSPF 314
Examples 318
Summarizing Subnetwork LSAs on an OSPF ABR 319
Redistributing Routes from One IGP into OSPF 321
Configuring OSPF Shortest Path First Throttling 324
Examples 327
Configuring Nonstop Forwarding Specific to Cisco for OSPF Version 2 327
Configuring OSPF Version 2 for MPLS Traffic Engineering 330
Examples 333
Configuring OSPFv3 Graceful Restart 334
Displaying Information About Graceful Restart 336
Configuring an OSPFv2 Sham Link 337
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
xii OL-26048-02
ContentsEnabling Nonstop Routing for OSPFv2 341
Enabling Nonstop Routing for OSPFv3 342
Configuring OSPF SPF Prefix Prioritization 343
Enabling Multicast-intact for OSPFv2 346
Associating Interfaces to a VRF 347
Configuring OSPF as a Provider Edge to Customer Edge (PE-CE) Protocol 349
Creating Multiple OSPF Instances (OSPF Process and a VRF) 352
Configuring Multi-area Adjacency 354
Configuring Label Distribution Protocol IGP Auto-configuration for OSPF 356
Configuring LDP IGP Synchronization: OSPF 358
Configuring Authentication Message Digest Management for OSPF 359
Examples 361
Configuring Generalized TTL Security Mechanism (GTSM) for OSPF 363
Examples 365
Verifying OSPF Configuration and Operation 366
Configuring IP Fast Reroute Loop-free Alternate 368
Enabling IPFRR LFA 368
Excluding an Interface From IP Fast Reroute Per-link Computation 370
Configuration Examples for Implementing OSPF 371
Cisco IOS XR Software for OSPF Version 2 Configuration: Example 371
CLI Inheritance and Precedence for OSPF Version 2: Example 372
MPLS TE for OSPF Version 2: Example 373
ABR with Summarization for OSPFv3: Example 374
ABR Stub Area for OSPFv3: Example 374
ABR Totally Stub Area for OSPFv3: Example 374
Configuring OSPF SPF Prefix Prioritization: Example 374
Route Redistribution for OSPFv3: Example 375
Virtual Link Configured Through Area 1 for OSPFv3: Example 376
Virtual Link Configured with MD5 Authentication for OSPF Version 2: Example 376
VPN Backbone and Sham Link Configured for OSPF Version 2: Example 377
Where to Go Next 378
Additional References 378
C H A P T E R 5 Implementing and Monitoring RIB on Cisco ASR 9000 Series Router 381
Prerequisites for Implementing RIB 382
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 xiii
ContentsInformation About RIB Configuration 382
Overview of RIB 382
RIB Data Structures in BGP and Other Protocols 382
RIB Administrative Distance 383
RIB Support for IPv4 and IPv6 383
RIB Statistics 384
IPv6 Provider Edge IPv6 and IPv6 VPN Provider Edge Transport over MPLS 384
RIB Quarantining 384
Route and Label Consistency Checker (RCC and LCC) 385
System-wide Route Prioritization for IOS XR Software 386
How to Deploy and Monitor RIB 386
Verifying RIB Configuration Using the Routing Table 386
Verifying Networking and Routing Problems 387
Disabling RIB Next-hop Dampening 389
Configuring RCC and LCC 390
Enabling RCC and LCC On-demand Scan 390
Enabling RCC and LCC Background Scan 391
Configuration Examples for RIB Monitoring 393
Output of show route Command: Example 394
Output of show route backup Command: Example 394
Output of show route best-local Command: Example 394
Output of show route connected Command: Example 395
Output of show route local Command: Example 395
Output of show route longer-prefixes Command: Example 395
Output of show route next-hop Command: Example 395
Enabling RCC and LCC: Example 396
Where to Go Next 396
Additional References 397
C H A P T E R 6 Implementing RIP on Cisco ASR 9000 Series Router 399
Prerequisites for Implementing RIP 400
Information About Implementing RIP 400
RIP Functional Overview 400
Split Horizon for RIP 401
Route Timers for RIP 401
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
xiv OL-26048-02
ContentsRoute Redistribution for RIP 401
Default Administrative Distances for RIP 402
Routing Policy Options for RIP 403
Authentication Using Keychain in RIP 403
In-bound RIP Traffic on an Interface 404
Out-bound RIP Traffic on an Interface 405
How to Implement RIP 405
Enabling RIP 405
Customizing RIP 407
Control Routing Information 410
Creating a Route Policy for RIP 413
Configuring RIP Authentication Keychain 415
Configuring RIP Authentication Keychain for IPv4 Interface on a Non-default VRF 415
Configuring RIP Authentication Keychain for IPv4 Interface on Default VRF 417
Configuration Examples for Implementing RIP 419
Configuring a Basic RIP Configuration: Example 419
Configuring RIP on the Provider Edge: Example 420
Adjusting RIP Timers for each VRF Instance: Example 420
Configuring Redistribution for RIP: Example 421
Configuring Route Policies for RIP: Example 421
Configuring Passive Interfaces and Explicit Neighbors for RIP: Example 422
Controlling RIP Routes: Example 422
Configuring RIP Authentication Keychain: Example 422
Additional References 423
C H A P T E R 7 Implementing Routing Policy on Cisco ASR 9000 Series Router 425
Prerequisites for Implementing Routing Policy 426
Restrictions for Implementing Routing Policy 426
Information About Implementing Routing Policy 427
Routing Policy Language 427
Routing Policy Language Overview 427
Routing Policy Language Structure 427
Names 428
Sets 428
as-path-set 429
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 xv
Contentscommunity-set 430
extcommunity-set 431
prefix-set 434
Enhanced Prefix-length Manipulation 435
rd-set 435
Routing Policy Language Components 436
Routing Policy Language Usage 436
Routing Policy Configuration Basics 438
Policy Definitions 438
Parameterization 439
Parameterization at Attach Points 440
Global Parameterization 441
Semantics of Policy Application 441
Boolean Operator Precedence 441
Multiple Modifications of the Same Attribute 442
When Attributes Are Modified 443
Default Drop Disposition 443
Control Flow 443
Policy Verification 444
Range Checking 444
Incomplete Policy and Set References 444
Attached Policy Modification 445
Verification of Attribute Comparisons and Actions 445
Policy Statements 445
Remark 446
Disposition 446
Action 448
If 448
Boolean Conditions 449
apply 450
Attach Points 450
BGP Policy Attach Points 451
Aggregation 451
Dampening 452
Default Originate 453
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
xvi OL-26048-02
ContentsNeighbor Export 453
Neighbor Import 454
Network 454
Redistribute 454
Show BGP 455
Table Policy 456
Import 457
Export 457
Retain Route-Target 458
Allocate-Label 459
Neighbor-ORF 459
Next-hop 460
Clear-Policy 460
Debug 460
BGP Attributes and Operators 461
OSPF Policy Attach Points 475
Default-Information Originate 475
Redistribute 475
Area-in 476
Area-out 476
OSPF Attributes and Operators 477
OSPFv3 Policy Attach Points 478
Default-Information Originate 478
Redistribute 478
OSPFv3 Attributes and Operators 479
IS-IS Policy Attach Points 479
Redistribute 479
Default-Information Originate 480
Inter-area-propagate 480
IS-IS Attributes and Operators 480
EIGRP Policy Attach Points 481
Default-Accept-In 481
Default-Accept-Out 482
Policy-In 482
Policy-Out 482
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 xvii
ContentsIf-Policy-In 483
If-Policy-Out 483
Redistribute 483
EIGRP Attributes and Operators 483
RIP Policy Attach Points 485
Default-Information Originate 485
Redistribute 485
Global-Inbound 486
Global-Outbound 486
Interface-Inbound 486
Interface-Outbound 486
RIP Attributes and Operators 486
PIM Policy Attach Points 488
Attached Policy Modification 488
Nonattached Policy Modification 488
Editing Routing Policy Configuration Elements 488
Editing Routing Policy Configuration Elements Using the Nano Editor 489
Editing Routing Policy Configuration Elements Using the Emacs Editor 489
Editing Routing Policy Configuration Elements Using the Vim Editor 490
Editing Routing Policy Configuration Elements Using the CLI 490
Editing Routing Policy Language set elements Using XML 490
Hierarchical Conditions 491
Apply Condition Policies 491
Nested Wildcard Apply Policy 492
How to Implement Routing Policy 492
Defining a Route Policy 492
Attaching a Routing Policy to a BGP Neighbor 494
Modifying a Routing Policy Using a Text Editor 496
Configuration Examples for Implementing Routing Policy 497
Routing Policy Definition: Example 497
Simple Inbound Policy: Example 497
Modular Inbound Policy: Example 498
Additional References 499
C H A P T E R 8 Implementing Static Routes on Cisco ASR 9000 Series Router 501
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
xviii OL-26048-02
ContentsPrerequisites for Implementing Static Routes 502
Information About Implementing Static Routes 502
Static Route Functional Overview 502
Default Administrative Distance 502
Directly Connected Routes 503
Recursive Static Routes 503
Fully Specified Static Routes 504
Floating Static Routes 504
Default VRF 504
IPv4 and IPv6 Static VRF Routes 504
Dynamic ECMP Support for IGP Prefixes 505
How to Implement Static Routes 505
Configuring a Static Route 505
Configuring a Floating Static Route 507
Configuring Static Routes Between PE-CE Routers 508
Changing the Maximum Number of Allowable Static Routes 510
Associating a VRF with a Static Route 512
Enabling Object Tracking for Static Routes 514
Configuration Examples 516
Configuring Traffic Discard: Example 516
Configuring a Fixed Default Route: Example 516
Configuring a Floating Static Route: Example 516
Configuring a Static Route Between PE-CE Routers: Example 516
Additional References 517
C H A P T E R 9 Implementing RCMD on Cisco ASR 9000 Series Router 519
Route Convergence Monitoring and Diagnostics 519
Configuring Route Convergence Monitoring and Diagnostics 520
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 xix
Contents Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
xx OL-26048-02
ContentsPreface
The Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide preface contains
these sections:
• Changes to This Document, page xxi
• Obtaining Documentation and Submitting a Service Request, page xxi
Changes to This Document
This table lists the technical changes made to this document since it was first printed.
Table 1: Changes to This Document
Revision Date Change Summary
Republished with documentation
updates for Cisco IOS XR Release
4.2.1 features.
OL-26048-02 June, 2012
OL-26048-01 December, 2011 Initial release of this document.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation,submitting a service request, and gathering additional information,
see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco
technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 xxi Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
xxii OL-26048-02
Preface
Obtaining Documentation and Submitting a Service RequestC H A P T E R 1
Implementing BGP on Cisco ASR 9000 Series
Router
Border Gateway Protocol (BGP) is an Exterior Gateway Protocol (EGP) that allows you to create loop-free
interdomain routing between autonomous systems. An autonomous system is a set of routers under a single
technical administration. Routers in an autonomous system can use multiple Interior Gateway Protocols
(IGPs) to exchange routing information inside the autonomous system and an EGP to route packets outside
the autonomous system.
This module provides the conceptual and configuration information for BGP on Cisco IOS XR software.
For more information about BGP and complete descriptions of the BGP commands listed in this module,
see Related Documents, on page 161 section of this module. To locate documentation for other commands
that might appear while performing a configuration task, search online in the Cisco ASR 9000 Series
Router software master command index.
Note
Feature History for Implementing BGP
Release Modification
Release 3.7.2 This feature was introduced.
The following features were supported:
• BGP Prefix Independent Convergence Unipath Primary
Backup
• BGP Local Label Retention
• Asplain notation for 4-byte Autonomous System Number
• BGP Nonstop Routing
• Command Line Interface (CLI) consistency for BGP
commands
• L2VPN Address Family Configuration Mode
Release 3.9.0
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 1Release Modification
The following features were supported:
• BGP Add Path Advertisement
• Accumulated iGP (AiGP)
• Pre-route
• IPv4 BGP-Policy Accounting
• IPv6 uRPF
Release 4.0.0
Release 4.1.0 Support for 5000 BGP NSR sessions was added
BGP DMZ Link Bandwidth for Unequal Cost Recursive Load
Balancing feature was added
Release 4.1.1
The following features were supported:
• Selective VRF Download
• BGP Multi-Instance/Multi-AS
• BFD Multihop Support for BGP
Release 4.2.0
The following features were supported:
• BGP 3107 PIC Updates for Global Prefixes
• BGP Prefix Independent Convergence for RIB and FIB
• BGP Prefix Origin Validation Based on RPKI
Release 4.2.1
• Prerequisites for Implementing BGP, page 2
• Information About Implementing BGP, page 3
• How to Implement BGP on Cisco IOS XR Software, page 51
• Configuration Examples for Implementing BGP, page 152
• Where to Go Next, page 161
• Additional References, page 161
Prerequisites for Implementing BGP
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
2 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Prerequisites for Implementing BGPInformation About Implementing BGP
To implement BGP, you need to understand the following concepts:
BGP Functional Overview
BGP uses TCP as its transport protocol. Two BGP routers form a TCP connection between one another (peer
routers) and exchange messages to open and confirm the connection parameters.
BGP routers exchange network reachability information. This information is mainly an indication of the full
paths (BGP autonomous system numbers) that a route should take to reach the destination network. This
information helps construct a graph that shows which autonomous systems are loop free and where routing
policies can be applied to enforce restrictions on routing behavior.
Any two routersforming a TCP connection to exchange BGP routing information are called peers or neighbors.
BGP peers initially exchange their full BGP routing tables. After this exchange, incremental updates are sent
as the routing table changes. BGP keeps a version number of the BGP table, which is the same for all of its
BGP peers. The version number changes whenever BGP updatesthe table due to routing information changes.
Keepalive packets are sent to ensure that the connection is alive between the BGP peers and notification
packets are sent in response to error or special conditions.
For information on configuring BGP to distribute Multiprotocol Label Switching (MPLS) Layer 3 virtual
private network (VPN) information, see the Cisco ASR 9000 Series Aggregation Services Router MPLS
Configuration Guide
For information on BGP support for Bidirectional Forwarding Detection (BFD), see the
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Configuration Guide and
the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Command Reference.
Note
BGP Router Identifier
For BGP sessions between neighbors to be established, BGP must be assigned a router ID. The router ID is
sent to BGP peers in the OPEN message when a BGP session is established.
BGP attempts to obtain a router ID in the following ways (in order of preference):
• By means of the address configured using the bgp router-id command in router configuration mode.
• By using the highest IPv4 address on a loopback interface in the system if the router is booted with saved
loopback address configuration.
• By using the primary IPv4 address of the first loopback address that gets configured if there are not any
in the saved configuration.
If none of these methodsfor obtaining a router ID succeeds, BGP does not have a router ID and cannot establish
any peering sessions with BGP neighbors. In such an instance, an error message is entered in the system log,
and the show bgp summary command displays a router ID of 0.0.0.0.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 3
Implementing BGP on Cisco ASR 9000 Series Router
Information About Implementing BGPAfter BGP has obtained a router ID, it continues to use it even if a better router ID becomes available. This
usage avoids unnecessary flapping for all BGP sessions. However, if the router ID currently in use becomes
invalid (because the interface goes down or its configuration is changed), BGP selects a new router ID (using
the rules described) and all established peering sessions are reset.
We strongly recommend that the bgp router-id command is configured to prevent unnecessary changes
to the router ID (and consequent flapping of BGP sessions).
Note
BGP Default Limits
Cisco IOS XR BGP imposes maximum limits on the number of neighbors that can be configured on the router
and on the maximum number of prefixes that are accepted from a peer for a given address family. This
limitation safeguards the router from resource depletion caused by misconfiguration, either locally or on the
remote neighbor. The following limits apply to BGP configurations:
• The default maximum number of peers that can be configured is 4000. The default can be changed using
the bgp maximum neighbor command. The limit range is 1 to 15000. Any attempt to configure
additional peers beyond the maximum limit or set the maximum limit to a number that is less than the
number of peers currently configured will fail.
• To prevent a peer from flooding BGP with advertisements, a limit is placed on the number of prefixes
that are accepted from a peer for each supported address family. The default limits can be overridden
through configuration of the maximum-prefix limit command for the peer for the appropriate address
family. The following default limits are used if the user does not configure the maximum number of
prefixes for the address family:
? 512K (524,288) prefixes for IPv4 unicast
? 128K (131,072) prefixes for IPv4 multicast
? 128K (131,072) prefixes for IPv6 unicast
? 512K (524,288) prefixes for VPNv4 unicast
A cease notification message is sent to the neighbor and the peering with the neighbor is terminated
when the number of prefixes received from the peer for a given address family exceeds the maximum
limit (either set by default or configured by the user) for that address family.
It is possible that the maximum number of prefixes for a neighbor for a given address family has been
configured after the peering with the neighbor has been established and a certain number of prefixes
have already been received from the neighbor for that address family. A cease notification message is
sent to the neighbor and peering with the neighbor is terminated immediately after the configuration if
the configured maximum number of prefixesisfewer than the number of prefixesthat have already been
received from the neighbor for the address family.
BGP Next Hop Tracking
BGP receives notifications from the Routing Information Base (RIB) when next-hop information changes
(event-driven notifications). BGP obtains next-hop information from the RIB to:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
4 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Default Limits• Determine whether a next hop is reachable.
• Find the fully recursed IGP metric to the next hop (used in the best-path calculation).
• Validate the received next hops.
• Calculate the outgoing next hops.
• Verify the reachability and connectedness of neighbors.
BGP is notified when any of the following events occurs:
• Next hop becomes unreachable
• Next hop becomes reachable
• Fully recursed IGP metric to the next hop changes
• First hop IP address or first hop interface change
• Next hop becomes connected
• Next hop becomes unconnected
• Next hop becomes a local address
• Next hop becomes a nonlocal address
Note Reachability and recursed metric events trigger a best-path recalculation.
Event notificationsfrom the RIB are classified as critical and noncritical. Notificationsfor critical and noncritical
events are sent in separate batches. However, a noncritical event is sent along with the critical events if the
noncritical event is pending and there is a request to read the critical events.
• Critical events are related to the reachability (reachable and unreachable), connectivity (connected and
unconnected), and locality (local and nonlocal) of the next hops. Notifications for these events are not
delayed.
• Noncritical eventsinclude only the IGP metric changes. These events are sent at an interval of 3 seconds.
A metric change event is batched and sent 3 seconds after the last one was sent.
The next-hop trigger delay for critical and noncritical events can be configured to specify a minimum batching
interval for critical and noncritical events using the nexthop trigger-delay command. The trigger delay is
address family dependent.
The BGP next-hop tracking feature allows you to specify that BGP routes are resolved using only next hops
whose routes have the following characteristics:
• To avoid the aggregate routes, the prefix length must be greater than a specified value.
• The source protocol must be from a selected list, ensuring that BGP routes are not used to resolve next
hops that could lead to oscillation.
This route policy filtering is possible because RIB identifies the source protocol of route that resolved a next
hop as well as the mask length associated with the route. The nexthop route-policy command is used to
specify the route-policy.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 5
Implementing BGP on Cisco ASR 9000 Series Router
BGP Next Hop TrackingFor information on route policy filtering for next hops using the next-hop attach point, see the Implementing
Routing Policy Language on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series
Aggregation Services Router Routing Configuration Guide (this publication).
Scoped IPv4/VPNv4 Table Walk
To determine which address family to process, a next-hop notification is received by first dereferencing the
gateway context associated with the next hop, then looking into the gateway context to determine which
address families are using the gateway context. The IPv4 unicast and VPNv4 unicast address families share
the same gateway context, because they are registered with the IPv4 unicast table in the RIB. As a result, both
the global IPv4 unicast table and the VPNv4 table are processed when an IPv4 unicast next-hop notification
is received from the RIB. A mask is maintained in the next hop, indicating whether the next hop belongs to
IPv4 unicast or VPNv4 unicast, or both. This scoped table walk localizes the processing in the appropriate
address family table.
Reordered Address Family Processing
The Cisco IOS XR software walks address family tables based on the numeric value of the address family.
When a next-hop notification batch is received, the order of address family processing is reordered to the
following order:
• IPv4 tunnel
• VPNv4 unicast
• IPv4 labeled unicast
• IPv4 unicast
• IPv4 multicast
• IPv6 unicast
New Thread for Next-Hop Processing
The critical-event thread in the spkr process handles only next-hop, Bidirectional Forwarding Detection (BFD),
and fast-external-failover (FEF) notifications. This critical-event thread ensures that BGP convergence is not
adversely impacted by other events that may take a significant amount of time.
show, clear, and debug Commands
The show bgp nexthops command provides statistical information about next-hop notifications, the amount
of time spent in processing those notifications, and details about each next hop registered with the RIB. The
clear bgp nexthop performance-statistics command ensures that the cumulative statistics associated with
the processing part of the next-hop show command can be cleared to help in monitoring. The clear bgp
nexthop registration command performs an asynchronous registration of the next hop with the RIB. See the
BGP Commands on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services
Router Routing Command Referencefor information on the next-hop show and clear commands.
The debug bgp nexthop command displays information on next-hop processing. The out keyword provides
debug information only about BGP registration of next hops with RIB. The in keyword displays debug
information about next-hop notifications received from RIB. The out keyword displays debug information
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
6 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Next Hop Trackingabout next-hop notifications sent to the RIB. See the BGP Debug Commands on Cisco ASR 9000 Series
Aggregation Services Router module of Cisco ASR 9000 Series Aggregation Services Router Routing Debug
Command Reference .
Autonomous System Number Formats in BGP
Autonomous system numbers (ASNs) are globally unique identifiers used to identify autonomous systems
(ASs) and enable ASs to exchange exterior routing information between neighboring ASs. A unique ASN is
allocated to each AS for use in BGP routing. ASNs are encoded as 2-byte numbers and 4-byte numbers in
BGP.
2-byte Autonomous System Number Format
The 2-byte ASNs are represented in asplain notation. The 2-byte range is 1 to 65535.
4-byte Autonomous System Number Format
To prepare for the eventual exhaustion of 2-byte Autonomous System Numbers(ASNs), BGP hasthe capability
to support 4-byte ASNs. The 4-byte ASNs are represented both in asplain and asdot notations.
The byte range for 4-byte ASNs in asplain notation is 1-4294967295. The AS is represented as a 4-byte
decimal number. The 4-byte ASN asplain representation is defined in draft-ietf-idr-as-representation-01.txt.
For 4-byte ASNs in asdot format, the 4-byte range is 1.0 to 65535.65535 and the format is:
high-order-16-bit-value-in-decimal . low-order-16-bit-value-in-decimal
The BGP 4-byte ASN capability is used to propagate 4-byte-based AS path information across BGP speakers
that do not support 4-byte AS numbers. See draft-ietf-idr-as4bytes-12.txt for information on increasing the
size of an ASN from 2 bytes to 4 bytes. AS is represented as a 4-byte decimal number
as-format Command
The as-format command configures the ASN notation to asdot. The default value, if the as-format command
is not configured, is asplain.
BGP Configuration
BGP in Cisco IOS XR software follows a neighbor-based configuration model that requires that all
configurations for a particular neighbor be grouped in one place under the neighbor configuration. Peer groups
are not supported for either sharing configuration between neighbors or for sharing update messages. The
concept of peer group has been replaced by a set of configuration groups to be used as templates in BGP
configuration and automatically generated update groups to share update messages between neighbors.
Configuration Modes
BGP configurations are grouped into modes. The following sections show how to enter some of the BGP
configuration modes. From a mode, you can enter the ? command to display the commands available in that
mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 7
Implementing BGP on Cisco ASR 9000 Series Router
Autonomous System Number Formats in BGPRouter Configuration Mode
The following example shows how to enter router configuration mode:
RP/0/RSP0/CPU0:router# configuration
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)#
Router Address Family Configuration Mode
The following example shows how to enter router address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 112
RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 multicast
RP/0/RSP0/CPU0:router(config-bgp-af)#
Neighbor Configuration Mode
The following example shows how to enter neighbor configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.0.1
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Neighbor Address Family Configuration Mode
The following example shows how to enter neighbor address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 112
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.0.1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
VRF Configuration Mode
The following example shows how to enter VPN routing and forwarding (VRF) configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
VRF Address Family Configuration Mode
The following example shows how to enter VRF address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 112
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A
RP/0/RSP0/CPU0:router(config-bgp-vrf)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
8 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP ConfigurationVRF Neighbor Configuration Mode
The following example shows how to enter VRF neighbor configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A
RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 11.0.1.2
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
VRF Neighbor Address Family Configuration Mode
The following example shows how to enter VRF neighbor address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 112
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A
RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 11.0.1.2
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
VPNv4 Address Family Configuration Mode
The following example shows how to enter VPNv4 address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 152
RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-af)#
L2VPN Address Family Configuration Mode
The following example shows how to enter L2VPN address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 100
RP/0/RSP0/CPU0:router(config-bgp)# address-family l2vpn vpls-vpws
RP/0/RSP0/CPU0:router(config-bgp-af)#
Neighbor Submode
Cisco IOS XR BGP uses a neighbor submode to make it possible to enter configurations without having to
prefix every configuration with the neighbor keyword and the neighbor address:
• Cisco IOS XR software has a submode available for neighbors in which it is not necessary for every
command to have a “neighbor x.x.x.x” prefix:
In Cisco IOS XR software, the configuration is as follows:
RP/0/RSP0
/CPU0:router(config-bgp)# neighbor 192.23.1.2
RP/0/RSP0
/CPU0:router(config-bgp-nbr)# remote-as 2002
RP/0/RSP0
/CPU0:router(config-bgp-nbr)# address-family ipv4 multicast
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 9
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configuration• An address family configuration submode inside the neighbor configuration submode is available for
entering address family-specific neighbor configurations. In Cisco IOS XR software, the configuration
is as follows:
RP/0/RSP0
/CPU0:router(config-bgp)# neighbor 2002::2
RP/0/RSP0
/CPU0:router(config-bgp-nbr)# remote-as 2023
RP/0/RSP0
/CPU0:router(config-bgp-nbr)# address-family ipv6 unicast
RP/0/RSP0
/CPU0:router(config-bgp-nbr-af)# next-hop-self
RP/0/RSP0
/CPU0:router(config-bgp-nbr-af)# route-policy one in
• You must enter neighbor-specific IPv4, IPv6, VPNv4, or VPNv6 commands in neighbor address-family
configuration submode. In Cisco IOS XR software, the configuration is as follows:
RP/0/RSP0
/CPU0:router(config)# router bgp 109
RP/0/RSP0
/CPU0:router(config-bgp)# neighbor 192.168.40.24
RP/0/RSP0
/CPU0:router(config-bgp-nbr)# remote-as 1
RP/0/RSP0
/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RSP0
/CPU0:router(config-bgp-nbr-af)# maximum-prefix 1000
• You must enter neighbor-specific IPv4 and IPv6 commandsin VRF neighbor address-family configuration
submode. In Cisco IOS XR software, the configuration is as follows:
RP/0/RSP0
/CPU0:router(config)# router bgp 110
RP/0/RSP0
/CPU0:router(config-bgp)# vrf vrf_A
RP/0/RSP0
/CPU0:router(config-bgp-vrf)# neighbor 11.0.1.2
RP/0/RSP0
/CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 unicast
RP/0/RSP0
/CPU0:router(config-bgp-vrf-nbr-af)# route-policy pass all in
Configuration Templates
The af-group, session-group, and neighbor-group configuration commands provide template support for
the neighbor configuration in Cisco IOS XR software.
The af-group command is used to group address family-specific neighbor commands within an IPv4, IPv6,
or VPNv4, address family. Neighbors that have the same address family configuration are able to use the
address family group (af-group) name for their address family-specific configuration. A neighbor inherits the
configuration from an address family group by way of the use command. If a neighbor is configured to use
an address family group, the neighbor (by default) inherits the entire configuration from the address family
group. However, a neighbor does not inherit all of the configuration from the address family group if items
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
10 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configurationare explicitly configured for the neighbor. The address family group configuration is entered under the BGP
router configuration mode. The following example shows how to enter address family group configuration
mode.
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# af-group afmcast1 address-family ipv4 multicast
RP/0/RSP0/CPU0:router(config-bgp-afgrp)#
The session-group command allows you to create a session group from which neighbors can inherit address
family-independent configuration. A neighbor inherits the configuration from a session group by way of the
use command. If a neighbor is configured to use a session group, the neighbor (by default) inherits the entire
configuration of the session group. A neighbor does not inherit all of the configuration from a session group
if a configuration is done directly on that neighbor. The following example shows how to enter session group
configuration mode:
RP/0/RSP0/CPU0:router# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# session-group session1
RP/0/RSP0/CPU0:router(config-bgp-sngrp)#
The neighbor-group command helps you apply the same configuration to one or more neighbors. Neighbor
groups can include session groups and address family groups and can comprise the complete configuration
for a neighbor. After a neighbor group is configured, a neighbor can inherit the configuration of the group
using the use command. If a neighbor is configured to use a neighbor group, the neighbor inherits the entire
BGP configuration of the neighbor group.
The following example shows how to enter neighbor group configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 123
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group nbrgroup1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)#
The following example shows how to enter neighbor group address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group nbrgroup1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)#
• However, a neighbor does not inherit all of the configuration from the neighbor group if items are
explicitly configured for the neighbor. In addition, some part of the configuration of the neighbor group
could be hidden if a session group or address family group was also being used.
Configuration grouping has the following effects in Cisco IOS XR software:
• Commands entered at the session group level define address family-independent commands (the same
commands as in the neighbor submode).
• Commands entered at the address family group level define address family-dependent commands for a
specified addressfamily (the same commands asin the neighbor-addressfamily configuration submode).
• Commands entered at the neighbor group level define addressfamily-independent commands and address
family-dependent commands for each address family (the same as all available neighbor commands),
and define the use command for the address family group and session group commands.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 11
Implementing BGP on Cisco ASR 9000 Series Router
BGP ConfigurationTemplate Inheritance Rules
In Cisco IOS XR software, BGP neighbors or groups inherit configuration from other configuration groups.
For address family-independent configurations:
• Neighbors can inherit from session groups and neighbor groups.
• Neighbor groups can inherit from session groups and other neighbor groups.
• Session groups can inherit from other session groups.
• If a neighbor uses a session group and a neighbor group, the configurations in the session group are
preferred over the global address family configurations in the neighbor group.
For address family-dependent configurations:
• Address family groups can inherit from other address family groups.
• Neighbor groups can inherit from address family groups and other neighbor groups.
• Neighbors can inherit from address family groups and neighbor groups.
Configuration group inheritance rules are numbered in order of precedence as follows:
1 If the item is configured directly on the neighbor, that value is used. In the example that follows, the
advertisement interval is configured both on the neighbor group and neighbor configuration and the
advertisement interval being used is from the neighbor configuration:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 15
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.1.1.1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# advertisement-interval 20
The following output from the show bgp neighbors command shows that the advertisement interval used
is 20 seconds:
RP/0/RSP0/CPU0:router# show bgp neighbors 10.1.1.1
BGP neighbor is 10.1.1.1, remote AS 1, local AS 140, external link
Remote router ID 0.0.0.0
BGP state = Idle
Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds
Received 0 messages, 0 notifications, 0 in queue
Sent 0 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 20 seconds
For Address Family: IPv4 Unicast
BGP neighbor version 0
Update group: 0.1
eBGP neighbor with no inbound or outbound policy; defaults to 'drop'
Route refresh request: received 0, sent 0
0 accepted prefixes
Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288
Threshold for warning message 75%
Connections established 0; dropped 0
Last reset 00:00:14, due to BGP neighbor initialized
External BGP neighbor not directly connected.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
12 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configuration2 Otherwise, if an item is configured to be inherited from a session-group or neighbor-group and on the
neighbor directly, then the configuration on the neighbor is used. If a neighbor is configured to be inherited
from session-group or af-group, but no directly configured value, then the value in the session-group or
af-group is used. In the example that follows, the advertisement interval is configured on a neighbor group
and a session group and the advertisement interval value being used is from the session group:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# session-group AS_2
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 15
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 20
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.0.1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use session-group AS_2
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1
The following output from the show bgp neighbors command shows that the advertisement interval used
is 15 seconds:
RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.0.1
BGP neighbor is 192.168.0.1, remote AS 1, local AS 140, external link
Remote router ID 0.0.0.0
BGP state = Idle
Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds
Received 0 messages, 0 notifications, 0 in queue
Sent 0 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 15 seconds
For Address Family: IPv4 Unicast
BGP neighbor version 0
Update group: 0.1
eBGP neighbor with no inbound or outbound policy; defaults to 'drop'
Route refresh request: received 0, sent 0
0 accepted prefixes
Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288
Threshold for warning message 75%
Connections established 0; dropped 0
Last reset 00:03:23, due to BGP neighbor initialized
External BGP neighbor not directly connected.
3 Otherwise, if the neighbor uses a neighbor group and does not use a session group or addressfamily group,
the configuration value can be obtained from the neighbor group either directly or through inheritance. In
the example that follows, the advertisement interval from the neighbor group is used because it is not
configured directly on the neighbor and no session group is used:
RP/0/RSP0/CPU0:router(config)# router bgp 150
RP/0/RSP0/CPU0:router(config-bgp)# session-group AS_2
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 20
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 15
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.1.1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1
The following output from the show bgp neighbors command shows that the advertisement interval used
is 15 seconds:
RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.1.1
BGP neighbor is 192.168.2.2, remote AS 1, local AS 140, external link
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 13
Implementing BGP on Cisco ASR 9000 Series Router
BGP ConfigurationRemote router ID 0.0.0.0
BGP state = Idle
Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds
Received 0 messages, 0 notifications, 0 in queue
Sent 0 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 15 seconds
For Address Family: IPv4 Unicast
BGP neighbor version 0
Update group: 0.1
eBGP neighbor with no outbound policy; defaults to 'drop'
Route refresh request: received 0, sent 0
Inbound path policy configured
Policy for incoming advertisements is POLICY_1
0 accepted prefixes
Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288
Threshold for warning message 75%
Connections established 0; dropped 0
Last reset 00:01:14, due to BGP neighbor initialized
External BGP neighbor not directly connected.
To illustrate the same rule, the following example shows how to set the advertisement interval to 15 (from
the session group) and 25 (from the neighbor group). The advertisement interval set in the session group
overrides the one set in the neighbor group. The inbound policy is set to POLICY_1 from the neighbor
group.
RP/0/RSP0/CPU0:routerconfig)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# session-group ADV
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 15
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group ADV_2
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 25
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# route-policy POLICY_1 in
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.2.2
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use session-group ADV
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group ADV_2
The following output from the show bgp neighbors command shows that the advertisement interval used
is 15 seconds:
RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.2.2
BGP neighbor is 192.168.2.2, remote AS 1, local AS 140, external link
Remote router ID 0.0.0.0
BGP state = Idle
Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds
Received 0 messages, 0 notifications, 0 in queue
Sent 0 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 15 seconds
For Address Family: IPv4 Unicast
BGP neighbor version 0
Update group: 0.1
eBGP neighbor with no inbound or outbound policy; defaults to 'drop'
Route refresh request: received 0, sent 0
0 accepted prefixes
Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288
Threshold for warning message 75%
Connections established 0; dropped 0
Last reset 00:02:03, due to BGP neighbor initialized
External BGP neighbor not directly connected.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
14 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configuration4 Otherwise, the default value is used. In the example that follows, neighbor 10.0.101.5 has the minimum
time between advertisement runs set to 30 seconds (default) because the neighbor is not configured to use
the neighbor configuration or the neighbor group configuration:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# remote-as 1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group adv_15
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# remote-as 10
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 15
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.101.5
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.101.10
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group adv_15
The following output from the show bgp neighbors command shows that the advertisement interval used
is 30 seconds:
RP/0/RSP0/CPU0:router# show bgp neighbors 10.0.101.5
BGP neighbor is 10.0.101.5, remote AS 1, local AS 140, external link
Remote router ID 0.0.0.0
BGP state = Idle
Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds
Received 0 messages, 0 notifications, 0 in queue
Sent 0 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 30 seconds
For Address Family: IPv4 Unicast
BGP neighbor version 0
Update group: 0.2
eBGP neighbor with no inbound or outbound policy; defaults to 'drop'
Route refresh request: received 0, sent 0
0 accepted prefixes
Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288
Threshold for warning message 75%
Connections established 0; dropped 0
Last reset 00:00:25, due to BGP neighbor initialized
External BGP neighbor not directly connected.
The inheritance rules used when groups are inheriting configuration from other groups are the same as the
rules given for neighbors inheriting from groups.
Viewing Inherited Configurations
You can use the following show commands to view BGP inherited configurations:
show bgp neighbors
Use the show bgp neighbors command to display information about the BGP configuration for neighbors.
• Use the configuration keyword to display the effective configuration for the neighbor, including any
settings that have been inherited from session groups, neighbor groups, or address family groups used
by this neighbor.
• Use the inheritance keyword to display the session groups, neighbor groups, and address family groups
from which this neighbor is capable of inheriting configuration.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 15
Implementing BGP on Cisco ASR 9000 Series Router
BGP ConfigurationThe show bgp neighbors command examples that follow are based on this sample configuration:
RP/0/RSP0/CPU0:router(config)# router bgp 142
RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_3 address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# next-hop-self
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# route-policy POLICY_1 in
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 15
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group GROUP_1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# use session-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# ebgp-multihop 3
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# weight 100
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# send-community-ebgp
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 multicast
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# default-originate
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.0.1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group GROUP_1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# use af-group GROUP_3
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# weight 200
The following example displayssample output from the show bgp neighbors command using the inheritance
keyword. The example shows that the neighbor inherits session parameters from neighbor group GROUP_1,
which in turn inherits from session group GROUP_2. The neighbor inherits IPv4 unicast parameters from
address family group GROUP_3 and IPv4 multicast parameters from neighbor group GROUP_1:
RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.0.1 inheritance
Session: n:GROUP_1 s:GROUP_2
IPv4 Unicast: a:GROUP_3
IPv4 Multicast: n:GROUP_1
The following example displays sample output from the show bgp neighbors command using the
configuration keyword. The example shows from where each item of configuration was inherited, or if it
was configured directly on the neighbor (indicated by [ ]). For example, the ebgp-multihop 3 command was
inherited from neighbor group GROUP_1 and the next-hop-self command was inherited from the address
family group GROUP_3:
RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.0.1 configuration
neighbor 192.168.0.1
remote-as 2 []
advertisement-interval 15 [n:GROUP_1 s:GROUP_2]
ebgp-multihop 3 [n:GROUP_1]
address-family ipv4 unicast []
next-hop-self [a:GROUP_3]
route-policy POLICY_1 in [a:GROUP_3]
weight 200 []
address-family ipv4 multicast [n:GROUP_1]
default-originate [n:GROUP_1]
show bgp af-group
Use the show bgp af-group command to display address family groups:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
16 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configuration• Use the configuration keyword to display the effective configuration for the address family group,
including any settings that have been inherited from address family groups used by this address family
group.
• Use the inheritance keyword to display the addressfamily groupsfrom which this addressfamily group
is capable of inheriting configuration.
• Use the users keyword to display the neighbors, neighbor groups, and address family groups that inherit
configuration from this address family group.
The show bgp af-group sample commands that follow are based on this sample configuration:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_3 address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# remove-private-as
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# route-policy POLICY_1 in
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_1 address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# use af-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# maximum-prefix 2500 75 warning-only
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# default-originate
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_2 address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# use af-group GROUP_3
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-community-ebgp
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-extended-community-ebgp
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# capability orf prefix both
The following example displays sample output from the show bgp af-group command using the
configuration keyword. This example shows from where each configuration item was inherited. The
default-originate command was configured directly on this address family group (indicated by [ ]). The
remove-private-as command was inherited from address family group GROUP_2, which in turn inherited
from address family group GROUP_3:
RP/0/RSP0/CPU0:router# show bgp af-group GROUP_1 configuration
af-group GROUP_1 address-family ipv4 unicast
capability orf prefix-list both [a:GROUP_2]
default-originate []
maximum-prefix 2500 75 warning-only []
route-policy POLICY_1 in [a:GROUP_2 a:GROUP_3]
remove-private-AS [a:GROUP_2 a:GROUP_3]
send-community-ebgp [a:GROUP_2]
send-extended-community-ebgp [a:GROUP_2]
The following example displays sample output from the show bgp af-group command using the users
keyword:
RP/0/RSP0/CPU0:router# show bgp af-group GROUP_2 users
IPv4 Unicast: a:GROUP_1
The following example displays sample output from the show bgp af-group command using the inheritance
keyword. This shows that the specified address family group GROUP_1 directly uses the GROUP_2 address
family group, which in turn uses the GROUP_3 address family group:
RP/0/RSP0/CPU0:router# show bgp af-group GROUP_1 inheritance
IPv4 Unicast: a:GROUP_2 a:GROUP_3
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 17
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configurationshow bgp session-group
Use the show bgp session-group command to display session groups:
• Use the configuration keyword to display the effective configuration for the session group, including
any settings that have been inherited from session groups used by this session group.
• Use the inheritance keyword to display the session groups from which this session group is capable of
inheriting configuration.
• Use the users keyword to display the session groups, neighbor groups, and neighbors that inherit
configuration from this session group.
The output from the show bgp session-group command is based on the following session group configuration:
RP/0/RSP0/CPU0:router(config)# router bgp 113
RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_1
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# use session-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# update-source Loopback 0
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# use session-group GROUP_3
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# ebgp-multihop 2
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_3
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# dmz-link-bandwidth
The following issample output from the show bgp session-group command with the configuration keyword
in EXEC mode:
RP/0/RSP0/CPU0:router# show bgp session-group GROUP_1 configuration
session-group GROUP_1
ebgp-multihop 2 [s:GROUP_2]
update-source Loopback0 []
dmz-link-bandwidth [s:GROUP_2 s:GROUP_3]
The following is sample output from the show bgp session-group command with the inheritance keyword
showing that the GROUP_1 session group inherits session parameters from the GROUP_3 and GROUP_2
session groups:
RP/0/RSP0/CPU0:router# show bgp session-group GROUP_1 inheritance
Session: s:GROUP_2 s:GROUP_3
The following issample output from the show bgp session-group command with the users keyword showing
that both the GROUP_1 and GROUP_2 session groupsinheritsession parametersfrom the GROUP_3 session
group:
RP/0/RSP0/CPU0:router# show bgp session-group GROUP_3 users
Session: s:GROUP_1 s:GROUP_2
show bgp neighbor-group
Use the show bgp neighbor-group command to display neighbor groups:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
18 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configuration• Use the configuration keyword to display the effective configuration for the neighbor group, including
any settings that have been inherited from neighbor groups used by this neighbor group.
• Use the inheritance keyword to display the address family groups, session groups, and neighbor groups
from which this neighbor group is capable of inheriting configuration.
• Use the users keyword to display the neighbors and neighbor groups that inherit configuration from this
neighbor group.
The examples are based on the following group configuration:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_3 address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# remove-private-as
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# soft-reconfiguration inbound
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_2 address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# use af-group GROUP_3
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-community-ebgp
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-extended-community-ebgp
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# capability orf prefix both
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_3
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# timers 30 90
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group GROUP_1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# remote-as 1982
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# use neighbor-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit
RP/0/RSP0/CPU0:router(config-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# use session-group GROUP_3
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast
RP/0/RSP0/CPU0:routerconfig-bgp-nbrgrp-af)# use af-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# weight 100
The following is sample output from the show bgp neighbor-group command with the configuration
keyword. The configuration setting source is shown to the right of each command. In the output shown
previously, the remote autonomous system is configured directly on neighbor group GROUP_1, and the send
community setting isinherited from neighbor group GROUP_2, which in turn inheritsthe setting from address
family group GROUP_3:
RP/0/RSP0/CPU0:router# show bgp neighbor-group GROUP_1 configuration
neighbor-group GROUP_1
remote-as 1982 []
timers 30 90 [n:GROUP_2 s:GROUP_3]
address-family ipv4 unicast []
capability orf prefix-list both [n:GROUP_2 a:GROUP_2]
remove-private-AS [n:GROUP_2 a:GROUP_2 a:GROUP_3]
send-community-ebgp [n:GROUP_2 a:GROUP_2]
send-extended-community-ebgp [n:GROUP_2 a:GROUP_2]
soft-reconfiguration inbound [n:GROUP_2 a:GROUP_2 a:GROUP_3]
weight 100 [n:GROUP_2]
The following issample output from the show bgp neighbor-group command with the inheritance keyword.
This output shows that the specified neighbor group GROUP_1 inherits session (address family-independent)
configuration parameters from neighbor group GROUP_2. Neighbor group GROUP_2 inherits its session
parameters from session group GROUP_3. It also shows that the GROUP_1 neighbor group inherits IPv4
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 19
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configurationunicast configuration parameters from the GROUP_2 neighbor group, which in turn inherits them from the
GROUP_2 address family group, which itself inherits them from the GROUP_3 address family group:
RP/0/RSP0/CPU0:router# show bgp neighbor-group GROUP_1 inheritance
Session: n:GROUP-2 s:GROUP_3
IPv4 Unicast: n:GROUP_2 a:GROUP_2 a:GROUP_3
The following is sample output from the show bgp neighbor-group command with the users keyword. This
output shows that the GROUP_1 neighbor group inherits session (address family-independent) configuration
parameters from the GROUP_2 neighbor group. The GROUP_1 neighbor group also inherits IPv4 unicast
configuration parameters from the GROUP_2 neighbor group:
RP/0/RSP0/CPU0:router# show bgp neighbor-group GROUP_2 users
Session: n:GROUP_1
IPv4 Unicast: n:GROUP_1
No Default Address Family
BGP does notsupport the concept of a default addressfamily. An addressfamily must be explicitly configured
under the BGP router configuration for the address family to be activated in BGP. Similarly, an address family
must be explicitly configured under a neighbor for the BGP session to be activated under that address family.
It is not required to have any addressfamily configured under the BGP router configuration level for a neighbor
to be configured. However, it is a requirement to have an address family configured at the BGP router
configuration level for the address family to be configured under a neighbor.
Routing Policy Enforcement
External BGP (eBGP) neighbors must have an inbound and outbound policy configured. If no policy is
configured, no routes are accepted from the neighbor, nor are any routes advertised to it. This added security
measure ensures that routes cannot accidentally be accepted or advertised in the case of a configuration
omission error.
This enforcement affects only eBGP neighbors (neighbors in a different autonomous system than this
router). For internal BGP (iBGP) neighbors (neighbors in the same autonomous system), all routes are
accepted or advertised if there is no policy.
Note
In the following example, for an eBGP neighbor, if all routes should be accepted and advertised with no
modifications, a simple pass-all policy is configured:
RP/0/RSP0/CPU0:router(config)# route-policy pass-all
RP/0/RSP0/CPU0:router(config-rpl)# pass
RP/0/RSP0/CPU0:router(config-rpl)# end-policy
RP/0/RSP0/CPU0:router(config)# commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
20 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
No Default Address FamilyUse the route-policy (BGP) command in the neighbor address-family configuration mode to apply the pass-all
policy to a neighbor. The following example shows how to allow all IPv4 unicast routes to be received from
neighbor 192.168.40.42 and advertise all IPv4 unicast routes back to it:
RP/0/RSP0/CPU0:router(config)# router bgp 1
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.40.24
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 21
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit
Use the show bgp summary command to display eBGP neighbors that do not have both an inbound and
outbound policy for every active addressfamily. In the following example,such eBGP neighbors are indicated
in the output with an exclamation (!) mark:
RP/0/RSP0/CPU0:router# show bgp all all summary
Address Family: IPv4 Unicast
============================
BGP router identifier 10.0.0.1, local AS number 1
BGP generic scan interval 60 secs
BGP main routing table version 41
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RecvTblVer bRIB/RIB SendTblVer
Speaker 41 41 41
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.0.101.1 0 1 919 925 41 0 0 15:15:08 10
10.0.101.2 0 2 0 0 0 0 0 00:00:00 Idle
Address Family: IPv4 Multicast
==============================
BGP router identifier 10.0.0.1, local AS number 1
BGP generic scan interval 60 secs
BGP main routing table version 1
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RecvTblVer bRIB/RIB SendTblVer
Speaker 1 1 1
Some configured eBGP neighbors do not have both inbound and
outbound policies configured for IPv4 Multicast address family.
These neighbors will default to sending and/or receiving no
routes and are marked with ’!’ in the output below. Use the
’show bgp neighbor ’ command for details.
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.0.101.2 0 2 0 0 0 0 0 00:00:00 Idle!
Address Family: IPv6 Unicast
============================
BGP router identifier 10.0.0.1, local AS number 1
BGP generic scan interval 60 secs
BGP main routing table version 2
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RecvTblVer bRIB/RIB SendTblVer
Speaker 2 2 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 21
Implementing BGP on Cisco ASR 9000 Series Router
Routing Policy EnforcementNeighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
2222::2 0 2 920 918 2 0 0 15:15:11 1
2222::4 0 3 0 0 0 0 0 00:00:00 Idle
Address Family: IPv6 Multicast
==============================
BGP router identifier 10.0.0.1, local AS number 1
BGP generic scan interval 60 secs
BGP main routing table version 1
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RecvTblVer bRIB/RIB SendTblVer
Speaker 1 1 1
Some configured eBGP neighbors do not have both inbound and
outbound policies configured for IPv6 Multicast address family.
These neighbors will default to sending and/or receiving no
routes and are marked with ’!’ in the output below. Use the
’show bgp neighbor ’ command for details.
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
2222::2 0 2 920 918 0 0 0 15:15:11 0
2222::4 0 3 0 0 0 0 0 00:00:00 Idle!
Table Policy
The table policy feature in BGP allows you to configure traffic index values on routes as they are installed in
the global routing table. This feature is enabled using the table-policy command and supports the BGP policy
accounting feature.
BGP policy accounting uses traffic indices that are set on BGP routes to track various counters. See the
Implementing Routing Policy on Cisco ASR 9000 Series Router module in the Cisco ASR 9000 Series
Aggregation Services Router Routing Configuration Guide for details on table policy use. See the Cisco
Express Forwarding Commands on Cisco ASR 9000 Series Router module in the Cisco ASR 9000 Series
Aggregation Services Router IP Addresses and Services Command Reference for details on BGP policy
accounting.
Table policy also provides the ability to drop routes from the RIB based on match criteria. This feature can
be useful in certain applications and should be used with caution as it can easily create a routing ‘black hole’
where BGP advertises routes to neighbors that BGP does not install in its global routing table and forwarding
table.
Update Groups
The BGP Update Groups feature contains an algorithm that dynamically calculates and optimizes update
groups of neighborsthatshare outbound policies and can share the update messages. The BGP Update Groups
feature separates update group replication from peer group configuration, improving convergence time and
flexibility of neighbor configuration.
To use this feature, you must understand the following concepts:
Related Topics
BGP Update Generation and Update Groups , on page 23
BGP Update Group , on page 23
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
22 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Table PolicyBGP Update Generation and Update Groups
The BGP Update Groups feature separates BGP update generation from neighbor configuration. The BGP
Update Groups feature introduces an algorithm that dynamically calculates BGP update group membership
based on outbound routing policies. This feature does not require any configuration by the network operator.
Update group-based message generation occurs automatically and independently.
BGP Update Group
When a change to the configuration occurs, the router automatically recalculates update group memberships
and applies the changes.
For the best optimization of BGP update group generation, we recommend that the network operator keeps
outbound routing policy the same for neighbors that have similar outbound policies. This feature contains
commands for monitoring BGP update groups. For more information about the commands, see Monitoring
BGP Update Groups, on page 131.
BGP Cost Community
The BGP cost community is a nontransitive extended community attribute that is passed to internal BGP
(iBGP) and confederation peers but not to external BGP (eBGP) peers. The cost community feature allows
you to customize the local route preference and influence the best-path selection process by assigning cost
values to specific routes. The extended community format defines generic points of insertion (POI) that
influence the best-path decision at different points in the best-path algorithm.
The cost community attribute is applied to internal routes by configuring the set extcommunity cost command
in a route policy. See the Routing Policy Language Commands on Cisco ASR 9000 Series Router module
of Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference for information on the
set extcommunity cost command. The cost community set clause is configured with a cost community ID
number (0–255) and cost community number (0–4294967295). The cost community number determines the
preference for the path. The path with the lowest cost community number is preferred. Paths that are not
specifically configured with the cost community number are assigned a default cost community number of
2147483647 (the midpoint between 0 and 4294967295) and evaluated by the best-path selection process
accordingly. When two paths have been configured with the same cost community number, the path selection
process prefers the path with the lowest cost community ID. The cost-extended community attribute is
propagated to iBGP peers when extended community exchange is enabled.
The following commands include the route-policy keyword, which you can use to apply a route policy that
is configured with the cost community set clause:
• aggregate-address
• redistribute
• network
How BGP Cost Community Influences the Best Path Selection Process
The cost community attribute influences the BGP best-path selection process at the point of insertion (POI).
By default, the POI follows the Interior Gateway Protocol (IGP) metric comparison. When BGP receives
multiple paths to the same destination, it uses the best-path selection process to determine which path is the
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 23
Implementing BGP on Cisco ASR 9000 Series Router
BGP Cost Communitybest path. BGP automatically makesthe decision and installsthe best path in the routing table. The POI allows
you to assign a preference to a specific path when multiple equal cost paths are available. If the POI is not
valid for local best-path selection, the cost community attribute is silently ignored.
Cost communities are sorted first by POI then by community ID. Multiple paths can be configured with the
cost community attribute for the same POI. The path with the lowest cost community ID is considered first.
In other words, all cost community paths for a specific POI are considered, starting with the one with the
lowest cost community. Paths that do not contain the cost community cost (for the POI and community ID
being evaluated) are assigned the default community cost value (2147483647). If the cost community values
are equal, then cost community comparison proceeds to the next lowest community ID for this POI.
To select the path with the lower cost community, simultaneously walk through the cost communities of both
paths. Thisis done by maintaining two pointersto the cost community chain, one for each path, and advancing
both pointers to the next applicable cost community at each step of the walk for the given POI, in order of
community ID, and stop when a best path is chosen or the comparison is a tie. At each step of the walk, the
following checks are done:
If neither pointer refers to a cost community,
Declare a tie;
Elseif a cost community is found for one path but not for the other,
Choose the path with cost community as best path;
Elseif the Community ID from one path is less than the other,
Choose the path with the lesser Community ID as best path;
Elseif the Cost from one path is less than the other,
Choose the path with the lesser Cost as best path;
Else Continue.
Paths that are not configured with the cost community attribute are considered by the best-path selection
process to have the default cost value (half of the maximum value [4294967295] or 2147483647).
Note
Applying the cost community attribute at the POI allows you to assign a value to a path originated or learned
by a peer in any part of the local autonomous system or confederation. The cost community can be used as a
“tie breaker” during the best-path selection process. Multiple instances of the cost community can be configured
for separate equal cost paths within the same autonomous system or confederation. For example, a lower cost
community value can be applied to a specific exit path in a network with multiple equal cost exit points, and
the specific exit path is preferred by the BGP best-path selection process. See the scenario described
inInfluencing Route Preference in a Multiexit IGP Network, on page 26.
The cost community comparison in BGP is enabled by default. Use the bgp bestpath cost-community
ignore command to disable the comparison.
Note
SeeBGP Best Path Algorithm, on page 28 for information on the BGP best-path selection process.
Cost Community Support for Aggregate Routes and Multipaths
The BGP cost community feature supports aggregate routes and multipaths. The cost community attribute
can be applied to either type of route. The cost community attribute is passed to the aggregate or multipath
route from component routes that carry the cost community attribute. Only unique IDs are passed, and only
the highest cost of any individual component route is applied to the aggregate for each ID. If multiple component
routes contain the same ID, the highest configured cost is applied to the route. For example, the following
two component routes are configured with the cost community attribute using an inbound route policy:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
24 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Cost Community• 10.0.0.1
? POI=IGP
? cost community ID=1
? cost number=100
• 192.168.0.1
? POI=IGP
? cost community ID=1
? cost number=200
If these component routes are aggregated or configured as a multipath, the cost value 200 is advertised,
because it has the highest cost.
If one or more component routes do not carry the cost community attribute or the component routes are
configured with different IDs, then the default value (2147483647) is advertised for the aggregate or
multipath route. For example, the following three component routes are configured with the cost
community attribute using an inbound route policy. However, the component routes are configured with
two different IDs.
• 10.0.0.1
? POI=IGP
? cost community ID=1
? cost number=100
• 172.16.0.1
? POI=IGP
? cost community ID=2
? cost number=100
• 192.168.0.1
? POI=IGP
? cost community ID=1
? cost number=200
The single advertised path includes the aggregate cost communities as follows:
{POI=IGP, ID=1, Cost=2147483647} {POI-IGP, ID=2, Cost=2147483647}
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 25
Implementing BGP on Cisco ASR 9000 Series Router
BGP Cost CommunityInfluencing Route Preference in a Multiexit IGP Network
This figure shows an IGP network with two autonomous system boundary routers (ASBRs) on the edge. Each
ASBR has an equal cost path to network 10.8/16.
Figure 1: Multiexit Point IGP Network
Both paths are considered to be equal by BGP. If multipath loadsharing is configured, both pathsto the routing
table are installed and are used to balance the load of traffic. If multipath load balancing is not configured,
the BGP selects the path that was learned first as the best path and installs this path to the routing table. This
behavior may not be desirable under some conditions. For example, the path is learned from ISP1 PE2 first,
but the link between ISP1 PE2 and ASBR1 is a low-speed link.
The configuration of the cost community attribute can be used to influence the BGP best-path selection process
by applying a lower-cost community value to the path learned by ASBR2. For example, the following
configuration is applied to ASBR2:
RP/0/RSP0/CPU0:router(config)# route-policy ISP2_PE1
RP/0/RSP0/CPU0:router(config-rpl)# set extcommunity cost (1:1)
The preceding route policy applies a cost community number of 1 to the 10.8.0.0 route. By default, the path
learned from ASBR1 is assigned a cost community number of 2147483647. Because the path learned from
ASBR2 has a lower-cost community number, the path is preferred.
BGP Cost Community Support for EIGRP MPLS VPN PE-CE with Back-door Links
Back-door links in an EIGRP MPLS VPN topology is preferred by BGP if the back-door link is learned first.
(A back-door link, or route, is a connection that is configured outside of the VPN between a remote and main
site; for example, a WAN leased line that connects a remote site to the corporate network.)
The “prebest path” point of insertion (POI) in the BGP cost community feature supports mixed EIGRP VPN
network topologies that contain VPN and back-door links. This POI is applied automatically to EIGRP routes
that are redistributed into BGP. The “prebest path” POI carries the EIGRP route type and metric. This POI
influencesthe best-path calculation process by influencing BGP to consider the POI before any other comparison
step. No configuration is required. This feature is enabled automatically for EIGRP VPN sites when Cisco
IOS XR software is installed on a PE, CE, or back-door router.
For information about configuring EIGRP MPLS VPNs,see the Cisco ASR 9000 Series Aggregation Services
Router MPLS Configuration Guide.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
26 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Cost CommunityThis figure shows how cost community can be used to support backdoor links in a network.
Figure 2: Network Showing How Cost Community Can be Used to Support Backdoor Links
The following sequence of events happens in PE1:
1 PE1 learns IPv4 prefix 10.1.1.0/24 from CE1 through EIGRP running a virtual routing and forwarding
(VRF) instance. EIGRP selects and installs the best path in the RIB. It also encodes the cost-extended
community and adds the information to the RIB.
2 The route is redistributed into BGP (assuming that IGP-to-BGP redistribution is configured). BGP also
receives the cost-extended community from the route through the redistribution process.
3 After BGP has determined the best path for the newly redistributed prefix, the path is advertised to PE
peers (PE2).
4 PE2 receives the BGP VPNv4 prefix route_distinguisher:10.1.1.0/24 along with the cost community. It
is likely that CE2 advertises the same prefix (because of the back-door link between CE1 and CE2) to
PE2 through EIGRP. PE2 BGP would have already learned the CE route through the redistribution process
along with the cost community value
5 PE2 has two paths within BGP: one with cost community cost1 through multipath BGP (PE1) and another
with cost community cost2 through the EIGRP neighbor (CE2).
6 PE2 runs the enhanced BGP best-path calculation.
7 PE2 installs the best path in the RIB passing the appropriate cost community value.
8 PE2 RIB has two paths for 10.1.1.0/24: one with cost community cost2 added by EIGRP and another with
the cost community cost1 added by BGP. Because both the route paths have cost community, RIB compares
the costs first. The BGP path has the lower cost community, so it is selected and downloaded to the RIB.
9 PE2 RIB redistributes the BGP path into EIGRP with VRF. EIGRP runs a diffusing update algorithm
(DUAL) because there are two paths, and selects the BGP-redistributed path.
10 PE2 EIGRP advertises the path to CE2 making the path the next hop for the prefix to send the traffic over
the MPLS network.
Adding Routes to the Routing Information Base
If a nonsourced path becomes the best path after the best-path calculation, BGP adds the route to the Routing
Information Base (RIB) and passes the cost communities along with the other IGP extended communities.
When a route with paths is added to the RIB by a protocol, RIB checks the current best paths for the route
and the added pathsfor cost extended communities. If cost-extended communities are found, the RIB compares
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 27
Implementing BGP on Cisco ASR 9000 Series Router
BGP Cost Communitythe set of cost communities. If the comparison does not result in a tie, the appropriate best path is chosen. If
the comparison results in a tie, the RIB proceeds with the remaining steps of the best-path algorithm. If a cost
community is not present in either the current best paths or added paths, then the RIB continues with the
remaining steps of the best-path algorithm. See BGP Best Path Algorithm, on page 28 for information on
the BGP best-path algorithm.
BGP Best Path Algorithm
BGP routerstypically receive multiple pathsto the same destination. The BGP best-path algorithm determines
the best path to install in the IP routing table and to use for forwarding traffic. This section describes the Cisco
IOS XR software implementation of BGP best-path algorithm, as specified in Section 9.1 of the Internet
Engineering Task Force (IETF) Network Working Group draft-ietf-idr-bgp4-24.txt document.
The BGP best-path algorithm implementation is in three parts:
• Part 1—Compares two paths to determine which is better.
• Part 2—Iterates over all paths and determines which order to compare the paths to select the overall best
path.
• Part 3—Determines whether the old and new best paths differ enough so that the new best path should
be used.
The order of comparison determined by Part 2 is important because the comparison operation is not
transitive; that is, if three paths, A, B, and C exist, such that when A and B are compared, A is better, and
when B and C are compared, B is better, it is not necessarily the case that when A and C are compared,
A is better. This nontransitivity arises because the multi exit discriminator (MED) is compared only among
paths from the same neighboring autonomous system (AS) and not among all paths.
Note
Comparing Pairs of Paths
Perform the following steps to compare two paths and determine the better path:
1 If either path isinvalid (for example, a path hasthe maximum possible MED value or it has an unreachable
next hop), then the other path is chosen (provided that the path is valid).
2 If the paths have unequal pre-bestpath cost communities, the path with the lower pre-bestpath cost
community is selected as the best path.
Note See BGP Cost Community, on page 23 for details on how cost communities are compared.
3 If the paths have unequal weights, the path with the highest weight is chosen.
The weight is entirely local to the router, and can be set with the weight command or using a routing
policy.
Note
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
28 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Best Path Algorithm4 If the paths have unequal local preferences, the path with the higher local preference is chosen.
If a local preference attribute was received with the path or was set by a routing policy, then that value is
used in this comparison. Otherwise, the default local preference value of 100 is used. The default value
can be changed using the bgp default local-preference command.
Note
5 If one of the paths is a redistributed path, which results from a redistribute or network command, then
it is chosen. Otherwise, if one of the paths is a locally generated aggregate, which results from an
aggregate-address command, it is chosen.
Note Step 1 through Step 4 implement the “Path Selection with BGP”of RFC 1268.
6 If the paths have unequal AS path lengths, the path with the shorter AS path is chosen. This step is skipped
if bgp bestpath as-path ignore command is configured.
Note When calculating the length of the AS path, confederation segments are ignored, and AS sets count as 1.
eiBGP specifies internal and external BGP multipath peers. eiBGP allows simultaneous use of internal
and external paths.
Note
7 If the paths have different origins, the path with the lower origin is selected. Interior Gateway Protocol
(IGP) is considered lower than EGP, which is considered lower than INCOMPLETE.
8 If appropriate, the MED of the paths is compared. If they are unequal, the path with the lower MED is
chosen.
A number of configuration options exist that affect whether or not this step is performed. In general, the
MED is compared if both paths were received from neighbors in the same AS; otherwise the MED
comparison is skipped. However, this behavior is modified by certain configuration options, and there are
also some corner cases to consider.
If the bgp bestpath med always command is configured, then the MED comparison is always performed,
regardless of neighbor AS in the paths. Otherwise, MED comparison depends on the AS paths of the two
paths being compared, as follows:
• If a path has no AS path or the AS path starts with an AS_SET, then the path is considered to be
internal, and the MED is compared with other internal paths.
• If the AS path starts with an AS_SEQUENCE, then the neighbor AS is the first AS number in the
sequence, and the MED is compared with other paths that have the same neighbor AS.
• If the AS path contains only confederation segments or starts with confederation segments followed
by an AS_SET, then the MED is not compared with any other path unless the bgp bestpath med
confed command is configured. In that case, the path is considered internal and the MED is compared
with other internal paths.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 29
Implementing BGP on Cisco ASR 9000 Series Router
BGP Best Path Algorithm• If the AS path starts with confederation segmentsfollowed by an AS_SEQUENCE, then the neighbor
AS is the first AS number in the AS_SEQUENCE, and the MED is compared with other paths that
have the same neighbor AS.
If no MED attribute wasreceived with the path, then the MED is considered to be 0 unlessthe bgp bestpath
med missing-as-worst command is configured. In that case, if no MED attribute was received, the MED
is considered to be the highest possible value.
Note
9 If one path is received from an external peer and the other is received from an internal (or confederation)
peer, the path from the external peer is chosen.
10 If the paths have different IGP metrics to their next hops, the path with the lower IGP metric is chosen.
11 If the paths have unequal IP cost communities, the path with the lower IP cost community is selected as
the best path.
Note See the BGP Cost Community, on page 23 for details on how cost communities are compared.
12 If all path parameters in Step 1 through Step 10 are the same, then the router IDs are compared. If the path
was received with an originator attribute, then that is used as the router ID to compare; otherwise, the
router ID of the neighbor from which the path was received is used. If the paths have different router IDs,
the path with the lower router ID is chosen.
Where the originator is used as the router ID, it is possible to have two paths with the same router ID. It
is also possible to have two BGP sessions with the same peer router, and therefore receive two paths with
the same router ID.
Note
13 If the paths have different cluster lengths, the path with the shorter cluster length is selected. If a path was
not received with a cluster list attribute, it is considered to have a cluster length of 0.
14 Finally, the path received from the neighbor with the lower IP address is chosen. Locally generated paths
(for example, redistributed paths) are considered to have a neighbor IP address of 0.
Order of Comparisons
The second part of the BGP best-path algorithm implementation determines the order in which the paths
should be compared. The order of comparison is determined as follows:
1 The paths are partitioned into groups such that within each group the MED can be compared among all
paths. The same rules as in Comparing Pairs of Paths, on page 28 are used to determine whether MED
can be compared between any two paths. Normally, this comparison resultsin one group for each neighbor
AS. If the bgp bestpath med always command is configured, then there is just one group containing all
the paths.
2 The best path in each group is determined. Determining the best path is achieved by iterating through all
pathsin the group and keeping track of the best one seen so far. Each path is compared with the best-so-far,
and if it is better, it becomes the new best-so-far and is compared with the next path in the group.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
30 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Best Path Algorithm3 A set of paths is formed containing the best path selected from each group in Step 2. The overall best path
is selected from this set of paths, by iterating through them as in Step 2.
Best Path Change Suppression
The third part of the implementation is to determine whether the best-path change can be suppressed or
not—whether the new best path should be used, or continue using the existing best path. The existing best
path can continue to be used if the new one is identical to the point at which the best-path selection algorithm
becomes arbitrary (if the router-id is the same). Continuing to use the existing best path can avoid churn in
the network.
This suppression behavior does not comply with the IETF Networking Working Group
draft-ietf-idr-bgp4-24.txt document, but is specified in the IETF Networking Working Group
draft-ietf-idr-avoid-transition-00.txt document.
Note
The suppression behavior can be turned off by configuring the bgp bestpath compare-routerid command.
If this command is configured, the new best path is always preferred to the existing one.
Otherwise, the following steps are used to determine whether the best-path change can be suppressed:
1 If the existing best path is no longer valid, the change cannot be suppressed.
2 If either the existing or new best paths were received from internal (or confederation) peers or were locally
generated (for example, by redistribution), then the change cannot be suppressed. That is, suppression is
possible only if both paths were received from external peers.
3 If the paths were received from the same peer (the paths would have the same router-id), the change cannot
be suppressed. The router ID is calculated using rules in Comparing Pairs of Paths, on page 28.
4 If the paths have different weights, local preferences, origins, or IGP metrics to their next hops, then the
change cannot be suppressed. Note that all these values are calculated using the rules in Comparing Pairs
of Paths, on page 28.
5 If the paths have different-length AS paths and the bgp bestpath as-path ignore command is not configured,
then the change cannot be suppressed. Again, the AS path length is calculated using the rulesin Comparing
Pairs of Paths, on page 28.
6 If the MED of the paths can be compared and the MEDs are different, then the change cannot be suppressed.
The decision as to whether the MEDs can be compared is exactly the same as the rules in Comparing Pairs
of Paths, on page 28, as is the calculation of the MED value.
7 If all path parameters in Step 1 through Step 6 do not apply, the change can be suppressed.
Administrative Distance
An administrative distance is a rating of the trustworthiness of a routing information source. In general, the
higher the value, the lower the trust rating. For information on specifying the administrative distance for BGP,
see the BGP Commands module of the Cisco ASR 9000 Series Aggregation Services Router Routing Command
Reference
Normally, a route can be learned through more than one protocol. Administrative distance is used to discriminate
between routes learned from more than one protocol. The route with the lowest administrative distance is
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 31
Implementing BGP on Cisco ASR 9000 Series Router
Administrative Distanceinstalled in the IP routing table. By default, BGP uses the administrative distances shown in Table 2: BGP
Default Administrative Distances, on page 32.
Table 2: BGP Default Administrative Distances
Distance Default Value Function
Applied to routes learned from
eBGP.
External 20
Applied to routes learned from
iBGP.
Internal 200
Applied to routes originated by the
router.
Local 200
Distance does not influence the BGP path selection algorithm, but it does influence whether BGP-learned
routes are installed in the IP routing table.
Note
In most cases, when a route is learned through eBGP, it is installed in the IP routing table because of its
distance (20). Sometimes, however, two ASs have an IGP-learned back-door route and an eBGP-learned
route. Their policy might be to use the IGP-learned path as the preferred path and to use the eBGP-learned
path when the IGP path is down. See Figure 3: Back Door Example , on page 32.
Figure 3: Back Door Example
In Figure 3: Back Door Example , on page 32, Routers A and C and Routers B and C are running eBGP.
Routers A and B are running an IGP (such as Routing Information Protocol [RIP], Interior Gateway Routing
Protocol [IGRP], Enhanced IGRP, or Open Shortest Path First [OSPF]). The default distances for RIP, IGRP,
Enhanced IGRP, and OSPF are 120, 100, 90, and 110, respectively. All these distances are higher than the
default distance of eBGP, which is 20. Usually, the route with the lowest distance is preferred.
Router A receives updates about 160.10.0.0 from two routing protocols: eBGP and IGP. Because the default
distance for eBGP is lower than the default distance of the IGP, Router A chooses the eBGP-learned route
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
32 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Administrative Distancefrom Router C. If you want Router A to learn about 160.10.0.0 from Router B (IGP), establish a BGP back
door. See .
In the following example, a network back-door is configured:
RP/0/RSP0/CPU0:router(config)# router bgp 100
RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-af)# network 160.10.0.0/16 backdoor
Router A treats the eBGP-learned route as local and installs it in the IP routing table with a distance of 200.
The network is also learned through Enhanced IGRP (with a distance of 90), so the Enhanced IGRP route is
successfully installed in the IP routing table and is used to forward traffic. If the Enhanced IGRP-learned
route goes down, the eBGP-learned route is installed in the IP routing table and is used to forward traffic.
Although BGP treats network 160.10.0.0 as a local entry, it does not advertise network 160.10.0.0 asit normally
would advertise a local entry.
Multiprotocol BGP
Multiprotocol BGP is an enhanced BGP that carries routing information for multiple network layer protocols
and IP multicast routes. BGP carries two sets of routes, one set for unicast routing and one set for multicast
routing. The routes associated with multicast routing are used by the Protocol Independent Multicast (PIM)
feature to build data distribution trees.
Multiprotocol BGP is useful when you want a link dedicated to multicast traffic, perhaps to limit which
resources are used for which traffic. Multiprotocol BGP allows you to have a unicast routing topology different
from a multicast routing topology providing more control over your network and resources.
In BGP, the only way to perform interdomain multicast routing was to use the BGP infrastructure that was
in place for unicast routing. Perhaps you want all multicast traffic exchanged at one network access point
(NAP). If those routers were not multicast capable, or there were differing policies for which you wanted
multicast traffic to flow, multicast routing could not be supported without multiprotocol BGP.
It is possible to configure BGP peers that exchange both unicast and multicast network layer reachability
information (NLRI), but you cannot connect multiprotocol BGP clouds with a BGP cloud. That is, you
cannot redistribute multiprotocol BGP routes into BGP.
Note
Figure 4: Noncongruent Unicast and Multicast Routes, on page 34 illustrates simple unicast and multicast
topologies that are incongruent, and therefore are not possible without multiprotocol BGP.
Autonomous systems 100, 200, and 300 are each connected to two NAPs that are FDDI rings. One is used
for unicast peering (and therefore the exchange of unicast traffic). The Multicast Friendly Interconnect (MFI)
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 33
Implementing BGP on Cisco ASR 9000 Series Router
Multiprotocol BGPring is used for multicast peering (and therefore the exchange of multicast traffic). Each router is unicast and
multicast capable.
Figure 4: Noncongruent Unicast and Multicast Routes
Figure 5: Multicast BGP Environment, on page 35 is a topology of unicast-only routers and multicast-only
routers. The two routers on the left are unicast-only routers (that is, they do not support or are not configured
to perform multicast routing). The two routers on the right are multicast-only routers. Routers A and B support
both unicast and multicast routing. The unicast-only and multicast-only routers are connected to a single NAP.
In Figure 5: Multicast BGP Environment, on page 35, only unicast traffic can travel from Router A to the
unicast routers to Router B and back. Multicast traffic could not flow on that path, so another routing table is
required. Multicast traffic uses the path from Router A to the multicast routers to Router B and back.
Figure 5: Multicast BGP Environment, on page 35 illustrates a multiprotocol BGP environment with a
separate unicast route and multicast route from Router A to Router B. Multiprotocol BGP allows these routes
to be incongruent. Both of the autonomous systems must be configured for internal multiprotocol BGP
(IMBGP) in the figure.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
34 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Multiprotocol BGPA multicast routing protocol,such as PIM, usesthe multicast BGP database to perform Reverse Path Forwarding
(RPF) lookupsfor multicast-capable sources. Thus, packets can be sent and accepted on the multicast topology
but not on the unicast topology.
Figure 5: Multicast BGP Environment
Route Dampening
Route dampening is a BGP feature that minimizes the propagation of flapping routes across an internetwork.
A route is considered to be flapping when it is repeatedly available, then unavailable, then available, then
unavailable, and so on.
For example, consider a network with three BGP autonomous systems: autonomous system 1, autonomous
system 2, and autonomoussystem 3. Suppose the route to network A in autonomoussystem 1 flaps(it becomes
unavailable). Under circumstances without route dampening, the eBGP neighbor of autonomous system 1 to
autonomous system 2 sends a withdraw message to autonomous system 2. The border router in autonomous
system 2, in turn, propagates the withdrawal message to autonomous system 3. When the route to network A
reappears, autonomous system 1 sends an advertisement message to autonomous system 2, which sends it to
autonomous system 3. If the route to network A repeatedly becomes unavailable, then available, many
withdrawal and advertisement messages are sent. Route flapping is a problem in an internetwork connected
to the Internet, because a route flap in the Internet backbone usually involves many routes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 35
Implementing BGP on Cisco ASR 9000 Series Router
Route DampeningMinimizing Flapping
The route dampening feature minimizes the flapping problem as follows. Suppose again that the route to
network A flaps. The router in autonomous system 2 (in which route dampening is enabled) assigns network
A a penalty of 1000 and moves it to history state. The router in autonomous system 2 continues to advertise
the status of the route to neighbors. The penalties are cumulative. When the route flaps so often that the penalty
exceeds a configurable suppression limit, the router stops advertising the route to network A, regardless of
how many times it flaps. Thus, the route is dampened.
The penalty placed on network A is decayed until the reuse limit is reached, upon which the route is once
again advertised. At half of the reuse limit, the dampening information for the route to network A is removed.
No penalty is applied to a BGP peer reset when route dampening is enabled, even though the reset withdraws
the route.
Note
BGP Routing Domain Confederation
One way to reduce the iBGP mesh is to divide an autonomous system into multiple subautonomous systems
and group them into a single confederation. To the outside world, the confederation looks like a single
autonomous system. Each autonomous system is fully meshed within itself and has a few connections to other
autonomous systems in the same confederation. Although the peers in different autonomous systems have
eBGP sessions, they exchange routing information as if they were iBGP peers. Specifically, the next hop,
MED, and local preference information is preserved. This feature allows you to retain a single IGP for all of
the autonomous systems.
BGP Route Reflectors
BGP requires that all iBGP speakers be fully meshed. However, this requirement does not scale well when
there are many iBGP speakers. Instead of configuring a confederation, you can reduce the iBGP mesh by
using a route reflector configuration.
Figure 6: Three Fully Meshed iBGP Speakers, on page 37 illustrates a simple iBGP configuration with three
iBGP speakers(routers A, B, and C). Without route reflectors, when Router A receives a route from an external
neighbor, it must advertise it to both routers B and C. Routers B and C do not readvertise the iBGP learned
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
36 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Routing Domain Confederationroute to other iBGP speakers because the routers do not pass on routes learned from internal neighbors to
other internal neighbors, thus preventing a routing information loop.
Figure 6: Three Fully Meshed iBGP Speakers
With route reflectors, all iBGP speakers need not be fully meshed because there is a method to pass learned
routes to neighbors. In this model, an iBGP peer is configured to be a route reflector responsible for passing
iBGP learned routes to a set of iBGP neighbors. In Figure 7: Simple BGP Model with a Route Reflector, on
page 38 , Router B is configured as a route reflector. When the route reflector receives routes advertised from
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 37
Implementing BGP on Cisco ASR 9000 Series Router
BGP Route ReflectorsRouter A, it advertisesthem to Router C, and vice versa. Thisscheme eliminatesthe need for the iBGP session
between routers A and C.
Figure 7: Simple BGP Model with a Route Reflector
The internal peers of the route reflector are divided into two groups: client peers and all other routers in the
autonomous system (nonclient peers). A route reflector reflects routes between these two groups. The route
reflector and its client peers form a cluster. The nonclient peers must be fully meshed with each other, but the
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
38 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Route Reflectorsclient peers need not be fully meshed. The clients in the cluster do not communicate with iBGP speakers
outside their cluster.
Figure 8: More Complex BGP Route Reflector Model
Figure 8: More Complex BGP Route Reflector Model, on page 39 illustrates a more complex route reflector
scheme. Router A is the route reflector in a cluster with routers B, C, and D. Routers E, F, and G are fully
meshed, nonclient routers.
When the route reflector receives an advertised route, depending on the neighbor, it takesthe following actions:
• A route from an external BGP speaker is advertised to all clients and nonclient peers.
• A route from a nonclient peer is advertised to all clients.
• A route from a client is advertised to all clients and nonclient peers. Hence, the clients need not be fully
meshed.
Along with route reflector-aware BGP speakers, it is possible to have BGP speakers that do not understand
the concept of route reflectors. They can be members of either client or nonclient groups, allowing an easy
and gradual migration from the old BGP model to the route reflector model. Initially, you could create a single
cluster with a route reflector and a few clients. All other iBGP speakers could be nonclient peers to the route
reflector and then more clusters could be created gradually.
An autonomous system can have multiple route reflectors. A route reflector treats other route reflectors just
like other iBGP speakers. A route reflector can be configured to have other route reflectors in a client group
or nonclient group. In a simple configuration, the backbone could be divided into many clusters. Each route
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 39
Implementing BGP on Cisco ASR 9000 Series Router
BGP Route Reflectorsreflector would be configured with other route reflectors as nonclient peers (thus, all route reflectors are fully
meshed). The clients are configured to maintain iBGP sessions with only the route reflector in their cluster.
Usually, a cluster of clients has a single route reflector. In that case, the cluster is identified by the router ID
of the route reflector. To increase redundancy and avoid a single point of failure, a cluster might have more
than one route reflector. In this case, all route reflectors in the cluster must be configured with the cluster ID
so that a route reflector can recognize updates from route reflectors in the same cluster. All route reflectors
serving a cluster should be fully meshed and all of them should have identical sets of client and nonclient
peers.
By default, the clients of a route reflector are not required to be fully meshed and the routes from a client are
reflected to other clients. However, if the clients are fully meshed, the route reflector need not reflect routes
to clients.
As the iBGP learned routes are reflected, routing information may loop. The route reflector model has the
following mechanisms to avoid routing loops:
• Originator ID is an optional, nontransitive BGP attribute. It is a 4-byte attributed created by a route
reflector. The attribute carriesthe router ID of the originator of the route in the local autonomoussystem.
Therefore, if a misconfiguration causesrouting information to come back to the originator, the information
is ignored.
• Cluster-list is an optional, nontransitive BGP attribute. It is a sequence of cluster IDs that the route has
passed. When a route reflector reflects a route from its clients to nonclient peers, and vice versa, it
appends the local cluster ID to the cluster-list. If the cluster-list is empty, a new cluster-list is created.
Using this attribute, a route reflector can identify if routing information is looped back to the same cluster
due to misconfiguration. If the local cluster ID is found in the cluster-list, the advertisement is ignored.
Default Address Family for show Commands
Most of the show commands provide address family (AFI) and subaddress family (SAFI) arguments (see
RFC 1700 and RFC 2858 for information on AFI and SAFI). The Cisco IOS XR software parser provides the
ability to set the afi and safi so that it is not necessary to specify them while running a show command. The
parser commands are:
• set default-afi { ipv4 | ipv6 | all }
• set default-safi { unicast | multicast | all }
The parser automatically sets the default afi value to ipv4 and default safi value to unicast . It is necessary
to use only the parser commands to change the default afi value from ipv4 or default safi value from unicast
. Any afi or safi keyword specified in a show command overrides the values set using the parser commands.
Use the following show default-afi-safi-vrf command to check the currently set value of the afi and safi.
Distributed BGP
Distributed BGP splits BGP functionality into three process types:
• BGP process manager—Responsible for verifying configuration changes and for calculating and
publishing the distribution of neighbors among BGP speaker processes.
There is a single instance of this process.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
40 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Default Address Family for show Commands• bRIB process—Responsible for performing the best-path calculation of routes (receives partial best
paths from the speaker). The best route is installed into the bRIB and is advertised back to all speakers.
See the BGP Best Path Algorithm, on page 28 for information on best-path calculation. The bRIB
process is also responsible for installing routes in the RIB, and for handling routes redistributed from
the RIB. To accommodate route leaking from one RIB to another, bRIB may register for redistribution
from multiple RIB routes into a single route in the bRIB process.
There is a single instance of this process for each address family.
• BGP speaker process—Responsible for handling all BGP connections to peers. The speaker stores
received paths in the RIB and performs a partial best-path calculation, advertising the partial best paths
to the bRIB (limited best-path calculation). Speakers perform a limited best-path calculation because to
compare Multi Exit Discriminators (MEDs), paths need to be compared from the same AS but may not
be received on the same speaker. Because BGP speakers do not have access to the entire BGP local RIB,
BGP speakers can perform only a limited best-path calculation. (These are Step 1 through Step 7 in the
BGP Best Path Algorithm, on page 28.) Only the best paths are advertised to the bRIB to reduce
speaker/bRIB interprocess communications (IPC) and to reduce the number of paths to be processed in
the bRIB. BGP speakers can only mark a path as active only after learning the result of the full best-path
calculation from the bRIB. Neighbor import and export policies are imposed by the speaker.
If the bgp bestpath med always command is enabled, complete best-path calculation happens inside
speaker process. When the bgp bestpath med always command is not enabled,speakers calculate partial
best paths only (performs the best-path steps up to the MED comparison) and send them to bRIB. bRIB
calculatesthe final best path (performs all the stepsin the best-path calculation).When the bgp bestpath
med always command is enabled, speakers can compare the MED across all ASs, allowing the speaker
to calculate a single best path to send it to bRIB. bRIB is the ultimate process that calculates the final
best path, but when the bgp bestpath med always command is enabled, the speakers send a single best
path instead of potentially sending multiple partial best paths.
There are multiple instances of this process in which each instance is responsible for a subset of BGP
peer connections.
Up to a total 15 speakers for all address families and one bRIB for each address family (IPv4, IPv6, and
VPNv4) are supported.
Distributed BGP is used to reduce the impact that a fault in one address family has on another address family.
For example, you can have one speaker with only IPv6 neighbors (peering to IPv6 addresses) and a separate
speaker with only IPv4 neighbors (peering to IPv4 addresses), and yet another speaker with only VPNv4
provider edge (PE) or customer edge (CE) neighbors (peering to IPv4 addresses distinct from the non-VPN
neighbors). In this scenario, there is no overlap in processes (bgp, brib, and rib) between IPv4, IPv6, and
VPNv4. Therefore, a bgp, brib, or rib process crash affects only one address family. Distributed BGP also
allows more CPU capacity for receiving, computing, and sending BGP routing updates. When in distributed
BGP mode, you can control the number of distributed speakers that are enabled, as well as which neighbors
are assigned to each speaker. If no distributed speakers are enabled, BGP operates in standalone mode. If at
least one distributed speaker is enabled, BGP operates in distributed mode.
MPLS VPN Carrier Supporting Carrier
Carrier supporting carrier (CSC) is a term used to describe a situation in which one service provider allows
another service provider to use a segment of its backbone network. The service provider that provides the
segment of the backbone network to the other provider is called the backbone carrier. The service provider
that uses the segment of the backbone network is called the customer carrier.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 41
Implementing BGP on Cisco ASR 9000 Series Router
MPLS VPN Carrier Supporting CarrierA backbone carrier offers Border Gateway Protocol and Multiprotocol Label Switching (BGP/MPLS) VPN
services. The customer carrier can be either:
• An Internet service provider (ISP) (By definition, an ISP does not provide VPN service.)
• A BGP/MPLS VPN service provider
You can configure a CSC network to enable BGP to transport routes and MPLS labels between the backbone
carrier provider edge (PE) routers and the customer carrier customer edge (CE) routers using multiple paths.
The benefits of using BGP to distribute IPv4 routes and MPLS label routes are:
• BGP takes the place of an Interior Gateway Protocol (IGP) and Label Distribution Protocol (LDP) in a
VPN routing and forwarding (VRF) table. You can use BGP to distribute routes and MPLS labels. Using
a single protocol instead of two simplifies the configuration and troubleshooting.
• BGP is the preferred routing protocol for connecting two ISPs, mainly because of its routing policies
and ability to scale. ISPs commonly use BGP between two providers. This feature enables those ISPs
to use BGP.
For detailed information on configuring MPLS VPN CSC with BGP, see the Implementing MPLS Layer 3
VPNs on Cisco ASR 9000 Series Router module of the Cisco ASR 9000 Series Aggregation Services Router
MPLS Configuration Guide.
BGP Keychains
BGP keychains enable keychain authentication between two BGP peers. The BGP endpoints must both comply
with draft-bonica-tcp-auth-05.txt and a keychain on one endpoint and a password on the other endpoint does
not work.
See the Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide for
information on keychain management.
BGP is able to use the keychain to implement hitless key rollover for authentication. Key rolloverspecification
is time based, and in the event of clock skew between the peers, the rollover process is impacted. The
configurable tolerance specification allows for the accept window to be extended (before and after) by that
margin. This accept window facilitates a hitless key rollover for applications (for example, routing and
management protocols).
The key rollover does not impact the BGP session, unless there is a keychain configuration mismatch at the
endpoints resulting in no common keys for the session traffic (send or accept).
BGP Nonstop Routing
The Border Gateway Protocol (BGP) Nonstop Routing (NSR) with Stateful Switchover (SSO) feature enables
all bgp peerings to maintain the BGP state and ensure continuous packet forwarding during events that could
interrupt service. Under NSR, events that might potentially interrupt service are not visible to peer routers.
Protocolsessions are not interrupted and routing states are maintained across processrestarts and switchovers.
BGP NSR provides nonstop routing during the following events:
• Route processor switchover
• Process crash or process failure of BGP or TCP
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
42 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP KeychainsIn case of process crash or process failure, NSR will be maintained only if nsr
process-failures switchover command is configured. In the event of process failures
of active instances, the nsr process-failuresswitchover configuresfailover as a recovery
action and switches over to a standby route processor (RP) or a standby distributed route
processor (DRP) thereby maintaining NSR.
The nsr process-failures switchover command maintains both the NSR and BGP
sessions in the event of a BGP or TCP process restart. Without configuring the nsr
process-failures switchover, restarting the BGP or TCP process causes BGP flap. This
is an expected behavior.
Note
During route processor switchover and In-Service System Upgrade (ISSU), NSR is achieved by stateful
switchover (SSO) of both TCP and BGP.
NSR does not force any software upgrades on other routers in the network, and peer routers are not required
to support NSR.
When a route processor switchover occurs due to a fault, the TCP connections and the BGP sessions are
migrated transparently to the standby route processor, and the standby route processor becomes active. The
existing protocol state is maintained on the standby route processor when it becomes active, and the protocol
state does not need to be refreshed by peers.
Events such as soft reconfiguration and policy modifications can trigger the BGP internal state to change. To
ensure state consistency between active and standby BGP processes during such events, the concept of post-it
is introduced that act as synchronization points.
BGP NSR provides the following features:
• NSR-related alarms and notifications
• Configured and operational NSR states are tracked separately
• NSR statistics collection
• NSR statistics display using show commands
• XML schema support
• Auditing mechanisms to verify state synchronization between active and standby instances
• CLI commands to enable and disable NSR
• Support for 5000 NSR sessions
BGP Prefix Independent Convergence Unipath Primary/Backup
The Border Gateway Protocol Prefix Independent Convergence Unipath (BGP PIC Unipath) primary/backup
feature provides the capability to install a backup path into the forwarding table. Installing the backup path
provides prefix independent convergence in the event of a primary PE–CE link failure.
The primary/backup path provides a mechanism for BGP to determine a backup best path. The backup best
path acts as a backup to the overall best path, which is the primary best path. BGP programs both the paths
into the Forwarding Information Base (FIB).
The procedure to determine the backup best path is as follows:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 43
Implementing BGP on Cisco ASR 9000 Series Router
BGP Prefix Independent Convergence Unipath Primary/Backup1 Determine the best path from the entire set of paths available for a prefix.
2 Eliminate the current best path.
3 Eliminate all the paths that have the same next hop as that of the current best path.
4 Rerun the best path algorithm on the remaining set of paths to determine the backup best path.
The PE-CE local convergence is in the order of four to five seconds for 10000 prefixes. Installing a backup
path on the linecards, so that the Forwarding Information Base (FIB) can immediately switch to an alternate
path, in the event of a primary PE-CE link failure reduces the convergence time.
In the case of primary PE-CE link failure, the FIB starts forwarding the received traffic towards the backup
PE. FIB will continue forwarding the received traffic towards the backup PE for the duration of the network
convergence. Since the approach of using a backup path is independent to the prefixes, Prefix Independent
Convergence Unipath functionality provides a prefix independent sub second convergence.
The additional-paths selection command installs the backup path in the Forwarding Information Base (FIB)
to enable primary backup path.
BGP Local Label Retention
When a primary PE-CE link fails, BGP withdraws the route corresponding to the primary path along with its
local label and programsthe backup path in the Routing Information Base (RIB) and the Forwarding Information
Base (FIB), by default.
However, until all the internal peers of the primary PE reconverge to use the backup path as the new bestpath,
the traffic continues to be forwarded to the primary PE with the local label that was allocated for the primary
path. Hence the previously allocated local label for the primary path must be retained on the primary PE for
some configurable time after the reconvergence. BGP Local Label Retention feature enables the retention of
the local label for a specified period. If no time is specified, the local lable is retained for a default value of
five minutes.
The retain local-label command enables the retention of the local label until the network is converged.
Command Line Interface (CLI) Consistency for BGP Commands
From Cisco IOS XR Release 3.9.0 onwards, the Border Gateway Protocol (BGP) commands use disable
keyword to disable a feature. The keyword inheritance-disable disables the inheritance of the feature
properties from the parent level.
BGP Additional Paths
The Border Gateway Protocol (BGP) Additional Paths feature modifies the BGP protocol machinery for a
BGP speaker to be able to send multiple paths for a prefix. This gives 'path diversity' in the network. The add
path enables BGP prefix independent convergence (PIC) at the edge routers.
BGP add path enables add path advertisement in an iBGP network and advertises the following types of paths
for a prefix:
• Backup paths—to enable fast convergence and connectivity restoration.
• Group-best paths—to resolve route oscillation.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
44 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Local Label Retention• All paths—to emulate an iBGP full-mesh.
Add path is not be supported with MDT, tunnel, and L2VPN addressfamilies and eBGP
peerings.
Note
iBGP Multipath Load Sharing
When a Border Gateway Protocol (BGP)speaking router that has no local policy configured, receives multiple
network layer reachability information (NLRI) from the internal BGP (iBGP) for the same destination, the
router will choose one iBGP path as the best path. The best path is then installed in the IP routing table of the
router.
The iBGP Multipath Load Sharing feature enables the BGP speaking router to select multiple iBGP paths as
the best paths to a destination. The best paths or multipaths are then installed in the IP routing table of the
router.
When there are multiple border BGP routers having reachability information heard over eBGP, if no local
policy is applied, the border routers will choose their eBGP paths as best. They advertise that bestpath inside
the ISP network. For a core router, there can be multiple paths to the same destination, but it will select only
one path as best and use that path for forwarding. iBGP multipath load sharing adds the ability to enable load
sharing among multiple equi-distant paths.
Configuring multiple iBGP best paths enables a router to evenly share the traffic destined for a particular site.
The iBGP Multipath Load Sharing feature functions similarly in a Multiprotocol Label Switching (MPLS)
Virtual Private Network (VPN) with a service provider backbone.
For multiple paths to the same destination to be considered as multipaths, the following criteria must be met:
• All attributes must be the same. The attributes include weight, local preference, autonomous system
path (entire attribute and not just length), origin code, Multi Exit Discriminator (MED), and Interior
Gateway Protocol (iGP) distance.
• The next hop router for each multipath must be different.
Even if the criteria are met and multiple paths are considered multipaths, the BGP speaking router will still
designate one of the multipaths as the best path and advertise this best path to its neighbors.
Accumulated Interior Gateway Protocol Attribute
The Accumulated Interior Gateway Protocol (AiGP)Attribute is an optional non-transitive BGP Path Attribute.
The attribute type code for the AiGP Attribute isto be assigned by IANA. The value field of the AiGP Attribute
is defined as a set of Type/Length/Value elements (TLVs). The AiGP TLV contains the Accumulated IGP
Metric.
The AiGP feature is required in the 3107 network to simulate the current OSPF behavior of computing the
distance associated with a path. OSPF/LDP carries the prefix/label information only in the local area. Then,
BGP carries the prefix/lable to all the remote areas by redistributing the routes into BGP at area boundaries.
The routes/labels are then advertised using LSPs. The next hop for the route is changed at each ABR to local
router which removes the need to leak OSPF routes across area boundaries. The bandwidth available on each
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 45
Implementing BGP on Cisco ASR 9000 Series Router
iBGP Multipath Load Sharingof the core links is mapped to OSPF cost, hence it is imperative that BGP carries this cost correctly between
each of the PEs. This functionality is achieved by using the AiGP.
Per VRF and Per CE Label for IPv6 Provider Edge
The per VRF and per CE label for IPv6 feature makes it possible to save label space by allocating labels per
default VRF or per CE nexthop.
All IPv6 Provider Edge (6PE) labels are allocated per prefix by default. Each prefix that belongs to a VRF
instance is advertised with a single label, causing an additional lookup to be performed in the VRF forwarding
table to determine the customer edge (CE) next hop for the packet.
However, use the label-allocation-mode command with the per-ce keyword or the per-vrf keyword to avoid
the additional lookup on the PE router and conserve label space.
Use per-ce keyword to specify that the same label be used for all the routes advertised from a unique customer
edge (CE) peer router. Use the per-vrf keyword to specify that the same label be used for all the routes
advertised from a unique VRF.
IPv4 BGP-Policy Accounting on Cisco ASR 9000's A9K-SIP-700
Border Gateway Protocol (BGP) policy accounting measures and classifies IP traffic that is sent to, or received
from, different peers. Policy accounting is enabled on an individual input or output interface basis. Counters
based on parameters such as community list, autonomous system number, or autonomous system path are
assigned to identify the IP traffic.
Using BGP policy accounting, you can account for traffic according to the route it traverses. Service providers
can identify and account for all traffic by customer and bill accordingly.
For more information on BGP policy accounting and how to configure BGP policy accounting, refer the
Implementing Cisco Express Forwarding module in Cisco ASR 9000 Series Aggregation Services Router IP
Addresses and Services Configuration Guide.
IPv6 Unicast Routing on Cisco ASR 9000's A9K-SIP-700
Cisco ASR 9000's A9K-SIP-700 provides complete Internet Protocol Version 6 (IPv6) unicast capability.
An IPv6 unicast address is an identifier for a single interface, on a single node. A packet that is sent to a unicast
address is delivered to the interface identified by that address. Cisco IOS XR software supports the following
IPv6 unicast address types:
• Global aggregatable address
• Site-local address
• Link-local address
• IPv4-compatible IPv6 address
For more information on IPv6 unicase addressing, refer the Implementing Network Stack IPv4 and IPv6
module in Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration
Guide.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
46 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Per VRF and Per CE Label for IPv6 Provider EdgeIPv6 uRPF Support on Cisco ASR 9000's A9K-SIP-700
Unicast IPv6 Reverse Path Forwarding (uRPF) mitigates problems caused by the introduction of malformed
orspoofed IP source addressesinto a network by discarding IP packetsthat lack a verifiable IP source address.
Unicast RPF does this by doing a reverse lookup in the Cisco Express Forwarding (CEF) table. Therefore,
uRPF is possible only if CEF is enabled on the router.
Use the ipv6 verify unicast source reachable-via {any | rx} [allow-default] [allow-self-ping] command in
interface configuration mode to enable IPV6 uRPF.
For more information on IPv6 uRPF, refer Implementing Cisco Express Forwarding module in Cisco ASR 9000
Series Aggregation Services Router IP Addresses and Services Command Reference
Remove and Replace Private AS Numbers from AS Path in BGP
Private autonomous system numbers (ASNs) are used by Internet Service Providers (ISPs) and customer
networks to conserve globally unique AS numbers. Private AS numbers cannot be used to access the global
Internet because they are not unique. AS numbers appear in eBGP AS paths in routing updates. Removing
private ASNs from the AS path is necessary if you have been using private ASNs and you want to access the
global Internet.
Public AS numbers are assigned by InterNIC and are globally unique. They range from 1 to 64511. Private
AS numbers are used to conserve globally unique AS numbers, and they range from 64512 to 65535. Private
AS numbers cannot be leaked to a global BGP routing table because they are not unique, and BGP best path
calculationsrequire unique AS numbers. Therefore, it might be necessary to remove private AS numbersfrom
an AS path before the routes are propagated to a BGP peer.
External BGP (eBGP) requires that globally unique AS numbers be used when routing to the global Internet.
Using private AS numbers (which are not unique) would prevent access to the global Internet. The remove
and replace private AS Numbers from AS Path in BGP feature allows routers that belong to a private AS to
accessthe global Internet. A network administrator configuresthe routersto remove private AS numbersfrom
the AS path contained in outgoing update messages and optionally, to replace those numbers with the ASN
of the local router, so that the AS Path length remains unchanged.
The ability to remove and replace private AS numbers from the AS Path is implemented in the following
ways:
• The remove-private-as command removes private AS numbers from the AS path even if the path
contains both public and private ASNs.
• The remove-private-as command removes private AS numbers even if the AS path contains only private
AS numbers. There is no likelihood of a 0-length AS path because this command can be applied to eBGP
peers only, in which case the AS number of the local router is appended to the AS path.
• The remove-private-as command removes private AS numbers even if the private ASNs appear before
the confederation segments in the AS path.
• The replace-as command replaces the private AS numbers being removed from the path with the local
AS number, thereby retaining the same AS path length.
The feature can be applied to neighbors per address family (address family configuration mode). Therefore,
you can apply the feature for a neighbor in one address family and not on another, affecting update messages
on the outbound side for only the address family for which the feature is configured.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 47
Implementing BGP on Cisco ASR 9000 Series Router
IPv6 uRPF Support on Cisco ASR 9000's A9K-SIP-700Use show bgp neighbors and show bgp update-group commands to verify that the that private AS numbers
were removed or replaced.
Selective VRF Download
Selective VRF Download (SVD) feature is a solution to download only those prefixes and labels to a line
card that are actively required to forward traffic through that line card.
To meet the demand for a consolidated edge MSE platform, the number of VRFs, VRF interfaces, and prefix
capacity increases. Convergence timings are different in different line card engines. One of the major factors
that determine convergence timing is the time taken to process and program a prefix and its associated data
structures. Hence, less number of prefixes and labels ensure better convergence timing. SVD reducesscalability
and convergence problems in L3VPNs by enabling selective download of VRF routes to both Engine-3 (E3)
and Engine-5 (E5) Linecards.
SVD is enabled by default on the line cards. Use selective-vrf-download disable command to disable SVD.
Use show svd role and show svd state commands to display the role and state information of SVD on the
line cards.
For more information on Selective VRF Download, see Cisco white paper, Selective Virtual Routing and
Forwarding Table Download: A solution to increase Layer3 VPN scale at this URL http://www.cisco.com/
en/US/technologies/collateral/tk648/tk365/white_paper_c11-681649.html
Line Card Roles and Filters
In a Selective VRF Download (SVD) context, the line cards have these roles:
• Core LC: A line card which has only core facing interfaces (interfaces that connect to other P/PEs
• Customer LC: A line card which has one or more customer facing interfaces (interfaces that connect to
CEs in different VRFs)
The line cards handle these prefixes:
• Local Prefix: A prefix that is received from a CE connected to the router in a configured VRF context
• Remote Prefix: A prefix received from another PE and is imported to a configured VRF
These filters are applicable to each line card type:
• A core LC needs all the local prefixes and VRF labels so that the label and/or IP forwarding is set up
correctly.
• A customer LC needs both the local and remote prefixes for all the VRFs that it is connected to and for
any other VRFs that some connected VRF has dependency on (This is based on the import/export RT
configuration; VRF ‘A’ may have imported routes from VRF ‘B’, so the imported route in VRF ‘A’
points to a next-hop that is in VRF ‘B’. For route resolution, VRF ‘B’ routes need to be downloaded to
each line card that has a VRF ‘A’ interface.)
• If a line card is hosting both core facing and customer facing interfaces then it does not need to do any
filtering at all. All the tables and all routes will be present on such line cards. These line cards will have
a role called “standard”. All RPs and DRPs will have the standard role.
• While the IPv4 default table needs to be present an all nodes, to correctly resolve L3VPN routes, if the
line card does not have any IPv6 interfaces it can filter out all IPv6 tables and routes. In such a case the
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
48 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Selective VRF Downloadline card can be deemed “not interested” in the IPv6 AFI and should behave similar to if IPv6 is not
supported by the line card.
BGP DMZ Link Bandwidth for Unequal Cost Recursive Load Balancing
Border Gateway Protocol demilitarized zone (BGP DMZ) Link Bandwidth for Unequal Cost Recursive Load
Balancing provides support for unequal cost load balancing for recursive prefixes on local node using BGP
DMZ Link Bandwidth. The unequal load balance is achieved by using the dmz-link-bandwidth command
in BGP Neighbor configuration mode and the bandwidth command in Interface configuration mode.
BFD Multihop Support for BGP
Bi-directional Forwarding Detection Multihop (BFD-MH) support is enabled for BGP. BFD Multihop
establishes a BFD session between two addressesthat may span multiple network hops. Cisco IOS XR Software
BFD Multihop is based on RFC 5883. For more information on BFD Multihop, refer Cisco ASR 9000 Series
Aggregation Services Router Interface and Hardware Component Configuration Guide and Cisco ASR 9000
Series Aggregation Services Router Interface and Hardware Component Command Reference.
BGP Multi-Instance/Multi-AS Support
Multi-Instance BGP is support for multiple BGP instances. Each BGP instance is a separate process running
on the same or on a different RP/DRP node. The BGP instances do not share any prefix table between them.
No need for a common adj-rib-in (bRIB) as is the case with distributed BGP. The BGP instances do not
communicate with each other and do not set up peering with each other. Each individual instance can set up
peering with another router independently.
Multi-AS BGP enables configuring each instance of a multi-instance BGP with a different AS number.
Multi-Instance/Multi-AS BGP provides these capabilities:
• Mechanism to consolidate the services provided by multiple routers using a common routing infrastructure
into a single IOS-XR router.
• Mechanism to achieve AF isolation by configuring the different AFs in different BGP instances.
• Means to achieve higher session scale by distributing the overall peering sessions between multiple
instances.
• Mechanism to achieve higher prefix scale (especially on a RR) by having different instances carrying
different BGP tables.
• Improved BGP convergence under certain scenarios.
• All BGP functionalities including NSR are supported for all the instances.
BGP Prefix Origin Validation Based on RPKI
A BGP route associates an address prefix with a set of autonomous systems (AS) that identify the interdomain
path the prefix has traversed in the form of BGP announcements. This set is represented as the AS_PATH
attribute in BGP and starts with the AS that originated the prefix.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 49
Implementing BGP on Cisco ASR 9000 Series Router
BGP DMZ Link Bandwidth for Unequal Cost Recursive Load BalancingTo help reduce well-known threats against BGP including prefix mis-announcing and monkey-in-the-middle
attacks, one of the security requirements is the ability to validate the origination AS of BGP routes. The AS
number claiming to originate an address prefix (as derived from the AS_PATH attribute of the BGP route)
needs to be verified and authorized by the prefix holder.
The Resource Public Key Infrastructure (RPKI) is an approach to build a formally verifiable database of IP
addresses and AS numbers as resources. The RPKI is a globally distributed database containing, among other
things, information mapping BGP (internet) prefixes to their authorized origin-AS numbers. Routers running
BGP can connect to the RPKI to validate the origin-AS of BGP paths.
BGP 3107 PIC Updates for Global Prefixes
The BGP 3107 PIC Updates for Global Prefixes feature supports Prefix Independent Convergence (PIC)
updates for global IPv4 and IPv6 prefixes in an MPLS VPN provider network. This feature is based on RFC
3107 that describes using BGP to distribute MPLS labels for global IPv4 or IPv6 prefixes. This enables IGP
to scale better and also provides PIC updates for fast convergence.
RFC 3107 enables routes and labels to be carried in BGP. When BGP is used to distribute a particular route,
it can also be used to distribute an MPLS label that is mapped to that route. The label mapping information
for a particular route is piggybacked in the same BGP Update message that is used to distribute the route
itself. RFC 3107 allows filtering of Next-Hop Loops from OSPF and reduces labels advertised by LDP. This
implementation significantly reduces OSPF and LDP database.
The 3107 PIC implementation supports the following address-families with additional-path configuration.
• address-family ipv4 unicast
• address-family ipv6 unicast
• address-family vpnv4 unicast
• address-family vpnv6 unicast
The address-family l2vpn vpls-vpws does not support additional-path. Hence, the l2vpn service that uses
address-family l2vpn vpls-vpws does not guarantee PIC convergence time.
Note
The 3107 PIC implementation supports these Cisco IOS XR features:
• PIC Edge for 3107
• Traffic Engineering Fast-reroute (TE FRR)—Traffic convergence for core link failure is guaranteed
within 50 milliseconds using verbatim tunnel.
• L2VPN Service
• L3VPN VPNv4 Service
• 6 PE Service
• 6 VPE Service
• VPLS Service
BGP 3107 PIC Updates for Global Prefixes implementation uses a shared recursive Load Info (RLDI)
forwarding object in place of a Light-Weight recursive (LW-RLDI) object. The RLDI is shared between
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
50 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP 3107 PIC Updates for Global Prefixesmultiple leaves, while the LW-RLDI is instantiated per leaf. Sharing helps in handling PIC updates since it
will be prefix independent.
BGP Prefix Independent Convergence for RIB and FIB
BGP PIC for RIB and FIB adds support for static recursive as PE-CE and faster backup activation by using
fast re-route trigger.
The BGP PIC for RIB and FIB feature supports:
• FRR-like trigger for faster PE-CE link down detection, to further reduce the convergence time (Fast
PIC-edge activation).
• PIC-edge for static recursive routes.
• BFD single-hop trigger for PIC-Edge without any explicit /32 static route configuration.
• Recursive PIC activation at third level and beyond, on failure trigger at the first (IGP) level.
• BGP path recursion constraints in FIB to ensure that FIB is in sync with BGP with respect to BGP
next-hop resolution.
• IPv6 loop-free alternate fast-reroute (LFA FRR)
How to Implement BGP on Cisco IOS XR Software
Enabling BGP Routing
Perform this task to enable BGP routing and establish a BGP routing process. Configuring BGP neighbors is
included as part of enabling BGP routing.
At least one neighbor and at least one address family must be configured to enable BGP routing. At least
one neighbor with both a remote AS and an address family must be configured globally using the address
family and remote as commands.
Note
Before You Begin
BGP must be able to obtain a router identifier (for example, a configured loopback address). At least, one
address family must be configured in the BGP router configuration and the same address family must also be
configured under the neighbor.
If the neighbor is configured as an external BGP (eBGP) peer, you must configure an inbound and outbound
route policy on the neighbor using the route-policy command.
Note
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 51
Implementing BGP on Cisco ASR 9000 Series Router
BGP Prefix Independent Convergence for RIB and FIBSUMMARY STEPS
1. configure
2. route-policy route-policy-name
3. end-policy
4. Do one of the following:
• end
• commit
5. configure
6. router bgp as-number
7. bgp router-id ip-address
8. address-family { ipv4 | ipv6 } unicast
9. exit
10. neighbor ip-address
11. remote-as as-number
12. address-family { ipv4 | ipv6 } unicast
13. route-policy route-policy-name { in | out }
14. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
(Optional) Creates a route policy and enters route policy
configuration mode, where you can define the route policy.
route-policy route-policy-name
Example:
RP/0/RSP0/CPU0:router(config)# route-policy
Step 2
drop-as-1234
RP/0/RSP0/CPU0:router(config-rpl)# if
as-path passes-through '1234' then
RP/0/RSP0/CPU0:router(config-rpl)# apply
check-communities
RP/0/RSP0/CPU0:router(config-rpl)# else
RP/0/RSP0/CPU0:router(config-rpl)# pass
RP/0/RSP0/CPU0:router(config-rpl)# endif
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
52 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Enabling BGP RoutingCommand or Action Purpose
(Optional) Ends the definition of a route policy and exits route
policy configuration mode.
end-policy
Example:
RP/0/RSP0/CPU0:router(config-rpl)# end-policy
Step 3
Step 4 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 5
Specifies the BGP AS number and enters the BGP configuration
mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 6
bgp router-id ip-address Configures the local router with a specified router ID.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
router-id 192.168.70.24
Step 7
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 53
Implementing BGP on Cisco ASR 9000 Series Router
Enabling BGP RoutingCommand or Action Purpose
Specifies either the IPv4 or IPv6 addressfamily and enters address
family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 8
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# exit
Step 9
Placesthe router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 10
Creates a neighbor and assigns a remote autonomous system
number to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Step 11
Specifies either the IPv4 or IPv6 addressfamily and enters address
family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 12
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
(Optional) Applies the specified policy to inbound IPv4 unicast
routes.
route-policy route-policy-name { in | out }
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy drop-as-1234 in
Step 13
Step 14 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
54 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Enabling BGP RoutingCommand or Action Purpose
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring a Routing Domain Confederation for BGP
Perform this task to configure the routing domain confederation for BGP. This includes specifying a
confederation identifier and autonomous systems that belong to the confederation.
Configuring a routing domain confederation reducesthe internal BGP (iBGP) mesh by dividing an autonomous
system into multiple autonomous systems and grouping them into a single confederation. Each autonomous
system is fully meshed within itself and has a few connections to another autonomous system in the same
confederation. The confederation maintains the next hop and local preference information, and that allows
you to retain a single Interior Gateway Protocol (IGP) for all autonomous systems. To the outside world, the
confederation looks like a single autonomous system.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. bgp confederation identifier as-number
4. bgp confederation peers as-number
5. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 55
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a Routing Domain Confederation for BGPCommand or Action Purpose
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router# router bgp 120
Step 2
bgp confederation identifier as-number Specifies a BGP confederation identifier.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation identifier 5
Step 3
Specifies that the BGP autonomous systems belong to a specified
BGP confederation identifier. You can associate multiple AS
bgp confederation peers as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
Step 4
numbers to the same confederation identifier, as shown in the
example.
confederation peers 1091
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation peers 1092
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation peers 1093
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation peers 1094
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation peers 1095
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation peers 1096
Step 5 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp)# commit
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
56 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a Routing Domain Confederation for BGPCommand or Action Purpose
Resetting an eBGP Session Immediately Upon Link Failure
By default, if a link goes down, all BGP sessions of any directly adjacent external peers are immediately reset.
Use the bgp fast-external-fallover disable command to disable automatic resetting. Turn the automatic reset
back on using the no bgp fast-external-fallover disable command.
eBGP sessions flap when the node reaches 3500 eBGP sessions with BGP timer values set as 10 and 30. To
support more than 3500 eBGP sessions, increase the packet rate by using the lpts pifib hardware police
location location-id command. Following is a sample configuration to increase the eBGP sessions:
RP/0/RSP0/CPU0:router#configure
RP/0/RSP0/CPU0:router(config)#lpts pifib hardware police location 0/2/CPU0
RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#flow bgp configured rate 4000
RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#flow bgp known rate 4000
RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#flow bgp default rate 4000
RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#commit
Logging Neighbor Changes
Logging neighbor changes is enabled by default. Use the log neighbor changes disable command to turn off
logging. The no log neighbor changes disable command can also be used to turn logging back on if it has
been disabled.
Adjusting BGP Timers
Perform this task to set the timers for BGP neighbors.
BGP uses certain timers to control periodic activities, such as the sending of keepalive messages and the
interval after which a neighbor is assumed to be down if no messages are received from the neighbor during
the interval. The values set using the timers bgp command in router configuration mode can be overridden
on particular neighbors using the timers command in the neighbor configuration mode.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. timers bgp keepalive hold-time
4. neighbor ip-address
5. timers keepalive hold-time
6. Do one of the following:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 57
Implementing BGP on Cisco ASR 9000 Series Router
Resetting an eBGP Session Immediately Upon Link FailureDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
123
Step 2
timers bgp keepalive hold-time Sets a default keepalive time and a default hold time for all neighbors.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# timers
bgp 30 90
Step 3
Places the router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 4
(Optional) Sets the keepalive timer and the hold-time timer for the
BGP neighbor.
timers keepalive hold-time
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
timers 60 220
Step 5
Step 6 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
58 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Adjusting BGP TimersCommand or Action Purpose
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Changing the BGP Default Local Preference Value
Perform this task to set the default local preference value for BGP paths.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. bgp default local-preference value
4. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 59
Implementing BGP on Cisco ASR 9000 Series Router
Changing the BGP Default Local Preference ValueCommand or Action Purpose
Sets the default local preference value from the default of 100, making
it either a more preferable path (over 100) or less preferable path (under
100).
bgp default local-preference value
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
default local-preference 200
Step 3
Step 4 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp)# commit
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring the MED Metric for BGP
Perform this task to set the multi exit discriminator (MED) to advertise to peers for routes that do not already
have a metric set (routes that were received with no MED attribute).
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
60 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring the MED Metric for BGPSUMMARY STEPS
1. configure
2. router bgp as-number
3. default-metric value
4. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifiesthe autonomoussystem number and entersthe BGP configuration
mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router
bgp 120
Step 2
Sets the default metric, which is used to set the MED to advertise to peers
for routes that do not already have a metric set (routes that were received
with no MED attribute).
default-metric value
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
default metric 10
Step 3
Step 4 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:routerr(config-bgp)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 61
Implementing BGP on Cisco ASR 9000 Series Router
Configuring the MED Metric for BGPCommand or Action Purpose
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Configuring BGP Weights
Perform this task to assign a weight to routes received from a neighbor. A weight is a number that you can
assign to a path so that you can control the best-path selection process. If you have particular neighbors that
you want to prefer for most of your traffic, you can use the weight command to assign a higher weight to all
routes learned from that neighbor.
Before You Begin
Note The clear bgp command must be used for the newly configured weight to take effect.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. neighbor ip-address
4. remote-as as-number
5. address-family { ipv4 | ipv6 } unicast
6. weight weight-value
7. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
62 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP WeightsCommand or Action Purpose
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Placesthe router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 3
Creates a neighbor and assigns a remote autonomous system
number to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Step 4
Specifies either the IPv4 or IPv6 addressfamily and enters address
family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 5
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
weight weight-value Assigns a weight to all routes learned through the neighbor.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
weight 41150
Step 6
Step 7 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 63
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP WeightsCommand or Action Purpose
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Tuning the BGP Best-Path Calculation
Perform this task to change the default BGP best-path calculation behavior.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. bgp bestpath med missing-as-worst
4. bgp bestpath med always
5. bgp bestpath med confed
6. bgp bestpath as-path ignore
7. bgp bestpath compare-routerid
8. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
126
Step 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
64 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Tuning the BGP Best-Path CalculationCommand or Action Purpose
Directs the BGP software to consider a missing MED attribute in a
path as having a value of infinity, making this path the least desirable
path.
bgp bestpath med missing-as-worst
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
bestpath med missing-as-worst
Step 3
Configures the BGP speaker in the specified autonomous system to
compare MEDs among all the paths for the prefix, regardless of the
autonomous system from which the paths are received.
bgp bestpath med always
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
bestpath med always
Step 4
Enables BGP software to compare MED valuesfor pathslearned from
confederation peers.
bgp bestpath med confed
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
bestpath med confed
Step 5
Configures the BGP software to ignore the autonomous system length
when performing best-path selection.
bgp bestpath as-path ignore
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
bestpath as-path ignore
Step 6
Configure the BGP speaker in the autonomous system to compare the
router IDs of similar paths.
bgp bestpath compare-routerid
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
bestpath compare-routerid
Step 7
Step 8 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 65
Implementing BGP on Cisco ASR 9000 Series Router
Tuning the BGP Best-Path CalculationCommand or Action Purpose
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Indicating BGP Back-door Routes
Perform this task to set the administrative distance on an external Border Gateway Protocol (eBGP) route to
that of a locally sourced BGP route, causing it to be less preferred than an Interior Gateway Protocol (IGP)
route.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. network { ip-address / prefix-length | ip-address mask } backdoor
5. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Specifies either the IPv4 or IPv6 address family and enters address
family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
66 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Indicating BGP Back-door RoutesCommand or Action Purpose
Configures the local router to originate and advertise the specified
network.
network { ip-address / prefix-length |
ip-address mask } backdoor
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
network 172.20.0.0/16
Step 4
Step 5 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-af)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring Aggregate Addresses
Perform this task to create aggregate entries in a BGP routing table.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 67
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Aggregate AddressesSUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [ summary-only ] [ route-policy
route-policy-name ]
5. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Specifies either the IPv4 or IPv6 addressfamily and enters addressfamily
configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Creates an aggregate address. The path advertised for this route is an
autonomous system set consisting of all elements contained in all paths
that are being summarized.
aggregate-address address/mask-length [
as-set ] [ as-confed-set ] [ summary-only ] [
route-policy route-policy-name ]
Step 4
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
aggregate-address 10.0.0.0/8 as-set
• The as-set keyword generates autonomous system set path
information and community information from contributing paths.
• The as-confed-set keyword generates autonomous system
confederation set path information from contributing paths.
• The summary-only keyword filters all more specific routes from
updates.
• The route-policy route-policy-name keyword and argument
specify the route policy used to set the attributes of the aggregate
route.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
68 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Aggregate AddressesCommand or Action Purpose
Step 5 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-af)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Redistributing iBGP Routes into IGP
Perform this task to redistribute iBGP routes into an Interior Gateway Protocol (IGP), such as Intermediate
System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF).
Use of the bgp redistribute-internal command requires the clear route * command to be issued to
reinstall all BGP routes into the IP routing table.
Note
Redistributing iBGP routes into IGPs may cause routing loops to form within an autonomous system. Use
this command with caution.
Caution
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 69
Implementing BGP on Cisco ASR 9000 Series Router
Redistributing iBGP Routes into IGPSUMMARY STEPS
1. configure
2. router bgp as-number
3. bgp redistribute-internal
4. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifiesthe autonomoussystem number and entersthe BGP configuration
mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router
bgp 120
Step 2
Allows the redistribution of iBGP routes into an IGP, such as IS-IS or
OSPF.
bgp redistribute-internal
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
redistribute-internal
Step 3
Step 4 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
70 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Redistributing iBGP Routes into IGPCommand or Action Purpose
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Redistributing Prefixes into Multiprotocol BGP
Perform this task to redistribute prefixes from another protocol into multiprotocol BGP.
Redistribution is the process of injecting prefixes from one routing protocol into another routing protocol.
This task shows how to inject prefixes from another routing protocol into multiprotocol BGP. Specifically,
prefixes that are redistributed into multiprotocol BGP using the redistribute command are injected into the
unicast database, the multicast database, or both.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. Do one of the following:
• redistribute connected [ metric metric-value ] [ route-policy route-policy-name ]
• redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [
route-policy route-policy-name ]
• redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy
route-policy-name ]
• redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2
]]} [ metric metric-value ] [ route-policy route-policy-name ]
• redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 |
2 ]]} [ metric metric-value ] [ route-policy route-policy-name ]
• redistribute rip [ metric metric-value ] [ route-policy route-policy-name ]
• redistribute static [ metric metric-value ] [ route-policy route-policy-name ]
5. Do one of the following:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 71
Implementing BGP on Cisco ASR 9000 Series Router
Redistributing Prefixes into Multiprotocol BGPDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the
BGP configuration mode, allowing you to configure the
BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Specifies either the IPv4 or IPv6 address family and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)# address-family
ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for
this command, use the CLI help (?).
Causesroutesfrom the specified instance to be redistributed
into BGP.
Step 4 Do one of the following:
• redistribute connected [ metric metric-value ] [
route-policy route-policy-name ]
• redistribute eigrp process-id [ match { external |
internal }] [ metric metric-value ] [ route-policy
route-policy-name ]
• redistribute isis process-id [ level { 1 | 1-inter-area
| 2 }] [ metric metric-value ] [ route-policy
route-policy-name ]
• redistribute ospf process-id [ match { external [ 1
| 2 ] | internal | nssa-external [ 1 | 2 ]]} [ metric
metric-value ] [ route-policy route-policy-name ]
• redistribute ospfv3 process-id [ match { external [
1 | 2 ] | internal | nssa-external [ 1 | 2 ]]} [ metric
metric-value ] [ route-policy route-policy-name ]
• redistribute rip [ metric metric-value ] [ route-policy
route-policy-name ]
• redistribute static [ metric metric-value ] [
route-policy route-policy-name ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# redistribute
ospf 110
Step 5 Do one of the following: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
72 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Redistributing Prefixes into Multiprotocol BGPCommand or Action Purpose
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?[cancel]:
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Configuring BGP Route Dampening
Perform this task to configure and monitor BGP route dampening.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 73
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Route DampeningSUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ]
5. Do one of the following:
• end
• commit
6. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast |
multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4
{ unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics
7. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast |
multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4
{ unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics regexp regular-expression
8. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all {
unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name |
all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics route-policy
route-policy-name
9. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all {
unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name |
all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics { ip-address { mask |
/prefix-length }}
10. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast |
multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4
{ unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics { ip-address [{ mask | /prefix-length
} [ longer-prefixes ]]}
11. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast |
multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
labeled-unicast } | ipv6 unicast } } flap-statistics
12. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast
| multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
labeled-unicast } | ipv6 unicast }} flap-statistics regexp regular-expression
13. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast
| multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
labeled-unicast } | ipv6 unicast } } flap-statistics route-policy route-policy-name
14. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast
| multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
labeled-unicast } | ipv6 unicast } } flap-statistics network / mask-length
15. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast
| multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
labeled-unicast } | ipv6 unicast } } flap-statistics ip-address / mask-length
16. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all {
unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name |
all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] dampened-paths
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
74 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Route Dampening17. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast |
multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
labeled-unicast } | ipv6 unicast } } dampening [ ip-address / mask-length ]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and
enters the BGP configuration mode, allowing
you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Specifies either the IPv4 or IPv6 address family
and enters addressfamily configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4
unicast
Step 3
To see a list of all the possible keywords and
arguments for this command, use the CLI help
(?).
Configures BGP dampening for the specified
address family.
bgp dampening [ half-life [ reuse suppress max-suppress-time ] |
route-policy route-policy-name ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# bgp dampening 30 1500
10000 120
Step 4
Step 5 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the
system prompts you to commit changes:
Uncommitted changes found, commit
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
them before
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-af)# commit
? Entering yes saves configuration
changes to the running configuration
file, exits the configuration session,
and returnsthe router to EXEC mode.
? Entering no exits the configuration
session and returns the router to
EXEC mode without committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 75
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Route DampeningCommand or Action Purpose
? Entering cancel leaves the router in
the current configuration session
without exiting or committing the
configuration changes.
• Use the commit command to save the
configuration changes to the running
configuration file and remain within the
configuration session.
show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | Displays BGP flap statistics.
ipv6 unicast | all { unicast | multicast | all | labeled-unicast }
Step 6
| vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 {
unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics
Example:
RP/0/RSP0/CPU0:router# show bgp flap statistics
Displays BGP flap statistics for all paths that
match the regular expression.
show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } |
ipv6 unicast | all { unicast | multicast | all | labeled-unicast }
| vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 {
Step 7
unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics regexp
regular-expression
Example:
RP/0/RSP0/CPU0:router# show bgp flap-statistics regexp _1$
Displays BGP flap statistics for the specified
route policy.
show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } |
ipv6 unicast | labeled all { unicast | multicast | all |
labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name
Step 8
| all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]]
flap-statistics route-policy route-policy-name
Example:
RP/0/RSP0/CPU0:router(config)# show bgp flap-statistics
route-policy policy_A
show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | Displays BGP flap for the specified prefix.
ipv6 unicast | labeled all { unicast | multicast | all |
Step 9
labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name
| all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]]
flap-statistics { ip-address { mask | /prefix-length }}
Example:
RP/0/RSP0/CPU0:router# show bgp flap-statistics 172.20.1.1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
76 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Route DampeningCommand or Action Purpose
Displays BGP flap statistics for more specific
entries for the specified IP address.
show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } |
ipv6 unicast | all { unicast | multicast | all | labeled-unicast }
| vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 {
Step 10
unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics {
ip-address [{ mask | /prefix-length } [ longer-prefixes ]]}
Example:
RP/0/RSP0/CPU0:router# show bgp flap-statistics 172.20.1.1
longer-prefixes
clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | Clears BGP flap statistics for all routes.
ipv6 unicast | all { unicast | multicast | all | labeled-unicast
Step 11
} | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
labeled-unicast } | ipv6 unicast } } flap-statistics
Example:
RP/0/RSP0/CPU0:router# clear bgp all all flap-statistics
Clears BGP flap statisticsfor all pathsthat match
the specified regular expression.
clear bgp { ipv4 { unicast | multicast | labeled-unicast | all }
| ipv6 unicast | all { unicast | multicast | all |
labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 {
Step 12
unicast | labeled-unicast } | ipv6 unicast }} flap-statistics regexp
regular-expression
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics
regexp _1$
Clears BGP flap statistics for the specified route
policy.
clear bgp { ipv4 { unicast | multicast | labeled-unicast | all }
| ipv6 unicast | all { unicast | multicast | all | labeled-unicast
} | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
Step 13
labeled-unicast } | ipv6 unicast } } flap-statistics route-policy
route-policy-name
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics
route-policy policy_A
Clears BGP flap statistics for the specified
network.
clear bgp { ipv4 { unicast | multicast | labeled-unicast | all }
| ipv6 unicast | all { unicast | multicast | all | labeled-unicast
} | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
Step 14
labeled-unicast } | ipv6 unicast } } flap-statistics network /
mask-length
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics
192.168.40.0/24
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 77
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Route DampeningCommand or Action Purpose
Clears BGP flap statistics for routes received
from the specified neighbor.
clear bgp { ipv4 { unicast | multicast | labeled-unicast | all }
| ipv6 unicast | all { unicast | multicast | all | labeled-unicast
} | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
Step 15
labeled-unicast } | ipv6 unicast } } flap-statistics ip-address /
mask-length
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics
172.20.1.1
Displaysthe dampened routes, including the time
remaining before they are unsuppressed.
show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } |
ipv6 unicast | labeled all { unicast | multicast | all |
labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name
Step 16
| all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]]
dampened-paths
Example:
RP/0/RSP0/CPU0:router# show bgp dampened paths
Clears route dampening information and
unsuppresses the suppressed routes.
clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } |
ipv6 unicast | all { unicast | multicast | all | labeled-unicast }
Step 17
| vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
Always use the clear bgp dampening
command for an individual
address-family. The all option for
address-families with clear bgp
dampening should never be used
during normal functioning of the
system. For example, use clear bgp
ipv4 unicast dampening prefix
x.x.x./y
Caution
labeled-unicast } | ipv6 unicast } } dampening [ ip-address /
mask-length ]
Example:
RP/0/RSP0/CPU0:router# clear bgp dampening
Applying Policy When Updating the Routing Table
Perform this task to apply a routing policy to routes being installed into the routing table.
Before You Begin
See the Implementing Routing Policy on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series
Aggregation Services Router Routing Configuration Guide (this publication) for a list of the supported attributes
and operations that are valid for table policy filtering.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
78 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Applying Policy When Updating the Routing TableSUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. table-policy policy-name
5. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120.6
Step 2
Specifies either the IPv4 or IPv6 address family and enters address
family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Applies the specified policy to routes being installed into the routing
table.
table-policy policy-name
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
table-policy tbl-plcy-A
Step 4
Step 5 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
exiting(yes/no/cancel)?[cancel]:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 79
Implementing BGP on Cisco ASR 9000 Series Router
Applying Policy When Updating the Routing TableCommand or Action Purpose
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-af)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Setting BGP Administrative Distance
Perform this task to specify the use of administrative distances that can be used to prefer one class of route
over another.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. distance bgp external-distance internal-distance local-distance
5. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
80 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Setting BGP Administrative DistanceCommand or Action Purpose
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Specifies either an IPv4 or IPv6 address family unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Sets the external, internal, and local administrative distances to prefer
one class of routes over another. The higher the value, the lower the
trust rating.
distance bgp external-distance
internal-distance local-distance
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
distance bgp 20 20 200
Step 4
Step 5 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-af)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 81
Implementing BGP on Cisco ASR 9000 Series Router
Setting BGP Administrative DistanceConfiguring a BGP Neighbor Group and Neighbors
Perform thistask to configure BGP neighbor groups and apply the neighbor group configuration to a neighbor.
A neighbor group is a template that holds address family-independent and address family-dependent
configurations associated with the neighbor.
After a neighbor group is configured, each neighbor can inherit the configuration through the use command.
If a neighbor is configured to use a neighbor group, the neighbor (by default) inherits the entire configuration
of the neighbor group, which includes the address family-independent and address family-dependent
configurations. The inherited configuration can be overridden if you directly configure commands for the
neighbor or configure session groups or address family groups through the use command.
You can configure an address family-independent configuration under the neighbor group. An address
family-dependent configuration requires you to configure the address family under the neighbor group to
enter address family submode.
From neighbor group configuration mode, you can configure address family-independent parameters for the
neighbor group. Use the address-family command when in the neighbor group configuration mode.
After specifying the neighbor group name using the neighbor group command, you can assign options to
the neighbor group.
Note All commandsthat can be configured under a specified neighbor group can be configured under a neighbor.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. exit
5. neighbor-group name
6. remote-as as-number
7. address-family { ipv4 | ipv6 } unicast
8. route-policy route-policy-name { in | out }
9. exit
10. exit
11. neighbor ip-address
12. use neighbor-group group-name
13. remote-as as-number
14. Do one of the following:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
82 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a BGP Neighbor Group and NeighborsDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Specifies either an IPv4 or IPv6 addressfamily unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# exit
Step 4
neighbor-group name Places the router in neighbor group configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
neighbor-group nbr-grp-A
Step 5
Creates a neighbor and assigns a remote autonomous system
number to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)#
remote-as 2002
Step 6
Specifies either an IPv4 or IPv6 addressfamily unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 7
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
(Optional) Applies the specified policy to inbound IPv4 unicast
routes.
route-policy route-policy-name { in | out }
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)#
route-policy drop-as-1234 in
Step 8
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 83
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a BGP Neighbor Group and NeighborsCommand or Action Purpose
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)#
exit
Step 9
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)#
exit
Step 10
Placesthe router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 11
(Optional) Specifies that the BGP neighbor inherit configuration
from the specified neighbor group.
use neighbor-group group-name
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use
neighbor-group nbr-grp-A
Step 12
Creates a neighbor and assigns a remote autonomous system
number to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Step 13
Step 14 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr)# commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
84 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a BGP Neighbor Group and NeighborsCommand or Action Purpose
• Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
Configuring a Route Reflector for BGP
Perform this task to configure a route reflector for BGP.
All the neighbors configured with the route-reflector-clientcommand are members of the client group, and
the remaining iBGP peers are members of the nonclient group for the local route reflector.
Together, a route reflector and its clients form a cluster. A cluster of clients usually has a single route reflector.
In such instances, the cluster is identified by the software as the router ID of the route reflector. To increase
redundancy and avoid a single point of failure in the network, a cluster can have more than one route reflector.
If it does, all route reflectors in the cluster must be configured with the same 4-byte cluster ID so that a route
reflector can recognize updates from route reflectors in the same cluster. The bgp cluster-id command is used
to configure the cluster ID when the cluster has more than one route reflector.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. bgp cluster-id cluster-id
4. neighbor ip-address
5. remote-as as-number
6. address-family { ipv4 | ipv6 } unicast
7. route-reflector-client
8. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 85
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a Route Reflector for BGPCommand or Action Purpose
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Configures the local router as one of the route reflectors serving
the cluster. It is configured with a specified cluster ID to identify
the cluster.
bgp cluster-id cluster-id
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
cluster-id 192.168.70.1
Step 3
Places the router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
Step 4
172.168.40.24
Creates a neighbor and assigns a remote autonomous system
number to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2003
Step 5
Specifies either an IPv4 or IPv6 address family unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 6
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Configures the router as a BGP route reflector and configures the
neighbor as its client.
route-reflector-client
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-reflector-client
Step 7
Step 8 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
86 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a Route Reflector for BGPCommand or Action Purpose
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring BGP Route Filtering by Route Policy
Perform this task to configure BGP routing filtering by route policy.
Before You Begin
See the Implementing Routing Policy on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series
Aggregation Services Router Routing Configuration Guide (this publication) for a list of the supported
attributes and operations that are valid for inbound and outbound neighbor policy filtering.
SUMMARY STEPS
1. configure
2. route-policy name
3. end-policy
4. router bgp as-number
5. neighbor ip-address
6. address-family { ipv4 | ipv6 } unicast
7. route-policy route-policy-name { in | out }
8. Do one of the following:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 87
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Route Filtering by Route PolicyDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
(Optional) Creates a route policy and enters route policy
configuration mode, where you can define the route policy.
route-policy name
Example:
RP/0/RSP0/CPU0:router(config)# route-policy
Step 2
drop-as-1234
RP/0/RSP0/CPU0:router(config-rpl)# if
as-path passes-through '1234' then
RP/0/RSP0/CPU0:router(config-rpl)# apply
check-communities
RP/0/RSP0/CPU0:router(config-rpl)# else
RP/0/RSP0/CPU0:router(config-rpl)# pass
RP/0/RSP0/CPU0:router(config-rpl)# endif
(Optional) Ends the definition of a route policy and exits route
policy configuration mode.
end-policy
Example:
RP/0/RSP0/CPU0:router(config-rpl)# end-policy
Step 3
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 4
Placesthe router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 5
Specifies either an IPv4 or IPv6 addressfamily unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 6
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
route-policy route-policy-name { in | out } Applies the specified policy to inbound routes.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy drop-as-1234 in
Step 7
Step 8 Do one of the following: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
88 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Route Filtering by Route PolicyCommand or Action Purpose
• When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring BGP Next-Hop Trigger Delay
Perform this task to configure BGP next-hop trigger delay. The Routing Information Base (RIB) classifies
the dampening notifications based on the severity of the changes. Event notifications are classified as critical
and noncritical. This task allows you to specify the minimum batching interval for the critical and noncritical
events.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. nexthop trigger-delay { critical delay | non-critical delay }
5. Do one of the following:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 89
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Next-Hop Trigger DelayDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Specifies either an IPv4 or IPv6 address family unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
nexthop trigger-delay { critical delay | Sets the critical next-hop trigger delay.
non-critical delay }
Step 4
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
nexthop trigger-delay critical 15000
Step 5 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-af)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
90 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Next-Hop Trigger DelayCommand or Action Purpose
Disabling Next-Hop Processing on BGP Updates
Perform this task to disable next-hop calculation for a neighbor and insert your own address in the next-hop
field of BGP updates. Disabling the calculation of the best next hop to use when advertising a route causes
all routes to be advertised with the network device as the next hop.
Note Next-hop processing can be disabled for addressfamily group, neighbor group, or neighbor addressfamily.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. neighbor ip-address
4. remote-as as-number
5. address-family { ipv4 | ipv6 } unicast
6. next-hop-self
7. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 91
Implementing BGP on Cisco ASR 9000 Series Router
Disabling Next-Hop Processing on BGP UpdatesCommand or Action Purpose
Places the router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 3
Creates a neighbor and assigns a remote autonomous system
number to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 206
Step 4
Specifies either an IPv4 or IPv6 address family unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 5
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Sets the next-hop attribute for all routes advertised to the specified
neighbor to the address of the local router. Disabling the calculation
next-hop-self
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
next-hop-self
Step 6
of the best next hop to use when advertising a route causes all
routes to be advertised with the local network device as the next
hop.
Step 7 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
92 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Disabling Next-Hop Processing on BGP UpdatesConfiguring BGP Community and Extended-Community Advertisements
Perform this task to specify that community/extended-community attributes should be sent to an eBGP
neighbor. These attributes are not sent to an eBGP neighbor by default. By contrast, they are always sent to
iBGP neighbors. This section provides examples on how to enable sending community attributes. The
send-community-ebgp keyword can be replaced by the send-extended-community-ebgp keyword to
enable sending extended-communities.
If the send-community-ebgp command is configured for a neighbor group or address family group, all
neighbors using the group inherit the configuration. Configuring the command specifically for a neighbor
overrides inherited values.
BGP community and extended-community filtering cannot be configured for iBGP neighbors. Communities
and extended-communities are alwayssent to iBGP neighbors under IPv4, IPv6, VPNv4, and MDT address
families.
Note
SUMMARY STEPS
1. configure
2. router bgp as-number
3. neighbor ip-address
4. remote-as as-number
5. address-family{ipv4{labeled-unicast | mdt | multicast | mvpn | tunnel | unicast} | ipv6
{labeled-unicast | mvpn | unicast}}
6. Use one of these commands:
• send-community-ebgp
• send-extended-community-ebgp
7. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 93
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Community and Extended-Community AdvertisementsCommand or Action Purpose
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Places the router in neighbor configuration mode for BGP routing and
configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
neighbor 172.168.40.24
Step 3
Creates a neighbor and assigns a remote autonomous system number
to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Step 4
Enters neighbor address family configuration mode for the specified
address family. Use either ipv4 or ipv6 address family keyword with
one of the specified address family sub mode identifiers.
address-family{ipv4{labeled-unicast | mdt |
multicast | mvpn | tunnel | unicast} | ipv6
{labeled-unicast | mvpn | unicast}}
Step 5
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family ipv6 unicast
IPv6 address family mode supports these sub modes:
• labeled-unicast
• mvpn
• unicast
IPv4 address family mode supports these sub modes:
• labeled-unicast
• mdt
• multicast
• mvpn
• tunnel
• unicast
Refer the address-family (BGP) command in BGP Commands module
of Cisco ASR 9000 Series Aggregation Services Router Routing
Command Reference for more information on the Address Family
Submode support.
Specifies that the router send community attributes or extended
community attributes (which are disabled by default for eBGP
neighbors) to a specified eBGP neighbor.
Step 6 Use one of these commands:
• send-community-ebgp
• send-extended-community-ebgp
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
94 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Community and Extended-Community AdvertisementsCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
send-community-ebgp
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
send-extended-community-ebgp
Step 7 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring the BGP Cost Community
Perform this task to configure the BGP cost community.
BGP receives multiple paths to the same destination and it uses the best-path algorithm to decide which is the
best path to install in RIB. To enable users to determine an exit point after partial comparison, the cost
community is defined to tie-break equal paths during the best-path selection process.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 95
Implementing BGP on Cisco ASR 9000 Series Router
Configuring the BGP Cost CommunitySUMMARY STEPS
1. configure
2. route-policy name
3. set extcommunity cost { cost-extcommunity-set-name | cost-inline-extcommunity-set } [ additive ]
4. end-policy
5. router bgp as-number
6. Do one of the following:
• default-information originate
• aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [summary-only ] [ route-policy
route-policy-name ]
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast
} redistribute connected [ metric metric-value ] [ route-policy route-policy-name ]
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast
} redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [
route-policy route-policy-name ]
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast
} redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [
route-policy route-policy-name ]
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast
} redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2
]}] [ metric metric-value ] [ route-policy route-policy-name ]
7. Do one of the following:
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv4 mdt | ipv6 unicast | ipv6
multicast | vpnv4 unicast | vpnv6 unicast } redistribute ospfv3 process-id [ match { external
[ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy
route-policy-name ]
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast
} redistribute rip [ metric metric-value ] [ route-policy route-policy-name ]
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast
} redistribute static [ metric metric-value ] [ route-policy route-policy-name ]
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast
} network { ip-address/prefix-length | ip-address mask } [ route-policy route-policy-name ]
• neighbor ip-address remote-as as-number address-family { ipv4 unicast | ipv4 multicast
| ipv4 tunnel | ipv4 ipv6 unicast | vpnv4 unicast }
• route-policy route-policy-name { in | out }
8. Do one of the following:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
96 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring the BGP Cost Community9. show bgp [ vrf vrf-name ] ip-address
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters route policy configuration mode and
specifies the name of the route policy to be
configured.
route-policy name
Example:
RP/0/RSP0/CPU0:router(config)# route-policy costA
Step 2
Specifiesthe BGP extended community attribute
for cost.
set extcommunity cost { cost-extcommunity-set-name |
cost-inline-extcommunity-set } [ additive ]
Example:
RP/0/RSP0/CPU0:router(config)# set extcommunity cost cost_A
Step 3
Ends the definition of a route policy and exits
route policy configuration mode.
end-policy
Example:
RP/0/RSP0/CPU0:router(config)# end-policy
Step 4
Enters BGP configuration mode allowing you
to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 5
Applies the cost community to the attach point
(route policy).
Step 6 Do one of the following:
• default-information originate
• aggregate-address address/mask-length [ as-set ] [ as-confed-set
] [ summary-only ] [ route-policy route-policy-name ]
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv6 unicast | vpnv4 unicast } redistribute connected [
metric metric-value ] [ route-policy route-policy-name ]
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv6 unicast | vpnv4 unicast } redistribute eigrp process-id
[ match { external | internal }] [ metric metric-value ] [
route-policy route-policy-name ]
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv6 unicast | vpnv4 unicast } redistribute isis process-id
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 97
Implementing BGP on Cisco ASR 9000 Series Router
Configuring the BGP Cost CommunityCommand or Action Purpose
[ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [
route-policy route-policy-name ]
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv6 unicast | vpnv4 unicast } redistribute ospf process-id
[ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2
]}] [ metric metric-value ] [ route-policy route-policy-name ]
Step 7 Do one of the following:
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv4 mdt | ipv6 unicast | ipv6 multicast | vpnv4 unicast |
vpnv6 unicast } redistribute ospfv3 process-id [ match {
external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric
metric-value ] [ route-policy route-policy-name ]
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv6 unicast | vpnv4 unicast } redistribute rip [ metric
metric-value ] [ route-policy route-policy-name ]
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv6 unicast | vpnv4 unicast } redistribute static [ metric
metric-value ] [ route-policy route-policy-name ]
• address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv6 unicast | vpnv4 unicast } network {
ip-address/prefix-length | ip-address mask } [ route-policy
route-policy-name ]
• neighbor ip-address remote-as as-number address-family
{ ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv4 ipv6
unicast | vpnv4 unicast }
• route-policy route-policy-name { in | out }
Step 8 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the
system prompts you to commit changes:
Uncommitted changes found, commit
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
them before
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration
changes to the running configuration
or
RP/0/RSP0/CPU0:router(config-bgp-af)# commit
file, exits the configuration session,
and returnsthe router to EXEC mode.
? Entering no exits the configuration
session and returns the router to
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
98 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring the BGP Cost CommunityCommand or Action Purpose
EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in
the current configuration session
without exiting or committing the
configuration changes.
• Use the commit command to save the
configuration changes to the running
configuration file and remain within the
configuration session.
Displays the cost community in the following
format:
show bgp [ vrf vrf-name ] ip-address
Example:
RP/0/RSP0/CPU0:router# show bgp 172.168.40.24
Step 9
Cost: POI : cost-community-ID : cost-number
Configuring Software to Store Updates from a Neighbor
Perform this task to configure the software to store updates received from a neighbor.
The soft-reconfiguration inbound command causes a route refresh request to be sent to the neighbor if the
neighbor is route refresh capable. If the neighbor is not route refresh capable, the neighbor must be reset to
relearn received routes using the clear bgp soft command. See the Resetting Neighbors Using BGP Inbound
Soft Reset, on page 124.
Storing updates from a neighbor works only if either the neighbor is route refresh capable or the
soft-reconfiguration inbound command is configured. Even if the neighbor is route refresh capable and
the soft-reconfiguration inbound command is configured, the original routes are not stored unless the
always option is used with the command. The original routes can be easily retrieved with a route refresh
request. Route refresh sends a request to the peer to resend itsrouting information. The soft-reconfiguration
inbound command stores all pathsreceived from the peer in an unmodified form and refersto these stored
paths during the clear. Soft reconfiguration is memory intensive.
Note
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 99
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Software to Store Updates from a NeighborSUMMARY STEPS
1. configure
2. router bgp as-number
3. neighbor ip-address
4. address-family { ipv4 | ipv6 } unicast
5. soft-reconfiguration inbound [ always]
6. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Places the router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 3
Specifies either an IPv4 or IPv6 address family unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 4
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Configures the software to store updates received from a specified
neighbor. Soft reconfiguration inbound causes the software to store
soft-reconfiguration inbound [ always]
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
soft-reconfiguration inbound always
Step 5
the original unmodified route in addition to a route that is modified
or filtered. This allows a “soft clear” to be performed after the
inbound policy is changed.
Soft reconfiguration enables the software to store the incoming
updates before apply policy if route refresh is not supported by the
peer (otherwise a copy of the update is not stored). The always
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
100 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Software to Store Updates from a NeighborCommand or Action Purpose
keyword forcesthe software to store a copy even when route refresh
is supported by the peer.
Step 6 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring Distributed BGP
Perform this task to configure distributed BGP. Configuring distributed BGP includes starting the speaker
process and allocating the speaker process to a neighbor.
Before You Begin
If BGP is running in standalone mode, the clear bgp current-mode or clear bgp vrf all * command must
be used to switch from standalone mode to distributed mode.
Note
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 101
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Distributed BGPSUMMARY STEPS
1. configure
2. router bgp as-number
3. distributed speaker id
4. commit
5. address-family { ipv4 | ipv6 } unicast
6. exit
7. neighbor ip-address
8. remote-as as-number
9. speaker-id id
10. address-family { ipv4 | ipv6 } unicast
11. end
12. clear bgp current-mode
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
distributed speaker id Specifies the speaker process to start.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# distributed
speaker 2
Step 3
Saves the configuration changes to the running configuration
file and remains within the configuration session.
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# commit
Step 4
Specifies either an IPv4 or IPv6 address family unicast and
enters address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 5
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
102 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Distributed BGPCommand or Action Purpose
exit Exits address family mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# exit
Step 6
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 7
Creates a neighbor and assigns a remote autonomous system
number to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Step 8
speaker-id id Allocates a neighbor to a specified speaker process.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
speaker-id 2
Step 9
Specifies either an IPv4 or IPv6 address family unicast and
enters address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 10
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Step 11 end Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and
returnsthe router to EXEC mode without committing
the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 103
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Distributed BGPCommand or Action Purpose
clear bgp current-mode Switches from standalone mode to distributed mode.
Example:
RP/0/RSP0/CPU0:router# clear bgp current-mode
Step 12
Configuring a VPN Routing and Forwarding Instance in BGP
Layer 2 and Layer 3 (virtual private network) VPN can be configured only if there is an available Layer 3
VPN license for the line card slot on which the feature is being configured.
If the advanced IP license is enabled, 4096 Layer 3 VPN routing and forwarding instances (VRFs) can be
configured on an interface. If the infrastructure VRF license is enabled, eight Layer 3 VRFs can be configured
on the line card. See the Software Entitlement on Cisco ASR 9000 Series Router module in Cisco ASR 9000
Series Aggregation Services Router System Management Configuration Guide for more information on
advanced IP licencing.
The following error message appears if the appropriate licence is not enabled:
RP/0/RSP0/CPU0:router#LC/0/0/CPU0:Dec 15 17:57:53.653 : rsi_agent[247]:
%LICENSE-ASR9K_LICENSE-2-INFRA_VRF_NEEDED : 5 VRF(s) are configured without license
A9K-iVRF-LIC in violation of the Software Right To Use Agreement.
This feature may be disabled by the system without the appropriate license.
Contact Cisco to purchase the license immediately to avoid potential service interruption.
The following tasks are used to configure a VPN routing and forwarding (VRF) instance in BGP:
Defining the Virtual Routing and Forwarding Tables in Provider Edge Routers
Perform this task to define the VPN routing and forwarding (VRF) tables in the provider edge (PE) routers.
SUMMARY STEPS
1. configure
2. vrf vrf-name
3. address-family { ipv4 | ipv6 } unicast
4. maximum prefix maximum [ threshold ]
5. import route-policy policy-name
6. import route-target [ as-number : nn | ip-address : nn ]
7. export route-policy policy-name
8. export route-target [ as-number : nn | ip-address : nn ]
9. Do one of the following:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
104 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
vrf vrf-name Configures a VRF instance.
Example:
RP/0/RSP0/CPU0:router(config)# vrf vrf_pe
Step 2
Specifies either the IPv4 or IPv6 address family and enters address
family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Step 4 maximum prefix maximum [ threshold ] Configures a limit to the number of prefixes allowed in a VRF table.
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)#
maximum prefix 2300
A maximum number of routes is applicable only to dynamic routing
protocols and not to static or connected routes.
You can specify a threshold percentage of the prefix limit using the
mid-threshold argument.
(Optional) Provides finer control over what gets imported into a VRF.
This import filter discards prefixes that do not match the specified
policy-name argument.
import route-policy policy-name
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)#
import route-policy policy_a
Step 5
Specifies a list of route target (RT) extended communities. Only
prefixes that are associated with the specified import route target
extended communities are imported into the VRF.
import route-target [ as-number : nn |
ip-address : nn ]
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)#
import route-target 234:222
Step 6
(Optional) Provides finer control over what gets exported into a VRF.
This export filter discards prefixes that do not match the specified
policy-name argument.
export route-policy policy-name
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)#
export route-policy policy_b
Step 7
Specifies a list of route target extended communities. Export route
target communities are associated with prefixes when they are
export route-target [ as-number : nn |
ip-address : nn ]
Step 8
advertised to remote PEs. The remote PEs import them into VRFs
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 105
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:routerr(config-vrf-af)#
export route-target 123;234
which have import RTs that match these exported route target
communities.
Step 9 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-vrf-af)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring the Route Distinguisher
The route distinguisher (RD) makes prefixes unique across multiple VPN routing and forwarding (VRF)
instances.
In the L3VPN multipath same route distinguisher (RD)environment, the determination of whether to install
a prefix in RIB or not is based on the prefix's bestpath. In a rare misconfiguration situation, where the best
pah is not a valid path to be installed in RIB, BGP drops the prefix and does not consider the other paths. The
behavior is different for different RD setup, where the non-best multipath will be installed if the best multipath
is invalid to be installed in RIB.
Perform this task to configure the RD.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
106 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS
1. configure
2. router bgp as-number
3. bgp router-id ip-address
4. vrf vrf-name
5. rd { as-number : nn | ip-address : nn | auto }
6. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters BGP configuration mode allowing you to configure the BGP
routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
bgp router-id ip-address Configures a fixed router ID for the BGP-speaking router.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
router-id 10.0.0.0
Step 3
vrf vrf-name Configures a VRF instance.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf
vrf_pe
Step 4
Step 5 rd { as-number : nn | ip-address : nn | auto } Configures the route distinguisher.
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# rd
345:567
Use the auto keyword if you want the router to automatically assign
a unique RD to the VRF.
Automatic assignment of RDs is possible only if a router ID is
configured using the bgp router-id command in router configuration
mode. This allows you to configure a globally unique router ID that
can be used for automatic RD generation. The router ID for the VRF
does not need to be globally unique, and using the VRF router ID
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 107
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
would be incorrect for automatic RD generation. Having a single router
ID also helpsin checkpointing RD information for BGP graceful restart,
because it is expected to be stable across reboots.
Step 6 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring PE-PE or PE-RR Interior BGP Sessions
To enable BGP to carry VPN reachability information between provider edge (PE) routers you must configure
the PE-PE interior BGP (iBGP) sessions. A PE uses VPN information carried from the remote PE router to
determine VPN connectivity and the label value to be used so the remote (egress) router can demultiplex the
packet to the correct VPN during packet forwarding.
The PE-PE, PE-route reflector (RR) iBGP sessions are defined to all PE and RR routers that participate in the
VPNs configured in the PE router.
Perform this task to configure PE-PE iBGP sessions and to configure global VPN options on a PE.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
108 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family vpnv4 unicast
4. exit
5. neighbor ip-address
6. remote-as as-number
7. description text
8. password { clear | encrypted } password
9. shutdown
10. timers keepalive hold-time
11. update-source type interface-id
12. address-family vpnv4 unicast
13. route-policy route-policy-name in
14. route-policy route-policy-name out
15. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
address-family vpnv4 unicast Enters VPN address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpvn4 unicast
Step 3
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# exit
Step 4
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 109
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
neighbor ip-address Configures a PE iBGP neighbor.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.16.1.1
Step 5
remote-as as-number Assigns the neighbor a remote autonomous system number.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 1
Step 6
(Optional) Provides a description of the neighbor. The
description is used to save comments and does not affect
software function.
description text
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
description neighbor 172.16.1.1
Step 7
Enables Message Digest 5 (MD5) authentication on the TCP
connection between the two BGP neighbors.
password { clear | encrypted } password
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
password encrypted 123abc
Step 8
Terminates any active sessions for the specified neighbor and
removes all associated routing information.
shutdown
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
shutdown
Step 9
timers keepalive hold-time Set the timers for the BGP neighbor.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# timers
12000 200
Step 10
Allows iBGP sessions to use the primary IP address from a
specific interface as the local address when forming an iBGP
session with a neighbor.
update-source type interface-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
update-source gigabitEthernet 0/1/5/0
Step 11
address-family vpnv4 unicast Enters VPN neighbor address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpvn4 unicast
Step 12
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
110 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
Specifies a routing policy for an inbound route. The policy can
be used to filter routes or modify route attributes.
route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pe-pe-vpn-in in
Step 13
Specifies a routing policy for an outbound route. The policy
can be used to filter routes or modify route attributes.
route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pe-pe-vpn-out out
Step 14
Step 15 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Configuring Route Reflector to Hold Routes That Have a Defined Set of RT Communities
A provider edge (PE) needsto hold the routesthat match the import route targets(RTs) of the VPNs configured
on it. The PE router can discard all other VPNv4 routes. But, a route reflector (RR) must retain all VPNv4
routes, because it might peer with PE routers and different PEs might require different RT-tagged VPNv4
(making RRs non-scalable). You can configure an RR to only hold routes that have a defined set of RT
communities. Also, a number of the RRs can be configured to service a differentset of VPNs(thereby achieving
some scalability). A PE is then made to peer with all RRs that service the VRFs configured on the PE. When
a new VRF is configured with an RT for which the PE does not already hold routes, the PE issues route
refreshes to the RRs and retrieves the relevant VPN routes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 111
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPNote that this process can be more efficient if the PE-RR session supports extended community outbound
route filter (ORF).
Note
Perform this task to configure a reflector to retain routes tagged with specific RTs.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family vpnv4 unicast
4. retain route-target { all | route-policy route-policy-name }
5. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
address-family vpnv4 unicast Enters VPN address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpvn4 unicast
Step 3
Configures a reflector to retain routes tagged with particular RTs.
Use the route-policy-name argument for the policy name that lists
retain route-target { all | route-policy
route-policy-name }
Step 4
the extended communities that a path should have in order for the
RR to retain that path.
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# retain
route-target route-policy rr_ext-comm
The all keyword is not required, because thisisthe default
behavior of a route reflector.
Note
Step 5 Do one of the following: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
112 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
• When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring BGP as a PE-CE Protocol
Perform this task to configure BGP on the PE and establish PE-CE communication using BGP.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 113
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS
1. configure
2. router bgp as-number
3. vrf vrf-name
4. bgp router-id ip-address
5. label-allocation-mode per-ce
6. address-family { ipv4 | ipv6 } unicast
7. network { ip-address / prefix-length | ip-address mask }
8. aggregate-address address / mask-length
9. exit
10. neighbor ip-address
11. remote-as as-number
12. password { clear | encrypted } password
13. ebgp-multihop [ ttl-value ]
14. Do one of the following:
• address-family { ipv4 | ipv6 } unicast
• address-family {ipv4 {unicast | labeled-unicast} | ipv6 unicast}
15. site-of-origin [ as-number : nn | ip-address : nn ]
16. as-override
17. allowas-in [ as-occurrence-number ]
18. route-policy route-policy-name in
19. route-policy route-policy-name out
20. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
114 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
vrf vrf-name Enables BGP routing for a particular VRF on the PE router.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_pe_2
Step 3
bgp router-id ip-address Configures a fixed router ID for a BGP-speaking router.
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# bgp
router-id 172.16.9.9
Step 4
Step 5 label-allocation-mode per-ce • Configures the per-CE label allocation mode to avoid
an extra lookup on the PE router and conserve labelspace
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
label-allocation-mode per-ce
(per-prefix is the default label allocation mode). In this
mode, the PE router allocates one label for every
immediate next-hop (in most cases, this would be a CE
router). This label is directly mapped to the next hop, so
there is no VRF route lookup performed during data
forwarding. However, the number of labels allocated
would be one for each CE rather than one for each VRF.
Because BGP knows all the next hops, it assigns a label
for each next hop (not for each PE-CE interface). When
the outgoing interface is a multiaccess interface and the
media access control (MAC) address of the neighbor is
not known, Address Resolution Protocol (ARP) is
triggered during packet forwarding.
• The per-vrf keyword configures the same label to be
used for all the routes advertised from a unique VRF.
Specifies either an IPv4 or IPv6 address family unicast and
enters address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)# address-family
ipv4 unicast
Step 6
To see a list of all the possible keywords and arguments for
this command, use the CLI help (?).
Originates a network prefix in the address family table in the
VRF context.
network { ip-address / prefix-length | ip-address mask
}
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# network
Step 7
172.16.5.5/24
Configures aggregation in the VRF address family context to
summarize routing information to reduce the state maintained
aggregate-address address / mask-length
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
aggregate-address 10.0.0.0/24
Step 8
in the core. This summarization introduces some inefficiency
in the PE edge, because an additional lookup is required to
determine the ultimate next hop for a packet.When configured,
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 115
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
a summary prefix is advertised instead of a set of component
prefixes, which are more specifics of the aggregate. The PE
advertises only one label for the aggregate. Because component
prefixes could have different next hops to CEs, an additional
lookup has to be performed during data forwarding.
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# exit
Step 9
Configures a CE neighbor. The ip-address argument must
be a private address.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor
10.0.0.0
Step 10
remote-as as-number Configures the remote AS for the CE neighbor.
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
remote-as 2
Step 11
Enable Message Digest 5 (MD5) authentication on a TCP
connection between two BGP neighbors.
password { clear | encrypted } password
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
password encrypted 234xyz
Step 12
Configures the CE neighbor to accept and attempt BGP
connections to external peers residing on networks that are
not directly connected.
ebgp-multihop [ ttl-value ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
ebgp-multihop 55
Step 13
Specifies either an IPv4 or IPv6 address family unicast and
enters address family configuration submode.
Step 14 Do one of the following:
• address-family { ipv4 | ipv6 } unicast
To see a list of all the possible keywords and arguments for
this command, use the CLI help (?).
• address-family {ipv4 {unicast | labeled-unicast} |
ipv6 unicast}
Example:
RP/0/RSP0/CPU0:router(config-vrf)# address-family
ipv4 unicast
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
116 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
Configures the site-of-origin (SoO) extended community.
Routes that are learned from this CE neighbor are tagged with
site-of-origin [ as-number : nn | ip-address : nn ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
site-of-origin 234:111
Step 15
the SoO extended community before being advertised to the
rest of the PEs. SoO is frequently used to detect loops when
as-override is configured on the PE router. If the prefix is
looped back to the same site, the PE detects this and does not
send the update to the CE.
Configures AS override on the PE router. This causes the PE
router to replace the CE’s ASN with its own (PE) ASN.
as-override
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
as-override
Step 16
This loss of information could lead to routing loops;
to avoid loops caused by as-override, use it in
conjunction with site-of-origin.
Note
Allows an AS path with the PE autonomous system number
(ASN) a specified number of times.
allowas-in [ as-occurrence-number ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
allowas-in 5
Step 17
Hub and spoke VPN networks need the looping back of routing
information to the HUB PE through the HUB CE. When this
happens, due to the presence of the PE ASN, the looped-back
information is dropped by the HUB PE. To avoid this, use the
allowas-in command to allow prefixes even if they have the
PEs ASN up to the specified number of times.
Specifies a routing policy for an inbound route. The policy
can be used to filter routes or modify route attributes.
route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
route-policy pe_ce_in_policy in
Step 18
Specifies a routing policy for an outbound route. The policy
can be used to filter routes or modify route attributes.
route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
route-policy pe_ce_out_policy out
Step 19
Step 20 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 117
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Redistribution of IGPs to BGP
Perform this task to configure redistribution of a protocol into the VRF address family.
Even if Interior Gateway Protocols (IGPs) are used as the PE-CE protocol, the import logic happens through
BGP. Therefore, all IGP routes have to be imported into the BGP VRF table.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
118 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS
1. configure
2. router bgp as-number
3. vrf vrf-name
4. address-family { ipv4 | ipv6 } unicast
5. Do one of the following:
• redistribute connected [ metric metric-value ] [ route-policy route-policy-name ]
• redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [
route-policy route-policy-name ]
• redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy
route-policy-name ]
• redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2
]}] [ metric metric-value ] [ route-policy route-policy-name ]
• redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 |
2 ]}] [ metric metric-value ] [ route-policy route-policy-name ]
• redistribute rip [ metric metric-value ] [ route-policy route-policy-name ]
• redistribute static [ metric metric-value ] [ route-policy route-policy-name ]
6. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
vrf vrf-name Enables BGP routing for a particular VRF on the PE router.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_a
Step 3
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 119
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
Specifies either an IPv4 or IPv6 address family unicast and
enters address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)# address-family
ipv4 unicast
Step 4
To see a list of all the possible keywords and arguments for
this command, use the CLI help (?).
Configures redistribution of a protocol into the VRF address
family context.
Step 5 Do one of the following:
• redistribute connected [ metric metric-value ] [
route-policy route-policy-name ] The redistribute command is used if BGP is not used between
the PE-CE routers. If BGP is used between PE-CE routers, the
• redistribute eigrp process-id [ match { external
| internal }] [ metric metric-value ] [ route-policy
route-policy-name ]
IGP that is used has to be redistributed into BGP to establish
VPN connectivity with other PE sites. Redistribution is also
required for inter-table import and export.
• redistribute isis process-id [ level { 1 |
1-inter-area | 2 }] [ metric metric-value ] [
route-policy route-policy-name ]
• redistribute ospf process-id [ match { external
[ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [
metric metric-value ] [ route-policy
route-policy-name ]
• redistribute ospfv3 process-id [ match { external
[ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [
metric metric-value ] [ route-policy
route-policy-name ]
• redistribute rip [ metric metric-value ] [
route-policy route-policy-name ]
• redistribute static [ metric metric-value ] [
route-policy route-policy-name ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
redistribute eigrp 23
Step 6 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
120 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Configuring Keychains for BGP
Keychains provide secure authentication by supporting different MAC authentication algorithms and provide
graceful key rollover. Perform this task to configure keychains for BGP. This task is optional.
If a keychain is configured for a neighbor group or a session group, a neighbor using the group inherits
the keychain. Values of commands configured specifically for a neighbor override inherited values.
Note
SUMMARY STEPS
1. configure
2. router bgp as-number
3. neighbor ip-address
4. remote-as as-number
5. keychain name
6. Do one of the following:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 121
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Keychains for BGPDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Places the router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 3
Creates a neighbor and assigns a remote autonomoussystem number
to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Step 4
keychain name Configures keychain-based authentication.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
keychain kych_a
Step 5
Step 6 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
122 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Keychains for BGPCommand or Action Purpose
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Disabling a BGP Neighbor
Perform this task to administratively shut down a neighbor session without removing the configuration.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. neighbor ip-address
4. shutdown
5. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
127
Step 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 123
Implementing BGP on Cisco ASR 9000 Series Router
Disabling a BGP NeighborCommand or Action Purpose
Places the router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 3
shutdown Disables all active sessions for the specified neighbor.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
shutdown
Step 4
Step 5 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the
configuration session.
Resetting Neighbors Using BGP Inbound Soft Reset
Perform this task to trigger an inbound soft reset of the specified address families for the specified group or
neighbors. The group is specified by the * , ip-address , as-number , or external keywords and arguments.
Resetting neighbors is useful if you change the inbound policy for the neighbors or any other configuration
that affects the sending or receiving of routing updates. If an inbound soft reset is triggered, BGP sends a
REFRESH request to the neighbor if the neighbor has advertised the ROUTE_REFRESH capability. To
determine whether the neighbor has advertised the ROUTE_REFRESH capability, use the show bgp neighbors
command.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
124 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Resetting Neighbors Using BGP Inbound Soft ResetSUMMARY STEPS
1. show bgp neighbors
2. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast
| all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } { * |
ip-address | as as-number | external } soft [ in [ prefix-filter ] | out ]
DETAILED STEPS
Command or Action Purpose
Verifies that received route refresh capability from the
neighbor is enabled.
show bgp neighbors
Example:
RP/0/RSP0/CPU0:router# show bgp neighbors
Step 1
clear bgp { ipv4 { unicast | multicast | all | tunnel } Soft resets a BGP neighbor.
| ipv6 unicast | all { unicast | multicast | all | tunnel
Step 2
• The * keyword resets all BGP neighbors.
} | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast
| ipv6 unicast } { * | ip-address | as as-number |
external } soft [ in [ prefix-filter ] | out ]
• The ip-address argument specifies the address of the
neighbor to be reset.
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast
10.0.0.1 soft in
• The as-number argument specifies that all neighbors
that match the autonomous system number be reset.
• The external keyword specifies that all external
neighbors are reset.
Resetting Neighbors Using BGP Outbound Soft Reset
Perform this task to trigger an outbound soft reset of the specified address families for the specified group or
neighbors. The group is specified by the * , ip-address , as-number , or external keywords and arguments.
Resetting neighbors is useful if you change the outbound policy for the neighbors or any other configuration
that affects the sending or receiving of routing updates.
If an outbound soft reset is triggered, BGP resends all routes for the address family to the given neighbors.
To determine whether the neighbor has advertised the ROUTE_REFRESH capability, use the show bgp
neighbors command.
SUMMARY STEPS
1. show bgp neighbors
2. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast
| all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } { * |
ip-address | as as-number | external } soft [ in [ prefix-filter ] | ]
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 125
Implementing BGP on Cisco ASR 9000 Series Router
Resetting Neighbors Using BGP Outbound Soft ResetDETAILED STEPS
Command or Action Purpose
Verifies that received route refresh capability from the
neighbor is enabled.
show bgp neighbors
Example:
RP/0/RSP0/CPU0:router# show bgp neighbors
Step 1
clear bgp { ipv4 { unicast | multicast | all | tunnel } | Soft resets a BGP neighbor.
ipv6 unicast | all { unicast | multicast | all | tunnel
Step 2
• The * keyword resets all BGP neighbors.
} | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast
| ipv6 unicast } { * | ip-address | as as-number |
external } soft [ in [ prefix-filter ] | ]
• The ip-address argument specifies the address of the
neighbor to be reset.
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast
10.0.0.2 soft out
• The as-number argument specifies that all neighbors
that match the autonomous system number be reset.
• The external keyword specifies that all external
neighbors are reset.
Resetting Neighbors Using BGP Hard Reset
Perform this task to reset neighbors using a hard reset. A hard reset removes the TCP connection to the
neighbor, removes all routes received from the neighbor from the BGP table, and then re-establishes the
session with the neighbor. If the graceful keyword is specified, the routes from the neighbor are not removed
from the BGP table immediately, but are marked as stale. After the session is re-established, any stale route
that has not been received again from the neighbor is removed.
SUMMARY STEPS
1. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast
| all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } | { * |
ip-address | as as-number | external } [ graceful ] soft [ in [ prefix-filter ] | out ]
DETAILED STEPS
Command or Action Purpose
clear bgp { ipv4 { unicast | multicast | all | tunnel } | Clears a BGP neighbor.
ipv6 unicast | all { unicast | multicast | all | tunnel }
Step 1
• The * keyword resets all BGP neighbors.
| vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast |
ipv6 unicast } | { * | ip-address | as as-number | external
} [ graceful ] soft [ in [ prefix-filter ] | out ]
• The ip-address argument specifies the address of the
neighbor to be reset.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
126 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Resetting Neighbors Using BGP Hard ResetCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast
10.0.0.3 graceful soft out
• The as-number argument specifies that all neighbors
that match the autonomous system number be reset.
• The external keyword specifies that all external
neighbors are reset.
The graceful keyword specifies a graceful restart.
Clearing Caches, Tables, and Databases
Perform this task to remove all contents of a particular cache, table, or database. The clear bgp command
resets the sessions of the specified group of neighbors (hard reset); it removes the TCP connection to the
neighbor, removes all routes received from the neighbor from the BGP table, and then re-establishes the
session with the neighbor. Clearing a cache, table, or database can become necessary when the contents of
the particular structure have become, or are suspected to be, invalid.
SUMMARY STEPS
1. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast
| all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } ip-address
2. clear bgp external
3. clear bgp *
DETAILED STEPS
Command or Action Purpose
clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast Clears a specified neighbor.
| all { unicast | multicast | all | tunnel } | vpnv4 unicast | vrf {
vrf-name | all } { ipv4 unicast | ipv6 unicast } ip-address
Step 1
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 172.20.1.1
clear bgp external Clears all external peers.
Example:
RP/0/RSP0/CPU0:router# clear bgp external
Step 2
clear bgp * Clears all BGP neighbors.
Example:
RP/0/RSP0/CPU0:router# clear bgp *
Step 3
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 127
Implementing BGP on Cisco ASR 9000 Series Router
Clearing Caches, Tables, and DatabasesDisplaying System and Network Statistics
Perform thistask to display specific statistics,such asthe contents of BGP routing tables, caches, and databases.
Information provided can be used to determine resource usage and solve network problems. You can also
display information about node reachability and discover the routing path that the packets of your device are
taking through the network.
SUMMARY STEPS
1. show bgp cidr-only
2. show bgp community community-list [ exact-match ]
3. show bgp regexp regular-expression
4. show bgp
5. show bgp neighbors ip-address [ advertised-routes | dampened-routes | flap-statistics |
performance-statistics | received prefix-filter | routes ]
6. show bgp paths
7. show bgp neighbor-group group-name configuration
8. show bgp summary
DETAILED STEPS
Command or Action Purpose
Displays routes with nonnatural network masks (classless
interdomain routing [CIDR]) routes.
show bgp cidr-only
Example:
RP/0/RSP0/CPU0:router# show bgp cidr-only
Step 1
show bgp community community-list [ Displays routes that match the specified BGP community.
exact-match ]
Step 2
Example:
RP/0/RSP0/CPU0:router# show bgp community
1081:5 exact-match
Displaysroutesthat match the specified autonomoussystem path
regular expression.
show bgp regexp regular-expression
Example:
RP/0/RSP0/CPU0:router# show bgp regexp "^3 "
Step 3
show bgp Displays entries in the BGP routing table.
Example:
RP/0/RSP0/CPU0:router# show bgp
Step 4
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
128 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Displaying System and Network StatisticsCommand or Action Purpose
Displays information about the BGP connection to the specified
neighbor.
show bgp neighbors ip-address [
advertised-routes | dampened-routes |
Step 5
flap-statistics | performance-statistics | received
prefix-filter | routes ]
• The advertised-routes keyword displays all routes the
router advertised to the neighbor.
Example:
RP/0/RSP0/CPU0:router# show bgp neighbors
10.0.101.1
• The dampened-routes keyword displays the dampened
routes that are learned from the neighbor.
• The flap-statistics keyword displays flap statistics of the
routes learned from the neighbor.
• The performance-statistics keyword displays
performance statistics relating to work done by the BGP
process for this neighbor.
• The received prefix-filter keyword and argument display
the received prefix list filter.
• The routes keyword displays routes learned from the
neighbor.
show bgp paths Displays all BGP paths in the database.
Example:
RP/0/RSP0/CPU0:router# show bgp paths
Step 6
Displays the effective configuration for a specified neighbor
group, including any configuration inherited by this neighbor
group.
show bgp neighbor-group group-name
configuration
Example:
RP/0/RSP0/CPU0:router# show bgp
neighbor-group group_1 configuration
Step 7
show bgp summary Displays the status of all BGP connections.
Example:
RP/0/RSP0/CPU0:router# show bgp summary
Step 8
Displaying BGP Process Information
Perform this task to display specific BGP process information.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 129
Implementing BGP on Cisco ASR 9000 Series Router
Displaying BGP Process InformationSUMMARY STEPS
1. show bgp process
2. show bgp ipv4 unicast summary
3. show bgp vpnv4 unicast summary
4. show bgp vrf ( vrf-name | all }
5. show bgp process detail
6. show bgp summary
7. show placement program bgp
8. show placement program brib
DETAILED STEPS
Command or Action Purpose
Displays status and summary information for the BGP process. The
output shows various global and address family-specific BGP
show bgp process
Example:
RP/0/RSP0/CPU0:router# show bgp process
Step 1
configurations. A summary of the number of neighbors, update
messages, and notification messages sent and received by the process
is also displayed.
Displays a summary of the neighbors for the IPv4 unicast address
family.
show bgp ipv4 unicast summary
Example:
RP/0/RSP0/CPU0:router# show bgp ipv4
unicast summary
Step 2
Displays a summary of the neighbors for the VPNv4 unicast address
family.
show bgp vpnv4 unicast summary
Example:
RP/0/RSP0/CPU0:router# show bgp vpnv4
unicast summary
Step 3
show bgp vrf ( vrf-name | all } Displays BGP VPN virtual routing and forwarding (VRF) information.
Example:
RP/0/RSP0/CPU0:router# show bgp vrf
vrf_A
Step 4
Displays detailed process information including the memory used by
each of various internal structure types.
show bgp process detail
Example:
RP/0/RSP0/CPU0:router# show bgp
processes detail
Step 5
show bgp summary Displays the status of all BGP connections.
Example:
RP/0/RSP0/CPU0:router# show bgp summary
Step 6
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
130 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Displaying BGP Process InformationCommand or Action Purpose
Step 7 show placement program bgp Displays BGP program information.
Example:
RP/0/RSP0/CPU0:router# show placement
program bgp
• If a program isshown as having ‘rejected locations’ (for example,
locations where program cannot be placed), the locations in
question can be viewed using the show placement program bgp
command.
• If a program has been placed but not started, the amount of
elapsed time since the program was placed is displayed in the
Waiting to start column.
Step 8 show placement program brib Displays bRIB program information.
Example:
RP/0/RSP0/CPU0:router# show placement
program brib
• If a program isshown as having ‘rejected locations’ (for example,
locations where program cannot be placed), the locations in
question can be viewed using the show placement program bgp
command.
• If a program has been placed but not started, the amount of
elapsed time since the program was placed is displayed in the
Waiting to start column.
Monitoring BGP Update Groups
This task displays information related to the processing of BGP update groups.
SUMMARY STEPS
1. show bgp [ ipv4 { unicast | multicast | all | tunnel } | ipv6 { unicast | all } | all { unicast |
multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } [ ipv4 unicast ] update-group
[ neighbor ip-address | process-id.index [ summary | performance-statistics ]]
DETAILED STEPS
Command or Action Purpose
show bgp [ ipv4 { unicast | multicast | all | Displays information about BGP update groups.
tunnel } | ipv6 { unicast | all } | all { unicast |
Step 1
• The ip-address argument displays the update groups to which that
neighbor belongs.
multicast | all | tunnel } | vpnv4 unicast | vrf
{ vrf-name | all } [ ipv4 unicast ] update-group
[ neighbor ip-address | process-id.index [
summary | performance-statistics ]]
• The process-id.index argument selects a particular update group
to display and is specified as follows: process ID (dot) index.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 131
Implementing BGP on Cisco ASR 9000 Series Router
Monitoring BGP Update GroupsCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router# show bgp update-group
0.0
Process ID range is from 0 to 254. Index range is from 0 to
4294967295.
• The summary keyword displays summary information for
neighbors in a particular update group.
• If no argument is specified, this command displays information
for all update groups (for the specified address family).
• The performance-statistics keyword displays performance
statistics for an update group.
Configuring BGP Nonstop Routing
Perform this task to configure BGP Nonstop Routing (NSR).
SUMMARY STEPS
1. configure
2. router bgp as-number
3. nsr
4. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the BGP AS number, and enters the BGP configuration mode,
for configuring BGP routing processes.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router
bgp 120
Step 2
Step 3 nsr Activates BGP Nonstop routing.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
132 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Nonstop RoutingCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-bgp)# nsr
BGP supports 5000 NSR
sessions.
Note
Step 4 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before exiting
(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Installing Primary Backup Path for Prefix Independent Convergence (PIC)
Perform the following tasks to install a backup path into the forwarding table and provide prefix independent
convergence (PIC) in case of a PE-CE link failure:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 133
Implementing BGP on Cisco ASR 9000 Series Router
Installing Primary Backup Path for Prefix Independent Convergence (PIC)SUMMARY STEPS
1. configure
2. router bgp as-number
3. Do one of the following
• address-family {vpnv4 unicast | vpnv6 unicast}
• vrf vrf-name {ipv4 unicast | ipv6 unicast}
4. additional-paths selection route-policy route-policy-name
5. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifiesthe autonomoussystem number and entersthe BGP configuration
mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router
bgp 100
Step 2
Specifies the address family or VRF address family and enters the address
family or VRF address family configuration submode.
Step 3 Do one of the following
• address-family {vpnv4 unicast |
vpnv6 unicast}
• vrf vrf-name {ipv4 unicast | ipv6
unicast}
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv4 unicast
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
134 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Installing Primary Backup Path for Prefix Independent Convergence (PIC)Command or Action Purpose
Configures additional paths selection mode for a prefix.
Use the additional-pathsselection command with an appropriate
route-policy to calculate backup paths and to enable Prefix
Independent Convergence (PIC) functionality.
Note
additional-paths selection route-policy
route-policy-name
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
additional-paths selection
route-policy ap1
Step 4
The route-policy configuration is a pre-requisite for configuring the
additional-pathsselection mode for a prefix . Thisis an example route-policy
configuration to use with additional-selection command:
route-policy ap1
set path-selection backup 1 install
end-policy
Step 5 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Retaining Allocated Local Label for Primary Path
Perform the following tasks to retain the previously allocated local label for the primary path on the primary
PE for some configurable time after reconvergence:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 135
Implementing BGP on Cisco ASR 9000 Series Router
Retaining Allocated Local Label for Primary PathSUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { vpnv4 unicast | vpnv6 unicast }
4. retain local-label minutes
5. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router
bgp 100
Step 2
Specifies the address family and enters the address family configuration
submode.
address-family { vpnv4 unicast | vpnv6
unicast }
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv4 unicast
Step 3
Retains the previously allocated local label for the primary path on the
primary PE for 10 minutes after reconvergence.
retain local-label minutes
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
retain local-label 10
Step 4
Step 5 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before exiting
(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
136 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Retaining Allocated Local Label for Primary PathCommand or Action Purpose
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session
Configuring BGP Additional Paths
Perform these tasks to configure BGP Additional Paths capability:
SUMMARY STEPS
1. configure
2. route-policy route-policy-name
3. if conditional-expression then action-statement else
4. pass endif
5. end-policy
6. router bgp as-number
7. address-family {ipv4 {unicast | multicast} | ipv6 {unicast | multicast | l2vpn vpls-vpws| vpnv4 unicast
| vpnv6 unicast }
8. additional-paths receive
9. additional-paths send
10. additional-paths selection route-policy route-policy-name
11. Use one of these commands:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 137
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Additional PathsDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Defines the route policy and enters route-policy
configuration mode.
route-policy route-policy-name
Example:
RP/0/RSP0/CPU0:router (config)#route-policy
add_path_policy
Step 2
if conditional-expression then action-statement else Decidesthe actions and dispositionsfor the given route.
Example:
RP/0/RSP0/CPU0:router (config-rpl)#if community
matches-any (*) then
Step 3
set path-selection all advertise
else
pass endif Passesthe route for processing and endsthe ifstatement.
Example:
RP/0/RSP0/CPU0:router(config-rpl-else)#pass
RP/0/RSP0/CPU0:router(config-rpl-else)#endif
Step 4
Ends the route policy definition of the route policy and
exits route-policy configuration mode.
end-policy
Example:
RP/0/RSP0/CPU0:router(config-rpl)#end-policy
Step 5
Specifies the autonomous system number and enters
the BGP configuration mode, allowing you to configure
the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)#router bgp 100
Step 6
Specifies the address family and enters address family
configuration submode.
address-family {ipv4 {unicast | multicast} | ipv6 {unicast |
multicast | l2vpn vpls-vpws | vpnv4 unicast | vpnv6 unicast
}
Step 7
Example:
RP/0/RSP0/CPU0:router(config-bgp)#address-family ipv4
unicast
Configures receive capability of multiple paths for a
prefix to the capable peers.
additional-paths receive
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#additional-paths
receive
Step 8
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
138 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Additional PathsCommand or Action Purpose
Configuressend capability of multiple pathsfor a prefix
to the capable peers .
additional-paths send
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#additional-paths
send
Step 9
Configures additional paths selection capability for a
prefix.
additional-paths selection route-policy route-policy-name
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#additional-paths
selection route-policy add_path_policy
Step 10
Step 11 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config)# commit
configuration session, and returnsthe router
to EXEC mode.
? Entering no exits the configuration session
and returns the router to EXEC mode
without committing the configuration
changes.
? Entering cancel leaves the router in the
current configuration session without exiting
or committing the configuration changes.
• Use the commit command to save the
configuration changesto the running configuration
file and remain within the configuration session.
Configuring iBGP Multipath Load Sharing
Perform this task to configure the iBGP Multipath Load Sharing:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 139
Implementing BGP on Cisco ASR 9000 Series Router
Configuring iBGP Multipath Load SharingSUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family {ipv4|ipv6} {unicast|multicast}
4. maximum-paths ibgp number
5. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the
BGP configuration mode, allowing you to configure the
BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 100
Step 2
Specifies either the IPv4 or IPv6 address family and enters
address family configuration submode.
address-family {ipv4|ipv6} {unicast|multicast}
Example:
RP/0/RSP0/CPU0:router(config-bgp)# address-family
ipv4 multicast
Step 3
Configures the maximum number of iBGP paths for load
sharing.
maximum-paths ibgp number
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# maximum-paths
ibgp 30
Step 4
Step 5 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
140 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring iBGP Multipath Load SharingCommand or Action Purpose
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Originating Prefixes with AiGP
Perform this task to configure origination of routes with the AiGP metric:
Before You Begin
Origination of routes with the accumulated interior gateway protocol (AiGP) metric is controlled by
configuration. AiGP attributes are attached to redistributed routes that satisfy following conditions:
• The protocol redistributing the route is enabled for AiGP.
• The route is an interior gateway protocol (iGP) route redistributed into border gateway protocol (BGP).
The value assigned to the AiGP attribute is the value of iGP next hop to the route or as set by a
route-policy.
• The route is a static route redistributed into BGP. The value assigned is the value of next hop to the route
or as set by a route-policy.
• The route is imported into BGP through network statement. The value assigned is the value of next hop
to the route or as set by a route-policy.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 141
Implementing BGP on Cisco ASR 9000 Series Router
Originating Prefixes with AiGPSUMMARY STEPS
1. configure
2. route-policy aigp_policy
3. set aigp-metricigp-cost
4. exit
5. router bgp as-number
6. address-family {ipv4 | ipv6} unicast
7. redistribute ospf osp route-policy plcy_namemetric value
8. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters route-policy configuration mode and sets the
route-policy
route-policy aigp_policy
Example:
RP/0/RSP0/CPU0:router(config)# route-policy
aip_policy
Step 2
set aigp-metricigp-cost Sets the internal routing protocol cost as the aigp metric.
Example:
RP/0/RSP0/CPU0:router(config-rpl)# set aigp-metric
igp-cost
Step 3
exit Exits route-policy configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-rpl)# exit
Step 4
Specifies the BGP AS number and enters the BGP
configuration mode, allowing you to configure the BGP
routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 100
Step 5
Specifies either the IPv4 or IPv6 address family and enters
address family configuration submode.
address-family {ipv4 | ipv6} unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)# address-family
ipv4 unicast
Step 6
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
142 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Originating Prefixes with AiGPCommand or Action Purpose
redistribute ospf osp route-policy plcy_namemetric value Allows the redistribution of AiBGP metric into OSPF.
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#redistribute
ospf osp route-policy aigp_policy metric 1
Step 7
Step 8 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Enabling BGP Unequal Cost Recursive Load Balancing
Perform this task to enable unequal cost recursive load balancing for external BGP (eBGP), interior BGP
(iBGP), and eiBGP and to enable BGP to carry link bandwidth attribute of the demilitarized zone (DMZ) link.
When the PE router includes the link bandwidth extended community in its updates to the remote PE through
the Multiprotocol Interior BGP (MP-iBGP)session (either IPv4 or VPNv4), the remote PE automatically does
load balancing if the maximum-paths command is enabled.
Unequal cost recursive load balancing happens across maximum eight paths only.
Note Enabling BGP unequal cost recursive load balancing feature is not supported on CPP based cards.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 143
Implementing BGP on Cisco ASR 9000 Series Router
Enabling BGP Unequal Cost Recursive Load BalancingSUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. maximum-paths { ebgp | ibgp | eibgp } maximum [ unequal-cost ]
5. exit
6. neighbor ip-address
7. dmz-link-bandwidth
8. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Specifies either an IPv4 or IPv6 address family unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Configures the maximum number of parallel routes that BGP
installs in the routing table.
maximum-paths { ebgp | ibgp | eibgp } maximum
[ unequal-cost ]
Step 4
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
maximum-paths ebgp 3
Valid values for maximum-paths are eight,
inclusive.
Note
• ebgp maximum : Consider only eBGP paths for multipath.
• ibgp maximum [ unequal-cost ]: Consider load balancing
between iBGP learned paths.
• eibgp maximum : Consider both eBGP and iBGP learned
pathsfor load balancing. eiBGP load balancing always does
unequal-cost load balancing.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
144 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Enabling BGP Unequal Cost Recursive Load BalancingCommand or Action Purpose
When eiBGP is applied, eBGP or iBGP load balancing cannot be
configured; however, eBGP and iBGP load balancing can coexist.
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# exit
Step 5
Configures a CE neighbor. The ip-address argument must be a
private address.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor
10.0.0.0
Step 6
Originates a demilitarized-zone (DMZ) link-bandwidth extended
community for the link to an eBGP/iBGP neighbor.
dmz-link-bandwidth
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
dmz-link-bandwidth
Step 7
Step 8 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 145
Implementing BGP on Cisco ASR 9000 Series Router
Enabling BGP Unequal Cost Recursive Load BalancingConfiguring RPKI Cache
Perform this task to configure Resource Public Key Infrastructure (RPKI) cache parameters.
Configure the RPKI cache configuration in rpki-cache submode under the router-bgp submode. Use the rpki
cache ip_addres command to enter into the rpki-cache submode
SUMMARY STEPS
1. configure
2. router bgp as-number
3. rpki cache {host-name | ip-address}
4. Use one of these commands:
• transport ssh port port_number
• transport tcp port port_number
5. (Optional) username user_name
6. (Optional) password
7. preference preference_value
8. purge-time time
9. Use one of these commands.
• refresh-time time
• refresh-time off
10. Use one these commands.
• response-time time
• response-time off
11. shutdown
12. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
146 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring RPKI CacheCommand or Action Purpose
Specifies the BGP AS number and enters the BGP
configuration mode, allowing you to configure the
BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)#router bgp 100
Step 2
Entersrpki-cache submode and enables configuration
of RPKI cache parameters.
rpki cache {host-name | ip-address}
Example:
RP/0/RSP0/CPU0:router(config-bgp)#rpki cache 10.2.3.4
Step 3
Step 4 Use one of these commands: Specifies a transport method for the RPKI cache.
• ssh—Select ssh to connect to the RPKI cache
using SSH.
• transport ssh port port_number
• transport tcp port port_number
• tcp—Select tcp to connect to the RPKI cache
using TCP (unencrypted).
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#transport ssh
port 1
• port port_number—Specify a port number for
the specified RPKI cache transport. Range for
the port number is 1 to 65535 for both ssh and
tcp.
Or
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#transport tcp
port 2
You can set the transport to either tcp or
ssh. Change of transport causes the cache
session to flap.
Note
(Optional)
Specifies a (SSH) username for the RPKI cache.
username user_name
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#username
ssh_rpki_cache
Step 5
(Optional)
Specifies a (SSH) password for the RPKI cache.
password
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#password
ssh_rpki_pass
Step 6
The “username” and “password”
configurations only apply if the SSH
method of transport is active.
Note
Specifies a preference value for the RPKI cache.
Range for the preference value is 1 to 10. Setting a
lower preference value is better.
preference preference_value
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#preference 1
Step 7
Configures the time BGP waits to keep routes from
a cache after the cache session drops. Set purge time
purge-time time
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#purge-time 30
Step 8
in seconds. Range for the purge time is 30 to 360
seconds.
Configures the time BGP waits in between sending
periodic serial queries to the cache. Set refresh-time
Step 9 Use one of these commands.
• refresh-time time
in seconds. Range for the refresh time is 15 to 3600
• refresh-time off seconds.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 147
Implementing BGP on Cisco ASR 9000 Series Router
Configuring RPKI CacheCommand or Action Purpose
Configure the off option to specify not to send
serial-queries periodically.
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#refresh-time
20
Or
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#refresh-time
off
Configures the time BGP waits for a response after
sending a serial or reset query. Set response-time in
Step 10 Use one these commands.
• response-time time
seconds. Range for the response time is 15 to 3600
• response-time off seconds.
Configure the off option to wait indefinitely for a
response.
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#response-time
30
Or
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#response-time
off
shutdown Configures shut down of the RPKI cache.
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#shutdown
Step 11
Step 12 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
before exiting(yes/no/cancel)?
[cancel]:
? Entering yessaves configuration changes
to the running configuration file, exits
or
RP/0/RSP0/CPU0:router(config)# commit
the configuration session, and returnsthe
router to EXEC mode.
? Entering no exits the configuration
session and returns the router to EXEC
mode without committing the
configuration changes.
? Entering cancel leaves the router in the
current configuration session without
exiting or committing the configuration
changes.
• Use the commit command to save the
configuration changes to the running
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
148 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring RPKI CacheCommand or Action Purpose
configuration file and remain within the
configuration session.
Configuring RPKI Prefix Validation
Perform this task to control the behavior of RPKI prefix validation processing.
•
SUMMARY STEPS
1. configure
2. router bgp as-number
3. Use one of these commands.
• rpki origin-as validation disable
• rpki origin-as validation time {off | prefix_validation_time
4. origin-as validity signal ibgp
5. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the BGP AS number and enters the BGP configuration mode,
allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)#router
bgp 100
Step 2
Step 3 Use one of these commands. Sets the BGP origin-AS validation parameters.
• rpki origin-as validation disable • disable—Use disable option to disable RPKI origin-AS validation.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 149
Implementing BGP on Cisco ASR 9000 Series Router
Configuring RPKI Prefix ValidationCommand or Action Purpose
• time—Use time option to eitherset prefix validation time (in seconds)
or to set off the automatic prefix validation after an RPKI update.
• rpki origin-as validation time {off |
prefix_validation_time
Range for prefix validation time is 5 to 60 seconds.
Example:
RP/0/RSP0/CPU0:router(config-bgp)#rpki
origin-as validation disable
Configuring the disable option disables prefix validation for all eBGP
paths and all eBGP paths are marked as "valid" by default.
The rpki origin-as validation options can also configured in
neighbor and neighbor address family submodes. The
neighbor must be an ebgp neighbor. If configured at the
neighbor or neighor address family level, prefix validation
disable or time options will be valid only for that specific
neighbor or neighbor address family.
Note
Or
RP/0/RSP0/CPU0:router(config-bgp)#rpki
origin-as validation time 50
Or
RP/0/RSP0/CPU0:router(config-bgp)#rpki
origin-as validation time off
Step 4 origin-as validity signal ibgp Enablesthe iBGP signaling of validity state through an extended-community.
Example:
RP/0/RSP0/CPU0:router(config-bgp)#rpki
origin-as validity signal ibgp
This can also be configured in global address family submode.
Step 5 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Configuring RPKI Bestpath Computation
Perform this task to configure RPKI bestpath computation options.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
150 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring RPKI Bestpath ComputationSUMMARY STEPS
1. configure
2. router bgp as-number
3. rpki bestpath use origin-as validity
4. rpki bestpath origin-as allow invalid
5. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the BGP AS number and enters the BGP configuration mode,
allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)#router
bgp 100
Step 2
Enables the validity states of BGP paths to affect the path's preference in
the BGP bestpath process. This configuration can also be done in router
BGP address family submode.
rpki bestpath use origin-as validity
Example:
RP/0/RSP0/CPU0:router(config-bgp)#rpki
bestpath use origin-as validity
Step 3
Allows all "invalid" paths to be considered for BGP bestpath computation.
This configuration can also be done at global address family,
neighbor, and neighbor address family submodes. Configuring rpki
bestpath origin-as allow invalid in router BGP and address family
submodes allow all "invalid" paths to be considered for BGP
bestpath computation. By default, all such paths are not bestpath
candidates. Configuring pki bestpath origin-as allow invalid in
neighbor and neighbor addressfamily submodes allow all "invalid"
paths from that specific neighbor or neighbor address family to be
considered as bestpath candidates. The neighbor must be an eBGP
neighbor.
Note
rpki bestpath origin-as allow invalid
Example:
RP/0/RSP0/CPU0:router(config-bgp)#rpki
bestpath origin-as allow invalid
Step 4
This configuration takes effect only when the rpki bestpath use origin-as
validity configuration is enabled.
Step 5 Use one of these commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 151
Implementing BGP on Cisco ASR 9000 Series Router
Configuring RPKI Bestpath ComputationCommand or Action Purpose
• When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Configuration Examples for Implementing BGP
This section provides the following configuration examples:
Enabling BGP: Example
The following shows how to enable BGP.
prefix-set static
2020::/64,
2012::/64,
10.10.0.0/16,
10.2.0.0/24
end-set
route-policy pass-all
pass
end-policy
route-policy set_next_hop_agg_v4
set next-hop 10.0.0.1
end-policy
route-policy set_next_hop_static_v4
if (destination in static) then
set next-hop 10.1.0.1
else
drop
endif
end-policy
route-policy set_next_hop_agg_v6
set next-hop 2003::121
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
152 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuration Examples for Implementing BGPend-policy
route-policy set_next_hop_static_v6
if (destination in static) then
set next-hop 2011::121
else
drop
endif
end-policy
router bgp 65000
bgp fast-external-fallover disable
bgp confederation peers
65001
65002
bgp confederation identifier 1
bgp router-id 1.1.1.1
address-family ipv4 unicast
aggregate-address 10.2.0.0/24 route-policy set_next_hop_agg_v4
aggregate-address 10.3.0.0/24
redistribute static route-policy set_next_hop_static_v4
address-family ipv4 multicast
aggregate-address 10.2.0.0/24 route-policy set_next_hop_agg_v4
aggregate-address 10.3.0.0/24
redistribute static route-policy set_next_hop_static_v4
address-family ipv6 unicast
aggregate-address 2012::/64 route-policy set_next_hop_agg_v6
aggregate-address 2013::/64
redistribute static route-policy set_next_hop_static_v6
address-family ipv6 multicast
aggregate-address 2012::/64 route-policy set_next_hop_agg_v6
aggregate-address 2013::/64
redistribute static route-policy set_next_hop_static_v6
neighbor 10.0.101.60
remote-as 65000
address-family ipv4 unicast
address-family ipv4 multicast
neighbor 10.0.101.61
remote-as 65000
address-family ipv4 unicast
address-family ipv4 multicast
neighbor 10.0.101.62
remote-as 3
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
address-family ipv4 multicast
route-policy pass-all in
route-policy pass-all out
neighbor 10.0.101.64
remote-as 5
update-source Loopback0
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
address-family ipv4 multicast
route-policy pass-all in
route-policy pass-all out
Displaying BGP Update Groups: Example
The following is sample output from the show bgp update-group command run in EXEC mode:
RP/0/RSP0/CPU0:router# show bgp update-group
Update group for IPv4 Unicast, index 0.1:
Attributes:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 153
Implementing BGP on Cisco ASR 9000 Series Router
Displaying BGP Update Groups: ExampleOutbound Route map:rm
Minimum advertisement interval:30
Messages formatted:2, replicated:2
Neighbors in this update group:
10.0.101.92
Update group for IPv4 Unicast, index 0.2:
Attributes:
Minimum advertisement interval:30
Messages formatted:2, replicated:2
Neighbors in this update group:
10.0.101.91
BGP Neighbor Configuration: Example
The following example shows how BGP neighbors on an autonomous system are configured to share
information. In the example, a BGP router is assigned to autonomous system 109, and two networks are listed
as originating in the autonomous system. Then the addresses of three remote routers (and their autonomous
systems) are listed. The router being configured shares information about networks 172 .16 .0.0 and 192.168
.7.0 with the neighbor routers. The first router listed is in a different autonomous system; the second neighbor
and remote-as commandsspecify an internal neighbor (with the same autonomoussystem number) at address
172 .26 .234.2; and the third neighbor and remote-as commandsspecify a neighbor on a different autonomous
system.
route-policy pass-all
pass
end-policy
router bgp 109
address-family ipv4 unicast
network 172
.16
.0.0 255.255
.0.0
network 192.168
.7.0 255.255
.0.0
neighbor 172
.16
.200.1
remote-as 167
exit
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-out out
neighbor 172
.26
.234.2
remote-as 109
exit
address-family ipv4 unicast
neighbor 172
.26
.64.19
remote-as 99
exit
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
154 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Neighbor Configuration: ExampleBGP Confederation: Example
The following is a sample configuration thatshowsseveral peersin a confederation. The confederation consists
of three internal autonomous systems with autonomous system numbers 6001, 6002, and 6003. To the BGP
speakers outside the confederation, the confederation lookslike a normal autonomoussystem with autonomous
system number 666 (specified using the bgp confederation identifier command).
In a BGP speaker in autonomous system 6001, the bgp confederation peers command marks the peers from
autonomous systems 6002 and 6003 as special eBGP peers. Hence, peers 171.16 .232.55 and 171.16 .232.56
get the local preference, next hop, and MED unmodified in the updates. The router at 171 .19 .69.1 is a normal
eBGP speaker, and the updates received by it from this peer are just like a normal eBGP update from a peer
in autonomous system 666.
router bgp 6001
bgp confederation identifier 666
bgp confederation peers
6002
6003
exit
address-family ipv4 unicast
neighbor 171.16
.232.55
remote-as 6002
exit
address-family ipv4 unicast
neighbor 171.16
.232.56
remote-as 6003
exit
address-family ipv4 unicast
neighbor 171
.19
.69.1
remote-as 777
In a BGP speaker in autonomous system 6002, the peers from autonomous systems 6001 and 6003 are
configured as special eBGP peers. Peer 171 .17 .70.1 is a normal iBGP peer, and peer 199.99.99.2 is a normal
eBGP peer from autonomous system 700.
router bgp 6002
bgp confederation identifier 666
bgp confederation peers
6001
6003
exit
address-family ipv4 unicast
neighbor 171
.17
.70.1
remote-as 6002
exit
address-family ipv4 unicast
neighbor 171.19
.232.57
remote-as 6001
exit
address-family ipv4 unicast
neighbor 171.19
.232.56
remote-as 6003
exit
address-family ipv4 unicast
neighbor 171
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 155
Implementing BGP on Cisco ASR 9000 Series Router
BGP Confederation: Example.19
.99.2
remote-as 700
exit
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
In a BGP speaker in autonomous system 6003, the peers from autonomous systems 6001 and 6002 are
configured as special eBGP peers. Peer 192 .168 .200.200 is a normal eBGP peer from autonomous system
701.
router bgp 6003
bgp confederation identifier 666
bgp confederation peers
6001
6002
exit
address-family ipv4 unicast
neighbor 171.19
.232.57
remote-as 6001
exit
address-family ipv4 unicast
neighbor 171.19
.232.55
remote-as 6002
exit
address-family ipv4 unicast
neighbor 192
.168
.200.200
remote-as 701
exit
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
The following is a part of the configuration from the BGP speaker 192 .168 .200.205 from autonomoussystem
701 in the same example. Neighbor 171.16 .232.56 is configured as a normal eBGP speaker from autonomous
system 666. The internal division of the autonomous system into multiple autonomous systems is not known
to the peers external to the confederation.
router bgp 701
address-family ipv4 unicast
neighbor 172
.16
.232.56
remote-as 666
exit
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
exit
address-family ipv4 unicast
neighbor 192
.168
.200.205
remote-as 701
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
156 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Confederation: ExampleBGP Route Reflector: Example
The following example shows how to use an address family to configure internal BGP peer 10.1.1.1 as a route
reflector client for both unicast and multicast prefixes:
router bgp 140
address-family ipv4 unicast
neighbor 10.1.1.1
remote-as 140
address-family ipv4 unicast
route-reflector-client
exit
address-family ipv4 multicast
route-reflector-client
BGP Nonstop Routing Configuration: Example
The following example shows how to enable BGP NSR:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# router bgp 120
RP/0/RSP0/CPU0:router(config-bgp)# nsr
RP/0/RSP0/CPU0:router(config-bgp)# end
The following example shows how to disable BGP NSR:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# router bgp 120
RP/0/RSP0/CPU0:router(config-bgp)# no nsr
RP/0/RSP0/CPU0:router(config-bgp)# end
Primary Backup Path Installation: Example
The following example shows how to enable installation of primary backup path:
router bgp 120
address-family ipv4 unicast
additional-paths receive
additional-paths send
additional-paths selection route-policy bgp_add_path
!
!
end
Allocated Local Label Retention: Example
The following example shows how to retain the previously allocated local label for the primary path on the
primary PE for 10 minutes after reconvergence:
router bgp 100
address-family l2vpn vpls-vpws
retain local-label 10
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 157
Implementing BGP on Cisco ASR 9000 Series Router
BGP Route Reflector: Exampleend
iBGP Multipath Loadsharing Configuration: Example
The following is a sample configuration where 30 paths are used for loadsharing:
router bgp 100
address-family ipv4 multicast
maximum-paths ibgp 30
!
!
end
Configuring BGP Additional Paths: Example
This is a sample configuration for enabling BGP Additional Paths send, receive, and selcetion capabilities:
route-policy add_path_policy
if community matches-any (*) then
set path-selection all advertise
else
pass
endif
end-policy
!
router bgp 100
address-family ipv4 unicast
additional-paths receive
additional-paths send
additional-paths selection route-policy add_path_policy
!
!
end
Originating Prefixes With AiGP: Example
The following is a sample configuration for originating prefixes with the AiGP metric attribute:
route-policy aigp-policy
set aigp-metric 4
set aigp-metric igp-cost
end-policy
!
router bgp 100
address-family ipv4 unicast
network 10.2.3.4/24 route-policy aigp-policy
redistribute ospf osp1 metric 4 route-policy aigp-policy
!
!
end
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
158 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
iBGP Multipath Loadsharing Configuration: ExampleBGP Unequal Cost Recursive Load Balancing: Example
This is a sample configuration for unequal cost recursive load balancing:
interface Loopback0
ipv4 address 20.20.20.20 255.255.255.255
!
interface MgmtEth0/RSP0/CPU0/0
ipv4 address 8.43.0.10 255.255.255.0
!
interface TenGigE0/3/0/0
bandwidth 8000000
ipv4 address 11.11.11.11 255.255.255.0
ipv6 address 11:11:0:1::11/64
!
interface TenGigE0/3/0/1
bandwidth 7000000
ipv4 address 11.11.12.11 255.255.255.0
ipv6 address 11:11:0:2::11/64
!
interface TenGigE0/3/0/2
bandwidth 6000000
ipv4 address 11.11.13.11 255.255.255.0
ipv6 address 11:11:0:3::11/64
!
interface TenGigE0/3/0/3
bandwidth 5000000
ipv4 address 11.11.14.11 255.255.255.0
ipv6 address 11:11:0:4::11/64
!
interface TenGigE0/3/0/4
bandwidth 4000000
ipv4 address 11.11.15.11 255.255.255.0
ipv6 address 11:11:0:5::11/64
!
interface TenGigE0/3/0/5
bandwidth 3000000
ipv4 address 11.11.16.11 255.255.255.0
ipv6 address 11:11:0:6::11/64
!
interface TenGigE0/3/0/6
bandwidth 2000000
ipv4 address 11.11.17.11 255.255.255.0
ipv6 address 11:11:0:7::11/64
!
interface TenGigE0/3/0/7
bandwidth 1000000
ipv4 address 11.11.18.11 255.255.255.0
ipv6 address 11:11:0:8::11/64
!
interface TenGigE0/4/0/0
description CONNECTED TO IXIA 1/3
transceiver permit pid all
!
interface TenGigE0/4/0/2
ipv4 address 9.9.9.9 255.255.0.0
ipv6 address 9:9::9/64
ipv6 enable
!
route-policy pass-all
pass
end-policy
!
router static
address-family ipv4 unicast
202.153.144.0/24 8.43.0.1
!
!
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 159
Implementing BGP on Cisco ASR 9000 Series Router
BGP Unequal Cost Recursive Load Balancing: Examplerouter bgp 100
bgp router-id 20.20.20.20
address-family ipv4 unicast
maximum-paths eibgp 8
redistribute connected
!
neighbor 11.11.11.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
neighbor 11.11.12.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
neighbor 11.11.13.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
neighbor 11.11.14.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
neighbor 11.11.15.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
neighbor 11.11.16.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
neighbor 11.11.17.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
neighbor 11.11.18.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
!
end
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
160 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Unequal Cost Recursive Load Balancing: ExampleWhere to Go Next
For detailed information about BGP commands, see Cisco ASR 9000 Series Aggregation Services Router
Routing Command Reference
Additional References
The following sections provide references related to implementing BGP.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router
Routing Command Reference
BGP commands: complete command syntax,
command modes, command history, defaults, usage
guidelines, and examples
Cisco ASR 9000 Series Aggregation Services Router
IP Addresses and Services Command Reference
Cisco Express Forwarding (CEF) commands:
complete command syntax, command modes,
command history, defaults, usage guidelines, and
examples
Cisco ASR 9000 Series Aggregation Services Router
MPLS Configuration Guide
MPLS VPN configuration information.
Cisco ASR 9000 Series Aggregation Services Router
Interface and Hardware Component Configuration
Guide and Cisco ASR 9000 Series Aggregation
Services Router Interface and Hardware Component
Command Reference
Bidirectional Forwarding Detection (BFD)
Configuring AAA Services on Cisco ASR 9000 Series
Router module of Cisco ASR 9000 Series
Aggregation Services Router System Security
Configuration Guide
Task ID information.
Standards
Standards Title
Authentication for TCP-based Routing and
Management Protocols, by R. Bonica, B. Weis, S.
Viswanathan, A. Lange, O. Wheeler
draft-bonica-tcp-auth-05.txt
A Border Gateway Protocol 4, by Y. Rekhter, T.Li,
S. Hares
draft-ietf-idr-bgp4-26.txt
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 161
Implementing BGP on Cisco ASR 9000 Series Router
Where to Go NextStandards Title
Definitions of Managed Objects for the Fourth
Version of Border Gateway Protocol (BGP-4), by J.
Hass and S. Hares
draft-ietf-idr-bgp4-mib-15.txt
Subcodes for BGP Cease Notification Message, by
Enke Chen, V. Gillet
draft-ietf-idr-cease-subcode-05.txt
Avoid BGP Best Path Transitions from One External
to Another, by Enke Chen, Srihari Sangli
draft-ietf-idr-avoid-transition-00.txt
BGP Support for Four-octet AS Number Space, by
Quaizar Vohra, Enke Chen
draft-ietf-idr-as4bytes-12.txt
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
RFCs
RFCs Title
RFC 1700 Assigned Numbers
RFC 1997 BGP Communities Attribute
Protection of BGP Sessions via the TCP MD5
Signature Option
RFC 2385
RFC 2439 BGP Route Flap Damping
Use of BGP-4 Multiprotocol Extensions for IPv6
Inter-Domain Routing
RFC 2545
BGP Route Reflection - An Alternative to Full Mesh
IBGP
RFC 2796
RFC 2858 Multiprotocol Extensions for BGP-4
RFC 2918 Route Refresh Capability for BGP-4
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
162 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Additional ReferencesRFCs Title
RFC 3065 Autonomous System Confederations for BGP
RFC 3392 Capabilities Advertisement with BGP-4
RFC 4271 A Border Gateway Protocol 4 (BGP-4)
RFC 4364 BGP/MPLS IP Virtual Private Networks (VPNs)
RFC 4724 Graceful Restart Mechanism for BGP
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 163
Implementing BGP on Cisco ASR 9000 Series Router
Additional References Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
164 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 2
Implementing EIGRP on Cisco ASR 9000 Series
Router
The Enhanced Interior Gateway Routing Protocol (EIGRP) is an enhanced version of IGRP developed by
Cisco. This module describes the concepts and tasks you need to implement basic EIGRP configuration
using Cisco IOS XR software. EIGRP uses distance vector routing technology, which specifies that a router
need not know all the router and link relationships for the entire network. Each router advertises destinations
with a corresponding distance and upon receiving routes, adjuststhe distance and propagatesthe information
to neighboring routes.
For EIGRP configuration information related to the following features, see the Related Documents, on page
203 section of this module.
• Multiprotocol Label Switching (MPLS) Layer 3 Virtual Private Network (VPN)
• Site of Origin (SoO) Support
For more information about EIGRP on the Cisco IOS XR software and complete descriptions of the EIGRP
commandslisted in this module,see the Related Documents, on page 203 section of this module. To locate
documentation for other commands that might appear while executing a configuration task, search online
in the Cisco IOS XR software master command index.
Note
Feature History for Implementing EIGRP on Cisco ASR 9000 Series Router Software
Release Modification
Release 3.7.2 This feature was introduced.
Release 3.9.0 No modification.
• Prerequisites for Implementing EIGRP, page 166
• Restrictions for Implementing EIGRP , page 166
• Information About Implementing EIGRP, page 166
• How to Implement EIGRP , page 177
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 165• Configuration Examples for Implementing EIGRP , page 201
• Additional References, page 203
Prerequisites for Implementing EIGRP
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Restrictions for Implementing EIGRP
The following restrictions are employed when running EIGRP on this version of Cisco IOS XR software:
• Only one instance of an EIGRP process is supported.
• Bidirectional Forwarding Detection (BFD) feature and the Simple Network Management Protocol
(SNMP) MIB are not supported.
• Interface static routes are not automatically redistributed into EIGRP, because there are no network
commands.
• Metric configuration (either through the default-metric command or a route policy) is required for
redistribution of connected and static routes.
• Auto summary is disabled by default.
• Stub leak maps are not supported.
Information About Implementing EIGRP
To implement EIGRP, you need to understand the following concepts:
EIGRP Functional Overview
Enhanced Interior Gateway Routing Protocol (EIGRP) is an interior gateway protocolsuited for many different
topologies and media. EIGRP scales well and provides extremely quick convergence times with minimal
network traffic.
EIGRP has very low usage of network resources during normal operation. Only hello packets are transmitted
on a stable network. When a change in topology occurs, only the routing table changes are propagated and
not the entire routing table. Propagation reduces the amount of load the routing protocol itself places on the
network. EIGRP also provides rapid convergence times for changes in the network topology.
The distance information in EIGRP isrepresented as a composite of available bandwidth, delay, load utilization,
and link reliability with improved convergence properties and operating efficiency. The fine-tuning of link
characteristics achieves optimal paths.
The convergence technology that EIGRP usesis based on research conducted at SRI International and employs
an algorithm referred to as the Diffusing Update Algorithm (DUAL). This algorithm guarantees loop-free
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
166 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Prerequisites for Implementing EIGRPoperation at every instant throughout a route computation and allows all devicesinvolved in a topology change
to synchronize at the same time. Routers that are not affected by topology changes are not involved in
recomputations. The convergence time with DUAL rivals that of any other existing routing protocol.
EIGRP Features
EIGRP offers the following features:
• Fast convergence—The DUAL algorithm allows routing information to converge as quickly as any
currently available routing protocol.
• Partial updates—EIGRP sends incremental updates when the state of a destination changes, instead of
sending the entire contents of the routing table. Thisfeature minimizesthe bandwidth required for EIGRP
packets.
• Neighbor discovery mechanism—This is a simple hello mechanism used to learn about neighboring
routers. It is protocol independent.
• Variable-length subnet masks (VLSMs).
• Arbitrary route summarization.
• Scaling—EIGRP scales to large networks.
The following key features are supported in the Cisco IOS XR implementation:
• Provider Edge (PE)-Customer Edge (CE) protocolsupport with Site of Origin (SoO) and Border Gateway
Protocol (BGP) cost community support.
• PECE protocol support for MPLS.
EIGRP Components
EIGRP has the following four basic components:
• Neighbor discovery or neighbor recovery
• Reliable transport protocol
• DUAL finite state machine
• Protocol-dependent modules
Neighbor discovery or neighbor recovery is the process that routers use to dynamically learn of other routers
on their directly attached networks. Routers must also discover when their neighbors become unreachable or
inoperative. Neighbor discovery or neighbor recovery is achieved with low overhead by periodically sending
small hello packets. As long as hello packets are received, the Cisco IOS XR software can determine that a
neighbor is alive and functioning. After this status is determined, the neighboring routers can exchange routing
information.
The reliable transport protocol isresponsible for guaranteed, ordered delivery of EIGRP packetsto all neighbors.
It supports intermixed transmission of multicast and unicast packets. Some EIGRP packets must be sent
reliably and others need not be. For efficiency, reliability is provided only when necessary. For example, on
a multiaccess network that has multicast capabilities (such as Ethernet) it is not necessary to send hello packets
reliably to all neighbors individually. Therefore, EIGRP sends a single multicast hello with an indication in
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 167
Implementing EIGRP on Cisco ASR 9000 Series Router
EIGRP Featuresthe packet informing the receivers that the packet need not be acknowledged. Other types of packets (such as
updates) require acknowledgment, which is indicated in the packet. The reliable transport has a provision to
send multicast packets quickly when unacknowledged packets are pending. This provision helps to ensure
that convergence time remains low in the presence of various speed links.
The DUAL finite state machine embodies the decision process for all route computations. It tracks all routes
advertised by all neighbors. DUAL uses the distance information (known as a metric) to select efficient,
loop-free paths. DUAL selectsroutesto be inserted into a routing table based on a calculation of the feasibility
condition. A successor is a neighboring router used for packet forwarding that has a least-cost path to a
destination that is guaranteed not to be part of a routing loop. When there are no feasible successors but there
are neighbors advertising the destination, a recomputation must occur. This is the process whereby a new
successor is determined. The amount of time required to recompute the route affects the convergence time.
Recomputation is processor intensive; it is advantageous to avoid unneeded recomputation. When a topology
change occurs, DUAL testsfor feasible successors. If there are feasible successors, it uses any it findsto avoid
unnecessary recomputation.
The protocol-dependent modules are responsible for network layer protocol-specific tasks. An example is the
EIGRP module, which is responsible for sending and receiving EIGRP packets that are encapsulated in IP.
It is also responsible for parsing EIGRP packets and informing DUAL of the new information received. EIGRP
asks DUAL to make routing decisions, but the results are stored in the IP routing table. EIGRP is also
responsible for redistributing routes learned by other IP routing protocols.
EIGRP Configuration Grouping
Cisco IOS XR software groups all EIGRP configuration under router EIGRP configuration mode, including
interface configuration portions associated with EIGRP. To display EIGRP configuration in its entirety, use
the show running-config router eigrp command. The command output displays the running configuration
for the configured EIGRP instance, including the interface assignments and interface attributes.
EIGRP Configuration Modes
The following examples show how to enter each of the configuration modes. From a mode, you can enter the
? command to display the commands available in that mode.
Router Configuration Mode
The following example shows how to enter router configuration mode:
RP/0/RSP0/CPU0:router# configuration
RP/0/RSP0/CPU0:router(config)# router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)#
VRF Configuration Mode
The following example shows how to enter VRF configuration mode:
RP/0/RSP0/CPU0:router# configuration
RP/0/RSP0/CPU0:router(config)# router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)# vrf customer1
RP/0/RSP0/CPU0:router(config-eigrp-vrf)#
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
168 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
EIGRP Configuration GroupingIPv4 Address Family Configuration Mode
The following example shows how to enter IPv4 address family configuration mode:
RP/0/RSP0/CPU0:router# configuration
RP/0/RSP0/CPU0:router(config)# router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4
RP/0/RSP0/CPU0:router(config-eigrp-af)#
IPv4 VRF Address Family Configuration Mode
The following example shows how to enter IPv4 VRF address family configuration mode:
RP/0/RSP0/CPU0:router# configuration
RP/0/RSP0/CPU0:router(config)# router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)# vrf customer1
RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address-family ipv4
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
Interface Configuration Mode
The following example shows how to enter interface configuration mode in IPv4 addressfamily configuration
mode:
RP/0/RSP0/CPU0:router# configuration
RP/0/RSP0/CPU0:router(config)# router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4
RP/0/RSP0/CPU0:router(config-eigrp-af)# interface GigabitEthernet 0/3/0/0
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
EIGRP Interfaces
EIGRP interfaces can be configured as either of the following types:
• Active—Advertises connected prefixes and forms adjacencies. This is the default type for interfaces.
• Passive—Advertises connected prefixes but does not form adjacencies. The passive command is used
to configure interfaces as passive. Passive interfaces should be used sparingly for important prefixes,
such as loopback addresses, that need to be injected into the EIGRP domain. If many connected prefixes
need to be advertised, then the redistribution of connected routes with the appropriate policy should be
used instead.
Redistribution for an EIGRP Process
Routes from other protocols can be redistributed into EIGRP. A route policy can be configured along with
the redistribute command. A metric is required, configured either through the default-metric command or
under the route policy configured with the redistribute command to import routes into EIGRP.
A route policy allows the filtering of routes based on attributes such as the destination, origination protocol,
route type, route tag, and so on. When redistribution is configured under a VRF, EIGRP retrieves extended
communities attached to the route in the routing information base (RIB). The SoO is used to filter out routing
loops in the presence of MPSL VPN backdoor links.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 169
Implementing EIGRP on Cisco ASR 9000 Series Router
EIGRP InterfacesMetric Weights for EIGRP Routing
EIGRP uses the minimum bandwidth on the path to a destination network and the total delay to compute
routing metrics. You can use the metric weights command to adjust the default behavior of EIGRP routing
and metric computations. For example, this adjustment allows you to tune system behavior to allow forsatellite
transmission. EIGRP metric defaults have been carefully selected to provide optimal performance in most
networks.
By default, the EIGRP composite metric is a 32-bit quantity that is a sum of the segment delays and lowest
segment bandwidth (scaled and inverted) for a given route. For a network of homogeneous media, this metric
reduces to a hop count. For a network of mixed media (FDDI, Ethernet, and serial lines running from 9600
bits per second to T1 rates), the route with the lowest metric reflects the most desirable path to a destination.
Mismatched K Values
Mismatched K values (EIGRP metrics) can prevent neighbor relationships from being established and can
negatively impact network convergence. The following example explains this behavior between two EIGRP
peers (ROUTER-A and ROUTER-B).
The following error message is displayed in the console of ROUTER-B because the K values are mismatched:
RP/0/RSP0/CPU0:Mar 13 08:19:55:eigrp[163]:%ROUTING-EIGRP-5-NBRCHANGE:IP-EIGRP(0) 1:Neighbor
11.0.0.20 (GigabitEthernet0/6/0/0) is down: K-value mismatch
Two scenarios occur in which this error message can be displayed:
• The two routers are connected on the same link and configured to establish a neighbor relationship.
However, each router is configured with different K values.
The following configuration is applied to ROUTER-A. The K values are changed with the metric
weights command. A value of 2 is entered for the k1 argument to adjust the bandwidth calculation. The
value of 1 is entered for the k3 argument to adjust the delay calculation.
hostname ROUTER-A!
interface GigabitEthernet0/6/0/0
ipv4 address 10.1.1.1 255.255.255.0
router eigrp 100
metric weights 0 2 0 1 0 0
interface GigabitEthernet0/6/0/0
The following configuration is applied to ROUTER-B. However, the metric weights command is not
applied and the default K values are used. The default K values are 1, 0, 1, 0, and 0.
hostname ROUTER-B!
interface GigabitEthernet0/6/0/1
ipv4 address 10.1.1.2 255.255.255.0
router eigrp 100
interface GigabitEthernet0/6/0/1
The bandwidth calculation is set to 2 on ROUTER-A and set to 1 (by default) on ROUTER-B. This
configuration prevents these peers from forming a neighbor relationship.
• The K-value mismatch error message can also be displayed if one of the two peers has transmitted a
“goodbye” message and the receiving router does not support this message. In this case, the receiving
router interprets this message as a K-value mismatch.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
170 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Metric Weights for EIGRP RoutingGoodbye Message
The goodbye message is a feature designed to improve EIGRP network convergence. The goodbye message
is broadcast when an EIGRP routing process is shut down to inform adjacent peers about the impending
topology change. This feature allows supporting EIGRP peers to synchronize and recalculate neighbor
relationships more efficiently than would occur if the peers discovered the topology change after the hold
timer expired.
The following message is displayed by routers that run a supported release when a goodbye message is
received:
RP/0/RSP0/CPU0:Mar 13 09:13:17:eigrp[163]:%ROUTING-EIGRP-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor
10.0.0.20 (GigabitEthernet0/6/0/0) is down: Interface Goodbye received
A Cisco router that runs a software release that does not support the goodbye message can misinterpret the
message as a K-value mismatch and display the following message:
RP/0/RSP0/CPU0:Mar 13 09:13:17:eigrp[163]:%ROUTING-EIGRP-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor
10.0.0.20 (GigabitEthernet0/6/0/0) is down: K-value mismatch
The receipt of a goodbye message by a nonsupporting peer does not disrupt normal network operation.
The nonsupporting peer terminates the session when the hold timer expires. The sending and receiving
routers reconverge normally after the sender reloads.
Note
Percentage of Link Bandwidth Used for EIGRP Packets
By default, EIGRP packets consume a maximum of 50 percent of the link bandwidth, as configured with the
bandwidth interface configuration command. You might want to change that value if a different level of link
utilization is required or if the configured bandwidth does not match the actual link bandwidth (it may have
been configured to influence route metric calculations).
Floating Summary Routes for an EIGRP Process
You can also use a floating summary route when configuring the summary-address command. The floating
summary route is created by applying a default route and administrative distance at the interface level. The
following scenario illustrates the behavior of this enhancement.
Figure 9: Floating Summary Route Is Applied to Router-B, on page 172 shows a network with three routers,
Router-A, Router-B, and Router-C. Router-A learns a default route from elsewhere in the network and then
advertises this route to Router-B. Router-B is configured so that only a default summary route is advertised
to Router-C. The defaultsummary route is applied to interface 0/1 on Router-B with the following configuration:
RP/0/RSP0/CPU0:router(config)# router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4
RP/0/RSP0/CPU0:router(config-eigrp-af)# interface GigabitEthernet 0/3/0/0
RP/0/RSP0/CPU0:router(config-eigrp-af-if)# summary-address 100.0.0.0 0.0.0.0
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 171
Implementing EIGRP on Cisco ASR 9000 Series Router
Percentage of Link Bandwidth Used for EIGRP PacketsFigure 9: Floating Summary Route Is Applied to Router-B
The configuration of the default summary route on Router-B sends a 0.0.0.0/0 summary route to Router-C
and blocks all other routes, including the 10.1.1.0/24 route, from being advertised to Router-C. However, this
configuration also generates a local discard route on Router-B, a route for 0.0.0.0/0 to the null 0 interface with
an administrative distance of 5. When this route is created, it overrides the EIGRP learned default route.
Router-B is no longer able to reach destinations that it would normally reach through the 0.0.0.0.0/0 route.
This problem is resolved by applying a floating summary route to the interface on Router-B that connects to
Router-C. The floating summary route is applied by relating an administrative distance to the default summary
route on the interface of Router-B with the following statement:
RP/0/RSP0/CPU0:router(config-if)# summary-address 100 0.0.0.0 0.0.0.0 250
The administrative distance of 250, applied in the above statement, is now assigned to the discard route
generated on Router-B. The 0.0.0.0/0, from Router-A, is learned through EIGRP and installed in the local
routing table. Routing to Router-C is restored.
If Router-A loses the connection to Router-B, Router-B continues to advertise a default route to Router-C,
which allows traffic to continue to reach destinations attached to Router-B. However, traffic destined for
networks to Router-A or behind Router-A is dropped when the traffic reaches Router-B.
Figure 10: Floating Summary Route Applied for Dual-Homed Remotes, on page 173 shows a network with
two connectionsfrom the core: Router-A and Router-D. Both routers have floating summary routes configured
on the interfaces connected to Router-C. If the connection between Router-E and Router-C fails, the network
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
172 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Floating Summary Routes for an EIGRP Processcontinues to operate normally. All traffic flows from Router-C through Router-B to the hosts attached to
Router-A and Router-D.
Figure 10: Floating Summary Route Applied for Dual-Homed Remotes
However, if the link between Router-D and Router-E fails, the network may dump traffic into a black hole
because Router-E continues to advertise the default route (0.0.0.0/0) to Router-C, as long as at least one link
(other than the link to Router-C) to Router-E is still active. In this scenario, Router-C still forwards traffic to
Router-E, but Router-E drops the traffic creating the black hole. To avoid this problem, you should configure
the summary address with an administrative distance on only single-homed remote routers or areas in which
only one exit point exists between the segments of the network. If two or more exit points exist (from one
segment of the network to another), configuring the floating default route can cause a black hole to form.
Split Horizon for an EIGRP Process
Split horizon controls the sending of EIGRP update and query packets. When split horizon is enabled on an
interface, update and query packets are not sent for destinations for which this interface is the next hop.
Controlling update and query packets in this manner reduces the possibility of routing loops.
By default, split horizon is enabled on all interfaces.
Split horizon blocks route information from being advertised by a router on any interface from which that
information originated. This behavior usually optimizes communications among multiple routing devices,
particularly when links are broken. However, with nonbroadcast networks (such as Frame Relay and SMDS),
situations can arise for which this behavior islessthan ideal. For these situations, including networksin which
you have EIGRP configured, you may want to disable split horizon.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 173
Implementing EIGRP on Cisco ASR 9000 Series Router
Split Horizon for an EIGRP ProcessAdjustment of Hello Interval and Hold Time for an EIGRP Process
You can adjust the interval between hello packets and the hold time.
Routing devices periodically send hello packets to each other to dynamically learn of other routers on their
directly attached networks. This information is used to discover neighbors and learn when neighbors become
unreachable or inoperative. By default, hello packets are sent every 5 seconds.
You can configure the hold time on a specified interface for a particular EIGRP routing process designated
by the autonomous system number. The hold time is advertised in hello packets and indicates to neighbors
the length of time they should consider the sender valid. The default hold time is three times the hello interval,
or 15 seconds.
Stub Routing for an EIGRP Process
The EIGRP Stub Routing feature improves network stability, reduces resource usage, and simplifies stub
router configuration.
Stub routing is commonly used in a hub-and-spoke network topology. In a hub-and-spoke network, one or
more end (stub) networks are connected to a remote router (the spoke) that is connected to one or more
distribution routers (the hub). The remote router is adjacent only to one or more distribution routers. The only
route for IP traffic to follow into the remote router is through a distribution router. This type of configuration
is commonly used in WAN topologies in which the distribution router is directly connected to a WAN. The
distribution router can be connected to many more remote routers. Often, the distribution router is connected
to 100 or more remote routers. In a hub-and-spoke topology, the remote router must forward all nonlocal
traffic to a distribution router, so it becomes unnecessary for the remote router to hold a complete routing
table. Generally, the distribution router need not send anything more than a default route to the remote router.
When using the EIGRP Stub Routing feature, you need to configure the distribution and remote routers to
use EIGRP and configure only the remote router as a stub. Only specified routes are propagated from the
remote (stub) router. The stub router responds to all queries for summaries, connected routes, redistributed
static routes, external routes, and internal routes with the message “inaccessible.” A router that is configured
as a stub sends a special peer information packet to all neighboring routers to report its status as a stub router.
Any neighbor that receives a packet informing it of the stub status does not query the stub router for any
routes, and a router that has a stub peer does not query that peer. The stub router depends on the distribution
router to send the proper updates to all peers.
This figure shows a simple hub-and-spoke configuration.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
174 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Adjustment of Hello Interval and Hold Time for an EIGRP ProcessFigure 11: Simple Hub-and-Spoke Network
The stub routing feature by itself does not prevent routes from being advertised to the remote router. In the
example in Figure 11: Simple Hub-and-Spoke Network, on page 174 , the remote router can access the
corporate network and the Internet through the distribution router only. Having a full route table on the remote
router, in this example, would serve no functional purpose because the path to the corporate network and the
Internet would always be through the distribution router. The larger route table would only reduce the amount
of memory required by the remote router. Bandwidth and memory can be conserved by summarizing and
filtering routes in the distribution router. The remote router need not receive routes that have been learned
from other networks because the remote router must send all nonlocal traffic, regardless of destination, to the
distribution router. If a true stub network is desired, the distribution router should be configured to send only
a default route to the remote router. The EIGRP Stub Routing feature does not automatically enable
summarization on the distribution router. In most cases, the network administrator needs to configure
summarization on the distribution routers.
Without the stub feature, even after the routes that are sent from the distribution router to the remote router
have been filtered orsummarized, a problem might occur. If a route islostsomewhere in the corporate network,
EIGRP could send a query to the distribution router, which in turn sends a query to the remote router even if
routes are being summarized. If there is a problem communicating over the WAN link between the distribution
router and the remote router, an EIGRP stuck in active (SIA) condition could occur and cause instability
elsewhere in the network. The EIGRP Stub Routing feature allows a network administrator to prevent queries
from being sent to the remote router.
Route Policy Options for an EIGRP Process
Route policies comprise series of statements and expressions that are bracketed with the route-policy and
end-policy keywords. Rather than a collection of individual commands (one for each line), the statements
within a route policy have context relative to each other. Thus, instead of each line being an individual
command, each policy orset is an independent configuration object that can be used, entered, and manipulated
as a unit.
Each line of a policy configuration is a logical subunit. At least one new line must follow the then , else ,
and end-policy keywords. A new line must also follow the closing parenthesis of a parameter list and the
name string in a reference to an AS path set, community set, extended community set, or prefix set (in the
EIGRP context). At least one new line must precede the definition of a route policy or prefix set. A new line
must appear at the end of a logical unit of policy expression and may not appear anywhere else.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 175
Implementing EIGRP on Cisco ASR 9000 Series Router
Route Policy Options for an EIGRP ProcessThis is the command to set the EIGRP metric in a route policy:
RP/0/RSP0/CPU0:router(config-rpl)# set eigrp-metric bandwidth delay reliability loading mtu
This is the command to provide EIGRP offset list functionality in a route policy:
RP/0/RSP0/CPU0:router(config-rpl)# add eigrp-metric bandwidth delay reliability loading mtu
A route policy can be used in EIGRP only if all the statements are applicable to the particular EIGRP attach
point. The following commands accept a route policy:
• default-information allowed—Match statements are allowed for destination. No set statements are
allowed.
• route-policy—Match statements are allowed for destination, next hop, and tag. Set statements are
allowed for eigrp-metric and tag.
• redistribute—Match statements are allowed for destination, next hop,source-protocol, tag and route-type.
Set statements are allowed for eigrp-metric and tag.
The range for setting a tag is 0 to 255 for internal routes and 0 to 4294967295 for external routes.
EIGRP Layer 3 VPN PE-CE Site-of-Origin
The EIGRP MPLS and IP VPN PE-CE Site-of-Origin (SoO) feature introduces the capability to filter
Multiprotocol Label Switching (MPLS) and IP Virtual Private Network (VPN) traffic on a per-site basis for
EIGRP networks. SoO filtering is configured at the interface level and is used to manage MPLS and IP VPN
traffic and to prevent transient routing loops from occurring in complex and mixed network topologies.
Router Interoperation with the Site-of-Origin Extended Community
The configuration of the SoO extended community allows routers that support this feature to identify the site
from which each route originated. When this feature is enabled, the EIGRP routing process on the PE or CE
router checks each received route for the SoO extended community and filters based on the following conditions:
• A received route from BGP or a CE router contains a SoO value that matches the SoO value on the
receiving interface:
? If a route is received with an associated SoO value that matches the SoO value that is configured
on the receiving interface, the route is filtered out because it was learned from another PE router
or from a backdoor link. This behavior is designed to prevent routing loops.
• A received route from a CE router is configured with a SoO value that does not match:
? If a route is received with an associated SoO value that does not match the SoO value that is
configured on the receiving interface, the route is accepted into the EIGRP topology table so that
it can be redistributed into BGP.
? If the route is already installed in the EIGRP topology table but is associated with a different SoO
value, the SoO value from the topology table is used when the route is redistributed into BGP.
• A received route from a CE router does not contain a SoO value:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
176 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
EIGRP Layer 3 VPN PE-CE Site-of-OriginIf a route is received without a SoO value, the route is accepted into the EIGRP topology table,
and the SoO value from the interface that is used to reach the next-hop CE router is appended to
the route before it is redistributed into BGP.
?
When BGP and EIGRP peers that support the SoO extended community receive these routes, they also
receive the associated SoO values and pass them to other BGP and EIGRP peers that support the SoO
extended community. This filtering is designed to prevent transient routes from being relearned from
the originating site, which prevents transient routing loops from occurring.
In conjunction with BGP cost community, EIGRP, BGP, and the RIB ensure that paths over the MPLS
VPN core are preferred over backdoor links.
For MPLS and IP VPN and SoO configuration information, see Implementing MPLS Layer 3 VPNs in
the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide.
EIGRP v4/v6 Authentication Using Keychain
EIGRP authentication using keychain introduces the capability to authenticate EIGRP protocol packets on a
per-interface basis. The EIGRP routing authentication provides a mechanism to authenticate all EIGRP protocol
traffic on one or more interfaces, based on Message Digest 5 (MD5) authentication.
The EIGRP routing authentication uses the Cisco IOS XR software security keychain infrastructure to store
and retrieve secret keys and to authenticate incoming and outgoing traffic on a per-interface basis.
How to Implement EIGRP
This section contains instructions for the following tasks:
Note To save configuration changes, you must commit changes when the system prompts you.
Enabling EIGRP Routing
This task enables EIGRP routing and establishes an EIGRP routing process.
Before You Begin
Although you can configure EIGRP before you configure an IP address, no EIGRP routing occurs until at
least one IP address is configured.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 177
Implementing EIGRP on Cisco ASR 9000 Series Router
EIGRP v4/v6 Authentication Using KeychainSUMMARY STEPS
1. configure
2. router eigrp as-number
3. address-family { ipv4 }
4. router-id id
5. default-metric bandwidth delay reliability loading mtu
6. distance internal-distance external-distance
7. interface type interface-path-id
8. holdtime seconds
9. bandwidth-percent percent
10. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number of the routing process to
configure an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp
100
Step 2
address-family { ipv4 } Enters an address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)#
address-family ipv4
Step 3
Step 4 router-id id (Optional) Configures a router-id for an EIGRP process.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)#
router-id 172.20.1.1
It is good practice to use the router-id command to
explicitly specify a unique 32-bit numeric value for the
router ID. This action ensures that EIGRP can function
regardless of the interface address configuration.
Note
default-metric bandwidth delay reliability (Optional) Sets metrics for an EIGRP process.
loading mtu
Step 5
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
178 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Enabling EIGRP RoutingCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
default-metric 1000 100 250 100 1500
(Optional) Allows the use of two administrative distances—internal
and external—that could be a better route to a node.
distance internal-distance external-distance
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
distance 80 130
Step 6
interface type interface-path-id Defines the interfaces on which the EIGRP routing protocol runs.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
interface GigabitEthernet 0/1/0/0
Step 7
Step 8 holdtime seconds (Optional) Configures the hold time for an interface.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
holdtime 30
To ensure nonstop forwarding during RP failovers, as the
number of neighbors increase, a higher holdtime than the
default value is recommended. With 256 neighbors across
all VRFs, we recommend 60 seconds.
Note
(Optional) Configuresthe percentage of bandwidth that may be used
by EIGRP on an interface.
bandwidth-percent percent
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
bandwidth-percent 75
Step 9
Step 10 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
or returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 179
Implementing EIGRP on Cisco ASR 9000 Series Router
Enabling EIGRP RoutingCommand or Action Purpose
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring Route Summarization for an EIGRP Process
This task configures route summarization for an EIGRP process.
You can configure a summary aggregate address for a specified interface. If any more specific routes are in
the routing table, EIGRP advertisesthe summary addressfrom the interface with a metric equal to the minimum
of all more specific routes.
Before You Begin
You should not use the summary-addresssummarization command to generate the default route (0.0.0.0)
from an interface. This command creates an EIGRP summary default route to the null 0 interface with an
administrative distance of 5. The low administrative distance of this default route can cause this route to
displace default routes learned from other neighbors from the routing table. If the default route learned
from the neighbors is displaced by the summary default route or the summary route is the only default
route present, all traffic destined for the default route does not leave the router; instead, this traffic is sent
to the null 0 interface, where it is dropped.
The recommended way to send only the default route from a given interface is to use a route-policy
command.
Note
SUMMARY STEPS
1. configure
2. router eigrp as-number
3. address-family { ipv4 }
4. route-policy name out
5. interface type interface-path-id
6. summary-address ip-address { / length | mask } [ admin-distance ]
7. Do one of the following:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
180 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring Route Summarization for an EIGRP ProcessDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RRP/0/RSP0/CPU0:router# configure
Step 1
Specifies the AS number of the routing process to configure an
EIGRP routing process
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp
100
Step 2
address-family { ipv4 } Enters an address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)#
address-family ipv4
Step 3
Applies a routing policy to updates advertised to or received from
an EIGRP neighbor.
route-policy name out
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
route-policy FILTER_DEFAULT out
Step 4
interface type interface-path-id Defines the interfaces on which the EIGRP routing protocol runs.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
interface GigabitEthernet 0/1/0/0
Step 5
Configures a summary aggregate addressfor the specified EIGRP
interface.
summary-address ip-address { / length | mask }
[ admin-distance ]
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
summary-address 192.168.0.0/16 95
Step 6
Step 7 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
end
exiting(yes/no/cancel)?[cancel]:
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 181
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring Route Summarization for an EIGRP ProcessCommand or Action Purpose
or
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Redistributing Routes for EIGRP
This task explains how to redistribute routes, apply limits on the number of routes, and set timers for nonstop
forwarding.
SUMMARY STEPS
1. configure
2. router eigrp as-number
3. address-family { ipv4 }
4. redistribute {{ bgp | connected | isis | ospf | rip | static } [ as-number ]} [ route-policy name
]
5. redistribute maximum-prefix maximum [ threshold ] [[ dampened ] [ reset-time minutes ] [ restart
minutes ] [ restart-count number ] | [ warning-only ]]
6. timers nsf route-hold seconds
7. maximum paths maximum
8. maximum-prefix maximum [ threshold ] [[ dampened ] [ reset-time minutes ] [ restart minutes ]
[ restart-count number ] | [ warning-only]]
9. Do one of the following:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
182 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Redistributing Routes for EIGRPDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the AS number of the routing process to configure
an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 100
Step 2
address-family { ipv4 } Enters an address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)#
address-family ipv4
Step 3
Redistributes the routes from the specified protocol and AS
number to the EIGRP process. Optionally, the redistributed
redistribute {{ bgp | connected | isis | ospf | rip
| static } [ as-number ]} [ route-policy name ]
Step 4
routes can be filtered into the EIGRP process by providing the
route policy.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
redistribute bgp 100
Limits the maximum number of prefixes that are redistributed
to the EIGRP process.
redistribute maximum-prefix maximum [ threshold
] [[ dampened ] [ reset-time minutes ] [ restart
minutes ] [ restart-count number ] | [ warning-only
]]
Step 5
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
redistribute maximum-prefix 5000 95 warning-only
Sets the timer that determines how long an NSF-aware EIGRP
router holds routes for an inactive peer.
timers nsf route-hold seconds
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)# timers
nsf route-hold 120
Step 6
Controls the maximum number of parallel routes that the
EIGRP can support.
maximum paths maximum
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)# maximum
paths 10
Step 7
Limits the number of prefixes that are accepted under an
address family by EIGRP.
maximum-prefix maximum [ threshold ] [[ dampened
] [ reset-time minutes ] [ restart minutes ] [
restart-count number ] | [ warning-only]]
Step 8
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 183
Implementing EIGRP on Cisco ASR 9000 Series Router
Redistributing Routes for EIGRPCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
maximum-prefix 50000
Step 9 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-eigrp-af)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Creating a Route Policy and Attaching It to an EIGRP Process
This task defines a route policy and shows how to attach it to an EIGRP process.
A route policy definition consists of the route-policy command and name argument followed by a sequence
of optional policy statements, and then closed with the end-policy command.
A route policy is not useful until it is applied to routes of a routing protocol.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
184 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Creating a Route Policy and Attaching It to an EIGRP ProcessSUMMARY STEPS
1. configure
2. route-policy name
3. set eigrp-metric bandwidth delay reliability load mtu
4. end-policy
5. Do one of the following:
• end
• commit
6. configure
7. router eigrp as-number
8. address-family { ipv4 }
9. route-policy route-policy-name { in | out }
10. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
route-policy name Defines a route policy and enters route-policy configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)#
route-policy IN-IPv4
Step 2
set eigrp-metric bandwidth delay reliability (Optional) Sets the EIGRP metric attribute.
load mtu
Step 3
Example:
RP/0/RSP0/CPU0:router(config-rpl)# set
eigrp metric 42 100 200 100 1200
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 185
Implementing EIGRP on Cisco ASR 9000 Series Router
Creating a Route Policy and Attaching It to an EIGRP ProcessCommand or Action Purpose
Endsthe definition of a route policy and exitsroute-policy configuration
mode.
end-policy
Example:
RP/0/RSP0/CPU0:router(config-rpl)#
end-policy
Step 4
Step 5 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-rpl)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-rpl)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router
Step 6
Specifies the autonomous system number of the routing process to
configure an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router
eigrp 100
Step 7
address-family { ipv4 } Enters an address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)#
address-family ipv4
Step 8
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
186 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Creating a Route Policy and Attaching It to an EIGRP ProcessCommand or Action Purpose
Applies a routing policy to updates advertised to or received from an
EIGRP neighbor.
route-policy route-policy-name { in | out }
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
route-policy IN-IPv4 in
Step 9
Step 10 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
or the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-eigrp-af)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring Stub Routing for an EIGRP Process
This task configures the distribution and remote routers to use an EIGRP process for stub routing.
Before You Begin
EIGRP stub routing should be used only on remote routers. A stub router is defined as a router connected
to the network core or distribution layer through which core transit traffic should not flow. A stub router
should not have any EIGRP neighbors other than distribution routers. Ignoring this restriction causes
undesirable behavior.
Note
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 187
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring Stub Routing for an EIGRP ProcessSUMMARY STEPS
1. configure
2. router eigrp as-number
3. address-family { ipv4 }
4. stub [ receive-only | {[ connected ] [ redistributed ] [ static ] [ summary ]}]
5. Do one of the following:
• end
• commit
6. show eigrp [ ipv4 ] [ vrf { vrf-name | all }] neighbors [ as-number ] [ detail ] [ type interface-path-id
| static ]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RRP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number of the routing process to
configure an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp
100
Step 2
address-family { ipv4 } Enters an address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)#
address-family ipv4
Step 3
stub [ receive-only | {[ connected ] [ Configures a router as a stub for EIGRP.
redistributed ] [ static ] [ summary ]}]
Step 4
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)# stub
receive-only
Step 5 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
188 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring Stub Routing for an EIGRP ProcessCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-eigrp-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Verifies that a remote router has been configured as a stub router
with EIGRP.
show eigrp [ ipv4 ] [ vrf { vrf-name | all }]
neighbors [ as-number ] [ detail ] [ type
interface-path-id | static ]
Step 6
The last line of the output shows the stub status of the remote or
spoke router.
Example:
RP/0/RSP0/CPU0:router# show eigrp neighbors
detail
Configuring EIGRP as a PE-CE Protocol
Perform thistask to configure EIGRP on the provider edge (PE) and establish provider edge-to-customer edge
(PE-CE) communication using EIGRP.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 189
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring EIGRP as a PE-CE ProtocolSUMMARY STEPS
1. configure
2. router eigrp as-number
3. vrf vrf-name
4. address-family { ipv4 }
5. router-id router-id
6. autonomous-system as-number
7. redistribute {{ bgp | connected | isis | ospf | ospfv3 | rip | static } [ as-number | instance-name
]} [ route-policy name ]
8. interface type interface-path-id
9. site-of-origin { as-number:number | ip-address : number }
10. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number of the routing
process to configure an EIGRP routing process
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 100
Step 2
vrf vrf-name Configures a VPN routing and forwarding (VRF) instance.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf_A
Step 3
address-family { ipv4 } Enters a VRF address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf)#
address-family ipv4
Step 4
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
190 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring EIGRP as a PE-CE ProtocolCommand or Action Purpose
router-id router-id Configures a router ID for the EIGRP process.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
router-id 33
Step 5
Configures an EIGRP routing process to run within the
VRF instance.
autonomous-system as-number
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
autonomous-system 2
Step 6
You must configure the autonomoussystem under
VRF configuration to bring-up the VRF interface.
Note
redistribute {{ bgp | connected | isis | ospf | ospfv3 Injects routes from one routing domain into EIGRP.
| rip | static } [ as-number | instance-name ]} [
route-policy name ]
Step 7
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
redistribute bgp 100
Configures the interface on which EIGRP the routing
protocol runs.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
interface gigabitEthernet 0/1/5/0
Step 8
Configuresthe site-of-origin (SoO) filtering on the EIGRP
interface.
site-of-origin { as-number:number | ip-address : number
}
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
site-of-origin 3:4
Step 9
Step 10 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
• commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# end
before exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
commit
? Entering yes saves configuration changes to the
running configuration file, exits the
configuration session, and returns the router to
EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 191
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring EIGRP as a PE-CE ProtocolCommand or Action Purpose
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Redistributing BGP Routes into EIGRP
Perform this task to redistribute BGP routes into EIGRP.
Typically, EIGRP routes are redistributed into BGP with extended community information appended to the
route. BGP carries the route over the VPN backbone with the EIGRP-specific information encoded in the
BGP extended community attributes. After the peering customer site receives the route, EIGRP redistributes
the BGP route then extractsthe BGP extended community information and reconstructsthe route asit appeared
in the original customer site.
When redistributing BGP routes into EIGRP, the receiving provider edge (PE) EIGRP router looks for BGP
extended community information. If the information is received, it is used to recreate the original EIGRP
route. If the information is missing, EIGRP uses the configured default metric value.
If the metric values are not derived from the BGP extended community and a default metric is not configured,
the route is not advertised to the customer edge (CE) router by the PE EIGRP. When BGP is redistributed
into BGP, metrics may not be added to the BGP prefix as extended communities; for example, if EIGRP is
not running on the other router. In this case, EIGRP is redistributed into BGP with a “no-metrics” option.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
192 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Redistributing BGP Routes into EIGRPSUMMARY STEPS
1. configure
2. router eigrp as-number
3. vrf vrf-name
4. address-family { ipv4 }
5. redistribute {{ bgp | connected | isis | ospf | ospfv3 | rip | static } [ as-number | instance-name
]} [ route-policy name ]
6. route-policy route-policy-name { in | out }
7. default-metric bandwidth delay reliability loading mtu
8. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number of the routing
process to configure an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 100
Step 2
vrf vrf-name Configures a VRF instance.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)# router
eigrp 100
Step 3
address-family { ipv4 } Enters a VRF address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf)#
address-family ipv4
Step 4
redistribute {{ bgp | connected | isis | ospf | Injects routes from one routing domain into EIGRP.
ospfv3 | rip | static } [ as-number | instance-name
]} [ route-policy name ]
Step 5
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 193
Implementing EIGRP on Cisco ASR 9000 Series Router
Redistributing BGP Routes into EIGRPCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
redistribute bgp 100
Applies a routing policy to updates advertised to or received
from an EIGRP neighbor.
route-policy route-policy-name { in | out }
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
route-policy policy_A in
Step 6
default-metric bandwidth delay reliability loading mtu Configures metrics for EIGRP.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
default-metric 1000 100 250 100 1500
Step 7
Step 8 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Monitoring EIGRP Routing
The commands in this section are used to log neighbor adjacency changes, monitor the stability of the routing
system, and help detect problems.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
194 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Monitoring EIGRP RoutingSUMMARY STEPS
1. configure
2. router eigrp as-number
3. address-family [ ipv4 ]
4. log-neighbor-changes
5. log-neighbor-warnings
6. Do one of the following:
• end
• commit
7. clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] neighbors [ ip-address | type interface-path-id
]
8. clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] topology [ prefix mask ] [ prefix / length ]
9. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] accounting
10. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] interfaces [ type interface-path-id ] [ detail ]
11. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] neighbors [ detail ] [ type interface-path-id |
static ]
12. show protocols eigrp [ vrf vrf-name ]
13. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] topology [ ip-address mask ] [ active | all-links
| detail-links | pending | summary | zero-successors ]
14. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] traffic
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number of the routing
process to configure an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 100
Step 2
address-family [ ipv4 ] Enters an address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)# address-family
ipv4
Step 3
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 195
Implementing EIGRP on Cisco ASR 9000 Series Router
Monitoring EIGRP RoutingCommand or Action Purpose
Enables the logging of changes in EIGRP neighbor
adjacencies.
log-neighbor-changes
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
log-neighbor-changes
Step 4
Enables the logging of EIGRP neighbor warning
messages.
log-neighbor-warnings
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
log-neighbor-warnings
Step 5
Step 6 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)# end
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config-eigrp-af)# commit
configuration session, and returns the router
to EXEC mode.
? Entering no exits the configuration session
and returnsthe router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the
current configuration session without exiting
or committing the configuration changes.
• Use the commit command to save the configuration
changesto the running configuration file and remain
within the configuration session.
Deletes EIGRP and VPN neighbor entries from the
appropriate table.
clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ]
neighbors [ ip-address | type interface-path-id ]
Example:
RP/0/RSP0/CPU0:routerr# clear eigrp 20 neighbors
GigabitEthernet 0/1/0/0
Step 7
Deletes EIGRP and VRF topology entries from the
appropriate tab.
clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ]
topology [ prefix mask ] [ prefix / length ]
Example:
RP/0/RSP0/CPU0:router# clear eigrp topology
Step 8
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
196 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Monitoring EIGRP RoutingCommand or Action Purpose
Displays prefix accounting information for EIGRP
processes.
show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ]
accounting
Example:
RP/0/RSP0/CPU0:router# show eigrp vrf all accounting
Step 9
Displays information about interfaces configured for
EIGRP.
show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ]
interfaces [ type interface-path-id ] [ detail ]
Example:
RP/0/RSP0/CPU0:router# show eigrp interfaces detail
Step 10
show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] Displays the neighbors discovered by EIGRP.
neighbors [ detail ] [ type interface-path-id | static ]
Step 11
Example:
RP/0/RSP0/CPU0:router# show eigrp neighbors 20
detail static
Displays information about the EIGRP process
configuration.
show protocols eigrp [ vrf vrf-name ]
Example:
RP/0/RSP0/CPU0:router# show protocols eigrp
Step 12
show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] Displays entries in the EIGRP topology table.
topology [ ip-address mask ] [ active | all-links |
detail-links | pending | summary | zero-successors ]
Step 13
Example:
RP/0/RSP0/CPU0:router# show eigrp topology 10.0.0.1
253.254.255.255 summary
show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] Displaysthe number of EIGRP packetssent and received.
traffic
Step 14
Example:
RP/0/RSP0/CPU0:router# show eigrp traffic
Configuring an EIGRP Authentication Keychain
Perform the following tasks to configure an authentication keychain on EIGRP interfaces.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 197
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring an EIGRP Authentication KeychainConfiguring an Authentication Keychain for an IPv4/IPv6 Interface on a Default VRF
Perform this task to configure an authentication keychain for an IPv4/IPv6 interface on a default VRF.
SUMMARY STEPS
1. configure
2. router eigrp as-number
3. address-family { ipv4 | ipv6 }
4. interface type interface-path-id
5. authentication keychain keychain-name
6. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number of the routing
process to configure an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 100
Step 2
address-family { ipv4 | ipv6 } Enters a VRF address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)# address-family
ipv4
Step 3
Configures the interface on which EIGRP the routing
protocol runs.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
Step 4
interface gigabitEthernet 0/1/5/0
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
198 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring an EIGRP Authentication KeychainCommand or Action Purpose
Authenticates all EIGRP protocol traffic on the interface,
based on the MD5 algorithm.
authentication keychain keychain-name
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
authentication keychain
Step 5
Step 6 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#end
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#commit
configuration session, and returns the router to
EXEC mode.
? Entering no exitsthe configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changesto the running configuration file and remain
within the configuration session.
Configuring an Authentication Keychain for an IPv4/IPv6 Interface on a Nondefault VRF
Perform this task to configure an authentication keychain for an IPv4/IPv6 interface on a nondefault VRF.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 199
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring an EIGRP Authentication KeychainSUMMARY STEPS
1. configure
2. router eigrp as-number
3. vrf vrf-name
4. address-family { ipv4 | ipv6 }
5. interface type interface-path-id
6. authentication keychain keychain-name
7. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number of the routing
process to configure an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 100
Step 2
Creates a VRF instance and enters VRF configuration
mode.
vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf1
Step 3
address-family { ipv4 | ipv6 } Enters a VRF address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf)#
address-family ipv4
Step 4
interface type interface-path-id Configures the interface on which EIGRP runs.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
Step 5
interface gigabitEthernet 0/1/5/0
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
200 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring an EIGRP Authentication KeychainCommand or Action Purpose
Authenticates all EIGRP protocol traffic on the interface,
based on the MD5 algorithm.
authentication keychain keychain-name
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
authentication keychain
Step 6
Step 7 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#end
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#commit
configuration session, and returns the router
to EXEC mode.
? Entering no exitsthe configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leavesthe router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changesto the running configuration file and remain
within the configuration session.
Configuration Examples for Implementing EIGRP
This section provides the following configuration examples:
Configuring a Basic EIGRP Configuration: Example
The following example shows how to configure EIGRP with a policy that filters incoming routes. This is a
typical configuration for a router that has just one neighbor, but advertises other connected subnets.
router eigrp 144
address-family ipv4
metric maximum-hops 20
router-id 10.10.9.4
route-policy GLOBAL_FILTER_POLICY in
log-neighbor-changes
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 201
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuration Examples for Implementing EIGRPlog-neighbor-warnings
interface Loopback0
!
interface GigabitEthernet 0/2/0/0
passive-interface
!
interface GigabitEthernet 0/6/0/0
hello-interval 8
hold-time 30
summary-address 10.0.0.0 255.255.0.0
!
Configuring an EIGRP Stub Operation: Example
The following example shows how to configure an EIGRP stub. Stub operation allows only connected, static,
and summary routes to be advertised to neighbors.
router eigrp 200
address-family ipv4
stub connected static summary
router-id 172.16.82.22
log-neighbor-changes
log-neighbor-warnings
redistribute connected route-policy CONN_POLICY
interface GigabitEthernet0/6/0/0
passive-interface
neighbor 10.0.0.31
!
interface GigabitEthernet0/6/0/1
passive-interface
neighbor 10.0.1.21
!
!
!
Configuring an EIGRP PE-CE Configuration with Prefix-Limits: Example
The following example shows how to configure EIGRP to operate as a PE-CE protocol on a PE router. The
configuration is under VRF CUSTOMER_1. A maximum prefix is typically configured to ensure that one
set of customer routes do not overwhelm the EIGRP process.
router eigrp 500
vrf CUSTOMER_1
address-family ipv4
timers nsf route-hold 300
router-id 172.16.6.11
maximum-prefix 450 70
default-metric 200000 10000 195 10 1500
log-neighbor-changes
log-neighbor-warnings
redistribute maximum-prefix 350 70
redistribute bgp 1.65500 route-policy SITE_1_POLICY
interface GigabitEthernet 0/4/0/5
neighbor 10.22.1.1
!
!
!
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
202 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring an EIGRP Stub Operation: ExampleConfiguring an EIGRP Authentication Keychain: Example
The following example shows how to configure an authentication keychain for an IPv4 interface on a nondefault
VRF:
RP/0/RSP0/CPU0:router(config)#router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)#vrf vrf1
RP/0/RSP0/CPU0:router(config-eigrp-vrf)#address-family ipv4
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#interface POS 0/1/0/0
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#authentication keychain key1
The following example shows how to configure an authentication keychain for an IPv6 interface on a default
VRF:
RP/0/RSP0/CPU0:router(config)#router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)#address-family ipv6
RP/0/RSP0/CPU0:router(config-eigrp-af)#interface POS 0/1/0/0
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#authentication keychain key2
Additional References
The following sections provide references related to implementing EIGRP.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router
Routing Command Reference
EIGRP commands: complete command syntax,
command modes, command history, defaults, usage
guidelines, and examples
Implementing MPLS Layer 3 VPNs module and
Implementing MPLS Layer 2 VPNs module in
Cisco ASR 9000 Series Aggregation Services Router
MPLS Configuration Guide
MPLS VPN support for EIGRP feature information
Implementing MPLS Traffic Engineering on Cisco
ASR 9000 Series Router module in Cisco ASR 9000
Series Aggregation Services Router MPLS
Configuration Guide
Site of Origin (SoO) support for EIGRP feature
information
Cisco ASR 9000 Series Aggregation Services Router
MIB Specification Guide.
MIB Reference
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 203
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring an EIGRP Authentication Keychain: ExampleStandards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
RFCs
RFCs Title
No new or modified RFCs are supported by this —
feature, and support for existing standards has not
been modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
204 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 3
Implementing IS-IS on Cisco ASR 9000 Series
Router
Integrated Intermediate System-to-Intermediate System (IS-IS), Internet Protocol Version 4 (IPv4), is a
standards-based Interior Gateway Protocol (IGP). Cisco IOS XR software implements the IP routing
capabilities described in International Organization for Standardization (ISO)/International Engineering
Consortium (IEC) 10589 and RFC 1995, and adds the standard extensions for single topology and
multitopology IS-IS for IP Version 6 (IPv6).
This module describes how to implement IS-IS (IPv4 and IPv6) on your Cisco IOS XR network.
This module describes how to implement IS-IS (IPv4 and IPv6) on Cisco ASR 9000 Series Aggregation
Services Routers.
For more information about IS-IS on Cisco IOS XR software and complete descriptions of the IS-IS
commands listed in this module, refer to the Related Documents, on page 269 section of this module. To
locate documentation for other commands that might appear while executing a configuration task, search
online in the Cisco ASR 9000 Series Aggregation Services Router Commands Master List.
Note
Feature History for Implementing IS-IS
Release Modification
Release 3.7.2 This feature was introduced.
Release 3.9.0 Support for IPv6 and was added.
Support was added for the following features:
• IP Fast Re-route Per Prefix Computation.
• IP Fast Re-route Per Link Computation.
Release 4.0.1
• Prerequisites for Implementing IS-IS, page 206
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 205• Restrictions for Implementing IS-IS, page 206
• Information About Implementing IS-IS , page 206
• How to Implement IS-IS, page 217
• Configuration Examples for Implementing IS-IS , page 266
• Where to Go Next, page 269
• Additional References, page 269
Prerequisites for Implementing IS-IS
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Restrictions for Implementing IS-IS
When multiple instances of IS-IS are being run, an interface can be associated with only one instance (process).
Instances may not share an interface.
Information About Implementing IS-IS
To implement IS-IS you need to understand the following concepts:
IS-IS Functional Overview
Small IS-IS networks are typically built as a single area that includes all routers in the network. As the network
grows larger, it may be reorganized into a backbone area made up of the connected set of all Level 2 routers
from all areas, which is in turn connected to local areas. Within a local area, routers know how to reach all
system IDs. Between areas, routers know how to reach the backbone, and the backbone routers know how to
reach other areas.
The IS-IS routing protocolsupportsthe configuration of backbone Level 2 and Level 1 areas and the necessary
support for moving routing information between the areas. Routers establish Level 1 adjacencies to perform
routing within a local area (intra-area routing). Routers establish Level 2 adjacencies to perform routing
between Level 1 areas (interarea routing).
For Cisco IOS XR software software, each IS-IS instance can support either a single Level 1 or Level 2 area,
or one of each. By default, all IS-IS instances automatically support Level 1 and Level 2 routing. You can
change the level of routing to be performed by a particular routing instance using the is-type command.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
206 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Prerequisites for Implementing IS-ISKey Features Supported in the Cisco IOS XR IS-IS Implementation
The Cisco IOS XR implementation of IS-IS conforms to the IS-IS Version 2 specifications detailed in RFC
1195 and the IPv6 IS-IS functionality based on the Internet Engineering Task Force (IETF) IS-IS Working
Group draft-ietf-isis-ipv6.txt document.
The following list outlines key features supported in the Cisco IOS XR implementation:
• Single topology IPv6
• Multitopology
• Nonstop forwarding (NSF), both Cisco proprietary and IETF
• Three-way handshake
• Mesh groups
• Multiple IS-IS instances
• Configuration of a broadcast medium connecting two networking devices as a point-to-point link
• Fast-flooding with different threads handling flooding and shortest path first (SPF).
For information on IS-IS support for Bidirectional Forwarding Detection (BFD), see Cisco ASR 9000
Series Aggregation Services Router Interface and Hardware Component Configuration Guide and
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command
Reference.
Note
IS-IS Configuration Grouping
Cisco IOS XR groups all of the IS-IS configuration in router IS-IS configuration mode, including the portion
of the interface configurations associated with IS-IS. To display the IS-IS configuration in its entirety, use
the show running router isis command. The command output displays the running configuration for all
configured IS-IS instances, including the interface assignments and interface attributes.
IS-IS Configuration Modes
The following sections show how to enter each of the configuration modes. From a mode, you can enter the
? command to display the commands available in that mode.
Router Configuration Mode
The following example shows how to enter router configuration mode:
RP/0/RSP0/CPU0:router# configuration
RP/0/RSP0/CPU0:router(config)# router isis isp
RP/0/RSP0/CPU0:router(config-isis)#
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 207
Implementing IS-IS on Cisco ASR 9000 Series Router
Key Features Supported in the Cisco IOS XR IS-IS ImplementationRouter Address Family Configuration Mode
The following example shows how to enter router address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router isis isp
RP/0/RSP0/CPU0:router(config-isis)# address-family
ipv4 u
nicast
RP/0/RSP0/CPU0:router(config-isis-af)#
Interface Configuration Mode
The following example shows how to enter interface configuration mode:
RP/0/RSP0/CPU0:router(config)# router isis isp
RP/0/RSP0/CPU0:router(config-isis)# interface GigabitEthernet 0
/3/0/0
RP/0/RSP0/CPU0:router(config-isis-if)#
Interface Address Family Configuration Mode
The following example shows how to enter interface address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router isis isp
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0 /3/0/0
RP/0/RSP0/CPU0:router(config-isis-if)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-isis-if-af)#
IS-IS Interfaces
IS-IS interfaces can be configured as one of the following types:
• Active—advertises connected prefixes and forms adjacencies. This is the default for interfaces.
• Passive—advertises connected prefixes but does not form adjacencies. The passive command is used
to configure interfaces as passive. Passive interfaces should be used sparingly for important prefixes
such as loopback addresses that need to be injected into the IS-IS domain. If many connected prefixes
need to be advertised then the redistribution of connected routes with the appropriate policy should be
used instead.
• Suppressed—does not advertise connected prefixes but forms adjacencies. The suppress command is
used to configure interfaces as suppressed.
• Shutdown—does not advertise connected prefixes and does not form adjacencies. The shutdown
command is used to disable interfaces without removing the IS-IS configuration.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
208 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
IS-IS InterfacesMultitopology Configuration
Cisco IOS XR software supports multitopology for IPv6 IS-IS unless single topology is explicitly configured
in IPv6 address-family configuration mode.
IS-IS supports IP routing and not Open Systems Interconnection (OSI) Connectionless Network Service
(CLNS) routing.
Note
IPv6 Routing and Configuring IPv6 Addressing
By default, IPv6 routing is disabled in the Cisco IOS XR software. To enable IPv6 routing, you must assign
IPv6 addresses to individual interfaces in the router using the ipv6 enable or ipv6 address command. See
the Network Stack IPv4 and IPv6 Commands on Cisco ASR 9000 Series Router module of Cisco ASR 9000
Series Aggregation Services Router IP Addresses and Services Command Reference.
Limit LSP Flooding
Limiting link-state packets (LSP) may be desirable in certain “meshy” network topologies. An example of
such a network might be a highly redundant one such as a fully meshed set of point-to-point links over a
nonbroadcast multiaccess(NBMA) transport. In such networks, full LSP flooding can limit network scalability.
One way to restrict the size of the flooding domain is to introduce hierarchy by using multiple Level 1 areas
and a Level 2 area. However, two other techniques can be used instead of or with hierarchy: Block flooding
on specific interfaces and configure mesh groups.
Both techniques operate by restricting the flooding of LSPs in some fashion. A direct consequence is that
although scalability of the network isimproved, the reliability of the network (in the face of failures) isreduced
because a series of failures may prevent LSPs from being flooded throughout the network, even though links
exist that would allow flooding if blocking or mesh groups had not restricted their use. In such a case, the
link-state databases of different routers in the network may no longer be synchronized. Consequences such
as persistent forwarding loops can ensue. For this reason, we recommend that blocking or mesh groups be
used only if specifically required, and then only after careful network design.
Flood Blocking on Specific Interfaces
With this technique, certain interfaces are blocked from being used for flooding LSPs, but the remaining
interfaces operate normally for flooding. This technique is simple to understand and configure, but may be
more difficult to maintain and more error prone than mesh groups in the long run. The flooding topology that
IS-IS usesisfine-tuned rather than restricted. Restricting the topology too much (blocking too many interfaces)
makes the network unreliable in the face of failures. Restricting the topology too little (blocking too few
interfaces) may fail to achieve the desired scalability.
To improve the robustness of the network in the event that all nonblocked interfaces drop, use the csnp-interval
command in interface configuration mode to force periodic complete sequence number PDUs(CSNPs) packets
to be used on blocked point-to-point links. The use of periodic CSNPs enables the network to become
synchronized.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 209
Implementing IS-IS on Cisco ASR 9000 Series Router
Multitopology ConfigurationMesh Group Configuration
Configuring mesh groups (a set of interfaces on a router) can help to limit flooding. All routers reachable over
the interfaces in a particular mesh group are assumed to be densely connected with each router having at least
one link to every other router. Many links can fail without isolating one or more routers from the network.
In normal flooding, a new LSP is received on an interface and is flooded out over all other interfaces on the
router. With mesh groups, when a new LSP is received over an interface that is part of a mesh group, the new
LSP is not flooded over the other interfaces that are part of that mesh group.
Maximum LSP Lifetime and Refresh Interval
By default, the routersends a periodic LSP refresh every 15 minutes. LSPsremain in a database for 20 minutes
by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval
or maximum LSP lifetime. The LSP interval should be less than the LSP lifetime or else LSPs time out before
they are refreshed. In the absence of a configured refresh interval, the software adjuststhe LSP refresh interval,
if necessary, to prevent the LSPs from timing out.
Single-Topology IPv6 Support
Single-topology IPv6 support on Cisco IOS XR software software allows IS-IS for IPv6 to be configured on
interfaces along with an IPv4 network protocol. All interfaces must be configured with the identical set of
network protocols, and all routers in the IS-IS area (for Level 1 routing) or the domain (for Level 2 routing)
must support the identical set of network layer protocols on all interfaces.
In single-topology mode, IPv6 topologies work with both narrow and wide metric styles in IPv4 unicast
topology. During single-topology operation, one shortest path first (SPF) computation for each level is used
to compute both IPv4 and IPv6 routes. Using a single SPF is possible because both IPv4 IS-IS and IPv6 IS-IS
routing protocols share a common link topology.
Multitopology IPv6 Support
Multitopology IPv6 support on Cisco IOS XR software for IS-IS assumes that multitopology support is
required as soon as it detects interfaces configured for both IPv6 and IPv4 within the IS-IS stanza.
Because multitopology is the default behavior in the software, you must explicitly configure IPv6 to use the
same topology asIPv4 to enable single-topology IPv6. Configure the single-topology command in IPv6 router
address family configuration submode of the IS-IS router stanza.
IS-IS Authentication
Authentication is available to limit the establishment of adjacencies by using the hello-password command,
and to limit the exchange of LSPs by using the lsp-password command.
IS-IS supports plain-text authentication, which does not provide security against unauthorized users. Plain-text
authentication allows you to configure a password to prevent unauthorized networking devices from forming
adjacencies with the router. The password is exchanged as plain text and is potentially visible to an agent able
to view the IS-IS packets.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
210 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Maximum LSP Lifetime and Refresh IntervalWhen an HMAC-MD5 password is configured, the password is never sent over the network and is instead
used to calculate a cryptographic checksum to ensure the integrity of the exchanged data.
IS-IS stores a configured password using simple encryption. However, the plain-text form of the password is
used in LSPs, sequence number protocols (SNPs), and hello packets, which would be visible to a process that
can view IS-IS packets. The passwords can be entered in plain text (clear) or encrypted form.
To set the domain password, configure the lsp-password command for Level 2; to set the area password,
configure the lsp-password command for Level 1.
The keychain feature allows IS-IS to reference configured keychains. IS-IS key chains enable hello and LSP
keychain authentication. Keychains can be configured at the router level (in the case of the lsp-password
command) and at the interface level (in the case of the hello-password command) within IS-IS. These
commands reference the global keychain configuration and instruct the IS-IS protocol to obtain security
parameters from the global set of configured keychains.
IS-IS is able to use the keychain to implement hitless key rollover for authentication. ey rollover specification
is time based, and in the event of clock skew between the peers, the rollover process is impacted. The
configurable tolerance specification allows for the accept window to be extended (before and after) by that
margin. This accept window facilitates a hitless key rollover for applications (for example, routing and
management protocols).
See Cisco ASR 9000 Series Aggregation Services Router System Security Guide for information on keychain
management.
Nonstop Forwarding
On Cisco IOS XR software, NSF minimizes the amount of time a network is unavailable to its users following
a route processor (RP) failover. The main objective of NSF is to continue forwarding IP packets and perform
a graceful restart following an RP failover.
When a router restarts, all routing peers of that device usually detect that the device went down and then came
back up. This transition results in what is called a routing flap, which could spread across multiple routing
domains. Routing flaps caused by routing restarts create routing instabilities, which are detrimental to the
overall network performance. NSF helps to suppress routing flaps in NSF-aware devices, thus reducing
network instability.
NSF allows for the forwarding of data packets to continue along known routes while the routing protocol
information is being restored following an RP failover. When the NSF feature is configured, peer networking
devices do not experience routing flaps. Data traffic is forwarded through intelligent line cards while the
standby RP assumes control from the failed active RP during a failover. The ability of line cards to remain
up through a failover and to be kept current with the Forwarding Information Base (FIB) on the active RP is
key to NSF operation.
When the Cisco IOS XR router running IS-IS routing performs an RP failover, the router must perform two
tasks to resynchronize its link-state database with its IS-IS neighbors. First, it must relearn the available IS-IS
neighbors on the network without causing a reset of the neighbor relationship. Second, it must reacquire the
contents of the link-state database for the network.
The IS-IS NSF feature offers two options when configuring NSF:
• IETF NSF
• Cisco NSF
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 211
Implementing IS-IS on Cisco ASR 9000 Series Router
Nonstop ForwardingIf neighbor routers on a network segment are NSF aware, meaning that neighbor routers are running a software
version that supports the IETF Internet draft for router restartability, they assist an IETF NSF router that is
restarting. With IETF NSF, neighbor routers provide adjacency and link-state information to help rebuild the
routing information following a failover.
In Cisco IOS XR software, Cisco NSF checkpoints (stores persistently) all the state necessary to recover from
a restart without requiring any special cooperation from neighboring routers. The state is recovered from the
neighboring routers, but only using the standard features of the IS-IS routing protocol. This capability makes
Cisco NSF suitable for use in networksin which other routers have not used the IETF standard implementation
of NSF.
If you configure IETF NSF on the Cisco IOS XR router and a neighbor router does not support IETF NSF,
the affected adjacencies flap, but nonstop forwarding is maintained to all neighbors that do support IETF
NSF. A restart reverts to a cold start if no neighbors support IETF NSF.
Note
Multi-Instance IS-IS
You can configure up to five IS-IS instances. MPLS can run on multiple IS-IS processes as long as the
processesrun on differentsets of interfaces. Each interface may be associated with only a single IS-IS instance.
Cisco IOS XR software preventsthe double-booking of an interface by two instances at configuration time—two
instances of MPLS configuration causes an error.
Because the Routing Information Base (RIB) treats each of the IS-IS instances as equal routing clients, you
must be careful when redistributing routes between IS-IS instances. The RIB does not know to prefer Level
1 routes over Level 2 routes. For this reason, if you are running Level 1 and Level 2 instances, you must
enforce the preference by configuring different administrative distances for the two instances.
Multiprotocol Label Switching Traffic Engineering
The MPLS TE feature enables an MPLS backbone to replicate and expand the traffic engineering capabilities
of Layer 2 ATM and Frame Relay networks. MPLS is an integration of Layer 2 and Layer 3 technologies.
For IS-IS, MPLS TE automatically establishes and maintains MPLS TE label-switched paths across the
backbone by using Resource Reservation Protocol (RSVP). The route that a label-switched path uses is
determined by the label-switched paths resource requirements and network resources, such as bandwidth.
Available resources are flooded by using special IS-IS TLV extensions in the IS-IS. The label-switched paths
are explicit routes and are referred to as traffic engineering (TE) tunnels.
Overload Bit on Router
The overload bit is a special bit of state information that is included in an LSP of the router. If the bit is set
on the router, it notifies routers in the area that the router is not available for transit traffic. This capability is
useful in four situations:
1 During a serious but nonfatal error, such as limited memory.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
212 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Multi-Instance IS-IS2 During the startup and restart of the process. The overload bit can be set until the routing protocol has
converged. However, it is not employed during a normal NSF restart or failover because doing so causes
a routing flap.
3 During a trial deployment of a new router. The overload bit can be set until deployment is verified, then
cleared.
4 During the shutdown of a router. The overload bit can be set to remove the router from the topology before
the router is removed from service.
Overload Bit Configuration During Multitopology Operation
Because the overload bit applies to forwarding for a single topology, it may be configured and cleared
independently for IPv4 and IPv6 during multitopology operation. For this reason, the overload is set from the
router address family configuration mode. If the IPv4 overload bit is set, all routers in the area do not use the
router for IPv4 transit traffic. However, they can still use the router for IPv6 transit traffic.
IS-IS Overload Bit Avoidance
The IS-IS overload bit avoidance feature allows network administratorsto prevent labelswitched paths(LSPs)
from being disabled when a router in that path has its Intermediate System-to-Intermediate System (IS-IS)
overload bit set.
When the IS-IS overload bit avoidance feature is activated, all nodes with the overload bit set, including head
nodes, mid nodes, and tail nodes, are ignored, which means that they are still available for use with label
switched paths (LSPs).
The IS-IS overload bit avoidance feature does not change the default behavior on nodes that have their
overload bit set if those nodes are not included in the path calculation (PCALC).
Note
The IS-IS overload bit avoidance feature is activated using the following command:
mpls traffic-eng path-selection ignore overload
The IS-IS overload bit avoidance feature is deactivated using the no form of this command:
no mpls traffic-eng path-selection ignore overload
When the IS-IS overload bit avoidance feature is deactivated, nodes with the overload bit set cannot be used
as nodes of last resort.
Default Routes
You can force a default route into an IS-IS routing domain. Whenever you specifically configure redistribution
of routes into an IS-IS routing domain, the Cisco IOS XR software does not, by default, redistribute the default
route into the IS-IS routing domain. The default-information originate command generates a default route
into IS-IS, which can be controlled by a route policy. You can use the route policy to identify the level into
which the default route is to be announced, and you can specify other filtering options configurable under a
route policy. You can use a route policy to conditionally advertise the default route, depending on the existence
of another route in the routing table of the router.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 213
Implementing IS-IS on Cisco ASR 9000 Series Router
Overload Bit Configuration During Multitopology OperationAttached Bit on an IS-IS Instance
The attached bit is set in a router that is configured with the is-type command and level-1-2 keyword. The
attached bit indicates that the router is connected to other areas (typically through the backbone). This
functionality means that the router can be used by Level 1 routers in the area as the default route to the
backbone. The attached bit is usually set automatically as the router discovers other areas while computing
its Level 2 SPF route. The bit is automatically cleared when the router becomes detached from the backbone.
If the connectivity for the Level 2 instance is lost, the attached bit in the Level 1 instance LSP would
continue sending traffic to the Level 2 instance and cause the traffic to be dropped.
Note
To simulate this behavior when using multiple processes to represent the level-1-2 keyword functionality,
you would manually configure the attached bit on the Level 1 process.
IS-IS Support for Route Tags
The IS-IS Support for route tags feature provides the capability to associate and advertise a tag with an IS-IS
route prefix. Additionally, the feature allows you to prioritize the order of installation of route prefixes in the
RIB based on a tag of a route. Route tags may also be used in route policy to match route prefixes(for example,
to select certain route prefixes for redistribution).
Multicast-Intact Feature
The multicast-intact feature provides the ability to run multicast routing (PIM) when IGP shortcuts are
configured and active on the router. Both OSPFv2 and IS-IS support the multicast-intact feature. MPLS TE
and IP multicast coexistence is supported in Cisco IOS XR software by using the mpls traffic-eng
multicast-intact IS-IS or OSPF router command.
You can enable multicast-intact in the IGP when multicast routing protocols (PIM) are configured and IGP
shortcuts are configured on the router. IGP shortcuts are MPLS tunnels that are exposed to IGP. The IGPs
route the IP traffic over these tunnels to destinations that are downstream from the egress router of the tunnel
(from an SPF perspective). PIM cannot use IGP shortcuts for propagating PIM joins because reverse path
forwarding (RPF) cannot work across a unidirectional tunnel.
When you enable multicast-intact on an IGP, the IGP publishes a parallel or alternate set of equal-cost next-hops
for use by PIM. These next-hops are called mcast-intact next-hops. The mcast-intact next-hops have the
following attributes:
• They are guaranteed not to contain any IGP shortcuts.
• They are not used for unicast routing but are used only by PIM to look up an IPv4 next-hop to a PIM
source.
• They are not published to the FIB.
• When multicast-intact is enabled on an IGP, all IPv4 destinations that were learned through link-state
advertisements are published with a set equal-cost mcast-intact next-hops to the RIB. This attribute
applies even when the native next-hops have no IGP shortcuts.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
214 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Attached Bit on an IS-IS Instance• In IS-IS, the max-paths limit is applied by counting both the native and mcast-intact next-hops together.
(In OSPFv2, the behavior is slightly different.)
Multicast Topology Support Using IS-IS
Multicast topology support allowsfor the configuration of IS-IS multicast topologiesfor IPv4 or IPv6 routing.
IS-IS maintains a separate topology for multicast and runs a separate Shortest Path First (SPF) over the
multicast topology. IS-IS multicast inserts routes from the IS-IS multicast topology into the multicast-unicast
Routing Information Base (muRIB) table in the RIB for the corresponding address family. Since PIM uses
the muRIB, PIM uses routes from the multicast topology instead of routes from the unicast topology.
MPLS Label Distribution Protocol IGP Synchronization
Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) Interior Gateway Protocol (IGP)
Synchronization ensures that LDP has completed label exchange before the IGP path is used for switching.
MPLS traffic loss can occur in the following two situations:
• When an IGP adjacency is established, the router begins forwarding packets using the new adjacency
before LDP has exchanged labels with peers on that link.
• When an LDP session closes, the router continues to forward traffic using the link associated with the
LDP peer rather than using an alternate path with an established LDP session.
This feature provides a mechanism to synchronize LDP and IS-IS to minimize MPLS packet loss. The
synchronization is accomplished by changing the link metric for a neighbor IS-IS link-state packet (LSP),
based on the state of the LDP session.
When an IS-IS adjacency is established on a link but the LDP session is lost or LDP has not yet completed
exchanging labels, IS-IS advertisesthe maximum metric on that link. In thisinstance, LDP IS-IS synchronization
is not yet achieved.
In IS-IS, a link with a maximum wide metric (0xFFFFFF) is not considered for shortest path first (SPF).
Therefore, the maximum wide metric of -1 (0XFFFFFE) is used with MPLS LDP IGP synchronization.
Note
When LDP IS-IS synchronization is achieved, IS-IS advertises a regular (configured or default) metric on
that link.
MPLS LDP-IGP Synchronization Compatibility with LDP Graceful Restart
LDP graceful restart protects traffic when an LDP session is lost. If a graceful restart-enabled LDP session
fails, MPLS LDP IS-IS synchronization is still achieved on the interface while it is protected by graceful
restart. MPLS LDP IGP synchronization is eventually lost under the following circumstances:
• LDP fails to restart before the LDP graceful restart reconnect timer expires.
• The LDP session on the protected interface fails to recover before the LDP graceful restart recovery
timer expires.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 215
Implementing IS-IS on Cisco ASR 9000 Series Router
Multicast Topology Support Using IS-ISMPLS LDP-IGP Synchronization Compatibility with IGP Nonstop Forwarding
IS-IS nonstop forwarding (NSF) protectstraffic during IS-IS processrestarts and route processor (RP) failovers.
LDP IS-IS synchronization is supported with IS-IS NSF only if LDP graceful restart is also enabled over the
interface. If IS-IS NSF is not enabled, the LDP synchronization state is not retained acrossrestarts and failovers.
Label Distribution Protocol IGP Auto-configuration
Label Distribution Protocol (LDP) Interior Gateway Protocol (IGP) auto-configuration simplifiesthe procedure
to enable LDP on a set of interfaces used by an IGP instance. LDP IGP auto-configuration can be used on a
large number interfaces(for example, when LDP is used for transport in the core) and on multiple IGP instances
simultaneously.
This feature supports the IPv4 address family for the default VPN routing and forwarding (VRF) instance.
LDP IGP auto-configuration can also be explicitly disabled on individual interfaces under LDP using the igp
auto-config disable command. This allows LDP to receive all IGP interfaces except the ones explicitly
disabled.
See Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide for information on
configuring LDP IGP auto-configuration.
MPLS TE Forwarding Adjacency
MPLS TE forwarding adjacency allows a network administrator to handle a traffic engineering, label switch
path (LSP) tunnel as a link in an Interior Gateway Protocol (IGP) network, based on the Shortest Path First
(SPF) algorithm. A forwarding adjacency can be created between routers in the same IS-IS level. The routers
can be located multiple hopsfrom each other. As a result, a TE tunnel is advertised as a link in an IGP network,
with the cost of the link associated with it. Routers outside of the TE domain see the TE tunnel and use it to
compute the shortest path for routing traffic throughout the network.
MPLS TE forwarding adjacency is considered in IS-IS SPF only if a two-way connectivity check is achieved.
This is possible if the forwarding adjacency is bidirectional or the head end and tail end routers of the MPLS
TE tunnel are adjacent.
The MPLS TE forwarding adjacency feature is supported by IS-IS. For details on configuring MPLS TE
forwarding adjacency, see the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration
Guide.
MPLS TE Interarea Tunnels
MPLS TE interarea tunnels allow you to establish MPLS TE tunnels that span multiple IGP areas (Open
Shorted Path First [OSPF]) and levels (IS-IS), removing the restriction that required that both the tunnel
headend and tailend routers be in the same area. The IGP can be either IS-IS or OSPF. See the Configuring
MPLS Traffic Engineering for IS-IS, on page 243 for information on configuring MPLS TE for IS-IS.
For details on configuring MPLS TE interarea tunnels, see the Cisco ASR 9000 Series Aggregation Services
Router MPLS Configuration Guide.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
216 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Label Distribution Protocol IGP Auto-configurationIP Fast Reroute
The IP Fast Reroute (IPFRR) loop-free alternate (LFA) computation provides protection against link failure.
Locally computed repair paths are used to prevent packet loss caused by loops that occur during network
reconvergence after a failure. See IETF draft-ietf-rtgwg-ipfrr-framework-06.txt and
draft-ietf-rtgwg-lf-conv-frmwk-00.txt for detailed information on IPFRR LFA.
IPFRR LFA is different from Multiprotocol Label Switching (MPLS) as it is applicable to networks using
conventional IP routing and forwarding. See Cisco ASR 9000 Series Aggregation Services Router MPLS
Configuration Guide for information on configuring MPLS IPFRR.
How to Implement IS-IS
This section contains the following procedures:
Note To save configuration changes, you must commit changes when the system prompts you.
Enabling IS-IS and Configuring Level 1 or Level 2 Routing
This task explains how to enable IS-IS and configure the routing level for an area.
Configuring the routing level in Step 4 is optional, but is highly recommended to establish the proper level
of adjacencies.
Note
Before You Begin
Although you can configure IS-IS before you configure an IP address, no IS-IS routing occurs until at least
one IP address is configured.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. net network-entity-title
4. is-type { level-1 | level-1-2 | level-2-only }
5. Do one of the following:
• end
• commit
6. show isis [ instance instance-id ] protocol
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 217
Implementing IS-IS on Cisco ASR 9000 Series Router
IP Fast RerouteDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance, and places the
router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis
isp
Step 2
• By default, all IS-IS instances are automatically Level 1 and Level
2. You can change the level of routing to be performed by a
particular routing instance by using the is-type router configuration
command.
Step 3 net network-entity-title Configures network entity titles (NETs) for the routing instance.
Example:
RP/0/RSP0/CPU0:router(config-isis)# net
47.0004.004d.0001.0001.0c11.1110.00
• Specify a NET for each routing instance if you are configuring
multi-instance IS-IS.
• This example configures a router with area ID 47.0004.004d.0001
and system ID 0001.0c11.1110.00.
• To specify more than one area address, specify additional NETs.
Although the area address portion of the NET differs, the systemID
portion of the NET must match exactly for all of the configured
items.
Step 4 is-type { level-1 | level-1-2 | level-2-only } (Optional) Configures the system type (area or backbone router).
Example:
RP/0/RSP0/CPU0:router(config-isis)# is-type
level-2-only
• By default, every IS-IS instance acts as a level-1-2 router.
• The level-1 keyword configures the software to perform Level
1 (intra-area) routing only. Only Level 1 adjacencies are
established. The software learns about destinations inside its area
only. Any packets containing destinations outside the area are
sent to the nearest level-1-2 router in the area.
• The level-2-only keyword configures the software to perform
Level 2 (backbone) routing only, and the router establishes only
Level 2 adjacencies, either with other Level 2-only routers or with
level-1-2 routers.
• The level-1-2 keyword configures the software to perform both
Level 1 and Level 2 routing. Both Level 1 and Level 2 adjacencies
are established. The router acts as a border router between the
Level 2 backbone and its Level 1 area.
Step 5 Do one of the following: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
218 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Enabling IS-IS and Configuring Level 1 or Level 2 RoutingCommand or Action Purpose
• When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
show isis [ instance instance-id ] protocol (Optional) Displays summary information about the IS-IS instance.
Example:
RP/0/RSP0/CPU0:router# show isis protocol
Step 6
Configuring Single Topology for IS-IS
After an IS-IS instance is enabled, it must be configured to compute routes for a specific network topology.
This task explains how to configure the operation of the IS-IS protocol on an interface for an IPv4 or IPv6
topology.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 219
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Single Topology for IS-ISBefore You Begin
To enable the router to run in single-topology mode, configure each of the IS-IS interfaces with all of the
address families enabled and “single-topology” in the address-family IPv6 unicast in the IS-IS router
stanza. You can use either the IPv6 address family or both IPv4 and IPv6 address families, but your
configuration must represent the set of all active address families on the router. Additionally, explicitly
enable single-topology operation by configuring it in the IPv6 router address family submode.
Two exceptions to these instructions exist:
Note
1 If the address-family stanza in the IS-IS process contains the adjacency-check disable command,
then an interface is not required to have the address family enabled.
2 The single-topology command is not valid in the ipv4 address-family submode.
The default metric style for single topology is narrow metrics. However, you can use either wide metrics
or narrow metrics. How to configure them depends on how single topology is configured. If both IPv4
and IPv6 are enabled and single topology is configured, the metric style is configured in the address-family
ipv4 stanza. You may configure the metric style in the address-family ipv6 stanza, but it is ignored in
this case. If only IPv6 is enabled and single topology is configured, then the metric style is configured in
the address-family ipv6 stanza.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
220 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Single Topology for IS-ISSUMMARY STEPS
1. configure
2. interface type interface-path-id
3. Do one of the following:
• ipv4 address address mask
• ipv6 address ipv6-prefix / prefix-length [ eui-64 ]
• ipv6 address ipv6-address { / prefix-length | link-local }
• ipv6 enable
4. exit
5. router isis instance-id
6. net network-entity-title
7. address-family ipv6 [ unicast ]
8. single-topology
9. exit
10. interface type interface-path-id
11. circuit-type { level-1 | level-1-2 | level-2-only }
12. address-family { ipv4 | ipv6 } [ unicast | multicast ]
13. Do one of the following:
• end
• commit
14. show isis [ instance instance-id ] interface [ type interface-path-id ] [ detail ] [ level { 1 | 2 }]
15. show isis [ instance instance-id ] topology [ systemid system-id ] [ level { 1 | 2 }] [ summary ]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# interface
GigabitEthernet 0/1/0/3
Step 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 221
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Single Topology for IS-ISCommand or Action Purpose
Definesthe IPv4 addressfor the interface. An IP addressisrequired
on all interfaces in an area enabled for IS-IS if any one interface is
configured for IS-IS routing.
Step 3 Do one of the following:
• ipv4 address address mask
• ipv6 address ipv6-prefix / prefix-length [
eui-64 ]
or
Specifies an IPv6 network assigned to the interface and enables
• IPv6 processing on the interface with the eui-64 keyword.
ipv6 address ipv6-address { / prefix-length |
link-local }
or
• ipv6 enable
Specifies an IPv6 address assigned to the interface and enablesIPv6
processing on the interface with the link-local keyword.
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 address
10.0.1.3 255.255.255.0
or
Automatically configures an IPv6 link-local address on the interface
while also enabling the interface for IPv6 processing.
or
RP/0/RSP0/CPU0:router(config-if)# ipv6
address 3ffe:1234:c18:1::/64 eui-64
• The link-local address can be used only to communicate with
nodes on the same link.
RP/0/RSP0/CPU0:router(config-if)# ipv6
• Specifying the ipv6 address ipv6-prefix / prefix-length
interface configuration command without the eui-64 keyword
configures site-local and global IPv6 addresses.
address FE80::260:3EFF:FE11:6770 link-local
RP/0/RSP0/CPU0:router(config-if)# ipv6
enable
or
• Specifying the ipv6 address ipv6-prefix / prefix-length
command with the eui-64 keyword configures site-local and
global IPv6 addresses with an interface ID in the low-order
64 bits of the IPv6 address. Only the 64-bit network prefix
for the address needs to be specified; the last 64 bits are
automatically computed from the interface ID.
• Specifying the ipv6 address command with the link-local
keyword configures a link-local address on the interface that
is used instead of the link-local address that is automatically
configured when IPv6 is enabled on the interface.
Exits interface configuration mode, and returns the router to global
configuration mode.
exit
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
Step 4
Enables IS-IS routing for the specified routing instance, and places
the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis
isp
Step 5
• By default, all IS-IS instances are Level 1 and Level 2. You
can change the level of routing to be performed by a particular
routing instance by using the is-type command.
Step 6 net network-entity-title Configures NETs for the routing instance.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
222 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Single Topology for IS-ISCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-isis)# net
47.0004.004d.0001.0001.0c11.1110.00
• Specify a NET for each routing instance if you are configuring
multi-instance IS-IS. You can specify a name for a NET and
for an address.
• This example configures a router with area ID
47.0004.004d.0001 and system ID 0001.0c11.1110.00.
• To specify more than one area address, specify additional
NETs. Although the area address portion of the NET differs,
the system ID portion of the NET must match exactly for all
of the configured items.
Specifies the IPv6 address family and enters router address family
configuration mode.
address-family ipv6 [ unicast ]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
address-family ipv6 unicast
Step 7
• This example specifies the unicast IPv6 address family.
(Optional) Configures the link topology for IPv4 when IPv6 is
configured.
single-topology
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
single-topology
Step 8
• The single-topology command is valid only in IPv6 submode.
The command instructs IPv6 to use the single topology rather
than the default configuration of a separate topology in the
multitopology mode.
• See the Single-Topology IPv6 Support, on page 210 for more
information.
Exits router address family configuration mode, and returns the
router to router configuration mode.
exit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# exit
Step 9
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0/1/0/3
Step 10
Step 11 circuit-type { level-1 | level-1-2 | level-2-only } (Optional) Configures the type of adjacency.
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
circuit-type level-1-2
• The default circuit type is the configured system type
(configured through the is-type command).
• Typically, the circuit type must be configured when the router
is configured as only level-1-2 and you want to constrain an
interface to form only level-1 or level-2-only adjacencies.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 223
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Single Topology for IS-ISCommand or Action Purpose
Specifies the IPv4 or IPv6 address family, and enters interface
address family configuration mode.
address-family { ipv4 | ipv6 } [ unicast | multicast
]
Step 12
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
address-family ipv4 unicast
• This example specifiesthe unicast IPv4 addressfamily on the
interface.
Step 13 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-if-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
show isis [ instance instance-id ] interface [ type (Optional) Displays information about the IS-IS interface.
interface-path-id ] [ detail ] [ level { 1 | 2 }]
Step 14
Example:
RP/0/RSP0/CPU0:router# show isis interface
GigabitEthernet 0/1/0/1
show isis [ instance instance-id ] topology [ (Optional) Displays a list of connected routers in all areas.
systemid system-id ] [ level { 1 | 2 }] [ summary
]
Step 15
Example:
RP/0/RSP0/CPU0:router# show isis topology
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
224 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Single Topology for IS-ISConfiguring Multitopology Routing
This set of procedures configures multitopology routing, which is used by PIM for reverse-path forwarding
(RPF) path selection.
Restrictions for Configuring Multitopology Routing
• Only the default VRF is currently supported in a multitopology solution.
• Only protocol-independent multicast (PIM) and intermediate system-intermediate system (IS-IS) routing
protocols are currently supported.
• Topology selection is restricted solely to (S, G) route sources for both SM and SSM. Static and IS-IS
are the only interior gateway protocols (IGPs) that support multitopology deployment.
For non-(S, G) route sources like a rendezvous point or bootstrap router (BSR), or when a route policy
is not configured, the current policy default remains in effect. In other words, either a unicast-default or
multicast-default table is selected for all sources, based on OSFP/IS-IS/Multiprotocol Border Gateway
Protocol (MBGP) configuration.
Although both multicast and unicast keywords are available when using the address-family {ipv4 |
ipv6} command in routing policy language (RPL), only topologies under multicast SAFI can be configured
globally.
Note
Information About Multitopology Routing
Configuring multitopology networks requires the following tasks:
Configuring a Global Topology and Associating It with an Interface
Follow these stepsto enable a global topology in the default VRF and to enable its use with a specific interface.
SUMMARY STEPS
1. configure
2. address-family { ipv4 | ipv6 } multicast topology topo-name
3. maximum prefix limit
4. interface type interface-path-id
5. address-family { ipv4 | ipv6 } multicast topology topo-name
6. Repeat Step 4 and Step 5 until you have specified all the interface instances you want to associate with
your topologies.
7. Do one of the following:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 225
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology RoutingDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Configures a topology in the default VRF table that will
be associated with a an interface.
address-family { ipv4 | ipv6 } multicast topology topo-name
Example:
RP/0/RSP0/CPU0:router(config)# address-family ipv4
multicast topology green
Step 2
(Optional) Limits the number of prefixes allowed in a
topology routing table. Range is 32 to 2000000.
maximum prefix limit
Example:
RP/0/RSP0/CPU0:router(config-af)# maximum prefix 100
Step 3
Specifiesthe interface to be associated with the previously
specified VRF table that will add the connected and local
routes to the appropriate routing table.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-af)# interface
GigabitEthernet 0/3/0/0
Step 4
Enablesthe topology for the interface specified in Step 4,
on page 226, adding the connected and local routesto the
appropriate routing table.
address-family { ipv4 | ipv6 } multicast topology
topo-name
Example:
RP/0/RSP0/CPU0:router(config-if)# address-family ipv4
multicast topology green
Step 5
Repeat Step 4 and Step 5 until you have specified all the —
interface instances you want to associate with your topologies.
Step 6
Example:
RP/0/RSP0/CPU0:router(config-if-af)# interface
gigabitethernet 0/3/2/0
RP/0/RSP0/CPU0:routerrouter(config-if)# address-family
ipv4 multicast topology purple
RP/0/RSP0/CPU0:router(config-if-af)#
Step 7 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
• commit
Example:
RP/0/RSP0/CPU0:router(config-mcast-default-ipv4)# end
before exiting(yes/no/cancel)?[cancel]:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
226 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology RoutingCommand or Action Purpose
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config-mcast-default-ipv4)#
commit
configuration session, and returns the router
to EXEC mode.
? Entering no exits the configuration session
and returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leavesthe router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changesto the running configuration file and remain
within the configuration session.
Enabling an IS-IS Topology
To enable a topology in IS-IS, you must associate an IS-IS topology ID with the named topology. IS-IS uses
the topology ID to differentiate topologies in the domain.
Note This command must be configured prior to other topology commands.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. address-family { ipv4 | ipv6 } multicast topology topo-name
4. topology-id multitoplogy-id
5. Do one of the following:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 227
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology RoutingDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
router isis instance-id Enters IS-IS configuration submode.
Example:
RP/0/RSP0/CPU0:router(config)# router isis
purple
Step 2
address-family { ipv4 | ipv6 } multicast Associates an IS-IS topology ID with the named topology.
topology topo-name
Step 3
Example:
RP/0/RSP0/CPU0:router(config-isis)#
address-family ipv4 multicast topology
green
Configures the numeric multitopologyID in IS-IS that identifies the
topology. Range is 6 to 4095.
topology-id multitoplogy-id
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
toplogy-id 122
Step 4
Step 5 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)#
end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-if-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
228 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology RoutingCommand or Action Purpose
Placing an Interface in a Topology in IS-IS
To associate an interface with a topology in IS-IS, follow these steps.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. net network-entity-title
4. interface type interface-path-id
5. address-family { ipv4 | ipv6 } multicast topology topo-name
6. Repeat Step 4, on page 230 and Step 5, on page 230 until you have specified all the interface instances
and associated topologies you want to configure in your network.
7. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
router isis instance-id Enters IS-IS configuration submode.
Example:
RP/0/RSP0/CPU0:router(config)# router isis
purple
Step 2
net network-entity-title Creates a network entity title for the configured isis interface.
Example:
RP/0/RSP0/CPU0:router(config-isis)# net
netname
Step 3
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 229
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology RoutingCommand or Action Purpose
Enters isis interface configuration submode and creates an
interface instance.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
gigabitethernet 0/3/0/0
Step 4
address-family { ipv4 | ipv6 } multicast topology
topo-name
Step 5 • Entersisis address-family interface configuration submode.
• Places the interface instance into a topology.
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
address-family ipv4 multicast topology green
Repeat Step 4, on page 230 and Step 5, on page 230 —
until you have specified all the interface instances and
Step 6
associated topologies you want to configure in your
network.
Step 7 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-if-af)#
commit
? Entering no exits the configuration session and
returnsthe router to EXEC mode without committing
the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
Configuring a Routing Policy
For more information about creating a routing policy and about the set rpf-topology command, see
Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
230 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology RoutingSUMMARY STEPS
1. configure
2. route-policy policy-name
3. end-policy
4. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Defines a routing policy and enters routing policy configuration
submode.
route-policy policy-name
Example:
RP/0/RSP0/CPU0:router(config)# route-policy
Step 2
For detailed information about the use of the set-rpf-topology and
other routing configuration commands,see Cisco ASR 9000 Series
mt1 Aggregation Services Router Routing Command Reference.
RP/0/RSP0/CPU0:router(config-rpl)# if
destination in 225.0.0.1, 225.0.0.11 then
RP/0/RSP0/CPU0:router(config-rpl-if)# if source
in (10.10.10.10) then
RP/0/RSP0/CPU0:router(config-rpl-if-2)# set
rpf-topology ipv4 multicast topology
greentable
RP/0/RSP0/CPU0:router(config-rpl-if-2)# else
RP/0/RSP0/CPU0:router(config-rpl-if-else-2)#
set rpf-topology ipv4 multicast topology
bluetable
RP/0/RSP0/CPU0:router(config-rpl-if-else-2)#
endif
RP/0/RSP0/CPU0:router(config-rpl-if)# endif
Signifies the end of route policy definition and exits routing policy
configuration submode.
end-policy
Example:
RP/0/RSP0/CPU0:router(config-rpl)# end-policy
Step 3
RP/0/RSP0/CPU0:router(config)#
Step 4 Do one of the following: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 231
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology RoutingCommand or Action Purpose
• When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring Multitopology for IS-IS
Multitopology is configured in the same way asthe single topology. However, the single - topology command
is omitted, invoking the default multitopology behavior. This task is optional.
Controlling LSP Flooding for IS-IS
Flooding of LSPs can limit network scalability. You can control LSP flooding by tuning your LSP database
parameters on the router globally or on the interface. This task is optional.
Many of the commands to control LSP flooding contain an option to specify the level to which they apply.
Without the option, the command applies to both levels. If an option is configured for one level, the other
level continues to use the default value. To configure options for both levels, use the command twice. For
example:
RP/0/RSP0/CPU0:router(config-isis)# lsp-refresh-interval 1200 level 2
RP/0/RSP0/CPU0:router(config-isis)# lsp-refresh-interval 1100 level 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
232 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology for IS-ISSUMMARY STEPS
1. configure
2. router isis instance-id
3. lsp-refresh-interval seconds [ level { 1 | 2 }]
4. lsp-check-interval seconds [ level { 1 | 2 }]
5. lsp-gen-interval { [ initial-wait initial | secondary-wait secondary | maximum-wait maximum
] ... } [ level { 1 | 2 }]
6. lsp-mtu bytes [ level { 1 | 2 }]
7. max-lsp-lifetime seconds [ level { 1 | 2 }]
8. ignore-lsp-errors disable
9. interface type interface-path-id
10. lsp-interval milliseconds [ level { 1 | 2 }]
11. csnp-interval seconds [ level { 1 | 2 }]
12. retransmit-interval seconds [ level { 1 | 2 }]
13. retransmit-throttle-interval milliseconds [ level { 1 | 2 }]
14. mesh-group { number | blocked }
15. Do one of the following:
• end
• commit
16. show isis interface [ type interface-path-id | level { 1 | 2 }] [ brief ]
17. show isis [ instance instance-id ] database [ level { 1 | 2 }] [ detail | summary | verbose ] [ * |
lsp-id ]
18. show isis [ instance instance-id ] lsp-log [ level { 1 | 2 }]
19. show isis database-log [ level { 1 | 2 }]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance, and places
the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis
isp
Step 2
• You can change the level of routing to be performed by a
particular routing instance by using the is-type router
configuration command.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 233
Implementing IS-IS on Cisco ASR 9000 Series Router
Controlling LSP Flooding for IS-ISCommand or Action Purpose
(Optional) Sets the time between regeneration of LSPs that contain
different sequence numbers
lsp-refresh-interval seconds [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
lsp-refresh-interval 10800
Step 3
• The refresh interval should always be set lower than the
max-lsp-lifetime command.
(Optional) Configuresthe time between periodic checks of the entire
database to validate the checksums of the LSPs in the database.
lsp-check-interval seconds [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
lsp-check-interval 240
Step 4
• This operation is costly in terms of CPU and so should be
configured to occur infrequently.
(Optional) Reduces the rate of LSP generation during periods of
instability in the network. Helps reduce the CPU load on the router
and number of LSP transmissions to its IS-IS neighbors.
lsp-gen-interval { [ initial-wait initial |
secondary-wait secondary | maximum-wait
maximum ] ... } [ level { 1 | 2 }]
Step 5
Example:
RP/0/RSP0/CPU0:router(config-isis)#
• During prolonged periods of network instability, repeated
recalculation of LSPs can cause an increased CPU load on
the local router. Further, the flooding of these recalculated
lsp-gen-interval maximum-wait 15 LSPsto the other Intermediate Systemsin the network causes
initial-wait 5
increased traffic and can result in other routers having to spend
more time running route calculations.
(Optional) Sets the maximum transmission unit (MTU) size of
LSPs.
lsp-mtu bytes [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis)# lsp-mtu
1300
Step 6
(Optional) Sets the initial lifetime given to an LSP originated by
the router.
max-lsp-lifetime seconds [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
max-lsp-lifetime 11000
Step 7
• Thisisthe amount of time that the LSP persistsin the database
of a neighbor unless the LSP is regenerated or refreshed.
(Optional) Sets the router to purge LSPs received with checksum
errors.
ignore-lsp-errors disable
Example:
RP/0/RSP0/CPU0:router(config-isis)#
ignore-lsp-errors disable
Step 8
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)#
interface GigabitEthernet 0/1/0/3
Step 9
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
234 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Controlling LSP Flooding for IS-ISCommand or Action Purpose
(Optional) Configures the amount of time between each LSP sent
on an interface.
lsp-interval milliseconds [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
lsp-interval 100
Step 10
(Optional) Configures the interval at which periodic CSNP packets
are sent on broadcast interfaces.
csnp-interval seconds [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
csnp-interval 30 level 1
Step 11
• Sending more frequent CSNPs means that adjacent routers
must work harder to receive them.
• Sending less frequent CSNP means that differences in the
adjacent routers may persist longer.
(Optional) Configures the amount of time that the sending router
waits for an acknowledgment before it considers that the LSP was
not received and subsequently resends.
retransmit-interval seconds [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
retransmit-interval 60
Step 12
RP/0/RSP0/CPU0:router(config-isis-if)#
retransmit-interval 60
(Optional) Configures the amount of time between retransmissions
on each LSP on a point-to-point interface.
retransmit-throttle-interval milliseconds [
level { 1 | 2 }]
Step 13
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
retransmit-throttle-interval 1000
• This time is usually greater than or equal to the lsp-interval
command time because the reason for lost LSPs may be that
a neighboring router is busy. A longer interval gives the
neighbor more time to receive transmissions.
(Optional) Optimizes LSP flooding in NBMA networks with highly
meshed, point-to-point topologies.
mesh-group { number | blocked }
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
mesh-group blocked
Step 14
• This command is appropriate only for an NBMA network
with highly meshed, point-to-point topologies.
Step 15 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-isis-if)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 235
Implementing IS-IS on Cisco ASR 9000 Series Router
Controlling LSP Flooding for IS-ISCommand or Action Purpose
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
show isis interface [ type interface-path-id | (Optional) Displays information about the IS-IS interface.
level { 1 | 2 }] [ brief ]
Step 16
Example:
RP/0/RSP0/CPU0:router# show isis interface
GigabitEthernet 0/1/0/1 brief
show isis [ instance instance-id ] database [ (Optional) Displays the IS-IS LSP database.
level { 1 | 2 }] [ detail | summary | verbose ]
[ * | lsp-id ]
Step 17
Example:
RP/0/RSP0/CPU0:router# show isis database
level 1
show isis [ instance instance-id ] lsp-log [ level (Optional) Displays LSP log information.
{ 1 | 2 }]
Step 18
Example:
RP/0/RSP0/CPU0:router# show isis lsp-log
show isis database-log [ level { 1 | 2 }] (Optional) Display IS-IS database log information.
Example:
RP/0/RSP0/CPU0:router# show isis
database-log level 1
Step 19
Configuring Nonstop Forwarding for IS-IS
This task explains how to configure your router with NSF that allows the Cisco IOS XR software to
resynchronize the IS-IS link-state database with its IS-IS neighbors after a process restart. The process restart
could be due to an:
• RP failover (for a warm restart)
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
236 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Nonstop Forwarding for IS-IS• Simple process restart (due to an IS-IS reload or other administrative request to restart the process)
• IS-IS software upgrade
In all cases, NSF mitigates link flaps and loss of user sessions. This task is optional.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. nsf { cisco | ietf }
4. nsf interface-expires number
5. nsf interface-timer seconds
6. nsf lifetime seconds
7. Do one of the following:
• end
• commit
8. show running-config [ command ]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance, and places the
router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router
isis isp
Step 2
• You can change the level of routing to be performed by a particular
routing instance by using the is-type router configuration command.
Step 3 nsf { cisco | ietf } Enables NSF on the next restart.
Example:
RP/0/RSP0/CPU0:router(config-isis)# nsf
ietf
• Enter the cisco keyword to run IS-IS in heterogeneous networks
that might not have adjacent NSF-aware networking devices.
• Enter the ietf keyword to enable IS-IS in homogeneous networks
where all adjacent networking devices support IETF draft-based
restartability.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 237
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Nonstop Forwarding for IS-ISCommand or Action Purpose
Configures the number of resends of an acknowledged NSF-restart
acknowledgment.
nsf interface-expires number
Example:
RP/0/RSP0/CPU0:router(config-isis)# nsf
interface-expires 1
Step 4
• If the resend limit is reached during the NSF restart, the restart falls
back to a cold restart.
nsf interface-timer seconds Configuresthe number ofsecondsto wait for each restart acknowledgment.
Example:
RP/0/RSP0/CPU0:router(config-isis) nsf
interface-timer 15
Step 5
Step 6 nsf lifetime seconds Configures the maximum route lifetime following an NSF restart.
Example:
RP/0/RSP0/CPU0:router(config-isis)# nsf
lifetime 20
• This command should be configured to the length of time required
to perform a full NSF restart because it is the amount of time that
the Routing Information Base (RIB) retains the routes during the
restart.
• Setting this value too high results in stale routes.
• Setting this value too low could result in routes purged too soon.
Step 7 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
238 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Nonstop Forwarding for IS-ISCommand or Action Purpose
(Optional) Displays the entire contents of the currently running
configuration file or a subset of that file.
show running-config [ command ]
Example:
RP/0/RSP0/CPU0:router# show
running-config router isis isp
Step 8
• Verify that “nsf” appearsin the IS-IS configuration of the NSF-aware
device.
• This example shows the contents of the configuration file for the
“isp” instance only.
Configuring Authentication for IS-IS
This task explains how to configure authentication for IS-IS. This task is optional.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. lsp-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only ]
[ snp send-only ]
4. interface type interface-path-id
5. hello-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only
]
6. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance, and
places the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
• You can change the level of routing to be performed
by a particular routing instance by using the is-type
command.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 239
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Authentication for IS-ISCommand or Action Purpose
lsp-password { hmac-md5 | text } { clear | encrypted } Configures the LSP authentication password.
password [ level { 1 | 2 }] [ send-only ] [ snp send-only ]
Step 3
• The hmac-md5 keyword specifies that the password
is used in HMAC-MD5 authentication.
Example:
RP/0/RSP0/CPU0:router(config-isis)# lsp-password
hmac-md5 clear password1 level 1
• The text keyword specifies that the password uses
cleartext password authentication.
• The clear keyword specifies that the password is
unencrypted when entered.
• The encrypted keyword specifies that the password
is encrypted using a two-way algorithm when entered.
• The level 1 keyword sets a password for authentication
in the area (in Level 1 LSPs and Level SNPs).
• The level 2 keywordsset a password for authentication
in the backbone (the Level 2 area).
• The send-only keyword adds authentication to LSP
and sequence number protocol data units (SNPs) when
they are sent. It does not authenticate received LSPs or
SNPs.
• The snp send-only keyword adds authentication to
SNPs when they are sent. It does not authenticate
received SNPs.
To disable SNP password checking, the snp
send-only keywords must be specified in the
lsp-password command.
Note
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0/1/0/3
Step 4
hello-password { hmac-md5 | text } { clear | encrypted Configuresthe authentication password for an IS-IS interface.
} password [ level { 1 | 2 }] [ send-only ]
Step 5
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#hello-password
text clear mypassword
Step 6 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
240 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Authentication for IS-ISCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
or
RP/0/RSP0/CPU0:router(config-isis-if)# commit
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Configuring Keychains for IS-IS
This task explains how to configure keychains for IS-IS. This task is optional.
Keychains can be configured at the router level ( lsp-password command) and at the interface level (
hello-password command) within IS-IS. These commands reference the global keychain configuration and
instruct the IS-IS protocol to obtain security parameters from the global set of configured keychains. The
router-level configuration (lsp-password command) sets the keychain to be used for all IS-IS LSPs generated
by this router, as well as for all Sequence Number Protocol Data Units (SN PDUs). The keychain used for
HELLO PDUs is set at the interface level, and may be set differently for each interface configured for IS-IS.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. l sp-password keychain keychain-name [ level { 1 | 2 }] [ send-only ] [ snp send-only ]
4. interface type interface-path-id
5. h ello-password keychain keychain-name [ level { 1 | 2 }] [ send-only ]
6. Do one of the following:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 241
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Keychains for IS-ISDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance,
and places the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
• You can change the level of routing to be performed
by a particular routing instance by using the is-type
command.
l sp-password keychain keychain-name [ level { 1 | 2 }] Configures the keychain.
[ send-only ] [ snp send-only ]
Step 3
Example:
RP/0/RSP0/CPU0:router(config-isis)# lsp-password
keychain isis_a level 1
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0/1/0/3
Step 4
Configures the authentication password for an IS-IS
interface.
h ello-password keychain keychain-name [ level { 1 | 2
}] [ send-only ]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#hello-password
keychain isis_b
Step 5
Step 6 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# end
before exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config-isis-if)# commit
configuration session, and returns the router to
EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
242 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Keychains for IS-ISCommand or Action Purpose
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Configuring MPLS Traffic Engineering for IS-IS
This task explains how to configure IS-IS for MPLS TE. This task is optional.
For a description of the MPLS TE tasks and commands that allow you to configure the router to support
tunnels, configure an MPLS tunnel that IS-IS can use, and troubleshoot MPLS TE, see Implementing MPLS
Traffic Engineering on Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide
Before You Begin
Your network must support the MPLS Cisco IOS XR software feature before you enable MPLS TE for IS-IS
on your router.
You must enter the commands in the following task list on every IS-IS router in the traffic-engineered
portion of your network.
Note
MPLS traffic engineering currently does not support routing and signaling of LSPs over unnumbered IP
links. Therefore, do not configure the feature over those links.
Note
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 243
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring MPLS Traffic Engineering for IS-ISSUMMARY STEPS
1. configure
2. router isis instance-id
3. address-family { ipv4 | ipv6 } [ unicast | multicast ]
4. mpls traffic-eng level { 1 | 2 }
5. mpls traffic-eng router-id { ip-address | interface-name interface-instance }
6. metric-style wide [ level { 1 | 2 }]
7. Do one of the following:
• end
• commit
8. show isis [ instance instance-id ] mpls traffic-eng tunnel
9. show isis [ instance instance-id ] mpls traffic-eng adjacency-log
10. show isis [ instance instance-id ] mpls traffic-eng advertisements
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance, and
places the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
• You can change the level of routing to be performed
by a particular routing instance by using the is-type
router configuration command.
Specifies the IPv4 or IPv6 address family, and enters router
address family configuration mode.
address-family { ipv4 | ipv6 } [ unicast | multicast ]
Example:
RP/0/RSP0/CPU0:router(config-isis)#address-family
ipv4 unicast
Step 3
Configures a router running IS-IS to flood MPLS TE link
information into the indicated IS-IS level.
mpls traffic-eng level { 1 | 2 }
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# mpls
traffic-eng level 1
Step 4
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
244 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring MPLS Traffic Engineering for IS-ISCommand or Action Purpose
Specifies that the MPLS TE router identifier for the node is
the given IP address or an IP address associated with the
given interface.
mpls traffic-eng router-id { ip-address | interface-name
interface-instance }
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# mpls
traffic-eng router-id loopback0
Step 5
Configures a router to generate and accept only wide link
metrics in the Level 1 area.
metric-style wide [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
metric-style wide level 1
Step 6
Step 7 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# end
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-af)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
show isis [ instance instance-id ] mpls traffic-eng (Optional) Displays MPLS TE tunnel information.
tunnel
Step 8
Example:
RP/0/RSP0/CPU0:router# show isis instance isp mpls
traffic-eng tunnel
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 245
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring MPLS Traffic Engineering for IS-ISCommand or Action Purpose
(Optional) Displays a log of MPLS TE IS-IS adjacency
changes.
show isis [ instance instance-id ] mpls traffic-eng
adjacency-log
Example:
RP/0/RSP0/CPU0:router# show isis instance isp mpls
traffic-eng adjacency-log
Step 9
(Optional) Displays the latest flooded record from MPLS
TE.
show isis [ instance instance-id ] mpls traffic-eng
advertisements
Example:
RP/0/RSP0/CPU0:router# show isis instance isp mpls
traffic-eng advertisements
Step 10
Tuning Adjacencies for IS-IS
This task explains how to enable logging of adjacency state changes, alter the timers for IS-IS adjacency
packets, and display various aspects of adjacency state. Tuning your IS-IS adjacencies increases network
stability when links are congested. This task is optional.
For point-to-point links, IS-IS sends only a single hello for Level 1 and Level 2, which means that the level
modifiers are meaningless on point-to-point links. To modify hello parameters for a point-to-point interface,
omit the specification of the level options.
The options configurable in the interface submode apply only to that interface. By default, the values are
applied to both Level 1 and Level 2.
The hello-password command can be used to prevent adjacency formation with unauthorized or undesired
routers. This ability is particularly useful on a LAN, where connections to routers with which you have no
desire to establish adjacencies are commonly found.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
246 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Tuning Adjacencies for IS-ISSUMMARY STEPS
1. configure
2. router isis instance-id
3. log adjacency changes
4. interface type interface-path-id
5. hello-padding { disable | sometimes } [ level { 1 | 2 }]
6. hello-interval seconds [ level { 1 | 2 }]
7. hello-multiplier multiplier [ level { 1 | 2 }]
8. h ello-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only
]
9. Do one of the following:
• end
• commit
10. show isis [ instance instance-id ] adjacency t ype interface- path-id ] [ detail ] [ systemid system-id
]
11. show isis adjacency-log
12. show isis [ instance instance-id ] interface [ type interface-path-id ] [ brief | detail ] [ level { 1 |
2 }]
13. show isis [ instance instance-id ] neighbors [ interface-type interface-instance ] [ summary ] [ detail
] [ systemid system-id ]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance,
and places the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
• You can change the level of routing to be
performed by a particular routing instance by using
the is-type command.
Generates a log message when an IS-IS adjacency
changes state (up or down).
log adjacency changes
Example:
RP/0/RSP0/CPU0:router(config-isis)# log adjacency
changes
Step 3
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 247
Implementing IS-IS on Cisco ASR 9000 Series Router
Tuning Adjacencies for IS-ISCommand or Action Purpose
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0/1/0/3
Step 4
Configures padding on IS-IS hello PDUs for an IS-IS
interface on the router.
hello-padding { disable | sometimes } [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# hello-padding
sometimes
Step 5
• Hello padding appliesto only thisinterface and not
to all interfaces.
Specifies the length of time between hello packets that
the software sends.
hello-interval seconds [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#hello-interval
6
Step 6
Specifies the number of IS-IS hello packets a neighbor
must miss before the routershould declare the adjacency
as down.
hello-multiplier multiplier [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
hello-multiplier 10
Step 7
• A higher value increases the networks tolerance
for dropped packets, but also may increase the
amount of time required to detect the failure of an
adjacent router.
• Conversely, not detecting the failure of an adjacent
router can result in greater packet loss.
Specifies that this system include authentication in the
hello packets and requires successful authentication of
h ello-password { hmac-md5 | text } { clear | encrypted
} password [ level { 1 | 2 }] [ send-only ]
Step 8
the hello packet from the neighbor to establish an
adjacency.
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# hello-password
text clear mypassword
Step 9 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# end
before exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config-isis-if)# commit
configuration session, and returns the router
to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
248 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Tuning Adjacencies for IS-ISCommand or Action Purpose
? Entering no exits the configuration session
and returnsthe router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the
current configuration session without exiting
or committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and
remain within the configuration session.
show isis [ instance instance-id ] adjacency t ype interface- (Optional) Displays IS-IS adjacencies.
path-id ] [ detail ] [ systemid system-id ]
Step 10
Example:
RP/0/RSP0/CPU0:router# show isis instance isp
adjacency
(Optional) Displays a log of the most recent adjacency
state transitions.
show isis adjacency-log
Example:
RP/0/RSP0/CPU0:router# show isis adjacency-log
Step 11
show isis [ instance instance-id ] interface [ type (Optional) Displaysinformation about the IS-IS interface.
interface-path-id ] [ brief | detail ] [ level { 1 | 2 }]
Step 12
Example:
RP/0/RSP0/CPU0:router# show isis interface
GigabitEthernet 0/1/0/1 brief
show isis [ instance instance-id ] neighbors [ interface-type (Optional) Displays information about IS-IS neighbors.
interface-instance ] [summary ] [ detail ] [systemid system-id
]
Step 13
Example:
RP/0/RSP0/CPU0:router# show isis neighbors summary
Setting SPF Interval for a Single-Topology IPv4 and IPv6 Configuration
This task explains how to make adjustments to the SPF calculation to tune router performance. This task is
optional.
Because the SPF calculation computes routes for a particular topology, the tuning attributes are located in the
router address family configuration submode. SPF calculation computes routes for Level 1 and Level 2
separately.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 249
Implementing IS-IS on Cisco ASR 9000 Series Router
Setting SPF Interval for a Single-Topology IPv4 and IPv6 ConfigurationWhen IPv4 and IPv6 address families are used in a single-topology mode, only a single SPF for the IPv4
topology exists. The IPv6 topology “borrows” the IPv4 topology; therefore, no SPF calculation is required
for IPv6. To tune the SPF calculation parameters for single-topology mode, configure the address-family
ipv4 unicast command.
The incremental SPF algorithm can be enabled separately. When enabled, the incremental shortest path first
(ISPF) is not employed immediately. Instead, the full SPF algorithm is used to “seed” the state information
required for the ISPF to run. The startup delay prevents the ISPF from running for a specified interval after
an IS-IS restart (to permit the database to stabilize). After the startup delay elapses, the ISPF is principally
responsible for performing all of the SPF calculations. The reseed interval enables a periodic running of the
full SPF to ensure that the iSFP state remains synchronized.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. address-family { ipv4 | ipv6 } [ unicast | multicast ]
4. spf-interval {[ initial-wait initial | secondary-wait secondary | maximum-wait maximum ] ...}
[ level { 1 | 2 }]
5. ispf [ level { 1 | 2 }]
6. Do one of the following:
• end
• commit
7. show isis [ instance instance-id ] [[ ipv4 | ipv6 | afi-all ] [ unicast | multicast | safi-all ]] spf-log
[ level { 1 | 2 }] [ ispf | fspf | prc | nhc ] [ detail | verbose ] [ last number | first number ]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance, and
places the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
• You can change the level of routing to be performed by
a particular routing instance by using the is-type router
configuration command.
Specifies the IPv4or IPv6 address family, and enters router
address family configuration mode.
address-family { ipv4 | ipv6 } [ unicast | multicast ]
Example:
RP/0/RSP0/CPU0:router(config-isis)#address-family
ipv4 unicast
Step 3
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
250 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Setting SPF Interval for a Single-Topology IPv4 and IPv6 ConfigurationCommand or Action Purpose
(Optional) Controlsthe minimum time between successive SPF
calculations.
spf-interval {[ initial-wait initial | secondary-wait
secondary | maximum-wait maximum ] ...} [ level { 1
| 2 }]
Step 4
• This value imposes a delay in the SPF computation after
an event trigger and enforces a minimum elapsed time
between SPF runs.
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
spf-interval initial-wait 10 maximum-wait 30
• If this value is configured too low, the router can lose too
many CPU resources when the network is unstable.
• Configuring the value too high delays changes in the
network topology that result in lost packets.
• The SPF interval does not apply to the running of the
ISPF because that algorithm runs immediately on
receiving a changed LSP.
(Optional) Configures incremental IS-IS ISPF to calculate
network topology.
ispf [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# ispf
Step 5
Step 6 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-af)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
(Optional) Displays how often and why the router has run a
full SPF calculation.
show isis [ instance instance-id ] [[ ipv4 | ipv6 | afi-all
] [ unicast | multicast | safi-all ]] spf-log [ level { 1 |
2 }] [ ispf | fspf | prc | nhc ] [ detail | verbose ] [ last
number | first number ]
Step 7
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 251
Implementing IS-IS on Cisco ASR 9000 Series Router
Setting SPF Interval for a Single-Topology IPv4 and IPv6 ConfigurationCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router# show isis instance 1
spf-log ipv4
Customizing Routes for IS-IS
This task explains how to perform route functions that include injecting default routes into your IS-IS routing
domain and redistributing routes learned in another IS-IS instance. This task is optional.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. set-overload-bit [ on-startup { delay | wait-for-bgp }] [ level { 1 | 2 }]
4. address-family { ipv4 | ipv6 } [ unicast | multicast ]
5. default-information originate [ route-policy route-policy-name ]
6. redistribute isis instance [ level-1 | level-2 | level-1-2 ] [ metric metric ] [ metric-type { internal
| external }] [ policy policy-name ]
7. Do one of the following:
• summary-prefix address / prefix-length [ level { 1 | 2 }]
• summary-prefix ipv6-prefix / prefix-length [ level { 1 | 2 }]
8. maximum-paths route-number
9. distance weight [ address / prefix-length [ route-list-name ]]
10. set-attached-bit
11. Do one of the following:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
252 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Customizing Routes for IS-ISDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing process, and places the
router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis
isp
Step 2
• By default, all IS-IS instances are automatically Level 1 and
Level 2. You can change the level of routing to be performed by
a particular routing instance by using the is-type command.
set-overload-bit [ on-startup { delay | (Optional) Sets the overload bit.
wait-for-bgp }] [ level { 1 | 2 }]
Step 3
The configured overload bit behavior does not apply to NSF
restarts because the NSF restart does not set the overload bit
during restart.
Note
Example:
RP/0/RSP0/CPU0:router(config-isis)#
set-overload-bit
Specifies the IPv4 or IPv6 address family, and enters router address
family configuration mode.
address-family { ipv4 | ipv6 } [ unicast |
multicast ]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
address-family ipv4 unicast
Step 4
(Optional) Injects a default IPv4 or IPv6 route into an IS-IS routing
domain.
default-information originate [ route-policy
route-policy-name ]
Step 5
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
default-information originate
• The route-policy keyword and route-policy-name argument
specify the conditions under which the IPv4 or IPv6 default route
is advertised.
• If the route-policy keyword is omitted, then the IPv4 or IPv6
default route is unconditionally advertised at Level 2.
(Optional) Redistributes routes from one IS-IS instance into another
instance.
redistribute isis instance [ level-1 | level-2 |
level-1-2 ] [ metric metric ] [ metric-type {
internal | external }] [ policy policy-name ]
Step 6
• In this example, an IS-IS instance redistributes Level 1 routes
from another IS-IS instance.
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
redistribute isis 2 level-1
(Optional) Allows a Level 1-2 router to summarize Level 1 IPv4 and
IPv6 prefixes at Level 2, instead of advertising the Level 1 prefixes
directly when the router advertises the summary.
Step 7 Do one of the following:
• summary-prefix address / prefix-length
[ level { 1 | 2 }]
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 253
Implementing IS-IS on Cisco ASR 9000 Series Router
Customizing Routes for IS-ISCommand or Action Purpose
• This example specifies an IPv4 address and mask.
• summary-prefix ipv6-prefix / prefix-length
[ level { 1 | 2 }]
or
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
summary-prefix 10.1.0.0/16 level 1
• This example specifies an IPv6 prefix, and the command must
be in the form documented in RFC 2373 in which the address is
specified in hexadecimal using 16-bit values between colons.
• Note that IPv6 prefixes must be configured only in the IPv6
router address family configuration submode, and IPv4 prefixes
in the IPv4 router address family configuration submode.
or
RP/0/RSP0/CPU0:router(config-isis-af)#
summary-prefix 3003:xxxx::/24 level 1
(Optional) Configuresthe maximum number of parallel paths allowed
in a routing table.
maximum-paths route-number
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
maximum-paths 16
Step 8
(Optional) Defines the administrative distance assigned to routes
discovered by the IS-IS protocol.
distance weight [ address / prefix-length [
route-list-name ]]
Step 9
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
distance 90
• A different administrative distance may be applied for IPv4 and
IPv6.
(Optional) Configures an IS-IS instance with an attached bit in the
Level 1 LSP.
set-attached-bit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
set-attached-bit
Step 10
Step 11 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-af)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
254 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Customizing Routes for IS-ISCommand or Action Purpose
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring MPLS LDP IS-IS Synchronization
This task explains how to enable Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP)
IS-IS synchronization. MPLS LDP synchronization can be enabled for an address family under interface
configuration mode. Only IPv4 unicast address family is supported. This task is optional.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. interface type interface-path-id
4. address-family ipv4 unicast
5. mpls ldp sync [ level { 1 | 2 }]
6. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
EnablesIS-IS routing for the specified routing process, and places
the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
• By default, all IS-IS instances are automatically Level 1
and Level 2. You can change the level of routing to be
performed by a particular routing instance by using the
is-type command.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 255
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring MPLS LDP IS-IS SynchronizationCommand or Action Purpose
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0/1/0/3
Step 3
Specifiesthe IPv4 addressfamily and entersrouter addressfamily
configuration mode.
address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
address-family ipv4 unicast
Step 4
Enables MPLS LDP synchronization for the IPv4 address family
under interface GigabitEthernet 0/1/0/3.
mpls ldp sync [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# mpls
ldp sync level 1
Step 5
Step 6 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-if-af)#
commit
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commitcommand to save the configuration changes
to the running configuration file and remain within the
configuration session.
Enabling Multicast-Intact
This optional task describes how to enable multicast-intact for IS-IS routes that use IPv4 and IPv6 addresses.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
256 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Enabling Multicast-IntactSUMMARY STEPS
1. configure
2. router isis instance-id
3. address-family { ipv4 | ipv6 } [ unicast | multicast ]
4. mpls traffic-eng multicast-intact
5. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing process, and places
the router in router configuration mode. In this example, the IS-IS
instance is called isp.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis
isp
Step 2
Specifies the IPv4 or IPv6 address family, and enters router address
family configuration mode.
address-family { ipv4 | ipv6 } [ unicast |
multicast ]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
address-family ipv4 unicast
Step 3
mpls traffic-eng multicast-intact Enables multicast-intact.
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# mpls
traffic-eng multicast-intact
Step 4
Step 5 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# end
exiting(yes/no/cancel)?[cancel]:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 257
Implementing IS-IS on Cisco ASR 9000 Series Router
Enabling Multicast-IntactCommand or Action Purpose
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Tagging IS-IS Interface Routes
This optional task describes how to associate a tag with a connected route of an IS-IS interface.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. address-family { ipv4 | ipv6 } [ unicast | multicast ]
4. metric-style wide [ transition ] [ level { 1 | 2 }]
5. exit
6. interface type number
7. address-family { ipv4 | ipv6 } [ unicast | multicast ]
8. tag tag
9. Do one of the following:
• end
• commit
10. show isis [ ipv4 | ipv6 | afi-all ] [ unicast | multicast | safi-all ] route [ detail ]
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
258 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Tagging IS-IS Interface RoutesDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing process, and
placesthe router in router configuration mode. In this example,
the IS-IS instance is called isp.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
Specifies the IPv4 or IPv6 address family, and enters router
address family configuration mode.
address-family { ipv4 | ipv6 } [ unicast | multicast
]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
address-family ipv4 unicast
Step 3
Configures a router to generate and accept only wide link
metrics in the Level 1 area.
metric-style wide [ transition ] [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
metric-style wide level 1
Step 4
Exits router address family configuration mode, and returns the
router to router configuration mode.
exit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# exit
Step 5
interface type number Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0/1/0/3
Step 6
Specifies the IPv4 or IPv6 address family, and enters address
family configuration mode.
address-family { ipv4 | ipv6 } [ unicast | multicast
]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
address-family ipv4 unicast
Step 7
Sets the value of the tag to associate with the advertised
connected route.
tag tag
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# tag
3
Step 8
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 259
Implementing IS-IS on Cisco ASR 9000 Series Router
Tagging IS-IS Interface RoutesCommand or Action Purpose
Step 9 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-if-af)#
commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Displays tag information. Verify that all tags are present in the
RIB.
show isis [ ipv4 | ipv6 | afi-all ] [ unicast |
multicast | safi-all ] route [ detail ]
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# show
isis ipv4 route detail
Step 10
Setting the Priority for Adding Prefixes to the RIB
This optional task describes how to set the priority (order) for which specified prefixes are added to the RIB.
The prefixes can be chosen using an access list (ACL), prefix list, or by matching a tag value.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
260 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Setting the Priority for Adding Prefixes to the RIBSUMMARY STEPS
1. configure
2. router isis instance-id
3. address-family { ipv4 | ipv6 } [ unicast | multicast ]
4. metric-style wide [ transition ] [ level { 1 | 2 }]
5. spf prefix-priority [ level { 1 | 2 }] { critical | high | medium } { access-list-name | tag tag }
6. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing process, and places
the router in router configuration mode. In this example, the IS-IS
instance is called isp.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis
isp
Step 2
Specifies the IPv4 or IPv6 address family, and enters router address
family configuration mode.
address-family { ipv4 | ipv6 } [ unicast |
multicast ]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
address-family ipv4 unicast
Step 3
Configures a router to generate and accept only wide-link metrics
in the Level 1 area.
metric-style wide [ transition ] [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
metric-style wide level 1
Step 4
spf prefix-priority [ level { 1 | 2 }] { critical | Installs all routes tagged with the value 3 first.
high | medium } { access-list-name | tag tag }
Step 5
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# spf
prefix-priority high tag 3
Step 6 Do one of the following: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 261
Implementing IS-IS on Cisco ASR 9000 Series Router
Setting the Priority for Adding Prefixes to the RIBCommand or Action Purpose
• When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yessaves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring IP/LDP Fast Reroute
This optional task describes how to enable the IP/LDP fast reroute computation to converge traffic flows
around link failures.
To enable node protection on broadcast links, fast reroute and bidirectional forwarding detection (BFD)
must be enabled on the interface under IS-IS.
Note
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
262 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring IP/LDP Fast RerouteSUMMARY STEPS
1. configure
2. router isis instance-id
3. interface type interface-path-id
4. circuit-type { level-1 | level-1-2 | level-2-only }
5. address-family { ipv4 | ipv6 } [ unicast | multicast ]
6. fast-reroute {per-link | per-prefix}
7. Do one of the following:
• fast-reroute per-link { level { 1 | 2 }}
• fast-reroute per-prefix { level { 1 | 2 }}
8. Do one of the following:
• fast-reroute per-link exclude interface type interface-path-id { level { 1 | 2 }}
• fast-reroute per-prefix exclude interface type interface-path-id { level { 1 | 2 }}
9. Do one of the following:
• fast-reroute per-link lfa-candidate interface type interface-path-id { level { 1 | 2 }}
• fast-reroute per-prefix lfa-candidate interface type interface-path-id { level { 1 | 2 }}
10. Do one of the following:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing process,
and places the router in router configuration mode. In
this example, the IS-IS instance is called isp.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 263
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring IP/LDP Fast RerouteCommand or Action Purpose
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface POS
0/1/0/3
Step 3
circuit-type { level-1 | level-1-2 | level-2-only } (Optional) Configures the type of adjacency.
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# circuit-type
level-1
Step 4
Specifies the address family, and enters router address
family configuration mode.
address-family { ipv4 | ipv6 } [ unicast | multicast ]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# address-family
ipv4 unicast
Step 5
• This example specifies the unicast IPv4 address
family.
Specifies fast-reroute computation on per-link or
per-prefix basis.
fast-reroute {per-link | per-prefix}
Example:
RP/0/RSP0/CPU0:router8(config-isis-if-af)#
fast-reroute per-link
Step 6
• per-link—Used for prefix independent per-link
computation.
• per-prefix—Used for prefix dependent
computation.
Configures fast-reroute per-link or per-prefix
computation for one level; use either level 1 or level 2.
Step 7 Do one of the following:
• fast-reroute per-link { level { 1 | 2 }}
• fast-reroute per-prefix { level { 1 | 2 }}
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute
per-link level 1
Or
RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute
per-prefix level 2
Step 8 Do one of the following: Excludes an interface from fast-reroute computation.
• fast-reroute per-link exclude interface type
interface-path-id { level { 1 | 2 }}
• fast-reroute per-prefix exclude interface type
interface-path-id { level { 1 | 2 }}
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
264 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring IP/LDP Fast RerouteCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute
per-link exclude interface Loopback0 level 1
Or
RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute
per-prefix exclude interface POS0/6/0/0 level 2
Configures to include an interface to LFA candidate in
fast-reroute computation.
Step 9 Do one of the following:
• fast-reroute per-link lfa-candidate interface type
interface-path-id { level { 1 | 2 }}
• fast-reroute per-prefix lfa-candidate interface type
interface-path-id { level { 1 | 2 }}
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute
per-link lfa-candidate interface MgmtEth0/RP0/CPU0/0
level 1
Or
RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute
per-prefix lfa-candidate interface
MgmtEth0/RP1/CPU0/0 level 2
Step 10 Do one of the following: Saves configuration changes.
• end • When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# end
before exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-isis-af)# commit
? Entering yes saves configuration changes to
the running configuration file, exits the
configuration session, and returns the router
to EXEC mode.
? Entering no exits the configuration session
and returnsthe router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the
current configuration session without exiting
or committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and
remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 265
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring IP/LDP Fast RerouteCommand or Action Purpose
Configuring IS-IS Overload Bit Avoidance
This task describes how to activate IS-IS overload bit avoidance.
Before You Begin
The IS-IS overload bit avoidance feature is valid only on networks that support the following Cisco IOS XR
features:
• MPLS
• IS-IS
SUMMARY STEPS
1. configure
2. mpls traffic-eng path-selection ignore overload
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng path-selection ignore overload Activates IS-IS overload bit avoidance.
Example:
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng
path-selection ignore overload
Step 2
Configuration Examples for Implementing IS-IS
This section provides the following configuration examples:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
266 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring IS-IS Overload Bit AvoidanceConfiguring Single-Topology IS-IS for IPv6: Example
The following example shows single-topology mode being enabled. An IS-IS instance is created, the NET is
defined, IPv6 is configured along with IPv4 on an interface, and IPv4 link topology is used for IPv6.
This configuration allows POS interface 0/3/0/0 to form adjacencies for both IPv4 and IPv6 addresses.
router isis isp
net 49.0000.0000.0001.00
address-family ipv6 unicast
single-topology
interface POS0/3/0/0
address-family ipv4 unicast
!
address-family ipv6 unicast
!
exit
!
interface POS0/3/0/0
ipv4 address 10.0.1.3 255.255.255.0
ipv6 address 2001::1/64
Configuring Multitopology IS-IS for IPv6: Example
The following example shows multitopology IS-IS being configured in IPv6.
router isis isp
net 49.0000.0000.0001.00
interface POS0/3/0/0
address-family ipv6 unicast
metric-style wide level 1
exit
!
interface POS0/3/0/0
ipv6 address 2001::1/64
Redistributing IS-IS Routes Between Multiple Instances: Example
The following example shows usage of the set- attached-bit and redistribute commands. Two instances,
instance “1” restricted to Level 1 and instance “2” restricted to Level 2, are configured.
The Level 1 instance is propagating routes to the Level 2 instance using redistribution. Note that the
administrative distance is explicitly configured higher on the Level 2 instance to ensure that Level 1 routes
are preferred.
Attached bit is being set for the Level 1 instance since it is redistributing routes into the Level 2 instance.
Therefore, instance “1” is a suitable candidate to get from the area to the backbone.
router isis 1
is-type level-2-only
net 49.0001.0001.0001.0001.00
address-family ipv4 unicast
distance 116
redistribute isis 2 level 2
!
interface GigabitEthernet 0/3/0/0
address-family ipv4 unicast
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 267
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Single-Topology IS-IS for IPv6: Example!
!
router isis 2
is-type level-1
net 49.0002.0001.0001.0002.00
address-family ipv4 unicast
set
-attached
-bit
!
interface GigabitEthernet 0/1/0/0
address-family ipv4 unicast
Tagging Routes: Example
The following example shows how to tag routes.
route-policy isis-tag-55
end-policy
!
route-policy isis-tag-555
if destination in (5.5.5.0/24 eq 24) then
set tag 555
pass
else
drop
endif
end-policy
!
router static
address-family ipv4 unicast
0.0.0.0/0 2.6.0.1
5.5.5.0/24 Null0
!
!
router isis uut
net 00.0000.0000.12a5.00
address-family ipv4 unicast
metric-style wide
redistribute static level-1 route-policy isis-tag-555
spf prefix-priority critical tag 13
spf prefix-priority high tag 444
spf prefix-priority medium tag 777
Configuring IS-IS Overload Bit Avoidance: Example
The following example shows how to activate IS-IS overload bit avoidance:
RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng path-selection ignore overload
RP/0/RSP0/CPU0:router(config)#
The following example shows how to deactivate IS-IS overload bit avoidance:
RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# no mpls traffic-eng path-selection ignore overload
RP/0/RSP0/CPU0:router(config)#
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
268 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Tagging Routes: ExampleWhere to Go Next
To implement more IP routing protocols, see the following document modules in Cisco ASR 9000 Series
Aggregation Services Router Routing Configuration Guide:
• Implementing OSPF
• Implementing BGP
• Implementing EIGRP
• Implementing RIP
Additional References
The following sections provide references related to implementing IS-IS.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router
Routing Command Reference
IS-IS commands: complete command syntax,
command modes, command history, defaults, usage
guidelines, and examples
Implementing MPLS Traffic Engineering on Cisco
ASR 9000 Series Router module in Cisco ASR 9000
Series Aggregation Services Router MPLS
Configuration Guide
MPLS TE feature information
Intermediate System-to-Intermediate System (IS-IS)
TLVs at: http://www.cisco.com/en/US/tech/tk365/
technologies_tech_note09186a0080094bbd.shtml
IS-IS TLVs
Cisco ASR 9000 Series Aggregation Services Router
Interface and Hardware Component Configuration
Guide and Cisco ASR 9000 Series Aggregation
Services Router Interface and Hardware Component
Command Reference
Bidirectional Forwarding Detection (BFD)
Standards
Standards Title
Draft-ietf-isis-ipv6-05.txt Routing IPv6 with IS-IS, by Christian E. Hopps
M-ISIS: Multi Topology (MT) Routing in IS-IS, by
Tony Przygienda, Naiming Shen, and Nischal Sheth
Draft-ietf-isis-wg-multi-topology-06.txt
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 269
Implementing IS-IS on Cisco ASR 9000 Series Router
Where to Go NextStandards Title
IS-IS Extensions for Traffic Engineering, by Henk
Smit and Toni Li
Draft-ietf-isis-traffic-05.txt
Restart Signaling for IS-IS, by M. Shand and Les
Ginsberg
Draft-ietf-isis-restart-04.txt
Point-to-point operation over LAN in link-state
routing protocols, by Naiming Shen
Draft-ietf-isis-igp-p2p-over-lan-05.txt
IP Fast Reroute Framework, by M. Shand and S.
Bryant
Draft-ietf-rtgwg-ipfrr-framework-06.txt
A Framework for Loop-free Convergence, by M.
Shand and S. Bryant
Draft-ietf-rtgwg-lf-conv-frmwk-00.txt
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
RFCs
RFCs Title
RFC 1142 OSI IS-IS Intra-domain Routing Protocol
Use of OSI IS-IS for Routing in TCP/IP and Dual
Environments
RFC 1195
RFC 2763 Dynamic Hostname Exchange Mechanism for IS-IS
Domain-wide Prefix Distribution with Two-Level
IS-IS
RFC 2966
RFC 2973 IS-IS Mesh Groups
RFC 3277 IS-IS Transient Blackhole Avoidance
Three-Way Handshake for IS-IS Point-to-Point
Adjacencies
RFC 3373
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
270 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Additional ReferencesRFCs Title
RFC 3567 IS-IS Cryptographic Authentication
RFC 4444 IS-IS Management Information Base
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 271
Implementing IS-IS on Cisco ASR 9000 Series Router
Additional References Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
272 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 4
Implementing OSPF on Cisco ASR 9000 Series
Router
Open Shortest Path First (OSPF) is an Interior Gateway Protocol (IGP) developed by the OSPF working
group of the Internet Engineering Task Force (IETF). Designed expressly for IP networks, OSPF supports
IP subnetting and tagging of externally derived routing information. OSPF also allows packet authentication
and uses IP multicast when sending and receiving packets.
OSPF Version 3 (OSPFv3) expands on OSPF Version 2, providing support for IPv6 routing prefixes.
This module describes the concepts and tasks you need to implement both versions of OSPF on your
Cisco ASR 9000 Series Router . The term “OSPF? implies both versions of the routing protocol, unless
otherwise noted.
For more information about OSPF on Cisco IOS XR software and complete descriptions of the OSPF
commandslisted in this module,see the Related Documents, on page 378 section of this module. To locate
documentation for other commands that might appear during execution of a configuration task, search
online in the Cisco ASR 9000 Series Aggregation Services Router Commands Master List
Note
Feature History for Implementing OSPF
Release Modification
Release 3.7.2 This feature was introduced.
Support was added for the following features:
• OSPFv2 SPF Prefix Prioritization.
• IP fast reroute loop-free alternates computation
• Warm Standby for OSPF Version 3
Release 3.9.0
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 273
Cisco ASR 9000 Series Aggregation Services Router Netflow
Configuration Guide, Release 4.2.x
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-26127-02© 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S
P r e f a c e Preface v
Changes to this Document v
Obtaining Documentation and Submitting a Service Request v
C H A P T E R 1 Configuring NetFlow 1
Prerequisites for Configuring NetFlow 2
Restrictions for Configuring NetFlow 2
Information About Configuring NetFlow 2
NetFlow Overview 2
Monitor Map Overview 3
Sampler Map Overview 3
Exporter Map Overview 3
NetFlow Configuration Submodes 4
Flow Exporter Map Configuration Submode 5
Flow Exporter Map Version Configuration Submode 5
Flow Monitor Map Configuration Submode 6
Sampler Map Configuration Submode 6
Enabling the NetFlow BGP Data Export Function 6
MPLS Flow Monitor with IPv4 and IPv6 Support 7
MPLS Cache Reorganization to Support Both IPv4 and IPv6 7
MPLS Packets with IPv6 Flows 7
Destination-based NetFlow Accounting 8
How to Configure NetFlow on Cisco IOS XR Software 9
Configuring an Exporter Map 9
Configuring a Sampler Map 12
Configuring a Monitor Map 14
Applying a Monitor Map and a Sampler Map to an Interface 18
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 iiiClearing NetFlow Data 19
Configuring NetFlow Collection of MPLS Packets with IPv6 Fields 20
Configuring Destination-based NetFlow Accounting 25
Trident Netflow 27
Supported features 27
Punt path policer rate 27
Calculating Punt path policer rate 27
Trident base line cards supported features 28
Configuration Examples for NetFlow 28
Sampler Map: Example 28
Exporter Map: Example 28
Flow Monitor Map: Examples 29
MPLS Flow Monitor with IPv4 and IPv6 Support: Examples 30
Destination-based NetFlow Accounting: Example 30
Additional References 31
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
iv OL-26127-02
ContentsPreface
This guide describes the Cisco IOS XR Netflow configurations. The preface for the Cisco ASR 9000 Series
Aggregation Services Router Netflow Configuration guide contains the following sections
• Changes to this Document, page v
• Obtaining Documentation and Submitting a Service Request, page v
Changes to this Document
This table lists the changes made to this document since it was first printed
Revision Date Change Summary
Republished with documentation
updates for Cisco IOS XR Release
4.2.1
OL-26127-02 June 2012
OL-26127-01 December 2011 Initial release of this document.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation,submitting a service request, and gathering additional information,
see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco
technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 v Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
vi OL-26127-02
Preface
Obtaining Documentation and Submitting a Service RequestC H A P T E R 1
Configuring NetFlow
This module describes the configuration of NetFlow .
A NetFlow flow is a unidirectional sequence of packets that arrive on a single interface (or subinterface),
and have the same values for key fields.
NetFlow is useful for the following:
• Accounting/Billing—NetFlow data provides fine grained metering for highly flexible and detailed
resource utilization accounting.
• Network Planning and Analysis—NetFlow data provides key information forstrategic network planning.
• Network Monitoring—NetFlow data enables near real-time network monitoring capabilities.
Feature History for Configuring NetFlow
Release Modification
Release 3.9.1 This feature was introduced.
Release 4.0.0 IPv6 Sampled NetFlow feature was introduced.
Release 4.2.0 Destination-based Netflow Accounting feature was introduced.
This module includes the following sections:
• Prerequisites for Configuring NetFlow, page 2
• Restrictions for Configuring NetFlow, page 2
• Information About Configuring NetFlow, page 2
• How to Configure NetFlow on Cisco IOS XR Software, page 9
• Configuration Examples for NetFlow, page 28
• Additional References, page 31
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 1Prerequisites for Configuring NetFlow
To perform these configuration tasks, your Cisco IOS XR software system administrator must assign you to
a user group associated with a task group that includes the corresponding command task IDs. If you need
assistance with your task group assignment, contact your system administrator.
Restrictions for Configuring NetFlow
Consider the following restrictions when configuring NetFlow in Cisco IOS XR software:
• You must configure a source interface. If you do not configure a source interface, the exporter will
remain in a disabled state.
• Supports export format Version 9 only.
• You must configure a valid record map name for every flow monitor map.
We recommend that you do not use the management interface to export NetFlow packets. Exporting the
management interface does not work efficiently.
Tip
Information About Configuring NetFlow
To implement NetFlow, you must understand the following concepts:
NetFlow Overview
A flow is exported as part of a NetFlow export User Datagram Protocol (UDP) datagram under the following
circumstances:
• The flow has been inactive or active for too long.
• The flow cache is getting full.
• One of the counters (packets and or bytes) has wrapped.
• The user forces the flow to export.
NetFlow export UDP datagrams are sent to an external flow collector device that provides NetFlow export
data filtering and aggregation. The export of data consists of expired flows and control information.
The NetFlow infrastructure is based on the configuration and use of the following maps:
• Monitor map
• Sampler map
• Exporter map
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
2 OL-26127-02
Configuring NetFlow
Prerequisites for Configuring NetFlowThese maps are described in the sections that follow.
Monitor Map Overview
A monitor map contains name references to the flow record map and flow exporter map. Monitor maps are
applied to an interface. You can configure the following monitor map attributes:
• Number of entries in the flow cache
• Type of cache (permanent or normal). Permanent caches do not have their entries removed from the
cache unless they are explicitly cleared by the user
• Active flow timeout
• Inactive flow timeout
• Update timeout
• Default timeouts
• Record type of packets sampled and collected
The record name specifiesthe type of packetsthat NetFlow samples asthey passthrough
the router. Currently, MPLS, IPv4, and IPv6 packet sampling is supported.
Note
The active flow and inactive flow timeouts are associated with a normal cache type. The update timeout
is associated with the permanent cache type.
Note
Sampler Map Overview
The sampler map specifies the rate at which packets (one out of n packets) are sampled. On high bandwidth
interfaces, applying NetFlow processing to every single packet can result in significant CPU utilization.
Sampler map configuration is typically geared towards such high speed interfaces.
The Policer rate is based on the network processor (NP). If netflow is applied on 1 NP, the aggregated maximum
flow packet processing rate per line card (LC) is 100k flow packets per second (irrespective of the direction
and the number of interface netflow that is applied in that NP). However, depending on the Netflow monitor
configuration distribution among NPs in an LC, policing of flow packet can take effect with an aggregated
rate that is less than 100k. For example, if Netflow is applied to 1 interface per NP in a 4 NP LC, then the
Policer rate per NP is 25K packets per second.
Exporter Map Overview
An exporter map contains user network specification and transport layer detailsfor the NetFlow export packet.
The flow exporter-map command allows you to configure collector and version attributes. You can configure
the following collector information:
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 3
Configuring NetFlow
Monitor Map Overview• Export destination IP address
• DSCP value for export packet
• Source interface
• UDP port number (This is where the collector is listening for NetFlow packets.)
• Transport protocol for export packets
Note In Cisco IOS XR Software, UDP is the only supported transport protocol for export packets.
NetFlow export packets use the IP address that is assigned to the source interface. If the source interface
does not have an IP address assigned to it, the exporter will be inactive.
Note
You can also configure the following export version attributes:
• Template timeout
• Template data timeout
• Template options timeout
• Interface table timeout
• Sampler table timeout
Note A single flow monitor map can support up to eight exporters.
NetFlow Configuration Submodes
In Cisco IOS XR Software, NetFlow map configuration takes place in map-specific submodes. Cisco IOS XR
Software supports the following NetFlow map configuration submodes:
The Cisco IOS XR Software allows you to issue most commands available under submodes as one single
command string from global configuration mode. For example, you can issue the record ipv4 command
from the flow monitor map configuration submode as follows:
Note
RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm
RP/0/RSP0/CPU0:router(config-fmm)# record ipv4
Alternatively, you can issue the same command from global configuration mode, as shown in the following
example:
RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm record ipv4
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
4 OL-26127-02
Configuring NetFlow
NetFlow Configuration SubmodesFlow Exporter Map Configuration Submode
When you issue the flow exporter-map fem-name command in global configuration mode, the command-line
interface (CLI) prompt changes to “config-fem,” indicating that you have entered the flow exporter map
configuration submode.
In the following sample output, the question mark (?) online help function displays all the commands available
under the flow exporter map configuration submode:
RP/0/RSP0/CPU0:router(config)# flow exporter-map fem
RP/0/RSP0/CPU0:router(config-fem)# ?
clear Clear the uncommitted configuration
clear Clear the configuration
commit Commit the configuration changes to running
describe Describe a command without taking real actions
destination Export destination configuration
do Run an exec command
dscp Specify DSCP value for export packets
exit Exit from this submode
no Negate a command or set its defaults
pwd Commands used to reach current submode
root Exit to the global configuration mode
show Show contents of configuration
source Source interface
transport Specify the transport protocol for export packets
version Specify export version parameters
Note If you enter the version command, you enter the flow exporter map version configuration submode.
Note A single flow monitor map can support up to eight exporters.
Flow Exporter Map Version Configuration Submode
When you issue the version v9 command in the flow exporter map configuration submode, the CLI prompt
changes to “config-fem-ver,” indicating that you have entered the flow exporter map version configuration
submode.
In the following sample output, the question mark (?) online help function displays all the commands available
under the flow exporter map version configuration submode:
RP/0/RSP0/CPU0:router(config-fem)# version v9
RP/0/RSP0/CPU0:router(config-fem-ver)# ?
commit Commit the configuration changes to running
describe Describe a command without taking real actions
do Run an exec command
exit Exit from this submode
no Negate a command or set its defaults
options Specify export of options template
show Show contents of configuration
template Specify template export parameters
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 5
Configuring NetFlow
NetFlow Configuration SubmodesFlow Monitor Map Configuration Submode
When you issue the flow monitor-map map_name command in global configuration mode, the CLI prompt
changes to “config-fmm,” indicating that you have entered the flow monitor map configuration submode.
In the following sample output, the question mark (?) online help function displays all the commands available
under the flow monitor map configuration submode:
RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm
RP/0/RSP0/CPU0:router(config-fmm)# ?
cache Specify flow cache attributes
commit Commit the configuration changes to running
describe Describe a command without taking real actions
do Run an exec command
exit Exit from this submode
exporter Specify flow exporter map name
no Negate a command or set its defaults
record Specify a flow record map name
show Show contents of configuration
Sampler Map Configuration Submode
When you issue the sampler-map map_name command in global configuration mode, the CLI prompt changes
to “config-sm,” indicating that you have entered the sampler map configuration submode.
In the following sample output, the question mark (?) online help function displays all the commands available
under the sampler map configuration submode:
RP/0/RSP0/CPU0(config)# sampler-map fmm
RP/0/RSP0/CPU0:router(config-sm)# ?
clear Clear the uncommitted configuration
clear Clear the configuration
commit Commit the configuration changes to running
describe Describe a command without taking real actions
do Run an exec command
exit Exit from this submode
no Negate a command or set its defaults
pwd Commands used to reach current submode
random Use random mode for sampling packets
root Exit to the global configuration mode
show Show contents of configuration
RP/0/RSP0/CPU0(config-sm)#RP/0/RP0/CP0:router(config-sm)#
Enabling the NetFlow BGP Data Export Function
Use the bgp attribute-download command to enable NetFlow BGP routing attribute collection. The routing
attributes are then exported. When no routing attributes are collected, zeroes (0) are exported.
When BGP attribute download is enabled, BGP downloads the attribute information for prefixes (community,
extended community, and as-path) to the Routing Information Base (RIB) and Forwarding Information Base
(FIB). This enables FIB to associate the prefixes with attributes and send the NetFlow statistics along with
the associated attributes.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
6 OL-26127-02
Configuring NetFlow
NetFlow Configuration SubmodesMPLS Flow Monitor with IPv4 and IPv6 Support
Cisco IOS XR Software supports the NetFlow collection of MPLS packets. It also supports the NetFlow
collection of MPLS packets carrying IPv4, IPv6, or both IPv4 and IPv6 payloads.
MPLS Cache Reorganization to Support Both IPv4 and IPv6
In Cisco IOS XR Software, at a time, you can have only one MPLS flow monitor running on an interface. If
you apply an additional MPLS flow monitor to the interface, the new flow monitor overwrites the existing
one.
At a time, you can apply only one flow monitor on an interface per direction. You can apply either the same
flow monitor to an interface in both directions, or each direction can have its own flow monitor.
You can configure the MPLS flow monitor to collect IPv4 fields, IPv6 fields, or IPv4-IPv6 fields. IPv4-IPv6
configuration collects both IPv4 and IPv6 addresses using one MPLS flow monitor. IPv4 configuration collects
only IPv4 addresses. IPv6 configuration collects only IPv6 addresses.
The MPLS flow monitor supports up to 1,000,000 cache entries. NetFlow entries include the following types
of fields:
• IPv4 fields
• IPv6 fields
• MPLS with IPv4 fields
• MPLS with IPv6 fields
The maximum number of bytes per NetFlow cache entry is as follows:
• IPv4–88 bytes per entry
• MPLS–88 bytes per entry
• IPv6–108 bytes per entry
• MPLS with IPv4 fields–108 bytes per entry
• MPLS with IPv6 fields–128 bytes per entry
The different types of NetFlow entries are stored in separate caches. Consequently, the number of NetFlow
entries on a line card can significantly impact the amount of available memory on the line card. Also, even
though the sampling rate for IPv6 is the same as the sampling rate for IPv4, the CPU utilization for IPv6
is higher due to the longer keys used by the IPv6 fields.
Note
MPLS Packets with IPv6 Flows
The collection of IPv6 flows in MPLS packets is an option. The CPU uses 128 bytes for each IPv6 field. IPv6
flows may contain the following types of information:
• Source IP address
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 7
Configuring NetFlow
MPLS Flow Monitor with IPv4 and IPv6 Support• Destination IP address
• Traffic class value
• Layer 4 protocol number
• Layer 4 source port number
• Layer 4 destination port number
• Flow ID
• Header option mask
To collect the IPv6 fields in MPLS packets, you must activate the MPLS record type, ipv6-fields by running
the record mpls ipv6-fields command. You can also specify the number of labels to be used for aggregation
with this command.
Destination-based NetFlow Accounting
Destination-based NetFlow accounting (DBA) is a usage-based billing application that tracks and records
traffic according to its destination and enables service providers to do destination-specific accounting and
billing. The destination-based NetFlow accounting record includes the destination peer autonomous system
(AS) number and the BGP next-hop IP address.
DBA is supported on ASR9000 Gigabit Ethernet and ASR9000 Enhanced Gigabit Ethernet linecards.
In destination-based NetFlow accounting, the following fields are collected and exported:
• Destination peer AS number
• BGP next-hop IP address
• Ingress interface
• Egress interface
• Forwarding status
• Incoming IPv4 TOS
• Counter of packets in the flow
• Counter of bytes in the flow
• Timestamp for the first and last packets in the flow
Destination-based NetFlow accounting supports the following features:
• Only IPv4 addresses
• Configuration on physical interfaces, bundle interfaces, and logical subinterfaces
• IPv4 unicast and multicast traffic
• Only ingress traffic
• Only full mode NetFlow
• NetFlow export format Version 9 over User Datagram Protocols (UDPs)
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
8 OL-26127-02
Configuring NetFlow
Destination-based NetFlow AccountingDestination-based NetFlow accounting does not support the following features :
• IPv6 addresses
• MPLS IPv4 and IPv6
• Configuration for individual Modular QoS Command-Line Interface (MQC) classes
• Simultaneous configuration of destination-based NetFlow accounting with IPv4 sampled NetFlow on
the same interface, in the same direction.
• Layer 2 switched MPLS traffic
• Egress traffic
• Sampled mode NetFlow
• NetFlow export formats version 5, version 8, IP Flow Information Export (IPFIX), or Stream Control
Transmission Protocol (SCTP).
How to Configure NetFlow on Cisco IOS XR Software
The steps that follow provide a general overview of NetFlow configuration:
SUMMARY STEPS
1. Create and configure an exporter map.
2. Create and configure a monitor map and a sampler map.
3. Apply the monitor map and sampler map to an interface.
DETAILED STEPS
Step 1 Create and configure an exporter map.
Step 2 Create and configure a monitor map and a sampler map.
The monitor map must reference the exporter map you created in Step 1. If you do not apply an exporter-map
to the monitor-map, the flow records are not exported, and aging is done according to the cache parameters
specified in the monitor-map.
Note
Step 3 Apply the monitor map and sampler map to an interface.
These steps are described in detail in the following sections:
Configuring an Exporter Map
Configure an exporter map and apply it to the monitor map with the flow monitor-map map_name exporter
map_name command. You can configure the exporter map prior to configuring the monitor map, or you can
configure the monitor map first and then configure and apply an exporter map later on.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 9
Configuring NetFlow
How to Configure NetFlow on Cisco IOS XR SoftwareNote Cisco IOS XR Software supports the configuration of a single collector only in the exporter map.
The steps that follow describe how to create and configure an exporter map.
SUMMARY STEPS
1. configure
2. flow exporter-map map_name
3. destination hostname_or_IP_address
4. dscp dscp_value
5. source type interface-path-id
6. transport udp port
7. version v9
8. options {interface-table | sampler-table} [timeout seconds]
9. template [data | options] timeout seconds
10. Use one of these commands:
• end
• commit
11. exit
12. exit
13. show flow exporter-map map_name
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Creates an exporter map, configures the exporter map name, and
enters flow exporter map configuration mode.
flow exporter-map map_name
Example:
RP/0/RSP0/CPU0:router(config)# flow
exporter-map fem
Step 2
Configures the export destination for the flow exporter map. The
destination can be a hostname or an IP address.
destination hostname_or_IP_address
Example:
RP/0/RSP0/CPU0:router(config-fem)#
destination nnn.nnn.nnn.nnn
Step 3
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
10 OL-26127-02
Configuring NetFlow
Configuring an Exporter MapCommand or Action Purpose
(Optional) Specifies the differentiated services codepoint (DSCP)
value for export packets. Replace the dscp_value argument with a
value in the range from 0 through 63.
dscp dscp_value
Example:
RP/0/RSP0/CPU0:router(config-fem)# dscp 55
Step 4
source type interface-path-id Specifies a source interface, in the format type interface-path-id.
Example:
RP/0/RSP0/CPU0:router(config-fem)# source
gigabitEthernet 0/0/0/0
Step 5
(Optional) Specifiesthe destination port for UDP packets. Replace
port with the destination UDP port value, in the range from 1024
through 65535.
transport udp port
Example:
RP/0/RSP0/CPU0:router(config-fem)#
transport udp 9991
Step 6
(Optional) Enters flow exporter map version configuration
submode.
version v9
Example:
RP/0/RSP0/CPU0:router(config-fem-ver)#
version v9
Step 7
(Optional) Configures the export timeout value for the sampler
table. Replace seconds with the export timeout value, in the range
from 1 through 604800 seconds.
options {interface-table | sampler-table}
[timeout seconds]
Example:
RP/0/RSP0/CPU0:router(config-fem-ver)#
options sampler-table timeout 2000
Step 8
Default is 1800 seconds.
(Optional) Configures the export period for data packets. Replace
seconds with the export timeout value, in the range from 1 through
604800 seconds.
template [data | options] timeout seconds
Example:
RP/0/RSP0/CPU0:router(config-fem-ver)#
template data timeout 10000
Step 9
Step 10 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 11
Configuring NetFlow
Configuring an Exporter MapCommand or Action Purpose
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
exit Exits flow exporter map version configuration submode.
Example:
RP/0/RSP0/CPU0:router(config-fem-ver)# exit
Step 11
exit Enters EXEC mode.
Example:
RP/0/RSP0/CPU0:router(config)# exit
Step 12
show flow exporter-map map_name Displays exporter map data.
Example:
RP/0/RSP0/CPU0:router# show flow
exporter-map fem
Step 13
Configuring a Sampler Map
The steps that follow describe how to create and configure a sampler map.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
12 OL-26127-02
Configuring NetFlow
Configuring a Sampler MapSUMMARY STEPS
1. configure
2. sampler-map map_name
3. random 1 out-of sampling_interval
4. Use one of these commands:
• end
• commit
5. exit
6. exit
7. show sampler-map map_name
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router configure
Step 1
Step 2 sampler-map map_name Creates a sampler map and enters sampler map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)#
Keep the following in mind when configuring a sampler map:
•
•
sampler-map sm
RP/0/RSP0/CPU0:router(config-sm)#
Configures the sampling interval to use random mode for sampling
packets. Replace the sampling_interval argument with a number, in
the range from 1 through 65535 units.
random 1 out-of sampling_interval
Example:
RP/0/RSP0/CPU0:router(config-sm)# random
1 out-of 65535
Step 3
Step 4 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 13
Configuring NetFlow
Configuring a Sampler MapCommand or Action Purpose
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Exits sampler map configuration mode and enters global configuration
mode.
exit
Example:
RP/0/RSP0/CPU0:router(config-sm)# exit
Step 5
exit Exits global configuration mode and enters EXEC mode.
Example:
RP/0/RSP0/CPU0:router(config)# exit
Step 6
show sampler-map map_name Displays sampler map data.
Example:
RP/0/RSP0/CPU0:router# show sampler-map
fsm
Step 7
Configuring a Monitor Map
The steps that follow describe how to create and configure a monitor map.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
14 OL-26127-02
Configuring NetFlow
Configuring a Monitor MapSUMMARY STEPS
1. configure
2. flow monitor-map map_name
3. Do one of the following:
• record ipv4
• record ipv4 [peer as]
• record ipv6
• record mpls [labels number]
• record mpls [ipv4-fields] [labels number]
• record mpls [ipv6-fields] [labels number]
• record mpls [ipv4-ipv6-fields] [labels number]
4. cache entries number
5. cache permanent
6. cache timeout {active timeout_value | inactive timeout_value | update timeout_value}
7. exporter map_name
8. Use one of these commands:
• end
• commit
9. exit
10. exit
11. show flow monitor-map map_name
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Creates a monitor map and configures a monitor map name and entersflow
monitor map configuration submode.
flow monitor-map map_name
Example:
RP/0/RSP0/CPU0:router(config)# flow
Step 2
monitor-map fmm
RP/0/RSP0/CPU0:router(config-fmm)#
Step 3 Do one of the following: Configures the flow record map name for IPv4, IPv6, or MPLS.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 15
Configuring NetFlow
Configuring a Monitor MapCommand or Action Purpose
• Use the record ipv4 command to configure the flow record map
name for IPv4. By default, you collect and export the originating
autonomous system (AS) numbers.
• record ipv4
• record ipv4 [peer as]
• record ipv6
• Use the record ipv4 [peer as] command to record peer AS. Here,
you collect and export the peer AS numbers.
• record mpls [labels number]
• record mpls [ipv4-fields] [labels
number]
Ensure that the bgp attribute-download command is configured.
Else, no AS is collected when the record ipv4 [peer-as] command
is configured.
Note
• record mpls [ipv6-fields] [labels
number]
• Use the record ipv6 command to configure the flow record map
name for IPv6.
• record mpls [ipv4-ipv6-fields] [labels
number]
• Use the record mpls labels command with the number argument to
specify the number of labels that you want to aggregate. By default,
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
record ipv4
MPLS-aware NetFlow aggregates the top six labels of the MPLS
label stack. The maximum value is 6.
• Use the record mpls ipv4-fields command to collect IPv4 fields in
the MPLS-aware NetFlow.
• Use the record mpls ipv6-fields command to collect IPV6 fields in
the MPLS-aware NetFlow.
• Use the record mpls ipv4-ipv6-fields command to collect IPv4 and
IPv6 fields in the MPLS-aware NetFlow.
(Optional) Configures the number of entries in the flow cache. Replace the
number argument with the number of flow entries allowed in the flow
cache, in the range from 4096 through 1000000.
cache entries number
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
cache entries 10000
Step 4
The default number of cache entries is 65535.
cache permanent (Optional) Disables removal of entries from flow cache.
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
flow monitor-map fmm cache permanent
Step 5
(Optional) Configures the active, inactive, or update flow cache timeout
value.
cache timeout {active timeout_value |
inactive timeout_value | update
timeout_value}
Step 6
• The default timeout value for the inactive flow cache is 15 seconds.
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
cache timeout inactive 1000
• The default timeout value for the active flow cache is 1800 seconds.
• The default timeout value for the update flow cache is 1800 seconds.
The update timeout_value keyword argument is used for
permanent caches only. It specifies the timeout value that is used
to export entries from permanent caches. In this case, the entries
are exported but remain the cache.
Note
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
16 OL-26127-02
Configuring NetFlow
Configuring a Monitor MapCommand or Action Purpose
Step 7 exporter map_name Associates an exporter map with a monitor map.
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
exporter fem
A single flow monitor map can support up to eight
exporters.
Note
Step 8 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
exit Exits flow monitor map configuration submode.
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
exit
Step 9
exit Exits global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# exit
Step 10
show flow monitor-map map_name Displays flow monitor map data.
Example:
RP/0/RSP0/CPU0:router# show flow
monitor-map fmm
Step 11
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 17
Configuring NetFlow
Configuring a Monitor MapApplying a Monitor Map and a Sampler Map to an Interface
SUMMARY STEPS
1. configure
2. interface type number
3. flow [ipv4 | ipv6 | mpls] monitor monitor_map sampler sampler_map {egress | ingress}
4. Use one of these commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface type number Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 2
gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)#
flow [ipv4 | ipv6 | mpls] monitor monitor_map Associates a monitor map and a sampler map with an interface.
sampler sampler_map {egress | ingress}
Step 3
Enter ipv4 to enable IPV4 NetFlow on the specified interface. Enter ipv6
to enable IPV6 NetFlow on the specified interface. Enter mpls to enable
Example: MPLS-aware NetFlow on the specified interface.
RP/0/RSP0/CPU0:router(config-if)# flow
ipv4 monitor fmm sampler fsm egress
Step 4 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
18 OL-26127-02
Configuring NetFlow
Applying a Monitor Map and a Sampler Map to an InterfaceCommand or Action Purpose
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Clearing NetFlow Data
The steps that follow describe how to clear flow exporter map and flow monitor map data.
SUMMARY STEPS
1. clear flow exporter [exporter_name] {restart | statistics} location node-id
2. clear flow monitor [monitor_name] cache [force-export | statistics] location node-id}
DETAILED STEPS
Command or Action Purpose
clear flow exporter [exporter_name] {restart |statistics} Clears the flow exporter data.
location node-id
Step 1
Specify the statistics option to clear exporter statistics. Specify
the restart option to export all of the templatesthat are currently
Example:
configured on the specified node.
RP/0/RSP0/CPU0:router# clear flow exporter
statistics location 0/0/CPU0
clear flow monitor [monitor_name] cache [force-export Clears the flow monitor data.
| statistics] location node-id}
Step 2
Specify the statistics option to clear cache statistics. Specify
the force-export option to export the data from cache to server
Example:
first and then clear the entries from cache.
RP/0/RSP0/CPU0:router# clear flow monitor cache
force-export location 0/0/CPU0
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 19
Configuring NetFlow
Clearing NetFlow DataConfiguring NetFlow Collection of MPLS Packets with IPv6 Fields
The following steps show how to configure NetFlow collection of MPLS packets with IPv6 fields.
SUMMARY STEPS
1. configure
2. flow exporter-map map_name
3. version v9
4. options {interface-table | sampler-table} [timeout seconds]
5. template [data | options] timeout seconds
6. exit
7. transport udp port
8. source type interface-path-id
9. destination hostname_or_IP_address
10. exit
11. flow monitor-map map_name
12. record mpls [ipv4-ipv6-fields] [labels number]
13. exporter map_name
14. cache entries number
15. cache timeout {active timeout_value | inactive timeout_value | update timeout_value}
16. cache permanent
17. exit
18. sampler-map map_name
19. random 1 out-of sampling_interval
20. exit
21. interface type number
22. flow [ipv4 | ipv6 | mpls] monitor monitor_map sampler sampler_map {egress | ingress}
23. Use one of these commands:
• end
• commit
24. exit
25. exit
26. show flow monitor-map map_name
27. show flow exporter-map map_name
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
20 OL-26127-02
Configuring NetFlow
Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Creates an exporter map, configures the exporter map name, and
enters flow exporter map configuration mode.
flow exporter-map map_name
Example:
RP/0/RSP0/CPU0:router(config)# flow
Step 2
exporter-map exp1
version v9 (Optional) Entersflow exporter map version configuration submode.
Example:
RP/0/RSP0/CPU0:router(config-fem)# version
Step 3
v9
(Optional) Configures the export timeout value for the interface
table or the sampler table. Replace seconds with the export timeout
options {interface-table | sampler-table}
[timeout seconds]
Step 4
value, in the range from 1 through 604800 seconds. The default is
1800 seconds for both the interface table and the sample table.
Example:
RP/0/RSP0/CPU0:router(config-fem-ver)#
options interface-table timeout 300
You must perform this step twice to configure the export timeout
value for both an interface table and a sample table.
(Optional) Configures the export period for data packets or options
packets. Replace seconds with the export timeout value, in the range
from 1 through 604800 seconds.
template [data | options] timeout seconds
Example:
RP/0/RSP0/CPU0:router(config-fem-ver)#
template data timeout 300
Step 5
You must perform this step twice to configure the export period for
both data packets and options packets.
Exits flow exporter map version configuration mode, and enters
flow exporter map configuration mode.
exit
Example:
RSP0/CPU0:router(config-fem-ver)# exit
Step 6
(Optional) Specifies the destination port for UDP packets. Replace
port with the destination UDP port value, in the range from 1024
through 65535.
transport udp port
Example:
RP/0/RSP0/CPU0:router(config-fem)#
transport udp 12515
Step 7
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 21
Configuring NetFlow
Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose
Specifies a source interface, in the format type interface-path-id.
For example:
POS 0/1/0/1 or Loopback0
source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-fem)# source
Loopback0
Step 8
Configures the export destination for the flow exporter map. The
destination can be a hostname or an IP address.
destination hostname_or_IP_address
Example:
RP/0/RSP0/CPU0:router(config-fem)#
destination 170.1.1.11
Step 9
Exits flow exporter map configuration mode, and enters flow
exporter map configuration mode.
exit
Example:
RP/0/RSP0/CPU0:router(config-fem)# exit
Step 10
Creates a monitor map and configures a monitor map name and
enters flow monitor map configuration submode.
flow monitor-map map_name
Example:
RP/0/RSP0/CPU0:router(config)# flow
monitor-map MPLS-IPv6-fmm
Step 11
Configures the flow record map name for IPv4, IPv6, or MPLS.
Use the ipv4-ipv6-fields keyword to collect IPv4 and IPv6 fields
in an MPLS-aware NetFlow.
record mpls [ipv4-ipv6-fields] [labels number]
Example:
RP/0/RSP0/CPU0:router(config-fmm)# record
mpls ipv6-fields labels 3
Step 12
Step 13 exporter map_name Associates an exporter map with a monitor map.
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
exporter exp1
A single flow monitor map can support up to eight
exporters.
Note
(Optional) Configures the number of entries in the flow cache.
Replace the number argument with the number of flow entries
allowed in the flow cache, in the range from 4096 through 1000000.
cache entries number
Example:
RP/0/RSP0/CPU0:router(config-fmm)# cache
entries 10000
Step 14
The default number of cache entries is 65535.
(Optional) Configures the active, inactive, or update flow cache
timeout value.
cache timeout {active timeout_value | inactive
timeout_value | update timeout_value}
Step 15
Example:
RP/0/RSP0/CPU0:router(config-fmm)# cache
timeout inactive 1800
• The default timeout value for the inactive flow cache is 15
seconds.
• The default timeout value for the active flow cache is 1800
seconds.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
22 OL-26127-02
Configuring NetFlow
Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose
• The default timeout value for the update flow cache is 1800
seconds.
The inactive and active keywords are not applicable to
permanent caches.
Note
The update keyword is used for permanent caches only.
It specifies the timeout value that is used to export entries
from permanent caches. In this case, the entries are exported
but remain the cache.
Note
cache permanent (Optional) Disables the removal of entries from flow cache.
Example:
RP/0/RSP0/CPU0:router(config-fmm)# flow
monitor-map fmm cache permanent
Step 16
exit Exits flow monitor map configuration submode.
Example:
RP/0/RSP0/CPU0:router(config-fmm)# exit
Step 17
Step 18 sampler-map map_name Creates a sampler map and enterssampler map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# sampler-map
Keep the following in mind when configuring a sampler map:
fsm
RP/0/RSP0/CPU0:router(config-sm)#
Configures the sampling interval to use random mode for sampling
packets. Replace the sampling_interval argument with a number,
in the range from 1 through 65535 units.
random 1 out-of sampling_interval
Example:
RP/0/RSP0/CPU0:router(config-sm)# random
1 out-of 65535
Step 19
Exits sampler map configuration mode and enters global
configuration mode.
exit
Example:
RP/0/RSP0/CPU0:router(config-sm)#exit
Step 20
interface type number Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 21
gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)#
flow [ipv4 | ipv6 | mpls] monitor monitor_map Associates a monitor map and a sampler map with an interface.
sampler sampler_map {egress | ingress}
Step 22
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 23
Configuring NetFlow
Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose
Enter ipv4 to enable IPV4 NetFlow on the specified interface. Enter
ipv6 to enable IPV6 NetFlow on the specified interface. Enter mpls
to enable MPLS-aware NetFlow on the specified interface.
Example:
RP/0/RSP0/CPU0:router(config-if)# flow
ipv4 monitor MPLS-IPv6-fmm sampler fsm
egress
Step 23 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
exit Exits interface configuration submode for the Ethernet interface.
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
Step 24
exit Exits global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# exit
Step 25
show flow monitor-map map_name Displays flow monitor map data.
Example:
RP/0/RSP0/CPU0:router# show flow
monitor-map fmm
Step 26
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
24 OL-26127-02
Configuring NetFlow
Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose
show flow exporter-map map_name Displays exporter map data.
Example:
RP/0/RSP0/CPU0:router# show flow
exporter-map fem
Step 27
Configuring Destination-based NetFlow Accounting
You configure destination-based NetFlow accounting by configuring the flow monitor map, flow record, and
flow monitor as described in the following steps.
SUMMARY STEPS
1. configure
2. flow monitor-map map_name
3. record ipv4 destination
4. exit
5. interface type interface-path-id
6. flow ipv4 monitor name ingress
7. Use one of these commands:
• end
• commit
8. show flow exporter-map map_name
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Creates a monitor map and configures a monitor map name and enters
flow monitor map configuration submode.
flow monitor-map map_name
Example:
RP/0/RSP0/CPU0:router(config)# flow
Step 2
monitor-map map1
RP/0/RSP0/CPU0:router(config-fmm)#
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 25
Configuring NetFlow
Configuring Destination-based NetFlow AccountingCommand or Action Purpose
Configures the flow record for an IPv4 destination-based NetFlow
accounting record. The destination keyword specifies that the record
is for IPv4 destination-based NetFlow accounting.
record ipv4 destination
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
record ipv4 destination.
Step 3
exit Exits flow monitor map mode to global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-fmm)# exit
Step 4
Interface type and physical interface-path-id in the format type
rack/slot/module/port.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router# interface POS
0/1/0/0
Step 5
type—POS, Ethernet, ATM, etc.
rack—Chassis number of the rack.
slot—Physical slot number of the line card or modular services card.
module—Module number. A physical layer interface module (PLIM)
is always 0.
port—Physical port number of the interface.
Configures an IPv4 flow monitor for the ingress direction and assigns
the name of the monitor.
flow ipv4 monitor name ingress
Example:
RP/0/RSP0/CPU0:router# flow ipv4 monitor
monitor1 ingress
Step 6
Step 7 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
26 OL-26127-02
Configuring NetFlow
Configuring Destination-based NetFlow AccountingCommand or Action Purpose
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
show flow exporter-map map_name Verifies exporter map data.
Example:
RP/0/RSP0/CPU0:router# show flow
exporter-map fem
Step 8
Trident Netflow
Trident Netflow exports using only the V9 (Version 9) format. V9 is the most flexible NetFlow export. This
format is flexible and extensible. It provides the flexibility to support new fields and record types.
Supported features
• Flow monitor type of IPv4, IPv6, and MPLS can all be configured to an interface per direction.
• Sampled Netflow. There is no support for full mode sampling.
• Non-deterministic Random Sampling Algorithm.
• Different traffic types, including unicast and multicast traffic.
Punt path policer rate
In order to achieve the maximum flow processing without overloading the LC CPU, all flow packets that are
punted from each Network Processor are policed. This is done to avoid overloading the CPU. The aggregate
punt policer rate is 100 Kpps. To avoid having flow packets arrive at the CPU at a huge rate, the punt path
policer needs to be applied on all NPs that have the netflow feature applied on them.
The Punt path policer rate can be calculated in following way:
Calculating Punt path policer rate
The policer rate of each NP_NetflowMonitor is 100k, where NP_NetflowMonitor is NP that has Netflow
monitor configured to its associated interfaces; or any of its associated interfaces are member of a bundle
interfaces or bundle sub-interfaces that has Netflow monitor applied.
Determining NP for NP_NetflowMonitor or non - NP_NetflowMonitor:
1 If any of its associated interface or sub-interface has any flow monitor applied, then it is
NP_NetflowMonitor.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 27
Configuring NetFlow
Trident Netflow2 If any of its interfaces is a member of a bundle interface or bundle sub-interface that has Netflow monitor
configured, the NP is considered as non- NP_NetflowMonitor.
Trident base line cards supported features
• Supports ingress and egress Netflow (IPv4, IPv6, MPLS) on L3 physical interface, L3-sub-interface,
L3-Bundle interface, and L3 bundle sub-interface.
• Supports configurable Sampling Rate 1:1 ~ 1: 65535
• Supports only up to 4 Sampling Rates (or Intervals) per LC.
• Supports up to 8k (Large memory LC) or 4k (Small Memory LC) interfaces/subinterfaces
• Supports configuration with flow monitor per NP.
• Supports maximum aggregate Netflow processing rate of 50k flow packets perseconds per LC, enforced
by Netflow Punt Policer on each NPs.
• Supports netflow processing of 100Kpps, with CPU utilization not exceeding 50%.
• Supports up to 4 flow exporters per flow monitor.
• Supports exporting packet rates of up to 100k flows per second.
Configuration Examples for NetFlow
The following examples show NetFlow configurations:
Sampler Map: Example
The following example shows how to create a new sampler map called “fsm1,” which samples 1 out of 65535
packets:
RP/0/RSP0/CPU0:router# sampler-map fsm1
RP/0/RSP0/CPU0:router(config-sm)# random 1 out-of 65535
RP/0/RSP0/CPU0:router(config)# exit
Exporter Map: Example
The following example shows how to create a new flow exporter map called “fem1,” which uses the version
9 (V9) export format for NetFlow export packets. The data template flow-set is inserted into the V9 export
packets once every 10 minutes, and the options interface table flow-set is inserted into the V9 export packet.
The export packets are sent to the flow collector destination 10.1.1.1, where the source address is identical to
the interface IP address of Loopback 0. The UDP destination port is 1024, and the DSCP value is 10:
RP/0/RSP0/CPU0:router(config)# flow exporter-map fem1
RP/0/RSP0/CPU0:router(config-fem)# destination 10.1.1.1
RP/0/RSP0/CPU0:router(config-fem)# source Loopback 0
RP/0/RSP0/CPU0:router(config-fem)# transport udp 1024
RP/0/RSP0/CPU0:router(config-fem)# dscp 10
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
28 OL-26127-02
Configuring NetFlow
Configuration Examples for NetFlowRP/0/RSP0/CPU0:router(config-fem)# exit
RP/0/RSP0/CPU0:router(config-fem)# version v9
RP/0/RSP0/CPU0:router(config-fem-ver)# template data timeout 600
RP/0/RSP0/CPU0:router(config-fem-ver)# options interface-table
RP/0/RSP0/CPU0:router(config-fem-ver)# exit
Flow Monitor Map: Examples
The following example shows how to create a new flow monitor map with name “fmm1”. This flow monitor
map references the flow exporter map “fem1,” and sets the flow cache attributes to 10000 cache entries. The
active entries from the cache are aged every 30 seconds, while the inactive entries from the cache are aged
every 15 seconds. The record map for this monitor map is IPv4:
RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm1
RP/0/RSP0/CPU0:router(config-fmm)# record ipv4
RP/0/RSP0/CPU0:router(config-fmm)# exporter fem1
RP/0/RSP0/CPU0:router(config-fmm)# cache entries 10000
RP/0/RSP0/CPU0:router(config-fmm)# cache timeout active 30
RP/0/RSP0/CPU0:router(config-fmm)# cache timeout inactive 15
RP/0/RSP0/CPU0:router(config-fmm)# exit
The following example shows how to apply the flow monitor “fmm1”and the sampler “fsm1” to the TenGigE
0/0/0/0 interface in the ingress direction:
RP/0/RSP0/CPU0:router(config)# interface TenGigE 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)# flow ipv4 monitor fmm1 sampler fsm1 ingress
RP/0/RSP0/CPU0:router(config-if)# exit
The following example shows how to configure the NetFlow monitor to collect MPLS packets with IPv6
fields:
RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# flow exporter-map exp1
RP/0/RSP0/CPU0:router(config-fem)# version v9
RP/0/RSP0/CPU0:router(config-fem-ver)# options interface-table timeout 300
RP/0/RSP0/CPU0:router(config-fem-ver)# options sampler-table timeout 300
RP/0/RSP0/CPU0:router(config-fem-ver)# template data timeout 300
RP/0/RSP0/CPU0:router(config-fem-ver)# template options timeout 300
RP/0/RSP0/CPU0:router(config-fem-ver)# exit
RP/0/RSP0/CPU0:router(config-fem)# transport udp 12515
RP/0/RSP0/CPU0:router(config-fem)# source Loopback0
RP/0/RSP0/CPU0:router(config-fem)# destination 170.1.1.11
RP/0/RSP0/CPU0:router(config-fmm)# exit
RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv6-fmm
RP/0/RSP0/CPU0:router(config-fmm)# record mpls ipv6-fields labels 3
RP/0/RSP0/CPU0:router(config-fmm)# exporter exp1
RP/0/RSP0/CPU0:router(config-fmm)# cache entries 10000
RP/0/RSP0/CPU0:router(config-fmm)# cache permanent
RP/0/RSP0/CPU0:router(config-fmm)# exit
RP/0/RSP0/CPU0:router(config)# sampler-map FSM
RP/0/RSP0/CPU0:router(config-sm)# random 1 out-of 65535
RP/0/RSP0/CPU0:router(config-sm)# exit
RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv6-fmm sampler FSM ingress
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 29
Configuring NetFlow
Flow Monitor Map: ExamplesMPLS Flow Monitor with IPv4 and IPv6 Support: Examples
The following configuration collects MPLS traffic, but no payload information is collected.
RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-fmm
RP/0/RSP0/CPU0:router(config-fmm)# record mpls labels 3
RP/0/RSP0/CPU0:router(config-fmm)# cache permanent
RP/0/RSP0/CPU0:router(config)# exit
RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-fmm sampler fsm ingress
The following configuration collects MPLS traffic with IPv4 payloads. It also collects MPLS traffic without
IPv4 payloads, but it populates the IPv4 fields with zeros (0).
RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv4-fmm
RP/0/RSP0/CPU0:router(config-fmm)# record mpls IPv4-fields labels 3
RP/0/RSP0/CPU0:router(config-fmm)# cache permanent
RP/0/RSP0/CPU0:router(config-fmm)# exit
RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv4-fmm sampler fsm ingress
The following configuration collects MPLS traffic with IPv6 payloads. It also collects MPLS traffic without
IPv6 payloads, but it populates the IPv6 fields with zeros (0).
RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv6-fmm
RP/0/RSP0/CPU0:router(config-fmm)# record mpls IPv6-fields labels 3
RP/0/RSP0/CPU0:router(config-fmm)# cache permanent
RP/0/RSP0/CPU0:router(config-fmm)# exit
RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv6-fmm sampler fsm ingress
The following configuration collects MPLS traffic with both IPv6 and IPv4 fields. It also collects MPLS
traffic without IPv4 or IPv6 payloads, but it populates the IPv6 and IPv4 fields with zeros (0).
RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv4-IPv6-fmm
RP/0/RSP0/CPU0:router(config-fmm)# record mpls IPv4-IPv6-fields labels 3
RP/0/RSP0/CPU0:router(config-fmm)# cache permanent
RP/0/RSP0/CPU0:router(config-fmm)# exit
RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv4-IPv6-fmm sampler fsm ingress
Note Flow records are exported using the Version 9 format.
Destination-based NetFlow Accounting: Example
The following example shows how to configure an IPv4 flow record for destination-based NetFlow accounting:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# flow monitor-map map1
RP/0/RSP0/CPU0:router(config-fmm)# record ipv4 destination
RP/0/RSP0/CPU0:router(config-fmm)# exporter fem
RP/0/RSP0/CPU0:router(config-fmm)# exit
RP/0/RSP0/CPU0:router(config)# interface pos 0/1/0/0
RP/0/RSP0/CPU0:router(config-if)# flow ipv4 monitor map1 ingress
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
30 OL-26127-02
Configuring NetFlow
MPLS Flow Monitor with IPv4 and IPv6 Support: ExamplesRP/0/RSP0/CPU0:router(config-if)# end
RP/0/RSP0/CPU0:router# show flow exporter-map fem
RP/0/RSP0/CPU0:router# show flow monitor-map map1
Additional References
The following sections provide references related to interface configuration.
Related Documents
Related Topic Document Title
Cisco IOS XR master command reference Cisco IOS XR Master Commands List
Cisco ASR 9000 Series Aggregation Services Router
Interface and Hardware Component Command
Reference
Cisco IOS XR interface configuration commands
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Initial system bootup and configuration information
for a router using the Cisco IOS XR software.
Cisco ASR 9000 Series Aggregation Services Router
Interface and Hardware Component Command
Reference
Information about user groups and task IDs
Information about configuring interfaces and other Cisco Craft Works Interface User Guide
components from a remote Craft Works Interface
(CWI) client management application.
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 31
Configuring NetFlow
Additional ReferencesRFCs
RFCs Title
3954 NetFlow services export protocol Version 9.
Technical Assistance
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
32 OL-26127-02
Configuring NetFlow
Additional ReferencesI N D E X
A
accounting for IPv4, destination-based 8, 25
Additional References command 31
C
cache entries command 14
cache permanent command 14
cache timeout command 14
Configuration Examples for NetFlow command 28
configuring 9
D
destination command 9
Destination-based NetFlow Accounting 30
Example command 30
dscp command 9
E
exporter command 14
exporter map 3
Exporter Map 28
Example command 28
F
flow exporter map configuration submode 5
flow exporter map version configuration submode 5
flow exporter-map command 9
Flow Monitor Map 29
Examples 29
flow monitor map configuration submode 6
flow monitor-map command 9, 14, 25
M
monitor map 3
MPLS Flow Monitor with IPv4 and IPv6 Support 30
Examples 30
N
NetFlow 1, 2, 3, 5, 6, 8, 9, 25
accounting for IPv4, destination-based 8, 25
configuring 9
exporter map 3
flow exporter map configuration submode 5
flow exporter map version configuration submode 5
flow monitor map configuration submode 6
monitor map 3
overview 1, 2
restrictions 2
sampler map 3
sampler map configuration submode 6
O
options command 9
overview 1, 2
R
random command 12
record ipv4 command 14
record ipv4 destination command 25
record ipv6 command 14
restrictions 2
S
sampler map 3
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 IN-1Sampler Map 28
Example command 28
sampler map configuration submode 6
sampler-map command 12
show flow exporter-map command 9, 25
show flow monitor map command 14
show sampler-map command 12
source command 9
T
template command 9
transport udp command 9
Trident Netflow 27
V
version v9 command 9
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
IN-2 OL-26127-02
Index
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco ASR 9000 Series Aggregation
Services Router MPLS Layer 3 VPN
Configuration Guide
Cisco IOS XR Software Release 4.2.x
Text Part Number: OL-26115-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display
output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in
illustrative content is unintentional and coincidental.
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
© 2012 Cisco Systems, Inc. All rights reserved.iii
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
C O N T E N T S
Preface VPC-vii
Implementing MPLS Layer 3 VPNs VPC-9
Contents VPC-10
Prerequisites for Implementing MPLS L3VPN VPC-10
MPLS L3VPN Restrictions VPC-11
Information About MPLS Layer 3 VPNs VPC-11
MPLS L3VPN Overview VPC-11
MPLS L3VPN Benefits VPC-12
How MPLS L3VPN Works VPC-13
Virtual Routing and Forwarding Tables VPC-13
VPN Routing Information: Distribution VPC-13
BGP Distribution of VPN Routing Information VPC-14
MPLS Forwarding VPC-14
Automatic Route Distinguisher Assignment VPC-15
MPLS L3VPN Major Components VPC-15
Inter-AS Support for L3VPN VPC-15
Inter-AS Support: Overview VPC-16
Inter-AS and ASBRs VPC-16
Confederations VPC-17
MPLS VPN Inter-AS BGP Label Distribution VPC-18
Exchanging IPv4 Routes with MPLS labels VPC-19
BGP Routing Information VPC-20
BGP Messages and MPLS Labels VPC-20
Sending MPLS Labels with Routes VPC-21
Generic Routing Encapsulation Support for L3VPN VPC-21
GRE Restriction for L3VPN VPC-21
VPNv4 Forwarding Using GRE Tunnels VPC-21
Carrier Supporting Carrier Support for L3VPN VPC-23
CSC Prerequisites VPC-23
CSC Benefits VPC-23
Configuration Options for the Backbone and Customer Carriers VPC-24
Customer Carrier: ISP with IP Core VPC-24
Customer Carrier: MPLS Service Provider VPC-25Contents
iv
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
How to Implement MPLS Layer 3 VPNs VPC-26
Configuring the Core Network VPC-26
Assessing the Needs of MPLS VPN Customers VPC-26
Configuring Routing Protocols in the Core VPC-27
Configuring MPLS in the Core VPC-27
Determining if FIB Is Enabled in the Core VPC-27
Configuring Multiprotocol BGP on the PE Routers and Route Reflectors VPC-28
Connecting MPLS VPN Customers VPC-29
Defining VRFs on the PE Routers to Enable Customer Connectivity VPC-30
Configuring VRF Interfaces on PE Routers for Each VPN Customer VPC-32
Configuring BGP as the Routing Protocol Between the PE and CE Routers VPC-34
Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers VPC-38
Configuring Static Routes Between the PE and CE Routers VPC-41
Configuring OSPF as the Routing Protocol Between the PE and CE Routers VPC-42
Configuring EIGRP as the Routing Protocol Between the PE and CE Routers VPC-45
Configuring EIGRP Redistribution in the MPLS VPN VPC-48
Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with
ASBRs Exchanging IPv4 Routes and MPLS Labels VPC-50
Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels VPC-50
Configuring the Route Reflectors to Exchange VPN-IPv4 Routes VPC-53
Configuring the Route Reflector to Reflect Remote Routes in its AS VPC-56
Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with
ASBRs Exchanging VPN-IPv4 Addresses VPC-59
Configuring the ASBRs to Exchange VPN-IPv4 Addresses VPC-59
Configuring a Static Route to an ASBR Peer VPC-62
Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a
Confederation VPC-64
Configuring MPLS Forwarding for ASBR Confederations VPC-66
Configuring a Static Route to an ASBR Confederation Peer VPC-68
Configuring Carrier Supporting Carrier VPC-70
Identifying the Carrier Supporting Carrier Topology VPC-70
Configuring the Backbone Carrier Core VPC-71
Configuring the CSC-PE and CSC-CE Routers VPC-71
Configuring a Static Route to a Peer VPC-78
Verifying the MPLS Layer 3 VPN Configuration VPC-80
Configuring L3VPN over GRE VPC-83
Creating a GRE Tunnel between Provider Edge Routers VPC-83
Configuring IGP between Provider Edge Routers VPC-85
Configuring LDP/GRE on the Provider Edge Routers VPC-87
Configuring L3VPN VPC-89Contents
v
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuration Examples for Implementing MPLS Layer 3 VPNs VPC-95
Configuring an MPLS VPN Using BGP: Example VPC-95
Configuring the Routing Information Protocol on the PE Router: Example VPC-96
Configuring the PE Router Using EIGRP: Example VPC-96
Configuration Examples for MPLS VPN CSC VPC-97
Configuring the Backbone Carrier Core: Examples VPC-97
Configuring the Links Between CSC-PE and CSC-CE Routers: Examples VPC-97
Configuring a Static Route to a Peer: Example VPC-98
Configuring L3VPN over GRE: Example VPC-98
Additional References VPC-102
Related Documents VPC-102
Standards VPC-102
MIBs VPC-102
RFCs VPC-103
Technical Assistance VPC-103
Implementing IPv6 VPN Provider Edge Transport over MPLS VPC-105
Contents VPC-105
Prerequisites for Implementing 6PE/VPE VPC-106
Information About 6PE/VPE VPC-106
Overview of 6PE/VPE VPC-106
Benefits of 6PE/VPE VPC-107
Deploying IPv6 over MPLS Backbones VPC-107
IPv6 on the Provider Edge and Customer Edge Routers VPC-107
IPv6 Provider Edge Multipath VPC-108
OSPFv3 6VPE VPC-108
Multiple VRF Support VPC-108
OSPFv3 PE-CE Extensions VPC-109
VRF Lite VPC-109
How to Implement 6PE/VPE VPC-109
Configuring 6PE/VPE VPC-109
Configuring PE to PE Core VPC-111
Configuring PE to CE Core VPC-115
Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers VPC-118
Configuration Examples for 6PE VPC-122
Configuring 6PE on a PE Router: Example VPC-122
Configuring 6VPE on a PE Router: Example VPC-122
Configuring OSPFv3 between PE to CE: Example: VPC-123
Additional References VPC-124Contents
vi
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Related Document VPC-124
Standards VPC-124
MIBs VPC-124
RFCs VPC-124
Technical Assistance VPC-125
Indexvii
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Preface
The preface consists of these sections:
• Changes to This Document, page VPC-vii
• Obtaining Documentation and Submitting a Service Request, page VPC-vii
Changes to This Document
Table 1 lists the technical changes made to this document since it was first printed.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and
revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Table 1 Changes to This Document
Revision Date Change Summary
OL-26115-02 May 2012 Support for GRE tunnel interfaces was increased to 2000.
OL-26115-01 December 2011 Initial release of this document.Preface
viii
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-029
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Implementing MPLS Layer 3 VPNs
A Multiprotocol Label Switching (MPLS) Layer 3 Virtual Private Network (VPN) consists of a set of
sites that are interconnected by means of an MPLS provider core network. At each customer site, one or
more customer edge (CE) routers attach to one or more provider edge (PE) routers.
This module provides the conceptual and configuration information for MPLS Layer 3 VPNs on
Cisco ASR 9000 Series Aggregation Services Routers.
Note You must acquire an evaluation or permanent license in order to use MPLS Layer 3 VPN functionality.
However, if you are upgrading from a previous version of the software, MPLS Layer 3 VPN functionality
will continue to work using an implicit license for 90 days (during which time, you can purchase a
permanent license). For more information about licenses, see the Software Entitlement on
Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router
System Management Configuration Guide.
Note For a complete description of the commands listed in this module, refer to the Cisco ASR 9000 Series
Aggregation Services Router MPLS Command Reference . To locate documentation of other commands
that appear in this chapter, use the command reference master index, or search online.
Feature History for Implementing MPLS Layer 3 VPNs on Cisco ASR 9000 Series Routers
Release Modification
Release 3.7.2 This feature was introduced.
Release 4.2.0 Support for Generic Routing Encapsulation (GRE) was added on A9K-SIP-700
line card.
Release 4.2.1 The maximum number of supported tunnel interfaces was increased to 2000 for
the ASR 9000 Enhanced Ethernet and ASR 9000 Ethernet line cards.Implementing MPLS Layer 3 VPNs
Contents
10
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Contents
• Prerequisites for Implementing MPLS L3VPN, page VPC-10
• MPLS L3VPN Restrictions, page VPC-11
• Information About MPLS Layer 3 VPNs, page VPC-11
• How to Implement MPLS Layer 3 VPNs, page VPC-26
• Configuration Examples for Implementing MPLS Layer 3 VPNs, page VPC-95
• Additional References, page VPC-102
Prerequisites for Implementing MPLS L3VPN
These prerequisites are required to configure MPLS Layer 3 VPN:
• You must be in a user group associated with a task group that includes the proper task IDs. The
command reference guides include the task IDs required for each command.
If you suspect user group assignment is preventing you from using a command, contact your AAA
administrator for assistance.
These prerequisites are required for configuring MPLS VPN Inter-AS with autonomous system
boundary routers (ASBRs) exchanging VPN-IPV4 addresses or IPv4 routes and MPLS labels:
• Before configuring external Border Gateway Protocol (eBGP) routing between autonomous systems
or subautonomous systems in an MPLS VPN, ensure that all MPLS VPN routing instances and
sessions are properly configured (see the How to Implement MPLS Layer 3 VPNs, page VPC-26 for
procedures).
• These tasks must be performed:
– Define VPN routing instances
– Configure BGP routing sessions in the MPLS core
– Configure PE-to-PE routing sessions in the MPLS core
– Configure BGP PE-to-CE routing sessions
– Configure a VPN-IPv4 eBGP session between directly connected ASBRs
To configure MPLS Layer 3 VPNs, routers must support MPLS forwarding and Forwarding Information
Base (FIB).Implementing MPLS Layer 3 VPNs
MPLS L3VPN Restrictions
11
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
MPLS L3VPN Restrictions
These are restrictions for implementing MPLS Layer 3 VPNs:
• Multihop VPN-IPv4 eBGP is not supported for configuring eBGP routing between autonomous
systems or subautonomous systems in an MPLS VPN.
• MPLS VPN supports only IPv4 address families.
These restrictions apply when configuring MPLS VPN Inter-AS with ASBRs exchanging IPv4 routes
and MPLS labels:
• For networks configured with eBGP multihop, a label switched path (LSP) must be configured
between nonadjacent routers.
• Inter-AS supports IPv4 routes only. IPv6 is not supported.
Note The physical interfaces that connect the BGP speakers must support FIB and MPLS.
These restrictions apply to routing protocols OSPF and RIP:
• IPv6 is not supported on OSPF and RIP.
Information About MPLS Layer 3 VPNs
To implement MPLS Layer 3 VPNs, you need to understand these concepts:
• MPLS L3VPN Overview, page VPC-11
• MPLS L3VPN Benefits, page VPC-12
• How MPLS L3VPN Works, page VPC-13
• MPLS L3VPN Major Components, page VPC-15
• Generic Routing Encapsulation Support for L3VPN, page VPC-21
MPLS L3VPN Overview
Before defining an MPLS VPN, VPN in general must be defined. A VPN is:
• An IP-based network delivering private network services over a public infrastructure
• A set of sites that are allowed to communicate with each other privately over the Internet or other
public or private networks
Conventional VPNs are created by configuring a full mesh of tunnels or permanent virtual circuits
(PVCs) to all sites in a VPN. This type of VPN is not easy to maintain or expand, as adding a new site
requires changing each edge device in the VPN.
MPLS-based VPNs are created in Layer 3 and are based on the peer model. The peer model enables the
service provider and the customer to exchange Layer 3 routing information. The service provider relays
the data between the customer sites without customer involvement.
MPLS VPNs are easier to manage and expand than conventional VPNs. When a new site is added to an
MPLS VPN, only the edge router of the service provider that provides services to the customer site needs
to be updated. Implementing MPLS Layer 3 VPNs
Information About MPLS Layer 3 VPNs
12
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
The components of the MPLS VPN are described as follows:
• Provider (P) router—Router in the core of the provider network. PE routers run MPLS switching
and do not attach VPN labels to routed packets. VPN labels are used to direct data packets to the
correct private network or customer edge router.
• PE router—Router that attaches the VPN label to incoming packets based on the interface or
subinterface on which they are received, and also attaches the MPLS core labels. A PE router
attaches directly to a CE router.
• Customer (C) router—Router in the Internet service provider (ISP) or enterprise network.
• Customer edge (CE) router—Edge router on the network of the ISP that connects to the PE router
on the network. A CE router must interface with a PE router.
Figure 1 shows a basic MPLS VPN topology.
Figure 1 Basic MPLS VPN Topology
MPLS L3VPN Benefits
MPLS L3VPN provides these benefits:
• Service providers can deploy scalable VPNs and deliver value-added services.
• Connectionless service guarantees that no prior action is necessary to establish communication
between hosts.
• Centralized Service: Building VPNs in Layer 3 permits delivery of targeted services to a group of
users represented by a VPN.
• Scalability: Create scalable VPNs using connection-oriented, point-to-point overlays, Frame Relay,
or ATM virtual connections.
• Security: Security is provided at the edge of a provider network (ensuring that packets received from
a customer are placed on the correct VPN) and in the backbone.
• Integrated Quality of Service (QoS) support: QoS provides the ability to address predictable
performance and policy implementation and support for multiple levels of service in an MPLS VPN.
MPLS Backbone
Customer Site Customer Site
Provider Edge
(PE) router
Provider Edge
(PE) router
Provider (P)
routers
Provider (P)
routers
103875
Customer
Edge
(CE) router
Customer
Edge
(CE) routerImplementing MPLS Layer 3 VPNs
Information About MPLS Layer 3 VPNs
13
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
• Straightforward Migration: Service providers can deploy VPN services using a straightforward
migration path.
• Migration for the end customer is simplified. There is no requirement to support MPLS on the CE
router and no modifications are required for a customer intranet.
How MPLS L3VPN Works
MPLS VPN functionality is enabled at the edge of an MPLS network. The PE router performs these
tasks:
• Exchanges routing updates with the CE router
• Translates the CE routing information into VPN version 4 (VPNv4) routes
• Exchanges VPNv4 routes with other PE routers through the Multiprotocol Border Gateway Protocol
(MP-BGP)
Virtual Routing and Forwarding Tables
Each VPN is associated with one or more VPN routing and forwarding (VRF) instances. A VRF defines
the VPN membership of a customer site attached to a PE router. A VRF consists of these components:
• An IP version 4 (IPv4) unicast routing table
• A derived FIB table
• A set of interfaces that use the forwarding table
• A set of rules and routing protocol parameters that control the information that is included in the
routing table
These components are collectively called a VRF instance.
A one-to-one relationship does not necessarily exist between customer sites and VPNs. A site can be a
member of multiple VPNs. However, a site can associate with only one VRF. A VRF contains all the
routes available to the site from the VPNs of which it is a member.
Packet forwarding information is stored in the IP routing table and the FIB table for each VRF. A
separate set of routing and FIB tables is maintained for each VRF. These tables prevent information from
being forwarded outside a VPN and also prevent packets that are outside a VPN from being forwarded
to a router within the VPN.
VPN Routing Information: Distribution
The distribution of VPN routing information is controlled through the use of VPN route target
communities, implemented by BGP extended communities. VPN routing information is distributed as
follows:
• When a VPN route that is learned from a CE router is injected into a BGP, a list of VPN route target
extended community attributes is associated with it. Typically, the list of route target community
extended values is set from an export list of route targets associated with the VRF from which the
route was learned.Implementing MPLS Layer 3 VPNs
Information About MPLS Layer 3 VPNs
14
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
• An import list of route target extended communities is associated with each VRF. The import list
defines route target extended community attributes that a route must have for the route to be
imported into the VRF. For example, if the import list for a particular VRF includes route target
extended communities A, B, and C, then any VPN route that carries any of those route target
extended communities—A, B, or C—is imported into the VRF.
BGP Distribution of VPN Routing Information
A PE router can learn an IP prefix from these sources:
• A CE router by static configuration
• An eBGP session with the CE router
• A Routing Information Protocol (RIP) exchange with the CE router
• Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), and RIP
as Interior Gateway Protocols (IGPs)
The IP prefix is a member of the IPv4 address family. After the PE router learns the IP prefix, the PE
converts it into the VPN-IPv4 prefix by combining it with a 64-bit route distinguisher. The generated
prefix is a member of the VPN-IPv4 address family. It uniquely identifies the customer address, even if
the customer site is using globally nonunique (unregistered private) IP addresses. The route distinguisher
used to generate the VPN-IPv4 prefix is specified by the rd command associated with the VRF on the
PE router.
BGP distributes reachability information for VPN-IPv4 prefixes for each VPN. BGP communication
takes place at two levels:
• Within the IP domain, known as an autonomous system.
• Between autonomous systems.
PE to PE or PE to route reflector (RR) sessions are iBGP sessions, and PE to CE sessions are eBGP
sessions. PE to CE eBGP sessions can be directly or indirectly connected (eBGP multihop).
BGP propagates reachability information for VPN-IPv4 prefixes among PE routers by the BGP protocol
extensions (see RFC 2283, Multiprotocol Extensions for BGP-4), which define support for address
families other than IPv4. Using the extensions ensures that the routes for a given VPN are learned only
by other members of that VPN, enabling members of the VPN to communicate with each other.
MPLS Forwarding
Based on routing information stored in the VRF IP routing table and the VRF FIB table, packets are
forwarded to their destination using MPLS.
A PE router binds a label to each customer prefix learned from a CE router and includes the label in the
network reachability information for the prefix that it advertises to other PE routers. When a PE router
forwards a packet received from a CE router across the provider network, it labels the packet with the
label learned from the destination PE router. When the destination PE router receives the labeled packet,
it pops the label and uses it to direct the packet to the correct CE router. Label forwarding across the
provider backbone is based on either dynamic label switching or traffic engineered paths. A customer
data packet carries two levels of labels when traversing the backbone:
• The top label directs the packet to the correct PE router.
• The second label indicates how that PE router should forward the packet to the CE router.Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
15
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
More labels can be stacked if other features are enabled. For example, if traffic engineering (TE) tunnels
with fast reroute (FRR) are enabled, the total number of labels imposed in the PE is four (Layer 3 VPN,
Label Distribution Protocol (LDP), TE, and FRR).
Automatic Route Distinguisher Assignment
To take advantage of iBGP load balancing, every network VRF must be assigned a unique route
distinguisher. VRFs require a route distinguisher for BGP to distinguish between potentially identical
prefixes received from different VPNs.
With thousands of routers in a network each supporting multiple VRFs, configuration and management
of route distinguishers across the network can present a problem. Cisco IOS XR software simplifies this
process by assigning unique route distinguisher to VRFs using the rd auto command.
To assign a unique route distinguisher for each router, you must ensure that each router has a unique BGP
router-id. If so, the rd auto command assigns a Type 1 route distinguisher to the VRF using this format:
ip-address:number. The IP address is specified by the BGP router-id statement and the number (which
is derived as an unused index in the 0 to 65535 range) is unique across the VRFs.
Finally, route distinguisher values are checkpointed so that route distinguisher assignment to VRF is
persistent across failover or process restart. If an route distinguisher is explicitely configured for a VRF,
this value is not overridden by the autoroute distinguisher.
MPLS L3VPN Major Components
An MPLS-based VPN network has three major components:
• VPN route target communities—A VPN route target community is a list of all members of a VPN
community. VPN route targets need to be configured for each VPN community member.
• Multiprotocol BGP (MP-BGP) peering of the VPN community PE routers—MP-BGP propagates
VRF reachability information to all members of a VPN community. MP-BGP peering needs to be
configured in all PE routers within a VPN community.
• MPLS forwarding—MPLS transports all traffic between all VPN community members across a
VPN service-provider network.
A one-to-one relationship does not necessarily exist between customer sites and VPNs. A given site can
be a member of multiple VPNs. However, a site can associate with only one VRF. A customer-site VRF
contains all the routes available to the site from the VPNs of which it is a member.
Inter-AS Support for L3VPN
This section contains these topics:
• Inter-AS Support: Overview, page VPC-16
• Inter-AS and ASBRs, page VPC-16
• Confederations, page VPC-17
• MPLS VPN Inter-AS BGP Label Distribution, page VPC-18
• Exchanging IPv4 Routes with MPLS labels, page VPC-19Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
16
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Inter-AS Support: Overview
An autonomous system (AS) is a single network or group of networks that is controlled by a common
system administration group and uses a single, clearly defined routing protocol.
As VPNs grow, their requirements expand. In some cases, VPNs need to reside on different autonomous
systems in different geographic areas. In addition, some VPNs need to extend across multiple service
providers (overlapping VPNs). Regardless of the complexity and location of the VPNs, the connection
between autonomous systems must be seamless.
An MPLS VPN Inter-AS provides these benefits:
• Allows a VPN to cross more than one service provider backbone.
Service providers, running separate autonomous systems, can jointly offer MPLS VPN services to
the same end customer. A VPN can begin at one customer site and traverse different VPN service
provider backbones before arriving at another site of the same customer. Previously, MPLS VPN
could traverse only a single BGP autonomous system service provider backbone. This feature lets
multiple autonomous systems form a continuous, seamless network between customer sites of a
service provider.
• Allows a VPN to exist in different areas.
A service provider can create a VPN in different geographic areas. Having all VPN traffic flow
through one point (between the areas) allows for better rate control of network traffic between the
areas.
• Allows confederations to optimize iBGP meshing.
Internal Border Gateway Protocol (iBGP) meshing in an autonomous system is more organized and
manageable. You can divide an autonomous system into multiple, separate subautonomous systems
and then classify them into a single confederation. This capability lets a service provider offer
MPLS VPNs across the confederation, as it supports the exchange of labeled VPN-IPv4 Network
Layer Reachability Information (NLRI) between the subautonomous systems that form the
confederation.
Inter-AS and ASBRs
Separate autonomous systems from different service providers can communicate by exchanging IPv4
NLRI in the form of VPN-IPv4 addresses. The ASBRs use eBGP to exchange that information. Then an
Interior Gateway Protocol (IGP) distributes the network layer information for VPN-IPV4 prefixes
throughout each VPN and each autonomous system. These protocols are used for sharing routing
information:
• Within an autonomous system, routing information is shared using an IGP.
• Between autonomous systems, routing information is shared using an eBGP. An eBGP lets service
providers set up an interdomain routing system that guarantees the loop-free exchange of routing
information between separate autonomous systems.
The primary function of an eBGP is to exchange network reachability information between autonomous
systems, including information about the list of autonomous system routes. The autonomous systems use
EBGP border edge routers to distribute the routes, which include label switching information. Each
border edge router rewrites the next-hop and MPLS labels.
Inter-AS configurations supported in an MPLS VPN can include:Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
17
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
• Interprovider VPN—MPLS VPNs that include two or more autonomous systems, connected by
separate border edge routers. The autonomous systems exchange routes using eBGP. No IGP or
routing information is exchanged between the autonomous systems.
• BGP Confederations—MPLS VPNs that divide a single autonomous system into multiple
subautonomous systems and classify them as a single, designated confederation. The network
recognizes the confederation as a single autonomous system. The peers in the different autonomous
systems communicate over eBGP sessions; however, they can exchange route information as if they
were iBGP peers.
Confederations
A confederation is multiple subautonomous systems grouped together. A confederation reduces the total
number of peer devices in an autonomous system. A confederation divides an autonomous system into
subautonomous systems and assigns a confederation identifier to the autonomous systems. A VPN can
span service providers running in separate autonomous systems or multiple subautonomous systems that
form a confederation.
In a confederation, each subautonomous system is fully meshed with other subautonomous systems. The
subautonomous systems communicate using an IGP, such as Open Shortest Path First (OSPF) or
Intermediate System-to-Intermediate System (IS-IS). Each subautonomous system also has an eBGP
connection to the other subautonomous systems. The confederation eBGP (CEBGP) border edge routers
forward next-hop-self addresses between the specified subautonomous systems. The next-hop-self
address forces the BGP to use a specified address as the next hop rather than letting the protocol choose
the next hop.
You can configure a confederation with separate subautonomous systems two ways:
• Configure a router to forward next-hop-self addresses between only the CEBGP border edge routers
(both directions). The subautonomous systems (iBGP peers) at the subautonomous system border
do not forward the next-hop-self address. Each subautonomous system runs as a single IGP domain.
However, the CEBGP border edge router addresses are known in the IGP domains.
• Configure a router to forward next-hop-self addresses between the CEBGP border edge routers
(both directions) and within the iBGP peers at the subautonomous system border. Each
subautonomous system runs as a single IGP domain but also forwards next-hop-self addresses
between the PE routers in the domain. The CEBGP border edge router addresses are known in the
IGP domains.
Figure 2 illustrates a typical MPLS VPN confederation configuration. In this configuration:
• The two CEBGP border edge routers exchange VPN-IPv4 addresses with labels between the two
autonomous systems.
• The distributing router changes the next-hop addresses and labels and uses a next-hop-self address.
• IGP-1 and IGP-2 know the addresses of CEBGP-1 and CEBGP-2.Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
18
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Figure 2 eBGP Connection Between Two Subautonomous Systems in a Confederation
In this confederation configuration:
• CEBGP border edge routers function as neighboring peers between the subautonomous systems.
The subautonomous systems use eBGP to exchange route information.
• Each CEBGP border edge router (CEBGP-1 and CEBGP-2) assigns a label for the router before
distributing the route to the next subautonomous system. The CEBGP border edge router distributes
the route as a VPN-IPv4 address by using the multiprotocol extensions of BGP. The label and the
VPN identifier are encoded as part of the NLRI.
• Each PE and CEBGP border edge router assigns its own label to each VPN-IPv4 address prefix
before redistributing the routes. The CEBGP border edge routers exchange IPV-IPv4 addresses with
the labels. The next-hop-self address is included in the label (as the value of the eBGP next-hop
attribute). Within the subautonomous systems, the CEBGP border edge router address is distributed
throughout the iBGP neighbors, and the two CEBGP border edge routers are known to both
confederations.
For more information about how to configure confederations, see the “Configuring MPLS Forwarding
for ASBR Confederations” section on page MPC-66.
MPLS VPN Inter-AS BGP Label Distribution
Note This section is not applicable to Inter-AS over IP tunnels.
You can set up the MPLS VPN Inter-AS network so that the ASBRs exchange IPv4 routes with MPLS
labels of the provider edge (PE) routers. Route reflectors (RRs) exchange VPN-IPv4 routes by using
multihop, multiprotocol external Border Gateway Protocol (eBGP). This method of configuring the
Inter-AS system is often called MPLS VPN Inter-AS BGP Label Distribution.
Configuring the Inter-AS system so that the ASBRs exchange the IPv4 routes and MPLS labels has these
benefits:
CE-1 CE-2
CE-3 CE-4
CE-5
PE-1 PE-2 PE-3
CEGBP-1 CEBGP-2
Core of P
routers
Core of P
routers
43880
Sub-AS2 with
IGP-2
Sub-AS1 with
IGP-1
eBGP intraconfederation
for VPNv4 routes with label
distribution
Service Provider 1 Service Provider 1
VPN 1
VPN 1Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
19
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
• Saves the ASBRs from having to store all the VPN-IPv4 routes. Using the route reflectors to store
the VPN-IPv4 routes and forward them to the PE routers results in improved scalability compared
with configurations in which the ASBR holds all the VPN-IPv4 routes and forwards the routes based
on VPN-IPv4 labels.
• Having the route reflectors hold the VPN-IPv4 routes also simplifies the configuration at the border
of the network.
• Enables a non-VPN core network to act as a transit network for VPN traffic. You can transport IPv4
routes with MPLS labels over a non-MPLS VPN service provider.
• Eliminates the need for any other label distribution protocol between adjacent label switch routers
(LSRs). If two adjacent LSRs are also BGP peers, BGP can handle the distribution of the MPLS
labels. No other label distribution protocol is needed between the two LSRs.
Exchanging IPv4 Routes with MPLS labels
Note This section is not applicable to Inter-AS over IP tunnels.
You can set up a VPN service provider network to exchange IPv4 routes with MPLS labels. You can
configure the VPN service provider network as follows:
• Route reflectors exchange VPN-IPv4 routes by using multihop, multiprotocol eBGP. This
configuration also preserves the next-hop information and the VPN labels across the autonomous
systems.
• A local PE router (for example, PE1 in Figure 3) needs to know the routes and label information for
the remote PE router (PE2).
This information can be exchanged between the PE routers and ASBRs in one of two ways:
– Internal Gateway Protocol (IGP) and Label Distribution Protocol (LDP): The ASBR can
redistribute the IPv4 routes and MPLS labels it learned from eBGP into IGP and LDP and from
IGP and LDP into eBGP.
– Internal Border Gateway Protocol (iBGP) IPv4 label distribution: The ASBR and PE router can
use direct iBGP sessions to exchange VPN-IPv4 and IPv4 routes and MPLS labels.
Alternatively, the route reflector can reflect the IPv4 routes and MPLS labels learned from the
ASBR to the PE routers in the VPN. This reflecting of learned IPv4 routes and MPLS labels is
accomplished by enabling the ASBR to exchange IPv4 routes and MPLS labels with the route
reflector. The route reflector also reflects the VPN-IPv4 routes to the PE routers in the VPN.
For example, in VPN1, RR1 reflects to PE1 the VPN-IPv4 routes it learned and IPv4 routes and
MPLS labels learned from ASBR1. Using the route reflectors to store the VPN-IPv4 routes and
forward them through the PE routers and ASBRs allows for a scalable configuration.Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
20
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Figure 3 VPNs Using eBGP and iBGP to Distribute Routes and MPLS Labels
BGP Routing Information
BGP routing information includes these items:
• Network number (prefix), which is the IP address of the destination.
• Autonomous system (AS) path, which is a list of the other ASs through which a route passes on the
way to the local router. The first AS in the list is closest to the local router; the last AS in the list is
farthest from the local router and usually the AS where the route began.
• Path attributes, which provide other information about the AS path, for example, the next hop.
BGP Messages and MPLS Labels
MPLS labels are included in the update messages that a router sends. Routers exchange these types of
BGP messages:
• Open messages—After a router establishes a TCP connection with a neighboring router, the routers
exchange open messages. This message contains the number of the autonomous system to which the
router belongs and the IP address of the router that sent the message.
• Update messages—When a router has a new, changed, or broken route, it sends an update message
to the neighboring router. This message contains the NLRI, which lists the IP addresses of the usable
routes. The update message includes any routes that are no longer usable. The update message also
includes path attributes and the lengths of both the usable and unusable paths. Labels for VPN-IPv4
routes are encoded in the update message, as specified in RFC 2858. The labels for the IPv4 routes
are encoded in the update message, as specified in RFC 3107.
• Keepalive messages—Routers exchange keepalive messages to determine if a neighboring router is
still available to exchange routing information. The router sends these messages at regular intervals.
(Sixty seconds is the default for Cisco routers.) The keepalive message does not contain routing
data; it contains only a message header.
• Notification messages—When a router detects an error, it sends a notification message.
RR1
PE1
CE1 CE2
VPN1 VPN2
PE2
RR2
ASBR1 ASBR2
Multihop
Multiprotocol
VPNv4
BGP IPv4 routes
and label with
multipath support
59251Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
21
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Sending MPLS Labels with Routes
When BGP (eBGP and iBGP) distributes a route, it can also distribute an MPLS label that is mapped to
that route. The MPLS label mapping information for the route is carried in the BGP update message that
contains the information about the route. If the next hop is not changed, the label is preserved.
When you issue the show bgp neighbors ip-address command on both BGP routers, the routers
advertise to each other that they can then send MPLS labels with the routes. If the routers successfully
negotiate their ability to send MPLS labels, the routers add MPLS labels to all outgoing BGP updates.
Generic Routing Encapsulation Support for L3VPN
Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate many types of
packets to enable data transmission using a tunnel. The GRE tunneling protocol enables:
• High assurance Internet Protocol encryptor (HAIPE) devices for encryption over the public Internet
and nonsecure connections.
• Service providers (that do not run MPLS in their core network) to provide VPN services along with
the security services.
Note GRE is used with IP to create a virtual point-to-point link to routers at remote points in a network. For
detailed information about configuring GRE tunnel interfaces, refer to the Cisco IOS XR Interfaces and
Hardware Components Configuration Guide. For a PE to PE (core) link, enable LDP (with implicit null)
on the GRE interfaces for L3VPN.
GRE Restriction for L3VPN
The following restrictions are applicable to L3VPN forwarding over GRE:
• Carrier Supporting Carrier (CsC) or Inter-AS is not supported.
• GRE-based L3VPN does not interwork with MPLS or IP VPNs.
• GRE tunnel is supported only as a core link(PE-PE, PE-P, P-P, P-PE). A PE-CE (edge) link is not
supported.
• VPNv6 forwarding using GRE tunnels is not supported.
VPNv4 Forwarding Using GRE Tunnels
This section describes the working of VPNv4 forwarding over GRE tunnels. The following description
assumes that GRE is used only as a core link between the encapsulation and decapsulation provider edge
(PE) routers that are connected to one or more customer edge (CE) routers.
Ingress of Encapsulation Router
On receiving prefixes from the CE routers, Border Gateway Protocol (BGP) assigns the VPN label to the
prefixes that need to be exported. These VPN prefixes are then forwarded to the Forwarding Information
Base (FIB) using the Route Information Base (RIB) or the label switched database (LSD). The FIB then
populates the prefix in the appropriate VRF table. The FIB also populates the label in the global label
table. Using BGP, the prefixes are then relayed to the remote PE router (decapsulation router).Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
22
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Egress of Encapsulation Router
The forwarding behavior on egress of the encapsulation PE router is similar to the MPLS VPN label
imposition. Regardless of whether the VPN label imposition is performed on the ingress or egress side,
the GRE tunnel forwards a packet that has an associated label. This labeled packet is then encapsulated
with a GRE header and forwarded based on the IP header.
Ingress of Decapsulation Router
The decapsulation PE router learns the VPN prefixes and label information from the remote
encapsulation PE router using BGP. The next-hop information for the VPN prefix is the address of the
GRE tunnel interface connecting the two PE routers. BGP downloads these prefixes to the RIB. The RIB
downloads the routes to the FIB and the FIB installs the routes in the hardware.
Egress of Decapsulation Router
The egress forwarding behavior on the decapsulation PE router is similar to VPN disposition and
forwarding, based on the protocol type of the inner payload.Implementing MPLS Layer 3 VPNs
Carrier Supporting Carrier Support for L3VPN
23
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Carrier Supporting Carrier Support for L3VPN
This section provides conceptual information about MPLS VPN Carrier Supporting Carrier (CSC)
functionality and includes these topics:
• CSC Prerequisites, page VPC-23
• CSC Benefits, page VPC-23
• Configuration Options for the Backbone and Customer Carriers, page VPC-24
Throughout this document, the following terminology is used in the context of CSC:
backbone carrier—Service provider that provides the segment of the backbone network to the other
provider. A backbone carrier offers BGP and MPLS VPN services.
customer carrier—Service provider that uses the segment of the backbone network. The customer
carrier may be an Internet service provider (ISP) or a BGP/MPLS VPN service provider.
CE router—A customer edge router is part of a customer network and interfaces to a provider edge (PE)
router. In this document, the CE router sits on the edge of the customer carrier network.
PE router—A provider edge router is part of a service provider's network connected to a customer edge
(CE) router. In this document, the PE router sits on the edge of the backbone carrier network
ASBR—An autonomous system boundary router connects one autonomous system to another.
CSC Prerequisites
These prerequisites are required to configure CSC:
• You must be able to configure MPLS VPNs with end-to-end (CE-to-CE router) pings working.
• You must be able to configure Interior Gateway Protocols (IGPs), MPLS Label Distribution Protocol
(LDP), and Multiprotocol Border Gateway Protocol (MP-BGP).
• You must ensure that CSC-PE and CSC-CE routers support BGP label distribution.
Note BGP is the only supported label distribution protocol on the link between CE and PE.
CSC Benefits
This section describes the benefits of CSC to the backbone carrier and customer carriers.
Benefits to the Backbone Carrier
• The backbone carrier can accommodate many customer carriers and give them access to its
backbone.
• The MPLS VPN carrier supporting carrier feature is scalable.
• The MPLS VPN carrier supporting carrier feature is a flexible solution.
Benefits to the Customer Carriers
• The MPLS VPN carrier supporting carrier feature removes from the customer carrier the burden of
configuring, operating, and maintaining its own backbone.Implementing MPLS Layer 3 VPNs
Carrier Supporting Carrier Support for L3VPN
24
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
• Customer carriers who use the VPN services provided by the backbone carrier receive the same level
of security that Frame Relay or ATM-based VPNs provide.
• Customer carriers can use any link layer technology to connect the CE routers to the PE routers.
• The customer carrier can use any addressing scheme and still be supported by a backbone carrier.
Benefits of Implementing MPLS VPN CSC Using BGP
The benefits of using BGP to distribute IPv4 routes and MPLS label routes are:
• BGP takes the place of an IGP and LDP in a VPN forwarding and routing instance (VRF) table.
• BGP is the preferred routing protocol for connecting two ISPs,
Configuration Options for the Backbone and Customer Carriers
To enable CSC, the backbone and customer carriers must be configured accordingly:
• The backbone carrier must offer BGP and MPLS VPN services.
• The customer carrier can take several networking forms. The customer carrier can be:
– An ISP with an IP core (see the “Customer Carrier: ISP with IP Core” section on page MPC-24).
– An MPLS service provider with or without VPN services (see “Customer Carrier: MPLS
Service Provider” section on page MPC-25).
Note An IGP in the customer carrier network is used to distribute next hops and loopbacks to the CSC-CE.
IBGP with label sessions are used in the customer carrier network to distribute next hops and loopbacks
to the CSC-CE.
Customer Carrier: ISP with IP Core
Figure 4 shows a network configuration where the customer carrier is an ISP. The customer carrier has
two sites, each of which is a point of presence (POP). The customer carrier connects these sites using a
VPN service provided by the backbone carrier. The backbone carrier uses MPLS or IP tunnels to provide
VPN services. The ISP sites use IP.
Figure 4 Network: Customer Carrier Is an ISP
The links between the CE and PE routers use eBGP to distribute IPv4 routes and MPLS labels. Between
the links, the PE routers use multiprotocol iBGP to distribute VPNv4 routes.
ISP site 1
CSC-CE1
IP IP MPLS
CSC-PE1 CSC-PE2 CSC-CE2
Backbone carrier ISP site 2
50846Implementing MPLS Layer 3 VPNs
Carrier Supporting Carrier Support for L3VPN
25
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Customer Carrier: MPLS Service Provider
Figure 5 shows a network configuration where the backbone carrier and the customer carrier are
BGP/MPLS VPN service providers. The customer carrier has two sites. The customer carrier uses MPLS
in its network while the backbone carrier may use MPLS or IP tunnels in its network.
Figure 5 Network: Customer Carrier Is an MPLS VPN Service Provider
In this configuration (Figure 5), the customer carrier can configure its network in one of these ways:
• The customer carrier can run an IGP and LDP in its core network. In this case, the CSC-CE1 router
in the customer carrier redistributes the eBGP routes it learns from the CSC-PE1 router of the
backbone carrier to an IGP.
• The CSC-CE1 router of the customer carrier system can run an IPv4 and labels iBGP session with
the PE1 router.
CE1 PE1
Customer carrier
MPLS VPN SP
Backbone carrier
MPLS VPN SP
Customer carrier
MPLS VPN SP
CSC-CE1 CSC-PE1 CSC-PE2
IPv4 +
labels
IPv4 +
labels
CSC-CE2 PE2 CE2
MP-IBGP exchanging VPNv4 prefixes
MP-IBGP exchanging VPNv4 prefixes
65682Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
26
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
How to Implement MPLS Layer 3 VPNs
This section contains instructions for these tasks:
• Configuring the Core Network, page VPC-26
• Connecting MPLS VPN Customers, page VPC-29
• Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with
ASBRs Exchanging IPv4 Routes and MPLS Labels, page VPC-50 (optional)
• Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with
ASBRs Exchanging VPN-IPv4 Addresses, page VPC-59 (optional)
• Configuring Carrier Supporting Carrier, page VPC-70 (optional)
• Verifying the MPLS Layer 3 VPN Configuration, page VPC-80
• Configuring L3VPN over GRE, page VPC-83
Configuring the Core Network
Configuring the core network includes these tasks:
• Assessing the Needs of MPLS VPN Customers, page VPC-26
• Configuring Routing Protocols in the Core, page VPC-27
• Configuring MPLS in the Core, page VPC-27
• Determining if FIB Is Enabled in the Core, page VPC-27
• Configuring Multiprotocol BGP on the PE Routers and Route Reflectors, page VPC-28
Assessing the Needs of MPLS VPN Customers
Before configuring an MPLS VPN, the core network topology must be identified so that it can best serve
MPLS VPN customers. Perform this task to identify the core network topology.
SUMMARY STEPS
1. Identify the size of the network.
2. Identify the routing protocols in the core.
3. Determine if MPLS High Availability support is required.
4. Determine if BGP load sharing and redundant paths are required.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
27
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Configuring Routing Protocols in the Core
To configure a routing protocol, see the Cisco ASR 9000 Series Aggregation Services Routers Routing
Configuration Guide.
Configuring MPLS in the Core
To enable MPLS on all routers in the core, you must configure a Label Distribution Protocol (LDP). You
can use either of these as an LDP:
• MPLS LDP—See the Implementing MPLS Label Distribution Protocol on
Cisco ASR 9000 Series Routersfor configuration information.
• MPLS Traffic Engineering Resource Reservation Protocol (RSVP)—See Implementing RSVP for
MPLS-TE on Cisco ASR 9000 Series Routers module in this document for configuration
information.
Determining if FIB Is Enabled in the Core
Forwarding Information Base (FIB) must be enabled on all routers in the core, including the provider
edge (PE) routers. For information on how to determine if FIB is enabled, see the Implementing
Cisco Express Forwarding on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series
Aggregation Services Router IP Addresses and Services Configuration Guide.
Command or Action Purpose
Step 1 Identify the size of the network. Identify these to determine the number of routers and ports
required:
• How many customers will be supported?
• How many VPNs are required for each customer?
• How many virtual routing and forwarding (VRF)
instances are there for each VPN?
Step 2 Identify the routing protocols in the core. Determine which routing protocols are required in the core
network.
Step 3 Determine if MPLS High Availability support is
required.
MPLS VPN nonstop forwarding and graceful restart are
supported on select routers and Cisco IOS XR software
releases.
Step 4 Determine if BGP load sharing and redundant paths
are required.
Determine if BGP load sharing and redundant paths in the
MPLS VPN core are required.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
28
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring Multiprotocol BGP on the PE Routers and Route Reflectors
Perform this task to configure multiprotocol BGP (MP-BGP) connectivity on the PE routers and route
reflectors.
SUMMARY STEPS
1. configure
2. router bgp autonomous-system-number
3. address-family vpnv4 unicast
4. neighbor ip-address remote-as autonomous-system-number
5. address-family vpnv4 unicast
end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Enters BGP configuration mode allowing you to configure
the BGP routing process.
Step 3 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv4 unicast
Enters VPNv4 address family configuration mode for the
VPNv4 address family.
Step 4 neighbor ip-address remote-as
autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24 remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
29
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Connecting MPLS VPN Customers
To connect MPLS VPN customers to the VPN, perform these tasks:
• Defining VRFs on the PE Routers to Enable Customer Connectivity, page VPC-30
• Configuring VRF Interfaces on PE Routers for Each VPN Customer, page VPC-32
• Configuring BGP as the Routing Protocol Between the PE and CE Routers, page VPC-34 (optional)
• Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers, page VPC-38
(optional)
• Configuring Static Routes Between the PE and CE Routers, page VPC-41 (optional)
• Configuring OSPF as the Routing Protocol Between the PE and CE Routers, page VPC-42
(optional)
• Configuring EIGRP as the Routing Protocol Between the PE and CE Routers, page VPC-45
(optional)
• Configuring EIGRP Redistribution in the MPLS VPN, page VPC-48 (optional)
Step 5 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpnv4 unicast
Enters VPNv4 address family configuration mode for the
VPNv4 address family.
Step 6 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting (yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
30
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Defining VRFs on the PE Routers to Enable Customer Connectivity
Perform this task to define VPN routing and forwarding (VRF) instances.
SUMMARY STEPS
1. configure
2. vrf vrf-name
3. address-family ipv4 unicast
4. import route-policy policy-name
5. import route-target [as-number:nn | ip-address:nn]
6. export route-policy policy-name
7. export route-target [as-number:nn | ip-address:nn]
8. exit
9. exit
10. router bgp autonomous-system-number
11. vrf vrf-name
12. rd {as-number | ip-address | auto}
13. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config)# vrf vrf_1
Configures a VRF instance and enters VRF configuration
mode.
Step 3 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Enters VRF address family configuration mode for the IPv4
address family.
Step 4 import route-policy policy-name
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# import
route-policy policy_A
Specifies a route policy that can be imported into the local
VPN.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
31
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 5 import route-target [as-number:nn |
ip-address:nn]
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# import
route-target 120:1
Allows exported VPN routes to be imported into the VPN if
one of the route targets of the exported route matches one of
the local VPN import route targets.
Step 6 export route-policy policy-name
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# export
route-policy policy_B
Specifies a route policy that can be exported from the local
VPN.
Step 7 export route-target [as-number:nn |
ip-address:nn]
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# export
route-target 120:2
Associates the local VPN with a route target. When the
route is advertised to other provider edge (PE) routers, the
export route target is sent along with the route as an
extended community.
Step 8 exit
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# exit
Exits VRF address family configuration mode and returns
the router to VRF configuration mode.
Step 9 exit
Example:
RP/0/RSP0/CPU0:router(config-vrf)# exit
Exits VRF configuration mode and returns the router to
global configuration mode.
Step 10 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Enters BGP configuration mode allowing you to configure
the BGP routing process.
Step 11 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_1
Configures a VRF instance and enters VRF configuration
mode for BGP routing.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
32
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring VRF Interfaces on PE Routers for Each VPN Customer
Perform this task to associate a VPN routing and forwarding (VRF) instance with an interface or a
subinterface on the PE routers.
Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an
interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is
rejected.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. vrf vrf-name
4. ipv4 address ipv4-address mask
5. end
or
commit
Step 12 rd {as-number | ip-address | auto}
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# rd auto
Automatically assigns a unique route distinguisher (RD) to
vrf_1.
Step 13 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# end
or
RP/0/RSP0/CPU0:router(config-bgp-vrf)# commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
33
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
GigabitEthernet 0/3/0/0
Enters interface configuration mode.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-if)# vrf vrf_A
Configures a VRF instance and enters VRF configuration
mode.
Step 4 ipv4 address ipv4-address mask
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 address
192.168.1.27 255.255.255.0
Configures a primary IPv4 address for the specified
interface.
Step 5 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
34
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring BGP as the Routing Protocol Between the PE and CE Routers
Perform this task to configure PE-to-CE routing sessions using BGP.
SUMMARY STEPS
1. configure
2. router bgp autonomous-system-number
3. bgp router-id {ip-address}
4. vrf vrf-name
5. label-allocation-mode per-ce
6. address-family ipv4 unicast
7. redistribute connected [metric metric-value] [route-policy route-policy-name]
or
redistribute isis process-id [level {1 | 1-inter-area | 2}] [metric metric-value] [route-policy
route-policy-name]
or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric
metric-value] [route-policy route-policy-name]
or
redistribute static [metric metric-value] [route-policy route-policy-name]
8. aggregate-address address/mask-length [as-set] [as-confed-set] [summary-only] [route-policy
route-policy-name]
9. network {ip-address/prefix-length | ip-address mask} [route-policy route-policy-name]
10. exit
11. neighbor ip-address
12. remote-as autonomous-system-number
13. password {clear | encrypted} password
14. ebgp-multihop [ttl-value]
15. address-family ipv4 unicast
16. allowas-in [as-occurrence-number]
17. route-policy route-policy-name in
18. route-policy route-policy-name out
19. end
or
commitImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
35
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Enters Border Gateway Protocol (BGP) configuration mode
allowing you to configure the BGP routing process.
Step 3 bgp router-id {ip-address}
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
router-id 192.168.70.24
Configures the local router with a router ID of
192.168.70.24.
Step 4 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_1
Configures a VPN routing and forwarding (VRF) instance
and enters VRF configuration mode for BGP routing.
Step 5 label-allocation-mode per-ce
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
label-allocation-mode per-ce
Sets the MPLS VPN label allocation mode for each
customer edge (CE) label mode allowing the provider edge
(PE) router to allocate one label for every immediate
next-hop.
Step 6 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
address-family ipv4 unicast
Enters VRF address family configuration mode for the IPv4
address family.
Step 7 redistribute connected [metric metric-value]
[route-policy route-policy-name]
or
redistribute isis process-id [level {1 |
1-inter-area | 2}] [metric metric-value]
[route-policy route-policy-name]
or
redistribute ospf process-id [match {external
[1 | 2] | internal | nssa-external [1 | 2]}]
[metric metric-value] [route-policy
route-policy-name]
or
redistribute static [metric metric-value]
[route-policy route-policy-name]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
redistribute connected
Causes routes to be redistributed into BGP. The routes that
can be redistributed into BGP are:
• Connected
• Intermediate System-to-Intermediate System (IS-IS)
• Open Shortest Path First (OSPF)
• StaticImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
36
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 8 aggregate-address address/mask-length [as-set]
[as-confed-set] [summary-only] [route-policy
route-policy-name]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
aggregate-address 10.0.0.0/8 as-set
Creates an aggregate address. The path advertised for this
route is an autonomous system set consisting of all elements
contained in all paths that are being summarized.
• The as-set keyword generates autonomous system set
path information and community information from
contributing paths.
• The as-confed-set keyword generates autonomous
system confederation set path information from
contributing paths.
• The summary-only keyword filters all more specific
routes from updates.
• The route-policy route-policy-name keyword and
argument specify the route policy used to set the
attributes of the aggregate route.
Step 9 network {ip-address/prefix-length | ip-address
mask} [route-policy route-policy-name]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
network 172.20.0.0/16
Configures the local router to originate and advertise the
specified network.
Step 10 exit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# exit
Exits VRF address family configuration mode and returns
the router to VRF configuration mode for BGP routing.
Step 11 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor
172.168.40.24
Places the router in VRF neighbor configuration mode for
BGP routing and configures the neighbor IP address
172.168.40.24 as a BGP peer.
Step 12 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.
Step 13 password {clear | encrypted} password
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
password clear pswd123
Configures neighbor 172.168.40.24 to use MD5
authentication with the password pswd123.
Step 14 ebgp-multihop [ttl-value]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
ebgp-multihop
Allows a BGP connection to neighbor 172.168.40.24.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
37
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 15 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
address-family ipv4 unicast
Enters VRF neighbor address family configuration mode
for BGP routing.
Step 16 allowas-in [as-occurrence-number]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
allowas-in 3
Replaces the neighbor autonomous system number (ASN)
with the PE ASN in the AS path three times.
Step 17 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
route-policy In-Ipv4 in
Applies the In-Ipv4 policy to inbound IPv4 unicast routes.
Step 18 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
route-policy In-Ipv4 in
Applies the In-Ipv4 policy to outbound IPv4 unicast routes.
Step 19 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
end
or
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
38
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers
Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions using Routing
Information Protocol version 2 (RIPv2).
SUMMARY STEPS
1. configure
2. router rip
3. vrf vrf-name
4. interface type instance
5. site-of-origin {as-number:number | ip-address:number}
6. exit
7. redistribute bgp as-number [[external | internal | local] [route-policy name]
or
redistribute connected [route-policy name]
or
redistribute isis process-id [level-1 | level-1-2 | level-2] [route-policy name]
or
redistribute eigrp as-number [route-policy name]
or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}]
[route-policy name]
or
redistribute static [route-policy name]
8. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router rip
Example:
RP/0/RSP0/CPU0:router(config)# router rip
Enters the Routing Information Protocol (RIP)
configuration mode allowing you to configure the RIP
routing process.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-rip)# vrf vrf_1
Configures a VPN routing and forwarding (VRF) instance
and enters VRF configuration mode for RIP routing.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
39
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 4 interface type instance
Example:
RP/0/RSP0/CPU0:router(config-rip-vrf)#
interface GigabitEthernet 0/3/0/0
Enters VRF interface configuration mode.
Step 5 site-of-origin {as-number:number |
ip-address:number}
Example:
RP/0/RSP0/CPU0:router(config-rip-vrf-if)#
site-of-origin 200:1
Identifies routes that have originated from a site so that the
re-advertisement of that prefix back to the source site can be
prevented. Uniquely identifies the site from which a PE
router has learned a route.
Step 6 exit
Example:
RP/0/RSP0/CPU0:router(config-rip-vrf-if)# exit
Exits VRF interface configuration mode, and returns the
router to VRF configuration mode for RIP routing.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
40
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 7 redistribute bgp as-number [[external |
internal | local] [route-policy name]
or
redistribute connected [route-policy name]
or
redistribute eigrp as-number [route-policy
name]
or
redistribute isis process-id [level-1 |
level-1-2 | level-2] [route-policy name]
or
redistribute ospf process-id [match {external
[1 | 2] | internal | nssa-external [1 | 2]}]
[route-policy name]
or
redistribute static [route-policy name]
Example:
RP/0/RSP0/CPU0:router(config-rip-vrf)#
redistribute connected
Causes routes to be redistributed into RIP. The routes that
can be redistributed into RIP are:
• Border Gateway Protocol (BGP)
• Connected
• Enhanced Interior Gateway Routing Protocol (EIGRP)
• Intermediate System-to-Intermediate System (IS-IS)
• Open Shortest Path First (OSPF)
• Static
Step 8 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-rip-vrf)# end
or
RP/0/RSP0/CPU0:router(config-rip-vrf)# commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
41
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring Static Routes Between the PE and CE Routers
Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use static
routes.
Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an
interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is
rejected.
SUMMARY STEPS
1. configure
2. router static
3. vrf vrf-name
4. address-family ipv4 unicast
5. prefix/mask [vrf vrf-name] {ip-address | type interface-path-id}
6. prefix/mask [vrf vrf-name] bfd fast-detect
7. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router static
Example:
RP/0/RSP0/CPU0:router(config)# router static
Enters static routing configuration mode allowing you to
configure the static routing process.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-static)# vrf vrf_1
Configures a VPN routing and forwarding (VRF) instance
and enters VRF configuration mode for static routing.
Step 4 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-static-vrf)#
address-family ipv4 unicast
Enters VRF address family configuration mode for the IPv4
address family.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
42
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring OSPF as the Routing Protocol Between the PE and CE Routers
Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Open
Shortest Path First (OSPF).
SUMMARY STEPS
1. configure
2. router ospf process-name
3. vrf vrf-name
4. router-id {router-id | type interface-path-id}
5. redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
or
redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name]
[tag tag-value]
Step 5 prefix/mask [vrf vrf-name] {ip-address | type
interface-path-id}
Example:
RP/0/RSP0/CPU0:router(config-static-vrf-afi)#
172.168.40.24/24 vrf vrf_1 10.1.1.1
Assigns the static route to vrf_1.
Step 6 prefix/mask [vrf vrf-name] bfd fast-detect
Example:
RP/0/RSP0/CPU0:router(config-static-vrf-afi)#
172.168.40.24/24 vrf vrf_1 bfd fast-detect
Enables bidirectional forwarding detection (BFD) to detect
failures in the path between adjacent forwarding engines.
This option is available is when the forwarding router
address is specified in Step 5.
Step 7 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-static-vrf-afi)#
end
or
RP/0/RSP0/CPU0:router(config-static-vrf-afi)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
43
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric
metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
or
redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag
tag-value]
or
redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric
metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
or
redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag
tag-value]
6. area area-id
7. interface type interface-path-id
8. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router ospf process-name
Example:
RP/0/RSP0/CPU0:router(config)# router ospf 109
Enters OSPF configuration mode allowing you to configure
the OSPF routing process.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-ospf)# vrf vrf_1
Configures a VPN routing and forwarding (VRF) instance
and enters VRF configuration mode for OSPF routing.
Step 4 router-id {router-id | type interface-path-id}
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)#
router-id 172.20.10.10
Configures the router ID for the OSPF routing process.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
44
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 5 redistribute bgp process-id [metric
metric-value] [metric-type {1 | 2}]
[route-policy policy-name] [tag tag-value]
or
redistribute connected [metric metric-value]
[metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
or
redistribute ospf process-id [match {external
[1 | 2] | internal | nssa-external [1 | 2]}]
[metric metric-value] [metric-type {1 | 2}]
[route-policy policy-name] [tag tag-value]
or
redistribute static [metric metric-value]
[metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
or
redistribute eigrp process-id [match {external
[1 | 2] | internal | nssa-external [1 |
2]]}[metric metric-value] [metric-type {1 | 2}]
[route-policy policy-name] [tag tag-value]
or
redistribute rip [metric metric-value]
[metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)#
redistribute connected
Causes routes to be redistributed into OSPF. The routes that
can be redistributed into OSPF are:
• Border Gateway Protocol (BGP)
• Connected
• Enhanced Interior Gateway Routing Protocol (EIGRP)
• OSPF
• Static
• Routing Information Protocol (RIP)
Step 6 area area-id
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)# area 0
Configures the OSPF area as area 0.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
45
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring EIGRP as the Routing Protocol Between the PE and CE Routers
Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use
Enhanced Interior Gateway Routing Protocol (EIGRP).
Using EIGRP between the PE and CE routers allows you to transparently connect EIGRP customer
networks through an MPLS-enable Border Gateway Protocol (BGP) core network so that EIGRP routes
are redistributed through the VPN across the BGP network as internal BGP (iBGP) routes.
Prerequisites
BGP must configured in the network. See the Implementing BGP on Cisco ASR 9000 Series Routers
module in Cisco ASR 9000 Series Aggregation Services Routers Routing Configuration Guide.
Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an
interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is
rejected.
Step 7 interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar)#
interface GigabitEthernet 0/3/0/0
Associates interface GigabitEthernet 0/3/0/0 with area 0.
Step 8 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)#
end
or
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
46
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
SUMMARY STEPS
1. configure
2. router eigrp as-number
3. vrf vrf-name
4. address-family ipv4
5. router-id router-id
6. autonomous-system as-number
7. default-metric bandwidth delay reliability loading mtu
8. redistribute {{bgp | connected | isis | ospf| rip | static} [as-number | instance-name]}
[route-policy name]
9. interface type interface-path-id
10. site-of-origin {as-number:number | ip-address:number}
11. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 24
Enters EIGRP configuration mode allowing you to
configure the EIGRP routing process.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf_1
Configures a VPN routing and forwarding (VRF) instance
and enters VRF configuration mode for EIGRP routing.
Step 4 address-family ipv4
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf)#
address family ipv4
Enters VRF address family configuration mode for the IPv4
address family.
Step 5 router-id router-id
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
router-id 172.20.0.0
Configures the router ID for the Enhanced Interior Gateway
Routing Protocol (EIGRP) routing process.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
47
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 6 autonomous-system as-number
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
autonomous-system 6
Configures the EIGRP routing process to run within a VRF.
Step 7 default-metric bandwidth delay reliability
loading mtu
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
default-metric 100000 4000 200 45 4470
Sets the metrics for an EIGRP.
Step 8 redistribute {{bgp | connected | isis | ospf|
rip | static} [as-number | instance-name]}
[route-policy name]
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
redistribute connected
Causes connected routes to be redistributed into EIGRP.
Step 9 interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
interface GigabitEthernet 0/3/0/0
Associates interface GigabitEthernet 0/3/0/0 with the
EIGRP routing process.
Step 10 site-of-origin {as-number:number |
ip-address:number}
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
site-of-origin 201:1
Configures site of origin (SoO) on interface
GigabitEthernet 0/3/0/0.
Step 11 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
end
or
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
48
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring EIGRP Redistribution in the MPLS VPN
Perform this task for every provider edge (PE) router that provides VPN services to enable Enhanced
Interior Gateway Routing Protocol (EIGRP) redistribution in the MPLS VPN.
Prerequisites
The metric can be configured in the route-policy configuring using the redistribute command (or
configured with the default-metric command). If an external route is received from another EIGRP
autonomous system or a non-EIGRP network without a configured metric, the route is not installed in
the EIGRP database. If an external route is received from another EIGRP autonomous system or a
non-EIGRP network without a configured metric, the route is not advertised to the CE router. See the
Implementing EIGRP on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series
Aggregation Services Routers Routing Configuration Guide.
Restrictions
Redistribution between native EIGRP VPN routing and forwarding (VRF) instances is not supported.
This behavior is designed.
SUMMARY STEPS
1. configure
2. router eigrp as-number
3. vrf vrf-name
4. address-family ipv4
5. redistribute bgp [as-number] [route-policy policy-name]
6. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 24
Enters EIGRP configuration mode allowing you to
configure the EIGRP routing process.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf_1
Configures a VRF instance and enters VRF configuration
mode for EIGRP routing.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
49
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 4 address-family ipv4
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf)#
address family ipv4
Enters VRF address family configuration mode for the IPv4
address family.
Step 5 redistribute bgp [as-number] [route-policy
policy-name]
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
redistribute bgp 24 route-policy policy_A
Causes Border Gateway Protocol (BGP) routes to be
redistributed into EIGRP.
Step 6 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
end
or
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
50
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS
VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels
Note This section is not applicable to Inter-AS over IP tunnels.
This section contains instructions for these tasks:
• Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels, page VPC-50
• Configuring the Route Reflectors to Exchange VPN-IPv4 Routes, page VPC-53
• Configuring the Route Reflector to Reflect Remote Routes in its AS, page VPC-56
Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels
Perform this task to configure the autonomous system boundary routers (ASBRs) to exchange IPv4
routes and MPLS labels.
SUMMARY STEPS
1. configure
2. router bgp autonomous-system-number
3. address-family ipv4 unicast
4. allocate-label all
5. neighbor ip-address
6. remote-as autonomous-system-number
7. address-family ipv4 labeled-unicast
8. route-policy route-policy-name in
9. route-policy route-policy-name out
10. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
RP/0/RSP0/CPU0:router(config-bgp)#
Enters Border Gateway Protocol (BGP) configuration mode
allowing you to configure the BGP routing process.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
51
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 3 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-af)#
Enters global address family configuration mode for the
IPv4 unicast address family.
Step 4 allocate-label all
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
allocate-label all
Allocates the MPLS labels for a specific IPv4 unicast or
VPN routing and forwarding (VRF) IPv4 unicast routes so
that the BGP router can send labels with BGP routes to a
neighboring router that is configured for a labeled-unicast
session.
Step 5 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor
172.168.40.24
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address
172.168.40.24 as a BGP peer.
Step 6 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.
Step 7 address-family ipv4 labeled-unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family ipv4 labeled-unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)
Enters neighbor address family configuration mode for the
IPv4 labeled-unicast address family.
Step 8 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all in
Applies a routing policy to updates that are received from a
BGP neighbor.
• Use the route-policy-name argument to define the name
of the of route policy. The example shows that the route
policy name is defined as pass-all.
• Use the in keyword to define the policy for inbound
routes.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
52
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 9 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all out
Applies a routing policy to updates that are sent to a BGP
neighbor.
• Use the route-policy-name argument to define the name
of the of route policy. The example shows that the route
policy name is defined as pass-all.
• Use the out keyword to define the policy for outbound
routes.
Step 10 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
53
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring the Route Reflectors to Exchange VPN-IPv4 Routes
Perform this task to enable the route reflectors to exchange VPN-IPv4 routes by using multihop. This
task specifies that the next-hop information and the VPN label are to be preserved across the autonomous
system.
SUMMARY STEPS
1. configure
2. router bgp autonomous-system-number
3. neighbor ip-address
4. remote-as autonomous-system-number
5. ebgp-multihop [ttl-value]
6. update-source type interface-path-id
7. address-family vpnv4 unicast
8. route-policy route-policy-name in
9. route-policy route-policy-name out
10. next-hop-unchanged
11. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
RP/0/RSP0/CPU0:router(config-bgp)#
Enters Border Gateway Protocol (BGP) configuration mode
allowing you to configure the BGP routing process.
Step 3 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address
172.168.40.24 as a BGP peer.
Step 4 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
54
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 5 ebgp-multihop [ttl-value]
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
ebgp-multihop
Enables multihop peerings with external BGP neighbors.
Step 6 update-source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
update-source loopback0
Allows BGP sessions to use the primary IP address from a
particular interface as the local address.
Step 7 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Configures VPNv4 address family.
Step 8 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all in
Applies a routing policy to updates that are received from a
BGP neighbor.
• Use the route-policy-name argument to define the name
of the of route policy. The example shows that the route
policy name is defined as pass-all.
• Use the in keyword to define the policy for inbound
routes.
Step 9 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all out
Applies a routing policy to updates that are sent to a BGP
neighbor.
• Use the route-policy-name argument to define the name
of the of route policy. The example shows that the route
policy name is defined as pass-all.
• Use the out keyword to define the policy for outbound
routes.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
55
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 10 next-hop-unchanged
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
next-hop-unchanged
Disables overwriting of the next hop before advertising to
external Border Gateway Protocol (eBGP) peers.
Step 11 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
56
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring the Route Reflector to Reflect Remote Routes in its AS
Perform this task to enable the route reflector (RR) to reflect the IPv4 routes and labels learned by the
autonomous system boundary router (ASBR) to the provider edge (PE) routers in the autonomous
system. This task is accomplished by making the ASBR and PE route reflector clients of the RR.
SUMMARY STEPS
1. configure
2. router bgp autonomous-system-number
3. address-family ipv4 unicast
4. allocate-label all
5. neighbor ip-address
6. remote-as autonomous-system-number
7. update-source type interface-path-id
8. address-family ipv4 labeled-unicast
9. route-reflector-client
10. neighbor ip-address
11. remote-as autonomous-system-number
12. update-source type interface-path-id
13. address-family ipv4 labeled-unicast
14. route-reflector-client
15. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Enters Border Gateway Protocol (BGP) configuration mode
allowing you to configure the BGP routing process.
Step 3 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-af)#
Enters global address family configuration mode for the
IPv4 unicast address family.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
57
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 4 allocate-label all
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
allocate-label all
Allocates the MPLS labels for a specific IPv4 unicast or
VPN routing and forwarding (VRF) IPv4 unicast routes so
that the BGP router can send labels with BGP routes to a
neighboring router that is configured for a labeled-unicast
session.
Step 5 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor
172.168.40.24
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address
172.168.40.24 as an ASBR eBGP peer.
Step 6 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.
Step 7 update-source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
update-source loopback0
Allows BGP sessions to use the primary IP address from a
particular interface as the local address.
Step 8 address-family ipv4 labeled-unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family ipv4 labeled-unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Enters neighbor address family configuration mode for the
IPv4 labeled-unicast address family.
Step 9 route-reflector-client
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-reflector-client
Configures the router as a BGP route reflector and neighbor
172.168.40.24 as its client.
Step 10 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
neighbor 10.40.25.2
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address 10.40.25.2
as an VPNv4 iBGP peer.
Step 11 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
58
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 12 update-source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
update-source loopback0
Allows BGP sessions to use the primary IP address from a
particular interface as the local address.
Step 13 address-family ipv4 labeled-unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family ipv4 labeled-unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Enters neighbor address family configuration mode for the
IPv4 labeled-unicast address family.
Step 14 route-reflector-client
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-reflector-client
Configures the neighbor as a route reflector client.
Step 15 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
59
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS
VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses
This section contains instructions for these tasks:
• Configuring the ASBRs to Exchange VPN-IPv4 Addresses, page VPC-59
• Configuring a Static Route to an ASBR Peer, page VPC-62
• Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a
Confederation, page VPC-64
• Configuring MPLS Forwarding for ASBR Confederations, page VPC-66
• Configuring a Static Route to an ASBR Confederation Peer, page VPC-68
Configuring the ASBRs to Exchange VPN-IPv4 Addresses
Perform this task to configure an external Border Gateway Protocol (eBGP) autonomous system
boundary router (ASBR) to exchange VPN-IPv4 routes with another autonomous system.
SUMMARY STEPS
1. configure
2. router bgp autonomous-system-number
3. address-family vpnv4 unicast
4. retain route-target {all | route-policy route-policy-name}
5. neighbor ip-address
6. remote-as autonomous-system-number
7. address-family vpnv4 unicast
8. route-policy route-policy-name in
9. route-policy route-policy-name out
10. neighbor ip-address
11. remote-as autonomous-system-number
12. update-source type interface-path-id
13. address-family vpnv4 unicast
14. end
or
commitImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
60
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
RP/0/RSP0/CPU0:router(config-bgp)#
Enters Border Gateway Protocol (BGP) configuration mode
allowing you to configure the BGP routing process.
Step 3 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-af)#
Configures VPNv4 address family.
Step 4 retain route-target {all | route-policy
route-policy-name}
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# retain
route-target route-policy policy1
Retrieves VPNv4 table from PE routers.
The retain route-target command is required on an
Inter-AS option B ASBR. You can use this command with
either all or route-policy keyword
Step 5 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor
172.168.40.24
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address
172.168.40.24 as an ASBR eBGP peer.
Step 6 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.
Step 7 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Configures VPNv4 address family.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
61
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 8 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all in
Applies a routing policy to updates that are received from a
BGP neighbor.
• Use the route-policy-name argument to define the name
of the of route policy. The example shows that the route
policy name is defined as pass-all.
• Use the in keyword to define the policy for inbound
routes.
Step 9 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all out
Applies a routing policy to updates that are sent from a BGP
neighbor.
• Use the route-policy-name argument to define the name
of the of route policy. The example shows that the route
policy name is defined as pass-all.
• Use the out keyword to define the policy for outbound
routes.
Step 10 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
neighbor 10.40.25.2
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address 10.40.25.2
as an VPNv4 iBGP peer.
Step 11 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.
Step 12 update-source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
update-source loopback0
Allows BGP sessions to use the primary IP address from a
particular interface as the local address.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
62
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring a Static Route to an ASBR Peer
Perform this task to configure a static route to an ASBR peer.
SUMMARY STEPS
1. configure
2. router static
3. address-family ipv4 unicast
4. A.B.C.D/length next-hop
5. end
or
commit
Step 13 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Configures VPNv4 address family.
Step 14 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
63
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router static
Example:
RP/0/RSP0/CPU0:router(config)# router static
RP/0/RSP0/CPU0:router(config-static)#
Enters router static configuration mode.
Step 3 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-static)#
address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-static-afi)#
Enables an IPv4 address family.
Step 4 A.B.C.D/length next-hop
Example:
RP/0/RSP0/CPU0:router(config-static-afi)#
10.10.10.10/32 10.9.9.9
Enters the address of the destination router (including IPv4
subnet mask).
Step 5 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-static-afi)# end
or
RP/0/RSP0/CPU0:router(config-static-afi)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
64
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a
Confederation
Perform this task to configure external Border Gateway Protocol (eBGP) routing to exchange VPN
routes between subautonomous systems in a confederation.
Note To ensure that host routes for VPN-IPv4 eBGP neighbors are propagated (by means of the Interior
Gateway Protocol [IGP]) to other routers and PE routers, specify the redistribute connected command
in the IGP configuration portion of the confederation eBGP (CEBGP) router. If you are using Open
Shortest Path First (OSPF), make sure that the OSPF process is not enabled on the CEBGP interface in
which the “redistribute connected” subnet exists.
SUMMARY STEPS
1. configure
2. router bgp autonomous-system-number
3. bgp confederation peers peer autonomous-system-number
4. bgp confederation identifier autonomous-system-number
5. address-family vpnv4 unicast
6. neighbor ip-address
7. remote-as autonomous-system-number
8. address-family vpnv4 unicast
9. route-policy route-policy-name in
10. route-policy route-policy-name out
11. next-hop-self
12. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
RP/0/RSP0/CPU0:router(config-bgp)#
Enters BGP configuration mode allowing you to configure
the BGP routing process.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
65
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 3 bgp confederation peers peer
autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation peers 8
Configures the peer autonomous system number that
belongs to the confederation.
Step 4 bgp confederation identifier
autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation identifier 5
Specifies the autonomous system number for the
confederation ID.
Step 5 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-af)#
Configures VPNv4 address family.
Step 6 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor
10.168.40.24
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address
10.168.40.24 as a BGP peer.
Step 7 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.
Step 8 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Configures VPNv4 address family.
Step 9 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy In-Ipv4 in
Applies a routing policy to updates received from a BGP
neighbor.
Step 10 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy Out-Ipv4 out
Applies a routing policy to updates advertised to a BGP
neighbor.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
66
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring MPLS Forwarding for ASBR Confederations
Perform this task to configure MPLS forwarding for autonomous system boundary router (ASBR)
confederations (in BGP) on a specified interface.
Note This configuration adds the implicit NULL rewrite corresponding to the peer associated with the
interface, which is required to prevent BGP from automatically installing rewrites by LDP (in multihop
instances).
SUMMARY STEPS
1. configure
2. router bgp as-number
3. mpls activate
4. interface type interface-path-id
5. end
or
commit
Step 11 next-hop-self
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
next-hop-self
Disables next-hop calculation and let you insert your own
address in the next-hop field of BGP updates.
Step 12 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
67
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
RP/0/RSP0/CPU0:router(config-bgp)
Enters BGP configuration mode allowing you to
configure the BGP routing process.
Step 3 mpls activate
Example:
RP/0/RSP0/CPU0:router(config-bgp)# mpls activate
RP/0/RSP0/CPU0:router(config-bgp-mpls)#
Enters BGP MPLS activate configuration mode.
Step 4 interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-mpls)# interface
GigabitEthernet 0/3/0/0
Enables MPLS on the interface.
Step 5 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-mpls)# end
or
RP/0/RSP0/CPU0:router(config-bgp-mpls)# commit
Saves configuration changes.
• When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to
the running configuration file, exits the
configuration session, and returns the
router to EXEC mode.
– Entering no exits the configuration session
and returns the router to EXEC mode
without committing the configuration
changes.
– Entering cancel leaves the router in the
current configuration session without
exiting or committing the configuration
changes.
• Use the commit command to save the
configuration changes to the running
configuration file and remain within the
configuration session.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
68
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring a Static Route to an ASBR Confederation Peer
Perform this task to configure a static route to an Inter-AS confederation peer. For more detailed
information, see “Configuring a Static Route to a Peer” section on page MPC-78.
SUMMARY STEPS
1. configure
2. router static
3. address-family ipv4 unicast
4. A.B.C.D/length next-hop
5. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router static
Example:
RP/0/RSP0/CPU0:router(config)# router static
RP/0/RSP0/CPU0:router(config-static)#
Enters router static configuration mode.
Step 3 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-static)#
address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-static-afi)#
Enables an IPv4 address family.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
69
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 4 A.B.C.D/length next-hop
Example:
RP/0/RSP0/CPU0:router(config-static-afi)#
10.10.10.10/32 10.9.9.9
Enters the address of the destination router (including IPv4
subnet mask).
Step 5 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-static-afi)# end
or
RP/0/RSP0/CPU0:router(config-static-afi)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
70
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring Carrier Supporting Carrier
Perform the tasks in this section to configure Carrier Supporting Carrier (CSC):
• Identifying the Carrier Supporting Carrier Topology, page VPC-70
• Configuring the Backbone Carrier Core, page VPC-71
• Configuring the CSC-PE and CSC-CE Routers, page VPC-71
• Configuring a Static Route to a Peer, page VPC-78
Identifying the Carrier Supporting Carrier Topology
Before you configure the MPLS VPN CSC with BGP, you must identify both the backbone and customer
carrier topology.
Note You can connect multiple CSC-CE routers to the same PE, or you can connect a single CSC-CE router
to multiple CSC-PEs using more than one CSC-CE interface to provide redundancy and multiple path
support in a CSC topology.
Perform this task to identify the carrier supporting carrier topology.
SUMMARY STEPS
1. Identify the type of customer carrier, ISP, or MPLS VPN service provider.
2. Identify the CE routers.
3. Identify the customer carrier core router configuration.
4. Identify the customer carrier edge (CSC-CE) routers.
5. Identify the backbone carrier router configuration.
DETAILED STEPS
Command or Action Purpose
Step 1 Identify the type of customer carrier, ISP, or MPLS
VPN service provider.
Sets up requirements for configuration of carrier supporting
carrier network.
Step 2 Identify the CE routers. Sets up requirements for configuration of CE to PE
connections.
Step 3 Identify the customer carrier core router configuration. Sets up requirements for configuration between core (P)
routers and between P routers and edge routers (PE and
CSC-CE routers).
Step 4 Identify the customer carrier edge (CSC-CE) routers. Sets up requirements for configuration of CSC-CE to
CSC-PE connections.
Step 5 Identify the backbone carrier router configuration. Sets up requirements for configuration between CSC core
routers and between CSC core routers and edge routers
(CSC-CE and CSC-PE routers).Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
71
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring the Backbone Carrier Core
Configuring the backbone carrier core requires setting up connectivity and routing functions for the CSC
core and the CSC-PE routers. To do so, you must complete these high-level tasks:
• Verify IP connectivity in the CSC core.
• Verify LDP configuration in the CSC core.
Note This task is not applicable to CSC over IP tunnels.
• Configure VRFs for CSC-PE routers.
• Configure multiprotocol BGP for VPN connectivity in the backbone carrier.
Configuring the CSC-PE and CSC-CE Routers
Perform these tasks to configure links between a CSC-PE router and the carrier CSC-CE router for an
MPLS VPN CSC network that uses BGP to distribute routes and MPLS labels:
• Configuring a CSC-PE
• Configuring a CSC-CE
Figure 6 shows the configuration for the peering with directly connected interfaces between CSC-PE and
CSC-CE routers. This configuration is used as the example in the tasks that follow.
Figure 6 Configuration for Peering with Directly Connected Interfaces Between CSC-PE and
CSC-CE Routers
Configuring a CSC-PE
Perform this task to configure a CSC-PE.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family vpnv4 unicast
4. neighbor A.B.C.D
5. remote-as as-number
6. update-source type interface-path-id
7. address-family vpnv4 unicast
8. vrf vrf-name
9. rd {as-number:nn | ip-address:nn | auto}
CSC-CE
e1/0 e1/0
10.0.0.1 10.0.0.2
CSC-PE 121190Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
72
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
10. address-family ipv4 unicast
11. allocate-label all
12. neighbor A.B.C.D
13. remote-as as-number
14. address-family ipv4 labeled-unicast
15. route-policy route-policy-name in
16. route-policy route-policy-name out
17. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 2
RP/0/RSP0/CPU0:router(config-bgp)#
Configures a BGP routing process and enters router
configuration mode.
• Range for 2-byte numbers is 1 to 65535. Range for
4-byte numbers is 1.0 to 65535.65535.
Step 3 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-af)#
Configures VPNv4 address family.
Step 4 neighbor A.B.C.D
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor
10.10.10.0
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Configures the IP address for the BGP neighbor.
Step 5 remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 888
Configures the AS number for the BGP neighbor.
Step 6 update-source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
update-source loopback0
Allows BGP sessions to use the primary IP address from a
particular interface as the local address.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
73
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 7 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Configures VPNv4 unicast address family.
Step 8 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# vrf
9999
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
Configures a VRF instance.
Step 9 rd {as-number:nn | ip-address:nn | auto}
Example:
RP/0/RSP0/CPU0:router(onfig-bgp-vrf)# rd auto
Configures a route distinguisher.
Note Use the auto keyword to automatically assign a
unique route distinguisher.
Step 10 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
Configures IPv4 unicast address family.
Step 11 allocate-label all
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
allocate-label all
Allocate labels for all local prefixes and prefixes received
with labels.
Step 12 neighbor A.B.C.D
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
neighbor 10.10.10.0
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
Configures the IP address for the BGP neighbor.
Step 13 remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
remote-as 888
Enables the exchange of information with a neighboring
BGP router.
Step 14 address-family ipv4 labeled-unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
address-family ipv4 labeled-unicast
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
Configures IPv4 labeled-unicast address family.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
74
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 15 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
route-policy pass-all in
Applies the pass-all policy to all inbound routes.
Step 16 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
route-policy pass-all out
Applies the pass-all policy to all outbound routes.
Step 17 end
or
commit
Example:
RP/0/RSP0/CPU0:router(cconfig-bgp-vrf-nbr-af)#
end
or
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
75
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring a CSC-CE
Perform this task to configure a CSC-CE.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family ipv4 unicast
4. redistribute ospf instance-number
5. allocate-label route-policy route-policy-name
6. exit
7. neighbor A.B.C.D
8. remote-as as-number
9. address-family ipv4 labeled-unicast
10. route-policy route-policy-name in
11. route-policy route-policy-name out
12. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 1
Configures a BGP routing process and enters router
configuration mode.
• Range for 2-byte numbers is 1 to 65535. Range for
4-byte numbers is 1.0 to 65535.65535.
Step 3 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family ipv4 unicast
Configures IPv4 unicast address-family.
Step 4 redistribute ospf instance-number
Example:
RP/0/RSP0/CPU0:router(config-router-af)#
redistribute ospf 1
Redistributes OSPF routes into BGP.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
76
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 5 allocate-label route-policy route-policy-name
Example:
RP/0/RSP0/CPU0:router(config-router-af)#
allocate-label route-policy internal-routes
Allocates labels for those routes that match the route policy.
These labeled routes are advertised to neighbors configured
with address-family ipv4 labeled-unicast.
Step 6 exit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# exit
Exits the current configuration mode.
Step 7 neighbor A.B.C.D
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
10.0.0.1
Configures the IP address for the BGP neighbor.
Step 8 remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 1
Enables the exchange of information with a neighboring
BGP router.
Step 9 address-family ipv4 labeled-unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family ipv4 labeled-unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Configures IPv4 labeled-unicast address family.
Step 10 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all in
Applies the route-policy to all inbound routes.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
77
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 11 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all out
Applies the route-policy to all outbound routes.
Step 12 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
or
RP/0/RSP0/CPU0:router(config-bgp)# commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
78
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring a Static Route to a Peer
Perform this task to configure a static route to an Inter-AS or CSC-CE peer.
When you configure an Inter-AS or CSC peer, BGP allocates a label for a /32 route to that peer and
performs a NULL label rewrite. When forwarding a labeled packet to the peer, the router removes the
top label from the label stack; however, in such an instance, BGP expects a /32 route to the peer. This
task ensures that there is, in fact, a /32 route to the peer.
Please be aware of these facts before performing this task:
• A /32 route is not required to establish BGP peering. A route using a shorter prefix length will also
work.
• A shorter prefix length route is not associated with the allocated label; even though the BGP session
comes up between the peers, without the static route, forwarding will not work.
Note To configure a static route on a CSC-PE, you must configure the router under the VRF (as noted in the
detailed steps).
SUMMARY STEPS
1. configure
2. router static
3. address-family ipv4 unicast
4. A.B.C.D/length next-hop
5. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router(config)# configure
Enters global configuration mode.
Step 2 router static
Example:
RP/0/RSP0/CPU0:router(config)# router static
Enters router static configuration mode.
Step 3 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-static)#
address-family ipv4 unicast
Enables an IPv4 address family.
Note To configure a static route on a CSC-PE, you must
first configure the VRF using the vrf command
before address-family. Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
79
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 4 A.B.C.D/length next-hop
Example:
RP/0/RSP0/CPU0:router(config-static-afi)#
10.10.10.10/32 10.9.9.9
Enters the address of the destination router (including IPv4
subnet mask).
Step 5 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-static-af)# end
or
RP/0/RSP0/CPU0:router(config-static-af)# commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
80
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Verifying the MPLS Layer 3 VPN Configuration
Perform this task to verify the MPLS Layer 3 VPN configuration.
SUMMARY STEPS
1. show running-config router bgp as-number vrf vrf-name
2. show running-config routes
3. show ospf vrf vrf-name database
4. show running-config router bgp as-number vrf vrf-name neighbor ip-address
5. show bgp vrf vrf-name summary
6. show bgp vrf vrf-name neighbors ip-address
7. show bgp vrf vrf-name
8. show route vrf vrf-name ip-address
9. show bgp vpn unicast summary
10. show running-config router isis
11. show running-config mpls
12. show isis adjacency
13. show mpls ldp forwarding
14. show bgp vpnv4 unicast
show bgp vrf vrf-name
15. show bgp vrf vrf-name imported-routes
16. show route vrf vrf-name ip-address
17. show cef vrf vrf-name ip-address
18. show cef vrf vrf-name ip-address location node-id
19. show bgp vrf vrf-name ip-address
20. show ospf vrf vrf-name database
DETAILED STEPS
Command or Action Purpose
Step 1 show running-config router bgp as-number vrf
vrf-name
Example:
RP/0/RSP0/CPU0:router# show running-config
router bgp 3 vrf vrf_A
Displays the specified VPN routing and forwarding (VRF)
content of the currently running configuration.
Step 2 show running-config routes
Example:
RP/0/RSP0/CPU0:router# show running-config
routes
Displays the Open Shortest Path First (OSPF) routes table
in the currently running configuration.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
81
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 3 show ospf vrf vrf-name database
Example:
RP/0/RSP0/CPU0:router# show ospf vrf vrf_A
database
Displays lists of information related to the OSPF database
for a specified VRF.
Step 4 show running-config router bgp as-number vrf
vrf-name neighbor ip-address
Example:
RP/0/RSP0/CPU0:router# show running-config
router bgp 3 vrf vrf_A neighbor 172.168.40.24
Displays the Border Gateway Protocol (BGP) VRF
neighbor content of the currently running configuration.
Step 5 show bgp vrf vrf-name summary
Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A
summary
Displays the status of the specified BGP VRF connections.
Step 6 show bgp vrf vrf-name neighbors ip-address
Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A
neighbors 172.168.40.24
Displays information about BGP VRF connections to the
specified neighbors.
Step 7 show bgp vrf vrf-name
Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A
Displays information about a specified BGP VRF.
Step 8 show route vrf vrf-name ip-address
Example:
RP/0/RSP0/CPU0:router# show route vrf vrf_A
10.0.0.0
Displays the current routes in the Routing Information Base
(RIB) for a specified VRF.
Step 9 show bgp vpn unicast summary
Example:
RP/0/RSP0/CPU0:router# show bgp vpn unicast
summary
Displays the status of all BGP VPN unicast connections.
Step 10 show running-config router isis
Example:
RP/0/RSP0/CPU0:router# show running-config
router isis
Displays the Intermediate System-to-Intermediate System
(IS-IS) content of the currently running configuration.
Step 11 show running-config mpls
Example:
RP/0/RSP0/CPU0:router# show running-config mpls
Displays the MPLS content of the currently
running-configuration.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
82
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 12 show isis adjacency
Example:
RP/0/RSP0/CPU0:router# show isis adjacency
Displays IS-IS adjacency information.
Step 13 show mpls ldp forwarding
Example:
RP/0/RSP0/CPU0:router# show mpls ldp forwarding
Displays the Label Distribution Protocol (LDP) forwarding
state installed in MPLS forwarding.
Step 14 show bgp vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router# show bgp vpnv4 unicast
Displays entries in the BGP routing table for VPNv4 unicast
addresses.
Step 15 show bgp vrf vrf-name
Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A
Displays entries in the BGP routing table for VRF vrf_A.
Step 16 show bgp vrf vrf-name imported-routes
Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A
imported-routes
Displays BGP information for routes imported into
specified VRF instances.
Step 17 show route vrf vrf-name ip-address
Example:
RP/0/RSP0/CPU0:router# show route vrf vrf_A
10.0.0.0
Displays the current specified VRF routes in the RIB.
Step 18 show cef vrf vrf-name ip-address
Example:
RP/0/RSP0/CPU0:router# show cef vrf vrf_A
10.0.0.1
Displays the IPv4 Cisco Express Forwarding (CEF) table
for a specified VRF.
Step 19 show cef vrf vrf-name ip-address location
node-id
Example:
RP/0/RSP0/CPU0:router# show cef vrf vrf_A
10.0.0.1 location 0/1/cpu0
Displays the IPv4 CEF table for a specified VRF and
location.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
83
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring L3VPN over GRE
Perform the following tasks to configure L3VPN over GRE:
• Creating a GRE Tunnel between Provider Edge Routers
• Configuring IGP between Provider Edge Routers
• Configuring LDP/GRE on the Provider Edge Routers
• Configuring L3VPN
Creating a GRE Tunnel between Provider Edge Routers
Perform this task to configure a GRE tunnel between provider edge routers.
SUMMARY STEPS
1. configure
2. interface tunnel-ip number
3. ipv4 address ipv4-address subnet-mask
4. ipv6 address ipv6-prefix/prefix-length
5. tunnel mode gre ipv4
6. tunnel source type number
7. tunnel destination ip-address
8. end
or
commit
Step 20 show bgp vrf vrf-name ip-address
Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A
10.0.0.0
Displays entries in the BGP routing table for VRF vrf_A.
Step 21 show ospf vrf vrf-name database
Example:
RP/0/RSP0/CPU0:router# show ospf vrf vrf_A
database
Displays lists of information related to the OSPF database
for a specified VRF.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
84
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 interface tunnel-ip number
Example:
RP/0/RSP0/CPU0:router(config)# interface
tunnel-ip 4000
Enters tunnel interface configuration mode.
• number is the number associated with the tunnel
interface.
Step 3 ipv4 address ipv4-address subnet-mask
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 address
10.1.1.1 255.255.255.0
Specifies the IPv4 address and subnet mask for the
interface.
• ipv4-address specifies the IP address of the interface.
• subnet-mask specifies the subnet mask of the interface.
Step 4 ipv6 address ipv6-prefix/prefix-length
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv6 address
100:1:1:1::1/64
Specifies an IPv6 network assigned to the interface.
Step 5 tunnel mode gre ipv4
Example:
RP/0/RSP0/CPU0:router(config-if)# tunnel mode
gre ipv4
Sets the encapsulation mode of the tunnel interface to GRE.
Step 6 tunnel source type path-id
Example:
RP/0/RSP0/CPU0:router(config-if)# tunnel source
TenGigE0/2/0/1
Specifies the source of the tunnel interface. Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
85
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring IGP between Provider Edge Routers
Perform this task to configure IGP between provider edge routers.
SUMMARY STEPS
1. configure
2. router ospf process-name
3. nsr
4. router-id {router-id}
5. mpls ldp sync
6. dead-interval seconds
7. hello-interval seconds
8. area area-id
9. interface tunnel-ip number
10. end
or
commit
Step 7 tunnel destination ip-address
Example:
RP/0/RSP0/CPU0:router(config-if)# tunnel
destination 145.12.5.2
Defines the tunnel destination.
Step 8 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
86
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router ospf process-name
Example:
RP/0/RSP0/CPU0:router(config)# router ospf 1
Enables OSPF routing for the specified routing process and
places the router in router configuration mode.
Step 3 nsr
Example:
RP/0/RSP0/CPU0:router(config-ospf)# nsr
Activates BGP NSR.
Step 4 router-id {router-id}
Example:
RP/0/RSP0/CPU0:router(config-ospf)# router-id
1.1.1.1
Configures a router ID for the OSPF process.
Note We recommend using a stable IP address as the
router ID.
Step 5 mpls ldp sync
Example:
RP/0/RSP0/CPU0:router(config-ospf)# mpls ldp
sync
Enables MPLS LDP synchronization.
Step 6 dead-interval seconds
Example:
RP/0/RSP0/CPU0:router(config-ospf)#
dead-interval 60
Sets the time to wait for a hello packet from a neighbor
before declaring the neighbor down.
Step 7 hello-interval seconds
Example:
RP/0/RSP0/CPU0:router(config-ospf)#
hello-interval 15
Specifies the interval between hello packets that OSPF
sends on the interface.
Step 8 area area-id
Example:
RP/0/RSP0/CPU0:router(config-ospf)# area 0
Enters area configuration mode and configures an area for
the OSPF process.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
87
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring LDP/GRE on the Provider Edge Routers
Perform this task to configure LDP/GRE on the provider edge routers.
SUMMARY STEPS
1. configure
2. mpls ldp
3. router-id {router-id}
4. discovery hello holdtime seconds
5. discovery hello interval seconds
6. nsr
7. graceful-restart
8. graceful-restart reconnect-timeout seconds
9. graceful-restart forwarding-state-holdtime seconds
10. holdtime seconds
11. neighbor ip-address
12. interface tunnel-ip number
Step 9 interface tunnel-ip number
Example:
RP/0/RSP0/CPU0:router(config-ospf)# interface
tunnel-ip 4
Enters tunnel interface configuration mode.
• number is the number associated with the tunnel
interface.
Step 10 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-ospf)# end
or
RP/0/RSP0/CPU0:router(config-ospf)# commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
88
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
13. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 mpls ldp
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Enables MPLS LDP configuration mode.
Step 3 router-id {router-id}
Example:
RP/0/RSP0/CPU0:router(config-ldp)# router-id
1.1.1.1
Configures a router ID for the OSPF process.
Note We recommend using a stable IP address as the
router ID.
Step 4 discovery hello holdtime seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)# discovery
hello holdtime 40
Defines the period of time a discovered LDP neighbor is
remembered without receipt of an LDP Hello message from
the neighbor.
Step 5 discovery hello interval seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)# discovery
hello holdtime 20
Defines the period of time between the sending of
consecutive Hello messages.
Step 6 nsr
Example:
RP/0/RSP0/CPU0:router(config-ldp)# nsr
Activates BGP NSR.
Step 7 graceful-restart
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
graceful-restart
Enables graceful restart on the router.
Step 8 graceful-restart reconnect-timeout seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
graceful-restart recoonect-timeout 180
Defines the time for which the neighbor should wait for a
reconnection if the LDP session is lost. Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
89
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring L3VPN
Perform this task to configure L3VPN.
SUMMARY STEPS
1. configure
2. vrf vrf-name
Step 9 graceful-restart forwarding-state-holdtime
seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
graceful-restart forwarding-state-holdtime 300
Defines the time that the neighbor should retain the MPLS
forwarding state during a recovery.
Step 10 holdtime seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)# holdtime 90
Configures the hold time for an interface.
Step 11 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-ldp)# neighbor
10.1.1.0
Defines a neighboring router.
Step 12 interface tunnel-ip number
Example:
RP/0/RSP0/CPU0:router(config-ldp)# interface
tunnel-ip 4
Enters tunnel interface configuration mode.
• number is the number associated with the tunnel
interface.
Step 13 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
or
RP/0/RSP0/CPU0:router(config-ldp)# commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
90
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
3. address-family { ipv4 | ipv6 } unicast
4. import route-target [as-number:nn | ip-address:nn]
5. export route-target [as-number:nn | ip-address:nn]
6. interface type interface-path-id
7. vrf vrf-name
8. ipv4 address ipv4-address subnet-mask
9. dot1q vlan vlan-id
10. router bgp process-name
11. nsr
12. bgp router-id ip-address
13. address-family {vpnv4 | vpnv6} unicast
14. neighbor ip-address
15. remote-as as-number
16. update-source type interface-path-id
17. address-family {vpnv4 | vpnv6} unicast
18. route-policy policy-name in
19. route-policy policy-name out
20. vrf vrf-name
21. rd {as-number:nn | ip-address:nn | auto}
22. address-family {ipv4 | ipv6} unicast
23. redistribute connected [metric metric-value] [route-policy route-policy-name]
24. redistribute static [metric metric-value] [route-policy route-policy-name]
25. neighbor ip-address
26. remote-as as-number
27. ebgp-multihop ttl-value
28. address-family {ipv4 | ipv6} unicast
29. route-policy policy-name in
30. route-policy policy-name out
31. end
or
commitImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
91
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config)# vrf vpn1
Configures a VRF instance.
Step 3 address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family { ipv4 | ipv6 } unicast
Specifies either the IPv4 or IPv6 address family and enters
address family configuration submode.
Step 4 import route-target [as-number:nn |
ip-address:nn]
Example:
RP/0/RSP0/CPU0:router(config-vrf)# import
route-target 2:1
Specifies a list of route target (RT) extended communities.
Only prefixes that are associated with the specified import
route target extended communities are imported into the
VRF.
Step 5 export route-target [as-number:nn |
ip-address:nn]
Example:
RP/0/RSP0/CPU0:router(config-vrf)# export
route-target 1:1
Specifies a list of route target extended communities.
Export route target communities are associated with
prefixes when they are advertised to remote PEs. The
remote PEs import them into VRFs which have import RTs
that match these exported route target communities.
Step 6 interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)#interface
TenGigE0/2/0/0.1
Enters interface configuration mode and configures an
interface.
Step 7 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-if)# vrf vpn1
Configures a VRF instance.
Step 8 ipv4 address ipv4-address subnet-mask
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 address
150.1.1.1 255.255.255.0
Specifies the IPv4 address and subnet mask for the
interface.
• ipv4-address specifies the IP address of the interface.
• subnet-mask specifies the subnet mask of the interface.
Step 9 dot1q native vlan vlan-id
Example:
RP/0/RSP0/CPU0:router(config-if)# dot1q native
vlan 1
Assigns the native VLAN ID of a physical interface
trunking 802.1Q VLAN traffic.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
92
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 10 router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 1
Specifies the autonomous system number and enters the
BGP configuration mode, allowing you to configure the
BGP routing process.
Step 11 nsr
Example:
RP/0/RSP0/CPU0:router(config-bgp)# nsr
Activates BGP NSR.
Step 12 bgp router-id ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
router-id 1.1.1.1
Configures the local router with a specified router ID.
Step 13 address-family {vpnv4 | vpnv6} unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv4 unicast
Enters address family configuration submode for the
specified address family.
Step 14 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
4.4.4.4
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address as a BGP
peer.
Step 15 remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#remote-as
1
Creates a neighbor and assigns a remote autonomous
system number to it.
Step 16 update-source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#update-so
urce Loopback0
Allows sessions to use the primary IP address from a
specific interface as the local address when forming a
session with a neighbor.
Step 17 address-family {vpnv4 | vpnv6} unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpnv4 unicast
Enters address family configuration submode for the
specified address family.
Step 18 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy pass-all in
Defines a route policy and enters route policy configuration
mode.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
93
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 19 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy pass-all out
Defines a route policy and enters route policy configuration
mode.
Step 20 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config)# vrf vpn1
Configures a VRF instance.
Step 21 rd {as-number:nn | ip-address:nn | auto}
Example:
RP/0/RSP0/CPU0:router(config-vrf)#rd 1:1
Configures the route distinguisher.
Step 22 address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Specifies either the IPv4 or IPv6 address family and enters
address family configuration submode.
Step 23 redistribute connected [metric metric-value]
[route-policy route-policy-name]
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)#
redistribute connected
Causes routes from the specified instance to be redistributed
into BGP.
Step 24 redistribute static [metric metric-value]
[route-policy route-policy-name]
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)#
redistribute static
Causes routes from the specified instance to be redistributed
into BGP.
Step 25 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
150.1.1.2
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address as a BGP
peer.
Step 26 remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#remote-as
7501
Creates a neighbor and assigns a remote autonomous
system number to it.
Step 27 ebg-multihop ttl-value
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#ebgp-mult
ihop 10
Configures the CE neighbor to accept and attempt BGP
connections to external peers residing on networks that are
not directly connected.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
94
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 28 address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family ipv4 unicast
Specifies either the IPv4 or IPv6 address family and enters
address family configuration submode.
Step 29 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy BGP_pass_all in
Defines a route policy and enters route policy configuration
mode.
Step 30 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy BGP_pass_all out
Defines a route policy and enters route policy configuration
mode.
Step 31 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
Configuration Examples for Implementing MPLS Layer 3 VPNs
95
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuration Examples for Implementing MPLS Layer 3 VPNs
This section provides these sample configurations for MPLS L3VPN features:
• Configuring an MPLS VPN Using BGP: Example, page VPC-95
• Configuring the Routing Information Protocol on the PE Router: Example, page VPC-96
• Configuring the PE Router Using EIGRP: Example, page VPC-96
• Configuration Examples for MPLS VPN CSC, page VPC-97
• Configuring L3VPN over GRE: Example, page VPC-98
Configuring an MPLS VPN Using BGP: Example
This example shows the configuration for an MPLS VPN using BGP on “vrf vpn1”:
address-family ipv4 unicast
import route-target
100:1
!
export route-target
100:1
!
!
!
route-policy pass-all
pass
end-policy
!
interface Loopback0
ipv4 address 10.0.0.1 255.255.255.255
!
interface gigabitEthernet 0/1/0/0
vrf vpn1
ipv4 address 10.0.0.2 255.0.0.0
!
interface gigabitEthernet 0/1/0/1
ipv4 address 10.0.0.1 255.0.0.0
!
router ospf 100
area 100
interface loopback0
interface gigabitEthernet 0/1/0/1
!
!
router bgp 100
address-family vpnv4 unicast
retain route-target route-policy policy1
neighbor 10.0.0.3
remote-as 100
update-source Loopback0
address-family vpnv4 unicast
!
vrf vpn1
rd 100:1
address-family ipv4 unicast
redistribute connected
!
neighbor 10.0.0.1
remote-as 200Implementing MPLS Layer 3 VPNs
Configuration Examples for Implementing MPLS Layer 3 VPNs
96
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
address-family ipv4 unicast
as-override
route-policy pass-all in
route-policy pass-all out
!
advertisement-interval 5
!
!
!
mpls ldp
route-id looback0
interface gigabitEthernet 0/1/0/1
!
Configuring the Routing Information Protocol on the PE Router: Example
This example shows the configuration for the RIP on the PE router:
vrf vpn1
address-family ipv4 unicast
import route-target
100:1
!
export route-target
100:1
!
!
!
route-policy pass-all
pass
end-policy
!
interface gigabitEthernet 0/1/0/0
vrf vpn1
ipv4 address 10.0.0.2 255.0.0.0
!
router rip
vrf vpn1
interface GigabitEthernet0/1/0/0
!
timers basic 30 90 90 120
redistribute bgp 100
default-metric 3
route-policy pass-all in
!
Configuring the PE Router Using EIGRP: Example
This example shows the configuration for the Enhanced Interior Gateway Routing Protocol (EIGRP) on
the PE router:
Router eigrp 10
vrf VRF1
address-family ipv4
router-id 10.1.1.2
default-metric 100000 2000 255 1 1500
as 62
redistribute bgp 2000Implementing MPLS Layer 3 VPNs
Configuration Examples for Implementing MPLS Layer 3 VPNs
97
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
interface Loopback0
!
interface GigabitEthernet0/6/0/0
Configuration Examples for MPLS VPN CSC
Configuration examples for the MPLS VPN CSC include:
• Configuring the Backbone Carrier Core: Examples, page VPC-97
• Configuring the Links Between CSC-PE and CSC-CE Routers: Examples, page VPC-97
• Configuring a Static Route to a Peer: Example, page VPC-98
Configuring the Backbone Carrier Core: Examples
Configuration examples for the backbone carrier core included in this section are as follows:
• Configuring VRFs for CSC-PE Routers: Example, page VPC-97
• Configuring the Links Between CSC-PE and CSC-CE Routers: Examples, page VPC-97
Configuring VRFs for CSC-PE Routers: Example
This example shows how to configure a VPN routing and forwarding instance (VRF) for a CSC-PE
router:
config
vrf vpn1
address-family ipv4 unicast
import route-target 100:1
export route-target 100:1
end
Configuring the Links Between CSC-PE and CSC-CE Routers: Examples
This section contains these examples:
• Configuring a CSC-PE: Example, page VPC-97
• Configuring a CSC-CE: Example, page VPC-98
Configuring a CSC-PE: Example
In this example, a CSC-PE router peers with a PE router, 10.1.0.2, in its own AS. It also has a labeled
unicast peering with a CSC-CE router, 10.0.0.1.
config
router bgp 2
address-family vpnv4 unicast
neighbor 10.1.0.2
remote-as 2
update-source loopback0
address-family vpnv4 unicast
vrf customer-carrier
rd 1:100
address-family ipv4 unicast
allocate-label all
redistribute static
neighbor 10.0.0.1Implementing MPLS Layer 3 VPNs
Configuration Examples for Implementing MPLS Layer 3 VPNs
98
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
remote-as 1
address-family ipv4 labeled-unicast
route-policy pass-all in
route-policy pass-all out
as-override
end
Configuring a CSC-CE: Example
This example shows how to configure a CSC-CE router. In this example, the CSC-CE router peers
CSC-PE router 10.0.0.2 in AS 2.
config
router bgp 1
address-family ipv4 unicast
redistribute ospf 200
allocate-label all
neighbor 10.0.0.2
remote-as 2
address-family ipv4 labeled-unicast
route-policy pass-all in
route-policy pass-all out
end
Configuring a Static Route to a Peer: Example
This example shows how to configure a static route to an Inter-AS or CSC-CE peer:
config
router static
address-family ipv4 unicast
10.0.0.2/32 40.1.1.1
end
Configuring L3VPN over GRE: Example
The following example shows how to configure L3VPN over GRE:
Sample configuration to create a GRE tunnel between PE1 and PE2:
RP/0/RSP0/CPU0:PE1#sh run int tunnel-ip 1
interface tunnel-ip1
ipv4 address 100.1.1.1 255.255.255.0
ipv6 address 100:1:1:1::1/64
tunnel mode gre ipv4
tunnel source TenGigE0/2/0/1
tunnel destination 145.12.5.2
!
RP/0/RSP0/CPU0:PE2#sh run int tunnel-ip 1
interface tunnel-ip1
ipv4 address 100.1.1.2 255.255.255.0
ipv6 address 100:1:1:1::2/64
tunnel mode gre ipv4
tunnel source TenGigE0/1/0/2
tunnel destination 145.12.1.1
Configure IGP between PE1 and PE2:
Sample configuration for PE1 is given below. PE2 will also have a similar configuration.
RP/0/RSP0/CPU0:PE1#sh run router ospf 1Implementing MPLS Layer 3 VPNs
Configuration Examples for Implementing MPLS Layer 3 VPNs
99
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
router ospf 1
nsr
router-id 1.1.1.1 <=== Loopback0
mpls ldp sync
mtu-ignore enable
dead-interval 60
hello-interval 15
area 0
interface TenGigE0/2/0/1
!
RP/0/RSP0/CPU0:PE1#sh run router ospf 0
router ospf 0
nsr
router-id 1.1.1.1
mpls ldp sync
dead-interval 60
hello-interval 15
area 0
interface Loopback0
!
interface tunnel-ip1
!
* Check for OSPF neighbors
RP/0/RSP0/CPU0:PE1#sh ospf neighbor
Neighbors for OSPF 0
Neighbor ID Pri State Dead Time Address Interface
4.4.4.4 1 FULL/ - 00:00:47 100.1.1.2 tunnel-ip1 <==
Neighbor PE2
Neighbor is up for 00:13:40
Neighbors for OSPF 1
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/DR 00:00:50 145.12.1.2 TenGigE0/2/0/1 <==
Neighbor P1
Neighbor is up for 00:13:43
Configure LDP/GRE on PE1 and PE2:
RP/0/RSP0/CPU0:PE1#sh run mpls ldp
mpls ldp
router-id 1.1.1.1 <=== Loopback0
discovery hello holdtime 45
discovery hello interval 15
nsr
graceful-restart
graceful-restart reconnect-timeout 180
graceful-restart forwarding-state-holdtime 300
holdtime 90
log
neighbor
!
interface tunnel-ip1
!
*Check for mpls forwarding
RP/0/RSP0/CPU0:PE1#sh mpls forwarding prefix 4.4.4.4/32
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched Implementing MPLS Layer 3 VPNs
Configuration Examples for Implementing MPLS Layer 3 VPNs
100
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
---- ------- -------------- -------- ----------- ----------
16003 Pop 4.4.4.4/32 ti1 100.4.1.2 0
Configure L3VPN
RP/0/RSP0/CPU0:PE1#sh run vrf vpn1
vrf vpn1
address-family ipv4 unicast
import route-target
2:1
!
export route-target
1:1
!
RP/0/RSP0/CPU0:PE1#sh run int tenGigE 0/2/0/0.1
interface TenGigE0/2/0/0.1
vrf vpn1
ipv4 address 150.1.1.1 255.255.255.0
dot1q vlan 1
!
RP/0/RSP0/CPU0:PE1#sh run router bgp
router bgp 1
nsr
bgp router-id 1.1.1.1 <===Loopback0
address-family vpnv4 unicast
!
neighbor 4.4.4.4 <===iBGP session with PE2
remote-as 1
update-source Loopback0
address-family vpnv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
vrf vpn1
rd 1:1
address-family ipv4 unicast
redistribute connected
redistribute static
!
neighbor 150.1.1.2 <=== VRF neighbor
remote-as 7501
ebgp-multihop 10
address-family ipv4 unicast
route-policy BGP_pass_all in
route-policy BGP_pass_all out
!
* Check vrf ping to the 150.1.1.2.
RP/0/RSP0/CPU0:PE1#ping vrf vpn1 150.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
* Send traffic to vrf routes adverstised and verify that mpls counters increase in tunnel
interface accounting
RP/0/RSP0/CPU0:PE1#sh int tunnel-ip1 accounting
tunnel-ip1
Protocol Pkts In Chars In Pkts Out Chars OutImplementing MPLS Layer 3 VPNs
Configuration Examples for Implementing MPLS Layer 3 VPNs
101
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
IPV4_MULTICAST 3 276 3 276
MPLS 697747 48842290 0 0Implementing MPLS Layer 3 VPNs
Additional References
102
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Additional References
For additional information, refer to these documents:
Related Documents
Standards
MIBs
Related Topic Document Title
Cisco ASR 9000 Series Router L2VPN commands MPLS Virtual Private Network Commands on
Cisco ASR 9000 Series Routers module in the
Cisco ASR 9000 Series Aggregation Services Router MPLS
Command Reference
Routing (BGP, EIGRP, OSPF, and RIP) commands:
complete command syntax, command modes,
command history, defaults, usage guidelines, and
examples
Cisco ASR 9000 Series Aggregation Services Router Routing
Command Reference
Routing (BGP, EIGRP, OSPF, and RIP) configuration Cisco ASR 9000 Series Aggregation Services Router Routing
Configuration Guide
MPLS LDP configuration: configuration concepts,
task, and examples
Implementing MPLS Label Distribution Protocol on
Cisco ASR 9000 Series Routers module in this document.
MPLS Traffic Engineering Resource Reservation
Protocol configuration: configuration concepts, task,
and examples
Implementing RSVP for MPLS-TE on
Cisco ASR 9000 Series Routers module in this document.
Getting started material Cisco ASR 9000 Series Aggregation Services Router Getting
Started Guide
Standards Title
No new or modified standards are supported by this
feature, and support for existing standards has not been
modified by this feature.
—
MIBs MIBs Link
— To locate and download MIBs using Cisco IOS XR software, use the
Cisco MIB Locator found at this URL and choose a platform under
the Cisco Access Products menu:
http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtmlImplementing MPLS Layer 3 VPNs
Additional References
103
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
RFCs
Technical Assistance
RFCs Title
RFC 1700 Assigned Numbers
RFC 1918 Address Allocation for Private Internets
RFC 1966 BGP Route Reflectors: An Alternative to Full Mesh iBGP
RFC 2283 Multiprotocol Extensions for BGP-4
RFC 2547 BGP/MPLS VPNs
RFC 2842 Capabilities Advertisement with BGP-4
RFC 2858 Multiprotocol Extensions for BGP-4
RFC 3107 Carrying Label Information in BGP-4
Description Link
The Cisco Technical Support website contains
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
http://www.cisco.com/techsupportImplementing MPLS Layer 3 VPNs
Additional References
104
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02105
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Implementing IPv6 VPN Provider Edge Transport
over MPLS
This module describes how to implement IPv6 VPN Provider Edge Transport over MPLS on
Cisco ASR 9000 Series Aggregation Services Routers.
IPv6 VPN Provider Edge (6PE/VPE) uses the existing MPLS IPv4 core infrastructure for IPv6 transport.
6PE/VPE enables IPv6 sites to communicate with each other over an MPLS IPv4 core network using
MPLS label switched paths (LSPs).
This feature relies heavily on multiprotocol Border Gateway Protocol (BGP) extensions in the IPv4
network configuration on the provider edge (PE) router to exchange IPv6 reachability information (in
addition to an MPLS label) for each IPv6 address prefix. Edge routers are configured as dual-stack,
running both IPv4 and IPv6, and use the IPv4 mapped IPv6 address for IPv6 prefix reachability
exchange.
For detailed information about the commands used to configure L2TP functionality, see the
Cisco ASR 9000 Aggregation Services Router Routing Command Reference.
Feature History for Implementing 6PE on Cisco ASR 9000 Series Routers
Contents
• Prerequisites for Implementing 6PE/VPE, page VPC-106
• Information About 6PE/VPE, page VPC-106
• How to Implement 6PE/VPE, page VPC-109
• Configuration Examples for 6PE, page VPC-122
• Additional References, page VPC-124
Release Modification
Release 3.9.1 This feature was introduced.
Release 4.0.0 Support was added for the 6PE and 6VPE features for IPv6 L3VPN on
A9K-SIP-700.
Support was added for the BGP per VRF/CE label allocation for 6PE feature.
Release 4.1.0 Support for the Open Shortest Path First version 3 (OSPFv3) IPv6 VPN Provider
Edge (6VPE) feature was added.Implementing IPv6 VPN Provider Edge Transport over MPLS
Prerequisites for Implementing 6PE/VPE
106
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Prerequisites for Implementing 6PE/VPE
These prerequisites are required to implement 6PE:
• You must be in a user group associated with a task group that includes the proper task IDs. The
command reference guides include the task IDs required for each command.
If you suspect user group assignment is preventing you from using a command, contact your AAA
administrator for assistance.
• Familiarity with MPLS and BGP4 configuration and troubleshooting.
Information About 6PE/VPE
To configure the 6PE feature, you should understand the concepts that are described in these sections:
• Overview of 6PE/VPE, page VPC-106
• Benefits of 6PE/VPE, page VPC-107
• Deploying IPv6 over MPLS Backbones, page VPC-107
• IPv6 on the Provider Edge and Customer Edge Routers, page VPC-107
• IPv6 Provider Edge Multipath, page VPC-108
• OSPFv3 6VPE, page VPC-108
Overview of 6PE/VPE
Multiple techniques are available to integrate IPv6 services over service provider core backbones:
• Dedicated IPv6 network running over various data link layers
• Dual-stack IPv4-IPv6 backbone
• Existing MPLS backbone leverage
These solutions are deployed on service providers’ backbones when the amount of IPv6 traffic and the
revenue generated are in line with the necessary investments and the agreed-upon risks. Conditions are
favorable for the introduction of native IPv6 services, from the edge, in a scalable way, without any IPv6
addressing restrictions and without putting a well-controlled IPv4 backbone in jeopardy. Backbone
stability is essential for service providers that have recently stabilized their IPv4 infrastructure.
Service providers running an MPLS/IPv4 infrastructure follow similar trends because several integration
scenarios that offer IPv6 services on an MPLS network are possible. Cisco Systems has specially
developed Cisco 6PE or IPv6 Provider Edge Router over MPLS, to meet all those requirements.
Inter-AS support for 6PE requires support of Border Gateway Protocol (BGP) to enable address families
and to allocate and distribute PE and ASBR labels.Implementing IPv6 VPN Provider Edge Transport over MPLS
Information About 6PE/VPE
107
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Benefits of 6PE/VPE
Service providers who currently deploy MPLS experience these benefits of Cisco 6PE:
• Minimal operational cost and risk—No impact on existing IPv4 and MPLS services.
• Only provider edge routers upgrade—A 6PE/VPE router can be an existing PE router or a new one
dedicated to IPv6 traffic.
• No impact on IPv6 customer edge routers—The ISP can connect to any customer CE running Static,
IGP or EGP.
• Production services ready—An ISP can delegate IPv6 prefixes.
• IPv6 introduction into an existing MPLS service—6PE/VPE routers can be added at any time.
Deploying IPv6 over MPLS Backbones
Backbones enabled by 6PE (IPv6 over MPLS) allow IPv6 domains to communicate with each other over
an MPLS IPv4 core network. This implementation requires no backbone infrastructure upgrades and no
reconfiguration of core routers because forwarding is based on labels instead of the IP header itself. This
provides a very cost-effective strategy for IPv6 deployment.
Additionally, the inherent virtual private network (VPN) and traffic engineering (TE) services available
within an MPLS environment allow IPv6 networks to be combined into VPNs or extranets over an
infrastructure that supports IPv4 VPNs and MPLS-TE.
IPv6 on the Provider Edge and Customer Edge Routers
Service Provider Edge Routers
6PE is particularly applicable to service providers who currently run an MPLS network. One of its
advantages is that there is no need to upgrade the hardware, software, or configuration of the core
network, and it eliminates the impact on the operations and the revenues generated by existing IPv4
traffic. MPLS is used by many service providers to deliver services to customers. MPLS as a multiservice
infrastructure technology is able to provide layer 3 VPN, QoS, traffic engineering, fast re-routing and
integration of ATM and IP switching.
Customer Edge Routers
Using tunnels on the CE routers is the simplest way to deploy IPv6 over MPLS networks. It has no
impact on the operation or infrastructure of MPLS, and requires no changes to the P routers in the core
or to the PE routers. However, tunnel meshing is required as the number of CEs to connect increases,
and it becomes difficult to delegate a global IPv6 prefix for an ISP.
Figure 7 illustrates the network architecture using tunnels on the CE routers. Implementing IPv6 VPN Provider Edge Transport over MPLS
Information About 6PE/VPE
108
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Figure 7 IPv6 Using Tunnels on the CE Routers
IPv6 Provider Edge Multipath
Internal and external BGP multipath for IPv6 allows the IPv6 router to balance load between several
paths (for example, the same neighboring autonomous system (AS) or sub-AS, or the same metrics) to
reach its destination. The 6PE multipath feature uses multiprotocol internal BGP (MP-IBGP) to
distribute IPv6 routes over the MPLS IPv4 core network and to attach an MPLS label to each route.
When MP-IBGP multipath is enabled on the 6PE router, all labeled paths are installed in the forwarding
table with available MPLS information (label stack). This functionality enables 6PE to perform load
balancing.
OSPFv3 6VPE
The Open Shortest Path First version 3 (OSPFv3) IPv6 VPN Provider Edge (6VPE) feature adds VPN
routing and forwarding (VRF) and provider edge-to-customer edge(PE-CE) routing support to
Cisco IOS XR OSPFv3 implementation. This feature allows:
• Multiple VRF support per OSPFv3 routing process
• OSPFV3 PE-CE extensions
Multiple VRF Support
OSPFv3 supports multiple VRFs in a single routing process that allows scaling to tens and hundreds of
VRFs without consuming too much route processor (RP) resources.
v6
IPv6
PE
PE
P
OC-48/192
IPv6 over IPv4 tunnels
v4
IPv4
v6
IPv6
v4
IPv4
v6
IPv6
IPv6
IPv4
v6
v4
P
P P
PE
PE
Dual stack
IPv4-IPv6
CE routers
Dual stack
IPv4-IPv6
CE routers
210608Implementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
109
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Multiple OSPFv3 processes can be configured on a single router. In large-scale VRF deployments, this
allows partition VRF processing across multiple RPs. It is also used to isolate default routing table or
high impact VRFs from the regular VRFs. It is recommended to use a single process for all the VRFs.
If needed, a second OSPFv3 process must be configured for IPv6 routing.
Note The maximum of four OSPFv3 processes are supported.
OSPFv3 PE-CE Extensions
IPv6 protocol is being vastly deployed in today's customer networks. Service Providers (SPs) need to be
able to offer Virtual Private Network (VPN) services to their customers for supporting IPv6 protocol, in
addition to the already offered VPN services for IPv4 protocol.
In order to support IPv6, routing protocols require additional extensions for operating in the VPN
environment. Extensions to OSPFv3 are required in order for OSPFv3 to operate at the PE-CE links.
VRF Lite
VRF lite feature enables VRF deployment without BGP or MPLS based backbone. In VRF lite, the PE
routers are directly connected using VRF interfaces. For OSPFv3, the following needs to operate
differently in the VRF lite scenario, as opposed to the deployment with BGP or MPLS backbone:
• DN bit processing—In VRF lite environment, the DN bit processing is disabled.
• ABR status—In VRF context (except default VRF), OSPFv3 router is automatically set as an ABR,
regardless to it’s connectivity to area 0. This automatic ABR status setting is disabled in the VRF
lite environment.
Note To enable VRF Lite, issue the capability vrf-lite command in the OSPFv3 VRF configuration submode.
How to Implement 6PE/VPE
This section includes these implementation procedures:
• Configuring 6PE/VPE, page VPC-109
• Configuring PE to PE Core, page VPC-111
• Configuring PE to CE Core, page VPC-115
• Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers, page VPC-118
Configuring 6PE/VPE
This task describes how to configure 6PE/VPE on PE routers to transport the IPv6 prefixes across the
IPv4 cloud.
Ensure that you configure 6PE/VPE on PE routers participating in both the IPv4 cloud and IPv6 clouds. Implementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
110
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Note For 6PE, you can use all routing protocols supported on Cisco IOS XR software such as BGP, OSPF,
IS-IS, EIGRP, RIP, and Static to learn routes from both clouds. However, for 6VPE, you can use only
the BGP, EIGRP and Static routing protocols to learn routes.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. neighbor ip-address
4. address-family ipv6 labeled-unicast
5. exit
6. exit
7. address-family ipv6 unicast
8. allocate-label [all | route-policy policy_name]
9. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 1
Enters the number that identifies the autonomous system
(AS) in which the router resides.
Range for 2-byte numbers is 1 to 65535. Range for 4-byte
numbers is 1.0 to 65535.65535.
Step 3 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
1.1.1.1
Enters neighbor configuration mode for configuring Border
Gateway Protocol (BGP) routing sessions.
Step 4 address-family ipv6 labeled-unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family ipv6 labeled-unicast
Specifies IPv6 labeled-unicast address prefixes.
Note This option is also available in IPv6 neighbor
configuration mode and VRF neighbor
configuration mode.
Step 5 exit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# exit
Exits BGP address-family submode.Implementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
111
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring PE to PE Core
This task describes how to configure a Provider Edge (PE) to PE Core.
For information on configuring VPN Routing and Forwarding (VRF), refer to the Implementing BGP on
Cisco ASR 9000 Series Router module of the Cisco ASR 9000 Series Aggregation Services Router
Routing Configuration Guide.
SUMMARY STEPS
1. configure
2. router bgp
3. address-family vpnv6 unicast
Step 6 exit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# exit
Exits BGP neighbor submode.
Step 7 address-family ipv6 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family ipv6 unicast
Specifies IPv6 unicast address prefixes.
Step 8 allocate-label [all | route-policy policy_name]
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
allocate-label all
Allocates MPLS labels for specified IPv4 unicast routes.
Note The route-policy keyword provides finer control to
filter out certain routes from being advertised to the
neighbor.
Step 9 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-af)# commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
112
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
4. bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ]
5. bgp client-to-client reflection { cluster-id | disable }
6. neighbor ip-address
7. remote-as as-number
8. description text
9. password { clear | encrypted } password
10. shutdown
11. timers keepalive hold-time
12. update-source type interface-id
13. address-family vpnv6 unicast
14. route-policy route-policy-name { in | out }
15. exit
16. vrf vrf-name
17. rd { as-number : nn | ip-address : nn | auto }
18. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 10
Specifies the BGP AS number and enters the BGP
configuration mode, allowing you to configure the BGP
routing process.
Step 3 address-family vpnv6 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv6 unicast
Specifies the vpnv6 address family and enters address
family configuration submode.
Step 4 bgp dampening [ half-life [ reuse suppress
max-suppress-time ] | route-policy
route-policy-name ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# bgp
dampening 30 1500 10000 120
Configures BGP dampening for the specified address
family.Implementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
113
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 5 bgp client-to-client reflection {cluster-id |
disable }
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# bgp
client-to-client reflection disable
Configures client to client route reflection.
Step 6 exit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# exit
Exits the address family configuration submode.
Step 7 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
10.1.1.1
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address as a BGP
peer.
Step 8 remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 100
Creates a neighbor and assigns a remote autonomous
system number to it.
Step 9 description text
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
description neighbor 172.16.1.1
Provides a description of the neighbor. The description is
used to save comments and does not affect software
function.
Step 10 password { clear | encrypted } password
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# password
encrypted 123abc
Enables Message Digest 5 (MD5) authentication on the
TCP connection between the two BGP neighbors.
Step 11 shutdown
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# router
bgp 1
Terminates any active sessions for the specified neighbor
and removes all associated routing information.
Step 12 timers keepalive hold-time
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# timers
12000 200
Set the timers for the BGP neighbor.
Step 13 update-source type interface-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
update-source gigabitEthernet 0/1/5/0
Allows iBGP sessions to use the primary IP address from a
specific interface as the local address when forming an
iBGP session with a neighbor.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
114
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 14 address-family vpnv6 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpvn6 unicast
Enters VPN neighbor address family configuration mode.
Step 15 route-policy route-policy-name { in | out }
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pe-pe-vpn-in in
Specifies a routing policy for an inbound route. The policy
can be used to filter routes or modify route attributes.
Step 16 route-policy route-policy-name { in | out }
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pe-pe-vpn-out out
Specifies a routing policy for an outbound route. The policy
can be used to filter routes or modify route attributes.
Step 17 exit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# exit
Exits address family configuration and neighbor submode.
Step 18 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf-pe
Configures a VRF instance.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
115
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring PE to CE Core
This task describes how to configure a PE to Customer Edge (CE) core.
SUMMARY STEPS
1. configure
2. router bgp
3. vrf vrf-name
4. bgp router-id ip-address
5. label-allocation-mode { per-ce | per-vrf }
6. address-family ipv6 unicast
7. redistribute {connected | static | eigrp }
8. neighbor ip-address
9. remote-as as-number
10. ebgp-multihop { maximum hops | mpls }
11. address-family ipv6 unicast
12. site-of-origin [ as-number : nn | ip-address : nn ]
Step 19 rd { as-number : nn | ip-address : nn | auto }
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
rd 345:567
Configures the route distinguisher.
Use the auto keyword if you want the router to
automatically assign a unique RD to the VRF.
Step 20 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# end
or
RP/0/RSP0/CPU0:router(config-bgp-vrf)# commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
116
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
13. as-override
14. allowas-in [ as-occurrence-number ]
15. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 10
Specifies the BGP AS number and enters the BGP
configuration mode, allowing you to configure the BGP
routing process.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf-pe
Configures a VRF instance.
Step 4 bgp router-id ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#bgp
router-id 172.16.9.9
Configures a fixed router ID for a BGP-speaking router.
Step 5 label-allocation-mode { per-ce | per-vrf }
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
label-allocation-mode per-ce
Configures the per-CE label allocation mode to avoid an
extra lookup on the PE router and conserve label space
(per-prefix is the default label allocation mode). In this
mode, the PE router allocates one label for every immediate
next-hop (in most cases, this would be a CE router). This
label is directly mapped to the next hop, so there is no VRF
route lookup performed during data forwarding. However,
the number of labels allocated would be one for each CE
rather than one for each VRF. Because BGP knows all the
next hops, it assigns a label for each next hop (not for each
PE-CE interface). When the outgoing interface is a
multiaccess interface and the media access control (MAC)
address of the neighbor is not known, Address Resolution
Protocol (ARP) is triggered during packet forwarding.
The per-vrf keyword configures the same label to be used
for all the routes advertised from a unique VRF.Implementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
117
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 6 address-family ipv6 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
address-family ipv6 unicast
Specifies an IPv6 address family unicast and enters address
family configuration submode.
To see a list of all the possible keywords and arguments for
this command, use the CLI help (?).
Step 7 redistribute {connected | static | eigrp }
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
Causes routes from the specified instance to be redistributed
into BGP.
Step 8 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
neighbor 10.0.0.0
Configures a CE neighbor. The ip-address argument must
be a private address.
Step 9 remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
remote-as 2
Configures the remote AS for the CE neighbor.
Step 10 ebgp-multihop { maximum hops | mpls }
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
ebgp-multihop 55
Configures the CE neighbor to accept and attempt BGP
connections to external peers residing on networks that are
not directly connected.
Step 11 address-family ipv6 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
address-family ipv6 unicast
Specifies an IPv6 address family unicast and enters address
family configuration submode.
To see a list of all the possible keywords and arguments for
this command, use the CLI help (?).
Step 12 site-of-origin [as-number:nn | ip-address:nn ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
site-of-origin 234:111
Configures the site-of-origin (SoO) extended community.
Routes that are learned from this CE neighbor are tagged
with the SoO extended community before being advertised
to the rest of the PEs. SoO is frequently used to detect loops
when as-override is configured on the PE router. If the
prefix is looped back to the same site, the PE detects this
and does not send the update to the CE.
Step 13 as-override
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
as-override
Configures AS override on the PE router. This causes the PE
router to replace the CE’s ASN with its own (PE) ASN.
Note This loss of information could lead to routing loops;
to avoid loops caused by as-override, use it in
conjunction with site-of-origin.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
118
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers
Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Open
Shortest Path First version 3 (OSPFv3).
SUMMARY STEPS
1. configure
2. router ospfv3 process-name
3. vrf vrf-name
4. capability vrf-lite
5. router-id {router-id | type interface-path-id}
6. domain-id type {0005 | 0105 | 0205 | 8005} value domain-id
7. redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
or
Step 14 allowas-in [ as-occurrence-number ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
allowas-in 5
Allows an AS path with the PE autonomous system number
(ASN) a specified number of times.
Hub and spoke VPN networks need the looping back of
routing information to the HUB PE through the HUB CE.
When this happens, due to the presence of the PE ASN, the
looped-back information is dropped by the HUB PE. To
avoid this, use the allowas-in command to allow prefixes
even if they have the PEs ASN up to the specified number
of times.
Step 15 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
end
or
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
119
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name]
[tag tag-value]
or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric
metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
or
redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag
tag-value]
or
redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric
metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
or
redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag
tag-value]
8. area area-id
9. interface type interface-path-id
10. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router ospf process-name
Example:
RP/0/RSP0/CPU0:router(config)# router ospf 109
Enters OSPF configuration mode allowing you to configure
the OSPF routing process.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-ospf)# vrf vrf_1
Configures a VPN routing and forwarding (VRF) instance
and enters VRF configuration mode for OSPF routing.
Step 4 capability vrf-lite
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)#
capability vrf-lite
Enables VRF Lite feature.
Step 5 router-id {router-id | type interface-path-id}
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)#
router-id 172.20.10.10
Configures the router ID for the VRF.
Note Router ID configuration is required for each VRF.Implementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
120
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 6 domain-id type {0005 | 0105 | 0205 | 8005}
value domain-id
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)#
domain-id type 0005 value CAFE00112233
Specifies the domain ID.
Step 7 redistribute bgp process-id [metric
metric-value] [metric-type {1 | 2}]
[route-policy policy-name] [tag tag-value]
or
redistribute connected [metric metric-value]
[metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
or
redistribute ospf process-id [match {external
[1 | 2] | internal | nssa-external [1 | 2]}]
[metric metric-value] [metric-type {1 | 2}]
[route-policy policy-name] [tag tag-value]
or
redistribute static [metric metric-value]
[metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
or
redistribute eigrp process-id [match {external
[1 | 2] | internal | nssa-external [1 |
2]]}[metric metric-value] [metric-type {1 | 2}]
[route-policy policy-name] [tag tag-value]
or
redistribute rip [metric metric-value]
[metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)#
redistribute connected
Causes routes to be redistributed into OSPF. The routes that
can be redistributed into OSPF are:
• Border Gateway Protocol (BGP)
• Connected
• Enhanced Interior Gateway Routing Protocol (EIGRP)
• OSPF
• Static
• Routing Information Protocol (RIP)
Step 8 area area-id
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)# area 0
Configures the OSPF area as area 0.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
121
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 9 interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar)#
interface GigabitEthernet 0/3/0/0
Associates interface GigabitEthernet 0/3/0/0 with area 0.
Step 10 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)#
end
or
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
– Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
– Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
Configuration Examples for 6PE
122
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuration Examples for 6PE
This section includes these configuration example:
• Configuring 6PE on a PE Router: Example, page VPC-122
• Configuring 6VPE on a PE Router: Example, page VPC-122
•
Configuring 6PE on a PE Router: Example
This sample configuration shows the configuration of 6PE on a PE router:
interface GigabitEthernet0/3/0/0
ipv6 address 2001::1/64
!
router isis ipv6-cloud
net 49.0000.0000.0001.00
address-family ipv6 unicast
single-topology
interface GigabitEthernet0/3/0/0
address-family ipv6 unicast
!
!
router bgp 55400
bgp router-id 54.6.1.1
address-family ipv4 unicast
!
address-family ipv6 unicast
network 55:5::/64
redistribute connected
redistribute isis ipv6-cloud
allocate-label all
!
neighbor 34.4.3.3
remote-as 55400
address-family ipv4 unicast
!
address-family ipv6 labeled-unicast
Configuring 6VPE on a PE Router: Example
This sample configuration shows the configuration of 6VPE on a PE router:
vrf vpn1
address-family ipv6 unicast
import route-target
200:2
!
export route-target
200:2
interface Loopback0
ipv4 address 10.0.0.1 255.255.255.255
interface GigabitEthernet0/0/0/1
vrf vpn1
ipv6 address 2001:c003:a::2/64 Implementing IPv6 VPN Provider Edge Transport over MPLS
Configuration Examples for 6PE
123
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
router bgp 1
bgp router-id 10.0.0.1
bgp redistribute-internal
bgp graceful-restart
address-family ipv4 unicast
!
address-family vpnv6 unicast
!
neighbor 10.0.0.2 >>>> Remote peer loopback address.
remote-as 1
update-source Loopback0
address-family ipv4 unicast
!
address-family vpnv6 unicast
route-policy pass-all in
route-policy pass-all out
!
vrf vpn1
rd 100:2
bgp router-id 140.140.140.140
address-family ipv6 unicast
redistribute connected
!
neighbor 2001:c003:a::1
remote-as 6502
address-family ipv6 unicast
route-policy pass-all in
route-policy pass-all out
!
Configuring OSPFv3 between PE to CE: Example:
This example shows you how to configure provider edge (PE)-to-customer edge (CE) routing sessions
that use Open Shortest Path First version 3 (OSPFv3):
router ospfv3 0
vrf V1
router-id 100.0.0.2
domain-id type 0005 value CAFE00112233
domain-id secondary type 0105 value beef00000001
domain-id secondary type 0205 value beef00000002
capability vrf-lite
redistribute bgp 1
area 0
interface POS0/3/0/1
vrf V2
router-id 200.0.0.2
capability vrf-lite
area 1
interface POS0/3/0/2Implementing IPv6 VPN Provider Edge Transport over MPLS
Additional References
124
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Additional References
For additional information related to this feature, refer to these references:
Related Document
Standards
MIBs
RFCs
Related Topic Document Title
Getting started material Cisco ASR 9000 Series Aggregation Services Router Getting
Started Guide
Standards
1
1. Not all supported standards are listed.
Title
No new or modified standards are supported by this
feature, and support for existing standards has not been
modified by this feature.
—
MIBs MIBs Link
— To locate and download MIBs using Cisco IOS XR software, use the
Cisco MIB Locator found at this URL and choose a platform under
the Cisco Access Products menu:
http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs Title
— —Implementing IPv6 VPN Provider Edge Transport over MPLS
Additional References
125
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Technical Assistance
Description Link
The Cisco Technical Support website contains
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
http://www.cisco.com/techsupportImplementing IPv6 VPN Provider Edge Transport over MPLS
Additional References
126
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02127
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
HC Cisco ASR 9000 Series Aggregation Services Router Interface
and Hardware Component Configuration Guide
IC Cisco ASR 9000 Series Aggregation Services Router IP
Addresses and Services Configuration Guide
MCC Cisco ASR 9000 Series Aggregation Services Router
Multicast Configuration Guide
MNC Cisco ASR 9000 Series Aggregation Services Router System
Monitoring Configuration Guide
MPC Cisco ASR 9000 Series Aggregation Services Router MPLS
Configuration Guide
QC Cisco ASR 9000 Series Aggregation Services Router Modular
Quality of Service Configuration Guide
RC Cisco ASR 9000 Series Aggregation Services Router Routing
Configuration Guide
SC Cisco ASR 9000 Series Aggregation Services Router System
Security Configuration Guide
SMC Cisco ASR 9000 Series Aggregation Services Router System
Management Configuration Guide
LSC Cisco ASR 9000 Series Aggregation Services Router L2VPN
and Ethernet Services Configuration Guide
I N D E X
Numerics
6PE/VPE
BGP multipath VPC-108
conditions for use VPC-106
how to configure VPC-109
how to deploy VPC-107
overview VPC-106
prerequisites VPC-106
service provider considerations VPC-106
supported protocols VPC-110
A
automatic route distinguisher, MPLS Layer 3 VPN VPC-15
autonomous system VPC-16
B
BGP
confederations VPC-17
BGP (border gateway protocol)
distributing routes VPC-21
messages and MPLS labels VPC-20
routing information VPC-20
BGP4 configuration VPC-106
BGP multipath
6PE/VPE VPC-108
C
CSC (Carrier Supporting Carrier)
configuration examples VPC-78
configuration options for backbone and customer
carriers VPC-24
configuring a CSC-PE link VPC-71
configuring a static route to a peer VPC-78
customer carrier network options VPC-24
identifying topology VPC-70
CSC-CE link, how to configure VPC-75
CSC-PE link, how to configure VPC-71
customer edge router
6PE/VPE VPC-107
MPLS Layer 3 VPN VPC-12
customer edge router (CE)
MPLS Layer 3 VPN VPC-12
E
eBGP VPC-10Index
128
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
G
Generic Routing Encapsulation (GRE over
L3VPN) VPC-21
I
Inter-AS configurations
BGP VPC-17
interprovider VPN VPC-16
supported VPC-16
interprovider VPN, MPLS VPN VPC-17
M
MPLS Layer 3 VPN
automatic route distinguisher VPC-15
autonomous system VPC-16
components VPC-12
concepts VPC-11
customer edge router VPC-12
customer router VPC-12
defined VPC-11
defining VPC-11
distributed routing information VPC-13
FIB VPC-10
implementing VPC-11
major components VPC-15
MPLS forwarding VPC-14
PE router VPC-12
prerequisites VPC-10
provider router VPC-12
restrictions VPC-10
scalability VPC-12
security VPC-12
topology VPC-12
VPN routing information VPC-14
working VPC-13
MPLS VPN
Inter-AS ASBRs VPC-15
major components VPC-15
P
PE router
MPLS Layer 3 VPN VPC-12
S
service provider edge routers, 6PE VPC-107
service providers, 6PE VPC-106
static
router to a peer, how to configure VPC-78
T
tunnel types
6PE VPC-107
V
verifying IP connectivity, CSC
MPLS Layer 3 VPN VPC-71
VRF (virtual routing and forwarding)
configuring backbone carrier core VPC-71
Cisco ASR 9000 Series Aggregation Services Router MPLS
Configuration Guide, Release 4.2.x
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-26056-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown
for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S
P r e f a c e Preface xiii
Changes to This Document xiii
Obtaining Documentation and Submitting a Service Request xiii
C H A P T E R 1 Implementing MPLS Label Distribution Protocol 1
Prerequisites for Implementing Cisco MPLS LDP 2
Information About Implementing Cisco MPLS LDP 2
Overview of Label Distribution Protocol 2
Label Switched Paths 2
LDP Control Plane 3
Exchanging Label Bindings 4
LDP Forwarding 5
LDP Graceful Restart 6
Control Plane Failure 7
Phases in Graceful Restart 8
Recovery with Graceful-Restart 9
Label Advertisement Control (Outbound Filtering) 10
Label Acceptance Control (Inbound Filtering) 10
Local Label Allocation Control 11
Session Protection 11
IGP Synchronization 12
IGP Auto-configuration 13
LDP Nonstop Routing 13
IP LDP Fast Reroute Loop Free Alternate 14
Downstream on Demand 15
Explicit-Null and Implicit-Null Labels 16
How to Implement MPLS LDP 16
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 iiiConfiguring LDP Discovery Parameters 17
Configuring LDP Discovery Over a Link 19
Configuring LDP Discovery for Active Targeted Hellos 20
Configuring LDP Discovery for Passive Targeted Hellos 22
Configuring Label Advertisement Control (Outbound Filtering) 24
Setting Up LDP Neighbors 26
Setting Up LDP Forwarding 29
Setting Up LDP NSF Using Graceful Restart 31
Configuring Label Acceptance Control (Inbound Filtering) 34
Configuring Local Label Allocation Control 36
Configuring Session Protection 37
Configuring LDP IGP Synchronization: OSPF 39
Configuring LDP IGP Synchronization: ISIS 40
Enabling LDP Auto-Configuration for a Specified OSPF Instance 42
Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance 44
Disabling LDP Auto-Configuration 46
Configuring LDP Nonstop Routing 48
Configuring LDP Downstream on Demand mode 50
Redistributing MPLS LDP Routes into BGP 51
Setting Up Implicit-Null-Override Label 52
Configuration Examples for Implementing MPLS LDP 54
Configuring LDP with Graceful Restart: Example 54
Configuring LDP Discovery: Example 54
Configuring LDP Link: Example 54
Configuring LDP Discovery for Targeted Hellos: Example 55
Configuring Label Advertisement (Outbound Filtering): Example 55
Configuring LDP Neighbors: Example 56
Configuring LDP Forwarding: Example 56
Configuring LDP Nonstop Forwarding with Graceful Restart: Example 56
Configuring Label Acceptance (Inbound Filtering): Example 57
Configuring Local Label Allocation Control: Example 57
Configuring LDP Session Protection: Example 58
Configuring LDP IGP Synchronization—OSPF: Example 58
Configuring LDP IGP Synchronization—ISIS: Example 58
Configuring LDP Auto-Configuration: Example 59
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
iv OL-26056-02
ContentsConfigure IP LDP Fast Reroute Loop Free Alternate: Example 59
Verify IP LDP Fast Reroute Loop Free Alternate: Example 61
Additional References 63
C H A P T E R 2 Implementing RSVP for MPLS-TE 65
Prerequisites for Implementing RSVP for MPLS-TE 66
Information About Implementing RSVP for MPLS-TE 66
Overview of RSVP for MPLS-TE 66
LSP Setup 67
High Availability 67
Graceful Restart 67
Graceful Restart: Standard and Interface-Based 68
Graceful Restart: Figure 69
ACL-based Prefix Filtering 70
RSVP MIB 70
Information About Implementing RSVP Authentication 71
RSVP Authentication Functions 71
RSVP Authentication Design 71
Global, Interface, and Neighbor Authentication Modes 72
Security Association 73
Key-source Key-chain 74
Guidelines for Window-Size and Out-of-Sequence Messages 75
Caveats for Out-of-Sequence 75
How to Implement RSVP 75
Configuring Traffic Engineering Tunnel Bandwidth 76
Confirming DiffServ-TE Bandwidth 76
Enabling Graceful Restart 78
Configuring ACL-based Prefix Filtering 80
Configuring ACLs for Prefix Filtering 80
Configuring RSVP Packet Dropping 81
Verifying RSVP Configuration 83
Enabling RSVP Traps 86
How to Implement RSVP Authentication 88
Configuring Global Configuration Mode RSVP Authentication 88
Enabling RSVP Authentication Using the Keychain in Global Configuration Mode 88
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 v
ContentsConfiguring a Lifetime for RSVP Authentication in Global Configuration Mode 90
Configuring the Window Size for RSVP Authentication in Global Configuration
Mode 91
Configuring an Interface for RSVP Authentication 93
Specifying the RSVP Authentication Keychain in Interface Mode 93
Configuring a Lifetime for an Interface for RSVP Authentication 95
Configuring the Window Size for an Interface for RSVP Authentication 96
Configuring RSVP Neighbor Authentication 98
Specifying the Keychain for RSVP Neighbor Authentication 98
Configuring a Lifetime for RSVP Neighbor Authentication 100
Configuring the Window Size for RSVP Neighbor Authentication 102
Verifying the Details of the RSVP Authentication 104
Eliminating Security Associations for RSVP Authentication 104
Configuration Examples for RSVP 104
Bandwidth Configuration (Prestandard): Example 104
Bandwidth Configuration (MAM): Example 104
Bandwidth Configuration (RDM): Example 105
Refresh Reduction and Reliable Messaging Configuration: Examples 105
Refresh Interval and the Number of Refresh Messages Configuration: Example 105
Retransmit Time Used in Reliable Messaging Configuration: Example 105
Acknowledgement Times Configuration: Example 105
Summary Refresh Message Size Configuration: Example 106
Disable Refresh Reduction: Example 106
Configure Graceful Restart: Examples 106
Enable Graceful Restart: Example 106
Enable Interface-Based Graceful Restart: Example 106
Change the Restart-Time: Example 107
Change the Hello Interval: Example 107
Configure ACL-based Prefix Filtering: Example 107
Set DSCP for RSVP Packets: Example 107
Enable RSVP Traps: Example 108
Configuration Examples for RSVP Authentication 108
RSVP Authentication Global Configuration Mode: Example 108
RSVP Authentication for an Interface: Example 109
RSVP Neighbor Authentication: Example 109
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
vi OL-26056-02
ContentsRSVP Authentication by Using All the Modes: Example 110
Additional References 110
C H A P T E R 3 Implementing MPLS Forwarding 113
Prerequisites for Implementing Cisco MPLS Forwarding 113
Restrictions for Implementing Cisco MPLS Forwarding 113
Information About Implementing MPLS Forwarding 114
MPLS Forwarding Overview 114
Label Switching Functions 114
Distribution of Label Bindings 115
MFI Control-Plane Services 115
MFI Data-Plane Services 115
MPLS Maximum Transmission Unit 116
Additional References 116
C H A P T E R 4 Implementing MPLS Traffic Engineering 119
Prerequisites for Implementing Cisco MPLS Traffic Engineering 120
Restrictions for Implementing Cisco MPLS Traffic Engineering 120
Information About Implementing MPLS Traffic Engineering 121
Overview of MPLS Traffic Engineering 121
Benefits of MPLS Traffic Engineering 121
How MPLS-TE Works 121
MPLS Traffic Engineering 123
Backup AutoTunnels 123
AutoTunnel Attribute-set 123
Link Protection 124
Node Protection 124
Backup AutoTunnel Assignment 125
Explicit Paths 126
Periodic Backup Promotion 126
Protocol-Based CLI 126
Differentiated Services Traffic Engineering 127
Prestandard DS-TE Mode 127
IETF DS-TE Mode 127
Bandwidth Constraint Models 128
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 vii
ContentsMaximum Allocation Bandwidth Constraint Model 128
Russian Doll Bandwidth Constraint Model 128
TE Class Mapping 129
Flooding 129
Flooding Triggers 129
Flooding Thresholds 130
Fast Reroute 130
MPLS-TE and Fast Reroute over Link Bundles 131
Ignore Intermediate System-to-Intermediate System Overload Bit Setting in MPLS-TE 131
Flexible Name-based Tunnel Constraints 132
MPLS Traffic Engineering Interarea Tunneling 133
Interarea Support 133
Multiarea Support 134
Loose Hop Expansion 134
Loose Hop Reoptimization 135
ABR Node Protection 135
Fast Reroute Node Protection 135
MPLS-TE Forwarding Adjacency 135
MPLS-TE Forwarding Adjacency Benefits 136
MPLS-TE Forwarding Adjacency Restrictions 136
MPLS-TE Forwarding Adjacency Prerequisites 136
Path Computation Element 136
Path Protection 138
Prerequisites for Path Protection 138
Restrictions for Path Protection 139
MPLS-TE Automatic Bandwidth 139
MPLS-TE Automatic Bandwidth Overview 139
Adjustment Threshold 141
Overflow Detection 141
Restrictions for MPLS-TE Automatic Bandwidth 141
Point-to-Multipoint Traffic-Engineering 142
Point-to-Multipoint Traffic-Engineering Overview 142
Point-to-Multipoint RSVP-TE 144
Point-to-Multipoint Fast Reroute 144
Point-to-Multipoint Label Switch Path 144
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
viii OL-26056-02
ContentsPath Option for Point-to-Multipoint RSVP-TE 145
MPLS Traffic Engineering Shared Risk Link Groups 146
Explicit Path 147
Fast ReRoute with SRLG Constraints 148
Importance of Protection 149
Delivery of Packets During a Failure 150
Multiple Backup Tunnels Protecting the Same Interface 150
SRLG Limitations 150
Soft-Preemption 151
Path Option Attributes 151
Configuration Hierarchy of Path Option Attributes 152
Traffic Engineering Bandwidth and Bandwidth Pools 152
Path Option Switchover 153
Path Option and Path Protection 153
Auto-Tunnel Mesh 154
Destination List (Prefix-List) 154
How to Implement Traffic Engineering 155
Building MPLS-TE Topology 155
Creating an MPLS-TE Tunnel 158
Configuring Forwarding over the MPLS-TE Tunnel 161
Protecting MPLS Tunnels with Fast Reroute 164
Enabling an AutoTunnel Backup 169
Removing an AutoTunnel Backup 170
Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPs 172
Establishing Next-Hop Tunnels with Link Protection 174
Configuring a Prestandard DS-TE Tunnel 176
Configuring an IETF DS-TE Tunnel Using RDM 178
Configuring an IETF DS-TE Tunnel Using MAM 181
Configuring MPLS -TE and Fast-Reroute on OSPF 184
Configuring the Ignore Integrated IS-IS Overload Bit Setting in MPLS-TE 187
Configuring Flexible Name-based Tunnel Constraints 188
Assigning Color Names to Numeric Values 188
Associating Affinity-Names with TE Links 190
Associating Affinity Constraints for TE Tunnels 192
Configuring IS-IS to Flood MPLS-TE Link Information 193
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 ix
ContentsConfiguring an OSPF Area of MPLS-TE 195
Configuring Explicit Paths with ABRs Configured as Loose Addresses 197
Configuring MPLS-TE Forwarding Adjacency 199
Configuring a Path Computation Client and Element 200
Configuring a Path Computation Client 200
Configuring a Path Computation Element Address 202
Configuring PCE Parameters 203
Configuring Path Protection on MPLS-TE 206
Enabling Path Protection for an Interface 206
Assigning a Dynamic Path Option to a Tunnel 208
Forcing a Manual Switchover on a Path-Protected Tunnel 210
Configuring the Delay the Tunnel Takes Before Reoptimization 210
Configuring the Automatic Bandwidth 212
Configuring the Collection Frequency 212
Forcing the Current Application Period to Expire Immediately 214
Configuring the Automatic Bandwidth Functions 215
Configuring the Shared Risk Link Groups 218
Configuring the SRLG Values of Each Link that has a Shared Risk with Another
Link 218
Creating an Explicit Path With Exclude SRLG 220
Using Explicit Path With Exclude SRLG 222
Creating a Link Protection on Backup Tunnel with SRLG Constraint 226
Creating a Node Protection on Backup Tunnel with SRLG Constraint 229
Configuring Point-to-Multipoint TE 232
Enabling Multicast Routing on the Router 232
Configuring the Static Group for the Point-to-Multipoint Interface 235
Configuring Destinations for the Tunnel Interface 237
Disabling Destinations 241
Logging Per Destinations for Point-to-Multipoint 243
Enabling Soft-Preemption on a Node 245
Enabling Soft-Preemption on a Tunnel 247
Configuring Attributes within a Path-Option Attribute 249
Configuring Auto-Tunnel Mesh Tunnel ID 251
Configuring Auto-tunnel Mesh Unused Timeout 252
Configuring Auto-Tunnel Mesh Group 254
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
x OL-26056-02
ContentsConfiguring Tunnel Attribute-Set Templates 256
Enabling LDP on Auto-Tunnel Mesh 258
Configuration Examples for Cisco MPLS-TE 260
Build MPLS-TE Topology and Tunnels: Example 260
Configure IETF DS-TE Tunnels: Example 261
Configure MPLS-TE and Fast-Reroute on OSPF: Example 262
Configure the Ignore IS-IS Overload Bit Setting in MPLS-TE: Example 262
Configure Flexible Name-based Tunnel Constraints: Example 263
Configure an Interarea Tunnel: Example 264
Configure Forwarding Adjacency: Example 265
Configure PCE: Example 265
Configure Tunnels for Path Protection: Example 266
Configure Automatic Bandwidth: Example 267
Configure the MPLS-TE Shared Risk Link Groups: Example 267
Configure the MPLS-TE Auto-Tunnel Backup: Example 269
Configure Point-to-Multipoint TE: Examples 276
P2MP Topology Scenario: Example 276
Configure Point-to-Multipoint for the Source: Example 278
Configure the Point-to-Multipoint Tunnel: Example 278
Disable a Destination: Example 279
Configure the Point-to-Multipoint Solution: Example 279
Additional References 283
C H A P T E R 5 Implementing MPLS OAM 285
Prerequisites for MPLS LSP Ping and Traceroute for P2MP 285
MPLS Network Management with MPLS LSP Ping and MPLS LSP Traceroute 286
Roles of Various Routers 286
P2MP Ping 287
P2MP Traceroute 288
Configure the Ping and Traceroute: Example 288
C H A P T E R 6 Implementing MPLS Transport Profile 295
Restrictions for MPLS-TP 295
Information About Implementing MPLS Transport Profile 296
MPLS Transport Profile 296
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 xi
ContentsBidirectional LSPs 297
MPLS-TP Path Protection 297
Fault OAM Support 297
MPLS-TP Links and Physical Interfaces 299
Tunnel LSPs 299
MPLS-TP IP-less support 300
How to Implement MPLS Transport Profile 300
Configuring the Node ID and Global ID 300
Configuring Pseudowire OAM Attributes 301
Configuring the Pseudowire Class 302
Configuring the Pseudowire 303
Configuring the MPLS TP Tunnel 304
Configuring MPLS-TP LSPs at Midpoint 307
Configuring MPLS-TP Links and Physical Interfaces 309
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
xii OL-26056-02
ContentsPreface
The Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide preface contains these
sections:
• Changes to This Document, page xiii
• Obtaining Documentation and Submitting a Service Request, page xiii
Changes to This Document
This table lists the technical changes made to this document since it was first printed.
Table 1: Changes to This Document
Revision Date Change Summary
Republished with documentation
updates for Cisco IOS XR Release
4.2.1.
OL-26056-02 June 2012
OL-26056-01 December 2011 Initial release of this document.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation,submitting a service request, and gathering additional information,
see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco
technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 xiii Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
xiv OL-26056-02
Preface
Obtaining Documentation and Submitting a Service RequestC H A P T E R 1
Implementing MPLS Label Distribution Protocol
This module describes how to implement MPLS Label Distribution Protocol on Cisco ASR 9000 Series
Aggregation Services Routers.
The Multiprotocol Label Switching (MPLS) is a standards-based solution driven by the Internet Engineering
Task Force (IETF) that was devised to convert the Internet and IP backbones from best-effort networks into
business-class transport mediums.
MPLS, with its label switching capabilities, eliminates the need for an IP route look-up and creates a virtual
circuit (VC)switching function, allowing enterprisesthe same performance on their IP-based network services
as with those delivered over traditional networks such as Frame Relay or ATM.
Label Distribution Protocol (LDP) performs label distribution in MPLS environments. LDP provides the
following capabilities:
• LDP performs hop-by-hop or dynamic path setup; it does not provide end-to-end switching services.
• LDP assigns labels to routes using the underlying Interior Gateway Protocols (IGP) routing protocols.
• LDP provides constraint-based routing using LDP extensions for traffic engineering.
Finally, LDP is deployed in the core of the network and is one of the key protocols used in MPLS-based
Layer 2 and Layer 3 virtual private networks (VPNs).
Feature History for Implementing MPLS LDP
Release Modification
Release 3.7.2 This feature was introduced.
Support was added for these features:
• IP LDP Fast Reroute Loop Free Alternate
• Downstream on Demand
Release 4.0.1
Release 4.2.1 Support was added for LDP Implicit Null for IGP Routes.
• Prerequisites for Implementing Cisco MPLS LDP, page 2
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 1• Information About Implementing Cisco MPLS LDP, page 2
• How to Implement MPLS LDP , page 16
• Configuration Examples for Implementing MPLS LDP, page 54
• Additional References, page 63
Prerequisites for Implementing Cisco MPLS LDP
These prerequisites are required to implement MPLS LDP:
• You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
• You must be running Cisco IOS XR software.
• You must install a composite mini-image and the MPLS package.
• You must activate IGP.
• We recommend to use a lower session holdtime bandwidth such as neighbors so that a session down
occurs before an adjacency-down on a neighbor. Therefore, the following default values for the hello
times are listed:
• Holdtime is 15 seconds.
• Interval is 5 seconds.
For example, the LDP session holdtime can be configured as 30 seconds by using the holdtime command.
Information About Implementing Cisco MPLS LDP
To implement MPLS LDP, you should understand these concepts:
Overview of Label Distribution Protocol
LDP performs label distribution in MPLS environments. LDP uses hop-by-hop or dynamic path setup, but
does not provide end-to-end switching services. Labels are assigned to routesthat are chosen by the underlying
IGP routing protocols. The Label Switched Paths (LSPs) that result from the routes, forward labeled traffic
across the MPLS backbone to adjacent nodes.
Label Switched Paths
LSPs are created in the network through MPLS. They can be created statically, by RSVP traffic engineering
(TE), or by LDP. LSPs created by LDP perform hop-by-hop path setup instead of an end-to-end path.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
2 OL-26056-02
Implementing MPLS Label Distribution Protocol
Prerequisites for Implementing Cisco MPLS LDPLDP Control Plane
The control plane enableslabelswitched routers(LSRs) to discover their potential peer routers and to establish
LDP sessions with those peers to exchange label binding information.
This figure shows the control messages exchanged between LDP peers.
Figure 1: LDP Control Protocol
LDP uses the hello discovery mechanism to discover its neighbor or peer on the network. When LDP is
enabled on an interface, it sends hello messages to a link-local multicast address, and joins a specific multicast
group to receive hellos from other LSRs present on the given link. When LSRs on a given link receive hellos,
their neighbors are discovered and the LDP session (using TCP) is established.
Hellos are not only used to discover and trigger LDP sessions; they are also required to maintain LDP
sessions. If a certain number of hellos from a given peer are missed in sequence, LDP sessions are brought
down until the peer is discovered again.
Note
LDP also supports non-link neighbors that could be multiple hops away on the network, using the targeted
hello mechanism. In these cases, hellos are sent on a directed, unicast address.
The first message in the session establishment phase is the initialization message, which is used to negotiate
session parameters. After session establishment, LDP sends a list of all its interface addresses to its peers in
an address message.Whenever a new address becomes available or unavailable, the peers are notified regarding
such changes via ADDRESS or ADDRESS_WITHDRAW messages respectively.
When MPLS LDP learns an IGP prefix it allocates a label locally as the inbound label. The local binding
between the prefix label is conveyed to its peers via LABEL_MAPPING message. If the binding breaks and
becomes unavailable, a LABEL_WITHDRAW message is sent to all its peers, which responds with
LABEL_RELEASE messages.
The local label binding and remote label binding received from its peer(s) is used to setup forwarding entries.
Using routing information from the IGP protocol and the forwarding information base (FIB), the next active
hop isselected. Label binding islearned from the next hop peer, and is used asthe outbound label while setting
up the forwarding plane.
The LDP session is also kept alive using the LDP keepalive mechanism, where an LSR sends a keepalive
message periodically to its peers. If no messages are received and a certain number of keepalive messages
are missed from a peer, the session is declared dead, and brought down immediately.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 3
Implementing MPLS Label Distribution Protocol
Overview of Label Distribution ProtocolRelated Topics
Configuring LDP Discovery Parameters, on page 17
Configuring LDP Discovery Over a Link, on page 19
Configuring LDP Link: Example, on page 54
Configuring LDP Discovery for Active Targeted Hellos, on page 20
Configuring LDP Discovery for Passive Targeted Hellos, on page 22
Configuring LDP Discovery for Targeted Hellos: Example, on page 55
Exchanging Label Bindings
LDP creates LSPs to perform the hop-by-hop path setup so that MPLS packets can be transferred between
the nodes on the MPLS network.
This figure illustrates the process of label binding exchange for setting up LSPs.
Figure 2: Setting Up Label Switched Paths
For a given network (10.0.0.0), hop-by-hop LSPs are set up between each of the adjacent routers (or, nodes)
and each node allocates a local label and passes it to its neighbor as a binding:
1 R4 allocates local label L4 for prefix 10.0.0.0 and advertises it to its neighbors (R3).
2 R3 allocates local label L3 for prefix 10.0.0.0 and advertises it to its neighbors (R1, R2, R4).
3 R1 allocates local label L1 for prefix 10.0.0.0 and advertises it to its neighbors (R2, R3).
4 R2 allocates local label L2 for prefix 10.0.0.0 and advertises it to its neighbors (R1, R3).
5 R1’s label information base (LIB) keeps local and remote labels bindings from its neighbors.
6 R2’s LIB keeps local and remote labels bindings from its neighbors.
7 R3’s LIB keeps local and remote labels bindings from its neighbors.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
4 OL-26056-02
Implementing MPLS Label Distribution Protocol
Overview of Label Distribution Protocol8 R4’s LIB keeps local and remote labels bindings from its neighbors.
Related Topics
Setting Up LDP Neighbors, on page 26
Configuring LDP Neighbors: Example, on page 56
LDP Forwarding
Once label bindings are learned, the LDP control plane is ready to setup the MPLS forwarding plane as shown
in the following figure.
Once label bindings are learned, the LDP control plane is ready to setup the MPLS forwarding plane as shown
in this figure.
Figure 3: Forwarding Setup
1 Because R3 is next hop for 10.0.0.0 as notified by the FIB, R1 selects label binding from R3 and installs
forwarding entry (Layer 1, Layer 3).
2 Because R3 is next hop for 10.0.0.0 (as notified by FIB), R2 selects label binding from R3 and installs
forwarding entry (Layer 2, Layer 3).
3 Because R4 is next hop for 10.0.0.0 (as notified by FIB), R3 selects label binding from R4 and installs
forwarding entry (Layer 3, Layer 4).
4 Because next hop for 10.0.0.0 (as notified by FIB) is beyond R4, R4 uses NO-LABEL as the outbound
and installs the forwarding entry (Layer 4); the outbound packet is forwarded IP-only.
5 Incoming IP traffic on ingress LSR R1 gets label-imposed and is forwarded as an MPLS packet with label
L3.
6 Incoming IP traffic on ingress LSR R2 gets label-imposed and is forwarded as an MPLS packet with label
L3.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 5
Implementing MPLS Label Distribution Protocol
Overview of Label Distribution Protocol7 R3 receives an MPLS packet with label L3, looks up in the MPLS label forwarding table and switches
this packet as an MPLS packet with label L4.
8 R4 receives an MPLS packet with label L4, looks up in the MPLS label forwarding table and finds that it
should be Unlabeled, pops the top label, and passes it to the IP forwarding plane.
9 IP forwarding takes over and forwards the packet onward.
Related Topics
Setting Up LDP Forwarding, on page 29
Configuring LDP Forwarding: Example, on page 56
LDP Graceful Restart
LDP (Label Distribution Protocol) graceful restart provides a control plane mechanism to ensure high
availability and allows detection and recovery from failure conditions while preserving Nonstop Forwarding
(NSF)services. Graceful restart is a way to recover from signaling and control plane failures without impacting
forwarding.
Without LDP graceful restart, when an established session fails, the corresponding forwarding states are
cleaned immediately from the restarting and peer nodes. In this case LDP forwarding restarts from the
beginning, causing a potential loss of data and connectivity.
The LDP graceful restart capability is negotiated between two peers during session initialization time, in FT
SESSION TLV. In this typed length value (TLV), each peer advertises the following information to its peers:
Reconnect time
Advertises the maximum time that other peer will wait for this LSR to reconnect after control channel
failure.
Recovery time
Advertises the maximum time that the other peer has on its side to reinstate or refresh its states with
this LSR. This time is used only during session reestablishment after earlier session failure.
FT flag
Specifies whether a restart could restore the preserved (local) node state for this flag.
Once the graceful restart session parameters are conveyed and the session is up and running, graceful restart
procedures are activated.
When configuring the LDP graceful restart process in a network with multiple links, targeted LDP hello
adjacencies with the same neighbor, or both, make sure that graceful restart is activated on the session before
any hello adjacency times out in case of neighbor control plane failures. One way of achieving this is by
configuring a lower session hold time between neighbors such that session timeout occurs before hello
adjacency timeout. It is recommended to set LDP session hold time using the following formula:
Session Holdtime <= (Hello holdtime - Hello interval) * 3
This meansthat for default values of 15 seconds and 5 secondsfor link Hello holdtime and interval respectively,
session hold time should be set to 30 seconds at most.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
6 OL-26056-02
Implementing MPLS Label Distribution Protocol
LDP Graceful RestartFor more information about LDP commands,see the Implementing MPLS Label Distribution Protocol module
of the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide.
Related Topics
Setting Up LDP NSF Using Graceful Restart, on page 31
Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56
Control Plane Failure
When a control plane failure occurs, connectivity can be affected. The forwarding statesinstalled by the router
control planes are lost, and the in-transit packets could be dropped, thus breaking NSF.
Thisfigure illustrates a control plane failure and showsthe process and results of a control plane failure leading
to loss of connectivity.
Figure 4: Control Plane Failure
1 The R4 LSR control plane restarts.
2 LIB is lost when the control plane restarts.
3 The forwarding states installed by the R4 LDP control plane are immediately deleted.
4 Any in-transit packets flowing from R3 to R4 (still labeled with L4) arrive at R4.
5 The MPLS forwarding plane at R4 performs a lookup on local label L4 which fails. Because of thisfailure,
the packet is dropped and NSF is not met.
6 The R3 LDP peer detects the failure of the control plane channel and deletes its label bindings from R4.
7 The R3 control plane stops using outgoing labels from R4 and deletes the corresponding forwarding state
(rewrites), which in turn causes forwarding disruption.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 7
Implementing MPLS Label Distribution Protocol
LDP Graceful Restart8 The established LSPs connected to R4 are terminated at R3, resulting in broken end-to-end LSPs from R1
to R4.
9 The established LSPs connected to R4 are terminated at R3, resulting in broken LSPs end-to-end from R2
to R4.
Phases in Graceful Restart
The graceful restart mechanism is divided into different phases:
Control communication failure detection
Control communication failure is detected when the system detects either:
• Missed LDP hello discovery messages
• Missed LDP keepalive protocol messages
• Detection of Transmission Control Protocol (TCP) disconnection a with a peer
Forwarding state maintenance during failure
Persistent forwarding states at each LSR are achieved through persistent storage (checkpoint) by the
LDP control plane. While the control plane is in the process of recovering, the forwarding plane keeps
the forwarding states, but marks them as stale. Similarly, the peer control plane also keeps (and marks
as stale) the installed forwarding rewrites associated with the node that is restarting. The combination
of local node forwarding and remote node forwarding plane states ensures NSF and no disruption in
the traffic.
Control state recovery
Recovery occurs when the session isreestablished and label bindings are exchanged again. This process
allows the peer nodes to synchronize and to refresh stale forwarding states.
Related Topics
Setting Up LDP NSF Using Graceful Restart, on page 31
Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
8 OL-26056-02
Implementing MPLS Label Distribution Protocol
LDP Graceful RestartRecovery with Graceful-Restart
This figure illustrates the process of failure recovery using graceful restart.
Figure 5: Recovering with Graceful Restart
1 The router R4 LSR control plane restarts.
2 With the control plane restart, LIB is gone but forwarding states installed by R4’s LDP control plane are
not immediately deleted but are marked as stale.
3 Any in-transit packets from R3 to R4 (still labeled with L4) arrive at R4.
4 The MPLS forwarding plane at R4 performs a successful lookup for the local label L4 as forwarding is
still intact. The packet is forwarded accordingly.
5 The router R3 LDP peer detects the failure of the control plane and channel and deletes the label bindings
from R4. The peer, however, does not delete the corresponding forwarding states but marks them as stale.
6 At this point there are no forwarding disruptions.
7 The peer also starts the neighbor reconnect timer using the reconnect time value.
8 The established LSPs going toward the router R4 are still intact, and there are no broken LSPs.
When the LDP control plane recovers, the restarting LSR starts its forwarding state hold timer and restores
its forwarding state from the checkpointed data. This action reinstates the forwarding state and entries and
marks them as old.
The restarting LSR reconnects to its peer, indicated in the FT Session TLV, that it either was or was not able
to restore its state successfully. If it was able to restore the state, the bindings are resynchronized.
The peer LSR stops the neighbor reconnect timer (started by the restarting LSR), when the restarting peer
connects and starts the neighbor recovery timer. The peer LSR checks the FT Session TLV if the restarting
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 9
Implementing MPLS Label Distribution Protocol
LDP Graceful Restartpeer was able to restore its state successfully. It reinstates the corresponding forwarding state entries and
receives binding from the restarting peer. When the recovery timer expires, any forwarding state that is still
marked as stale is deleted.
If the restarting LSR fails to recover (restart), the restarting LSR forwarding state and entries will eventually
timeout and is deleted, while neighbor-related forwarding states or entries are removed by the Peer LSR on
expiration of the reconnect or recovery timers.
Related Topics
Setting Up LDP NSF Using Graceful Restart, on page 31
Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56
Label Advertisement Control (Outbound Filtering)
By default, LDP advertises labels for all the prefixes to all its neighbors. When this is not desirable (for
scalability and security reasons), you can configure LDP to perform outbound filtering for local label
advertisement for one or more prefixes to one more peers. This feature is known as LDP outbound label
filtering, or local label advertisement control.
Related Topics
Configuring Label Advertisement Control (Outbound Filtering), on page 24
Configuring Label Advertisement (Outbound Filtering): Example, on page 55
Label Acceptance Control (Inbound Filtering)
By default, LDP accepts labels (as remote bindings) for all prefixes from all peers. LDP operates in liberal
label retention mode, which instructs LDP to keep remote bindings from all peers for a given prefix. For
security reasons, or to conserve memory, you can override this behavior by configuring label binding acceptance
for set of prefixes from a given peer.
The ability to filter remote bindings for a defined set of prefixes is also referred to as LDP inbound label
filtering.
Inbound filtering can also be implemented using an outbound filtering policy; however, you may not be
able to implement this system if an LDP peer resides under a different administration domain. When both
inbound and outbound filtering options are available, we recommend that you use outbound label filtering.
Note
Related Topics
Configuring Label Acceptance Control (Inbound Filtering), on page 34
Configuring Label Acceptance (Inbound Filtering): Example, on page 57
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
10 OL-26056-02
Implementing MPLS Label Distribution Protocol
Label Advertisement Control (Outbound Filtering)Local Label Allocation Control
By default, LDP allocates local labels for all prefixes that are not Border Gateway Protocol (BGP) prefixes
1
.
This is acceptable when LDP is used for applications other than Layer 3 virtual private networks (L3VPN)
core transport. When LDP is used to set up transport LSPs for L3VPN traffic in the core, it is not efficient or
even necessary to allocate and advertise local labels for, potentially, thousands of IGP prefixes. In such a case,
LDP is typically required to allocate and advertise local label for loopback /32 addresses for PE routers. This
is accomplished using LDP local label allocation control, where an access list can be used to limit allocation
of local labels to a set of prefixes. Limiting local label allocation provides several benefits, including reduced
memory usage requirements, fewer local forwarding updates, and fewer network and peer updates.
You can configure label allocation using an IP access list to specify a set of prefixes that local labels can
allocate and advertise.
Tip
Related Topics
Configuring Local Label Allocation Control, on page 36
Configuring Local Label Allocation Control: Example, on page 57
Session Protection
When a link comes up, IP converges earlier and much faster than MPLS LDP and may result in MPLS traffic
loss until MPLS convergence. If a link flaps, the LDP session will also flap due to loss of link discovery. LDP
session protection minimizestraffic loss, providesfaster convergence, and protects existing LDP (link)sessions
by means of “parallel” source of targeted discovery hello. An LDP session is kept alive and neighbor label
bindings are maintained when links are down. Upon reestablishment of primary link adjacencies, MPLS
convergence is expedited as LDP need not relearn the neighbor label bindings.
LDP session protection lets you configure LDP to automatically protect sessions with all or a given set of
peers (as specified by peer-acl). When configured, LDP initiates backup targeted hellos automatically for
neighbors for which primary link adjacencies already exist. These backup targeted hellos maintain LDP
sessions when primary link adjacencies go down.
The Session Protection figure illustrates LDP session protection between neighbors R1 and R3. The primary
link adjacency between R1 and R3 is directly connected link and the backup; targeted adjacency is maintained
between R1 and R3. If the direct link fails, LDP link adjacency is destroyed, but the session is kept up and
1
For L3VPN Inter-AS option C, LDP may also be required to assign local labels for some BGP prefixes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 11
Implementing MPLS Label Distribution Protocol
Local Label Allocation Controlrunning using targeted hello adjacency (through R2). When the direct link comes back up, there is no change
in the LDP session state and LDP can converge quickly and begin forwarding MPLS traffic.
Figure 6: Session Protection
When LDP session protection is activated (upon link failure), protection is maintained for an unlimited
period time.
Note
Related Topics
Configuring Session Protection, on page 37
Configuring LDP Session Protection: Example, on page 58
IGP Synchronization
Lack of synchronization between LDP and IGP can cause MPLS traffic loss. Upon link up, for example, IGP
can advertise and use a link before LDP convergence has occurred; or, a link may continue to be used in IGP
after an LDP session goes down.
LDP IGP synchronization synchronizes LDP and IGP so that IGP advertises links with regular metrics only
when MPLS LDP is converged on that link. LDP considers a link converged when at least one LDP session
is up and running on the link for which LDP has sent its applicable label bindings and received at least one
label binding from the peer. LDP communicates this information to IGP upon link up or session down events
and IGP acts accordingly, depending on sync state.
In the event of an LDP graceful restart session disconnect, a session is treated as converged as long as the
graceful restart neighbor is timed out. Additionally, upon local LDP restart, a checkpointed recovered LDP
graceful restart session is used and treated as converged and is given an opportunity to connect and
resynchronize.
Under certain circumstances, it might be required to delay declaration of resynchronization to a configurable
interval. LDP provides a configuration option to delay declaring synchronization up for up to 60 seconds.
LDP communicates this information to IGP upon linkup or session down events.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
12 OL-26056-02
Implementing MPLS Label Distribution Protocol
IGP SynchronizationThe configuration for LDP IGP synchronization resides in respective IGPs (OSPF and IS-IS) and there
is no LDP-specific configuration for enabling of thisfeature. However, there is a specific LDP configuration
for IGP sync delay timer.
Note
Related Topics
Configuring LDP IGP Synchronization: OSPF, on page 39
Configuring LDP IGP Synchronization—OSPF: Example, on page 58
Configuring LDP IGP Synchronization: ISIS, on page 40
Configuring LDP IGP Synchronization—ISIS: Example, on page 58
IGP Auto-configuration
To enable LDP on a large number of interfaces, IGP auto-configuration lets you automatically configure LDP
on all interfaces associated with a specified IGP interface; for example, when LDP is used for transport in the
core network. However, there needs to be one IGP set up to enable LDP auto-configuration.
Typically, LDP assigns and advertises labels for IGP routes and must often be enabled on all active interfaces
by an IGP. Without IGP auto-configuration, you must define the set of interfaces under LDP, a procedure
that is time-intensive and error-prone.
LDP auto-configuration is supported for IPv4 unicast family in the default VRF. The IGP is responsible
for verifying and applying the configuration.
Note
You can also disable auto-configuration on a per-interface basis. This permits LDP to enable all IGP interfaces
except those that are explicitly disabled and prevents LDP from enabling an interface when LDP
auto-configuration is configured under IGP.
Related Topics
Enabling LDP Auto-Configuration for a Specified OSPF Instance, on page 42
Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance, on page 44
Disabling LDP Auto-Configuration, on page 46
Configuring LDP Auto-Configuration: Example, on page 59
LDP Nonstop Routing
LDP nonstop routing (NSR) functionality makes failures, such as Route Processor (RP) or Distributed Route
Processor (DRP) failover, invisible to routing peers with minimal to no disruption of convergence performance.
By default, NSR is globally enabled on all LDP sessions except AToM.
A disruption in service may include any of these events:
• Route processor (RP) or distributed route processor (DRP) failover
• LDP process restart
• In-service system upgrade (ISSU)
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 13
Implementing MPLS Label Distribution Protocol
IGP Auto-configuration• Minimum disruption restart (MDR)
Unlike graceful restart functionality, LDP NSR does not require protocol extensions and does not force
software upgrades on other routers in the network, nor does LDP NSR require peer routers to support
NSR.
L2VPN configuration is not supported on NSR.
Note
Process failures of active TCP or LDP results in session loss and, as a result, NSR cannot be provided unless
RP switchover is configured as a recovery action. For more information about how to configure switchover
as a recovery action for NSR, see the Configuring Transports module in Cisco ASR 9000 Series Aggregation
Services Router IP Addresses and Services Configuration Guide .
Related Topics
Configuring LDP Nonstop Routing, on page 48
IP LDP Fast Reroute Loop Free Alternate
The IP Fast Reroute is a mechanism that enables a router to rapidly switch traffic, after an adjacent link failure,
node failure, or both, towards a pre-programmed loop-free alternative (LFA) path. This LFA path is used to
switch traffic until the router installs a new primary next hop again, as computed for the changed network
topology.
The goal of LFA FRR is to reduce failure reaction time to 50 milliseconds by using a pre-computed alternate
next hop, in the event that the currently selected primary next hop fails, so that the alternate can be rapidly
used when the failure is detected.
This feature targets to address the fast convergence ability by detecting, computing, updating or enabling
prefix independent pre-computed alternate loop-free paths at the time of failure.
IGP pre-computes a backup path per IGP prefix. IGP selects one and only one backup path per primary path.
RIB installs the best path and download path protection information to FIB by providing correct annotation
for protected and protecting paths. FIB pre-installsthe backup path in dataplane. Upon the link or node failure,
the routing protocol detects the failure, all the backup paths of the impacted prefixes are enabled in a
prefix-independent manner.
Prerequisites
The Label Distribution Protocol (LDP) can use the loop-free alternates as long as these prerequisites are met:
The Label Switching Router (LSR) running LDP must distribute its labels for the Forwarding Equivalence
Classes (FECs) it can provide to all its neighbors, regardless of whether they are upstream, or not.
There are two approaches in computing LFAs:
• Link-based (per-link)--In link-based LFAs, all prefixes reachable through the primary (protected) link
share the same backup information. This means that the whole set of prefixes, sharing the same primary,
also share the repair or fast reroute (FRR) ability. The per-link approach protects only the next hop
address. The per-link approach is suboptimal and not the best for capacity planning. This is because all
traffic is redirected to the next hop instead of being spread over multiple paths, which may lead to
potential congestion on link to the next hop. The per-link approach does not provide support for node
protection.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
14 OL-26056-02
Implementing MPLS Label Distribution Protocol
IP LDP Fast Reroute Loop Free Alternate• Prefix-based (per-prefix)--Prefix-based LFAs allow computing backup information per prefix. It
protects the destination address. The per-prefix approach is the preferred approach due to its greater
applicability, and the greater protection and better bandwidth utilization that it offers.
The repair or backup information computed for a given prefix using prefix-based LFA
may be different from the computed by link-based LFA.
Note
The per-prefix LFA approach is preferred for LDP IP Fast Reroute LFA for these reasons:
• Better node failure resistance
• Better capacity planning and coverage
Features Not Supported
These interfaces and features are not supported for the IP LDP Fast Reroute Loop Free Alternate feature:
• BVI interface (IRB) is not supported either as primary or backup path.
• GRE tunnel is not supported either as primary or backup path.
• Cisco ASR 9000 Series SPA Interface Processor-700 POS line card on Cisco ASR 9000 Series Router
is not supported as primary link. It can be used as LFA backup only on main interface.
• In a multi-topology scenerio, the route in topology T can only use LFA within topology T. Hence, the
availability of a backup path depends on the topology.
For more information about configuring the IP Fast Reroute Loop-free alternate , see Implementing IS-IS on
Cisco IOS XR Software module of the Cisco ASR 9000 Series Aggregation Services Router Routing
Configuration Guide.
Related Topics
Configure IP LDP Fast Reroute Loop Free Alternate: Example, on page 59
Verify IP LDP Fast Reroute Loop Free Alternate: Example, on page 61
Downstream on Demand
This Downstream on demand feature adds support for downstream-on-demand mode, where the label is not
advertised to a peer, unlessthe peer explicitly requestsit. At the same time,since the peer does not automatically
advertise labels, the label request is sent whenever the next-hop points out to a peer that no remote label has
been assigned.
In order to enable downstream-on-demand mode, this configuration must be applied at mplsldp configuration
mode:
mpls ldp downstream-on-demand with ACL
The ACL contains a list of peer IDs that are configured for downstream-on-demand mode. When the ACL is
changed or configured, the list of established neighbors is traversed. If a session's downstream-on-demand
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 15
Implementing MPLS Label Distribution Protocol
Downstream on Demandconfiguration has changed, the session is reset in order that the new down-stream-on-demand mode can be
configured. The reason for resetting the session is to ensure that the labels are properly advertised between
the peers. When a new session is established, the ACL is verified to determine whether the session should
negotiate for downstream-on-demand mode. If the ACL does not exist or is empty, downstream-on-demand
mode is not configured for any neighbor.
For it to be enabled, the Downstream on demand feature has to be configured on both peers of the session. If
only one peer in the session has downstream-on-demand feature configured, then the session does not use
downstream-on-demand mode.
If, after, a label request is sent, and no remote label is received from the peer, the router will periodically
resend the label request. After the peer advertises a label after receiving the label request, it will automatically
readvertise the label if any label attribute changes subsequently.
Related Topics
Configuring LDP Downstream on Demand mode, on page 50
Explicit-Null and Implicit-Null Labels
Cisco MPLS LDP uses null label, implicit or explicit, as local label for routes or prefixes that terminate on
the given LSR. These routes include all local, connected, and attached networks. By default, the null label is
implicit-null that allows LDP control plane to implement penultimate hop popping (PHOP) mechanism.
When thisis not desirable, you can configure explicit-null that allows LDP control plane to implement ultimate
hop popping (UHOP) mechanism. You can configure this explicit-null feature on the ultimate hop LSR. This
configuration knob includes an access-list to specify the IP prefixes for which PHOP is desired.
This new enhancement allows you to configure implicit-null local label for non-egress (ultimate hop LSR)
prefixes by using the implicit-null-override command. This enforces implicit-null local label for a specific
prefix even if the prefix requires a non-null label to be allocated by default. For example, by default, an LSR
allocates and advertises a non-null label for an IGP route. If you wish to terminate LSP for this route on
penultimate hop of the LSR, you can enforce implicit-null label allocation and advertisement for this prefix
using implicit-null-override feature.
If a given prefix is permitted in both explicit-null and implicit-null-override feature, then
implicit-null-override supercedes and an implicit-null label is allocated and advertised for the prefix.
Note
In order to enable implicit-null-override mode, this configuration must be applied at MPLS LDP label
configuration mode:
mpls ldp
label
implicit-null-override for
!
This feature works with any prefix including static, IGP, and BGP, when specified in the ACL.
How to Implement MPLS LDP
A typical MPLS LDP deployment requires coordination among several global neighbor routers. Various
configuration tasks are required to implement MPLS LDP :
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
16 OL-26056-02
Implementing MPLS Label Distribution Protocol
Explicit-Null and Implicit-Null LabelsConfiguring LDP Discovery Parameters
Perform this task to configure LDP discovery parameters (which may be crucial for LDP operations).
Note The LDP discovery mechanism is used to discover or locate neighbor nodes.
SUMMARY STEPS
1. configure
2. mpls ldp
3. router-id { type number | ip-address }
4. discovery { hello | targeted-hello } holdtime seconds
5. discovery { hello | targeted-hello } interval seconds
6. Use one of the following commands:
• end
• commit
7. (Optional) show mpls ldp parameters
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
Step 3 router-id { type number | ip-address } Specifies the router ID of the local node.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
router-id loopback 1
• In Cisco IOS XR software, the router ID is specified as an
interface name or IP address. By default, LDP uses the global
router ID (configured by the global router ID process).
Specifies the time that a discovered neighbor is kept without receipt
of any subsequent hello messages. The default value for the seconds
discovery { hello | targeted-hello } holdtime
seconds
Step 4
argument is 15 seconds for link hello and 90 seconds for targeted
hello messages.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 17
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery ParametersCommand or Action Purpose
discovery hello holdtime 30
RP/0/RSP0/CPU0:router(config-ldp)#
discovery targeted-hello holdtime 180
Selects the period of time between the transmission of consecutive
hello messages. The default value for the seconds argument is 5
discovery { hello | targeted-hello } interval
seconds
Step 5
seconds for link hello messages and 10 seconds for targeted hello
messages.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
discovery hello interval 15
RP/0/RSP0/CPU0:router(config-ldp)#
discovery targeted-hello interval 20
Step 6 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
RP/0/RSP0/CPU0:router
(config-ldp)# end
or
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the
RP/0/RSP0/CPU0:router configuration changes.
(config-ldp)# commit
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional)
Displays all the current MPLS LDP parameters.
show mpls ldp parameters
Example:
Step 7
RP/0/RSP0/CPU0:router
# show mpls ldp parameters
Related Topics
LDP Control Plane, on page 3
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
18 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery ParametersConfiguring LDP Discovery Over a Link
Perform this task to configure LDP discovery over a link.
Note There is no need to enable LDP globally.
Before You Begin
A stable router ID is required at either end of the link to ensure the link discovery (and session setup) is
successful. If you do not assign a router ID to the routers, the system will default to the global router ID.
Default router IDs are subject to change and may cause an unstable discovery.
SUMMARY STEPS
1. configure
2. mpls ldp
3. router-id ip-address
4. interface type interface-path-id
5. Use one of the following commands:
• end
• commit
6. (Optional) show mpls ldp discovery
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
ldp
Step 2
Step 3 router-id ip-address Specifies the router ID of the local node.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
router-id loopback 1
• In Cisco IOS XR software, the router ID is specified as an interface
name or IP address. By default, LDP uses the global router ID
(configured by the global router ID process).
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 19
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery Over a LinkCommand or Action Purpose
Enters interface configuration mode for the LDP protocol. Interface type
must be Tunnel-TE.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
Step 4
interface tunnel-te 12001
RP/0/RSP0/CPU0:router(config-ldp-if)#
Step 5 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-ldp-if)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
or the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-ldp-if)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
(Optional)
Displays the status of the LDP discovery process. This command, without
an interface filter, generates a list of interfaces over which the LDP
show mpls ldp discovery
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
discovery
Step 6
discovery process is running. The output information contains the state of
the link (xmt/rcv hellos), local LDP identifier, the discovered peer’s LDP
identifier, and holdtime values.
Related Topics
LDP Control Plane, on page 3
Configuring LDP Link: Example, on page 54
Configuring LDP Discovery for Active Targeted Hellos
Perform this task to configure LDP discovery for active targeted hellos.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
20 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery for Active Targeted HellosNote The active side for targeted hellos initiates the unicast hello toward a specific destination.
Before You Begin
These prerequisites are required to configure LDP discovery for active targeted hellos:
• Stable router ID is required at either end of the targeted session. If you do not assign a router ID to the
routers, the system will default to the global router ID. Please note that default router IDs are subject to
change and may cause an unstable discovery.
• One or more MPLS Traffic Engineering tunnels are established between non-directly connected LSRs.
SUMMARY STEPS
1. configure
2. mpls ldp
3. router-id ip-address
4. interface type interface-path-id
5. Use one of the following commands:
• end
• commit
6. (Optional) show mpls ldp discovery
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
ldp
Step 2
Step 3 router-id ip-address Specifies the router ID of the local node.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
router-id loopback 1
In Cisco IOS XR software, the router ID is specified as an interface name
or IP address. By default, LDP uses the global router ID (configured by
global router ID process).
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 21
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery for Active Targeted HellosCommand or Action Purpose
interface type interface-path-id Enters interface configuration mode for the LDP protocol.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
interface tunnel-te 12001
Step 4
Step 5 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)#
commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
(Optional)
Displays the status of the LDP discovery process. This command, without
an interface filter, generates a list of interfaces over which the LDP
show mpls ldp discovery
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
discovery
Step 6
discovery process is running. The output information contains the state of
the link (xmt/rcv hellos), local LDP identifier, the discovered peer’s LDP
identifier, and holdtime values.
Related Topics
LDP Control Plane, on page 3
Configuring LDP Discovery for Targeted Hellos: Example, on page 55
Configuring LDP Discovery for Passive Targeted Hellos
Perform this task to configure LDP discovery for passive targeted hellos.
A passive side for targeted hello is the destination router (tunnel tail), which passively waits for an incoming
hello message. Because targeted hellos are unicast, the passive side waits for an incoming hello message to
respond with hello toward its discovered neighbor.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
22 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery for Passive Targeted HellosBefore You Begin
Stable router ID is required at either end of the link to ensure that the link discovery (and session setup) is
successful. If you do not assign a router ID to the routers, the system defaults to the global router ID. Default
router IDs are subject to change and may cause an unstable discovery.
SUMMARY STEPS
1. configure
2. mpls ldp
3. router-id ip-address
4. discovery targeted-hello accept
5. Use one of the following commands:
• end
• commit
6. (Optional) show mpls ldp discovery
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
ldp
Step 2
Step 3 router-id ip-address Specifies the router ID of the local node.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
router-id loopback 1
• In Cisco IOS XR software, the router ID is specified as an interface
name or IP address. By default, LDP uses the global router ID
(configured by global router ID process).
Directs the system to accept targeted hello messages from any source and
activates passive mode on the LSR for targeted hello acceptance.
discovery targeted-hello accept
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
discovery targeted-hello accept
Step 4
• This command is executed on the receiver node (with respect to a given
MPLS TE tunnel).
• You can control the targeted-hello acceptance using the discovery
targeted-hello accept command.
Step 5 Use one of the following commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 23
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery for Passive Targeted HellosCommand or Action Purpose
• When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)#
commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
(Optional)
Displays the status of the LDP discovery process. This command, without an
interface filter, generates a list of interfaces over which the LDP discovery
show mpls ldp discovery
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
discovery
Step 6
process is running. The output information contains the state of the link
(xmt/rcv hellos), local LDP identifier, the discovered peer’s LDP identifier,
and holdtime values.
Related Topics
LDP Control Plane, on page 3
Configuring LDP Discovery for Targeted Hellos: Example, on page 55
Configuring Label Advertisement Control (Outbound Filtering)
Perform this task to configure label advertisement (outbound filtering).
By default, a label switched router (LSR) advertises all incoming label prefixes to each neighboring router.
You can control the exchange of label binding information using the mpls ldp label advertise command.
Using the optional keywords, you can advertise selective prefixesto all neighbors, advertise selective prefixes
to defined neighbors, or disable label advertisement to all peers for all prefixes.
Note Prefixes and peers advertised selectively are defined in the access list.
Before You Begin
Before configuring label advertisement, enable LDP and configure an access list.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
24 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring Label Advertisement Control (Outbound Filtering)SUMMARY STEPS
1. configure
2. mpls ldp
3. label advertise { disable | for prefix-acl [ to peer-acl ] | interface type interface-path-id }
4. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
label advertise { disable | for prefix-acl [ Configureslabel advertisement by specifying one of the following options:
to peer-acl ] | interface type
interface-path-id }
Step 3
disable
Disables label advertisement to all peers for all prefixes (if there
Example: are no other conflicting rules).
RP/0/RSP0/CPU0:router(config-ldp)# label
interface
advertise interface POS 0/1/0/0
RP/0/RSP0/CPU0:router(config-ldp)# for
pfx_acl1 to peer_acl1
Specifies an interface for label advertisement of an interface address.
for prefix-acl
to peer-acl
Specifies neighbors to advertise and receive label advertisements.
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 25
Implementing MPLS Label Distribution Protocol
Configuring Label Advertisement Control (Outbound Filtering)Command or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
or
RP/0/RSP0/CPU0:router(config-ldp)#
commit
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Related Topics
Label Advertisement Control (Outbound Filtering), on page 10
Configuring Label Advertisement (Outbound Filtering): Example, on page 55
Setting Up LDP Neighbors
Perform this task to set up LDP neighbors.
Before You Begin
Stable router ID isrequired at either end of the link to ensure the link discovery (and session setup) issuccessful.
If you do not assign a router ID to the routers, the system will default to the global router ID. Default router
IDs are subject to change and may cause an unstable discovery.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
26 OL-26056-02
Implementing MPLS Label Distribution Protocol
Setting Up LDP NeighborsSUMMARY STEPS
1. configure
2. mpls ldp
3. interface type interface-path-id
4. discovery transport-address [ ip-address | interface ]
5. exit
6. holdtime seconds
7. neighbor ip-address password [ encryption ] password
8. backoff initial maximum
9. Use one of the following commands:
• end
• commit
10. (Optional) show mpls ldp neighbor
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
interface type interface-path-id Enters interface configuration mode for the LDP protocol.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
interface POS 0/1/0/0
Step 3
discovery transport-address [ ip-address | Provides an alternative transport address for a TCP connection.
interface ]
Step 4
• Default transport address advertised by an LSR (for TCP
connections) to its peer is the router ID.
Example:
RP/0/RSP0/CPU0:router(config-ldp-if)#
discovery transport-address 192.168.1.42
• Transport address configuration is applied for a given
LDP-enabled interface.
or
RP/0/RSP0/CPU0:router(config-ldp)#
discovery transport-address interface
• If the interface version of the command is used, the configured
IP address of the interface is passed to its neighbors as the
transport address.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 27
Implementing MPLS Label Distribution Protocol
Setting Up LDP NeighborsCommand or Action Purpose
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-ldp-if)# exit
Step 5
Changes the time for which an LDP session is maintained in the
absence of LDP messages from the peer.
holdtime seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)# holdtime
30
Step 6
• Outgoing keepalive interval is adjusted accordingly (to make
three keepalives in a given holdtime) with a change in session
holdtime value.
• Session holdtime is also exchanged when the session is
established.
• In this example holdtime is set to 30 seconds, which causes the
peer session to timeout in 30 seconds, as well as transmitting
outgoing keepalive messages toward the peer every 10 seconds.
Configures password authentication (using the TCP MD5 option) for
a given neighbor.
neighbor ip-address password [ encryption ]
password
Example:
RP/0/RSP0/CPU0:router(config-ldp)# neighbor
192.168.2.44 password secretpasswd
Step 7
Configures the parameters for the LDP backoff mechanism. The LDP
backoff mechanism preventstwo incompatibly configured LSRsfrom
backoff initial maximum
Example:
RP/0/RSP0/CPU0:router(config-ldp)# backoff
10 20
Step 8
engaging in an unthrottled sequence of session setup failures. If a
session setup attempt fails due to such incompatibility, each LSR
delays its next attempt (backs off), increasing the delay exponentially
with each successive failure until the maximum backoff delay is
reached.
Step 9 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
28 OL-26056-02
Implementing MPLS Label Distribution Protocol
Setting Up LDP NeighborsCommand or Action Purpose
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional)
Displays the status of the LDP session with its neighbors. This
command can be run with various filters as well as with the brief
option.
show mpls ldp neighbor
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
neighbor
Step 10
Related Topics
Configuring LDP Neighbors: Example, on page 56
Setting Up LDP Forwarding
Perform this task to set up LDP forwarding.
By default, the LDP control plane implements the penultimate hop popping (PHOP) mechanism. The PHOP
mechanism requires that label switched routers use the implicit-null label as a local label for the given
Forwarding Equivalence Class (FEC) for which LSR is the penultimate hop. Although PHOP has certain
advantages, it may be required to extend LSP up to the ultimate hop under certain circumstances(for example,
to propagate MPL QoS). This is done using a special local label (explicit-null) advertised to the peers after
which the peers use this label when forwarding traffic toward the ultimate hop (egress LSR).
Before You Begin
Stable router ID isrequired at either end of the link to ensure the link discovery (and session setup) issuccessful.
If you do not assign a router ID to the routers, the system will default to the global router ID. Default router
IDs are subject to change and may cause an unstable discovery.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 29
Implementing MPLS Label Distribution Protocol
Setting Up LDP ForwardingSUMMARY STEPS
1. configure
2. mpls ldp
3. explicit-null
4. Use one of the following commands:
• end
• commit
5. (Optional) show mpls ldp forwarding
6. (Optional) show mpls forwarding
7. (Optional) ping ip-address
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
ldp
Step 2
Causes a router to advertise an explicit null label in situations where it
normally advertises an implicit null label (for example, to enable an
ultimate-hop disposition instead of PHOP).
explicit-null
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
explicit-null
Step 3
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
RP/0/RSP0/CPU0:router(config-ldp)#
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
30 OL-26056-02
Implementing MPLS Label Distribution Protocol
Setting Up LDP ForwardingCommand or Action Purpose
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
(Optional)
Displays the MPLS LDP view of installed forwarding states (rewrites).
show mpls ldp forwarding
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
forwarding
Step 5
(Optional)
Displays a global view of all MPLS installed forwarding states (rewrites)
by various applications (LDP, TE, and static).
show mpls forwarding
Example:
RP/0/RSP0/CPU0:router# show mpls
forwarding
Step 6
(Optional)
Checks for connectivity to a particular IP address (going through MPLS
LSP as shown in the show mpls forwarding command).
ping ip-address
Example:
RP/0/RSP0/CPU0:router# ping
192.168.2.55
Step 7
Related Topics
LDP Forwarding, on page 5
Configuring LDP Forwarding: Example, on page 56
Setting Up LDP NSF Using Graceful Restart
Perform this task to set up NSF using LDP graceful restart.
LDP graceful restart is a way to enable NSF for LDP. The correct way to set up NSF using LDP graceful
restart is to bring up LDP neighbors (link or targeted) with additional configuration related to graceful restart.
Before You Begin
Stable router ID isrequired at either end of the link to ensure the link discovery (and session setup) issuccessful.
If you do not assign a router ID to the routers, the system will default to the global router ID. Default router
IDs are subject to change and may cause an unstable discovery.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 31
Implementing MPLS Label Distribution Protocol
Setting Up LDP NSF Using Graceful RestartSUMMARY STEPS
1. configure
2. mpls ldp
3. interface type interface-path-id
4. exit
5. graceful-restart
6. graceful-restart forwarding-state-holdtime seconds
7. graceful-restart reconnect-timeout seconds
8. Use one of the following commands:
• end
• commit
9. (Optional) show mpls ldp parameters
10. (Optional) show mpls ldp neighbor
11. (Optional) show mpls ldp graceful-restart
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
interface type interface-path-id Enters interface configuration mode for the LDP protocol.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
Step 3
interface POS 0/1/0/0
RP/0/RSP0/CPU0:router(config-ldp-if)#
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-ldp-if)# exit
Step 4
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
32 OL-26056-02
Implementing MPLS Label Distribution Protocol
Setting Up LDP NSF Using Graceful RestartCommand or Action Purpose
graceful-restart Enables the LDP graceful restart feature.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
graceful-restart
Step 5
Specifies the length of time that forwarding can keep LDP-installed
forwarding states and rewrites, and specifies wh en the LDP control
plane restarts.
graceful-restart forwarding-state-holdtime
seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
Step 6
• After restart of the control plane, when the forwarding state
holdtime expires, any previously installed LDP forwarding
state or rewrite that is not yet refreshed is deleted from the
forwarding.
graceful-restart forwarding-state-holdtime
180
• Recovery time sent after restart is computed as the current
remaining value of the forwarding state hold timer.
Specifies the length of time a neighbor waits before restarting the
node to reconnect before declaring an earlier graceful restart session
graceful-restart reconnect-timeout seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
graceful-restart reconnect-timeout 169
Step 7
as down. This command is used to start a timer on the peer (upon a
neighbor restart). Thistimer isreferred to as Neighbor Livenesstimer.
Step 8 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 33
Implementing MPLS Label Distribution Protocol
Setting Up LDP NSF Using Graceful RestartCommand or Action Purpose
(Optional)
Displays all the current MPLS LDP parameters.
show mpls ldp parameters
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
parameters
Step 9
(Optional)
Displays the status of the LDP session with its neighbors. This
command can be run with various filters as well as with the brief
option.
show mpls ldp neighbor
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
neighbor
Step 10
(Optional)
Displays the status of the LDP graceful restart feature. The output
of this command not only shows states of different graceful restart
show mpls ldp graceful-restart
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
graceful-restart
Step 11
timers, but also a list of graceful restart neighbors, their state, and
reconnect count.
Related Topics
LDP Graceful Restart, on page 6
Phases in Graceful Restart, on page 8
Recovery with Graceful-Restart, on page 9
Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56
Configuring Label Acceptance Control (Inbound Filtering)
Perform this task to configure LDP inbound label filtering.
By default, there is no inbound label filtering performed by LDP and thus an LSR accepts (and retains)
all remote label bindings from all peers.
Note
SUMMARY STEPS
1. configure
2. mpls ldp
3. label accept for prefix-acl from ip-address
4. Use one of the following commands:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
34 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring Label Acceptance Control (Inbound Filtering)DETAILED STEPS
Command or Action Purpose
configure Enters the configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters the MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
Configuresinbound label acceptance for prefixesspecified by prefix-acl
from neighbor (as specified by its IP address).
label accept for prefix-acl from ip-address
Example:
RP/0/RSP0/CPU0:router(config-ldp)# label
Step 3
accept for pfx_acl_1 from 192.168.1.1
RP/0/RSP0/CPU0:router(config-ldp)# label
accept for pfx_acl_2 from 192.168.2.2
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Related Topics
Label Acceptance Control (Inbound Filtering), on page 10
Configuring Label Acceptance (Inbound Filtering): Example, on page 57
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 35
Implementing MPLS Label Distribution Protocol
Configuring Label Acceptance Control (Inbound Filtering)Configuring Local Label Allocation Control
Perform this task to configure label allocation control.
Note By default, local label allocation control is disabled and all non-BGP prefixes are assigned local labels.
SUMMARY STEPS
1. configure
2. mpls ldp
3. label allocate for prefix-acl
4. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters the configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters the MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
label allocate for prefix-acl Configures label allocation control for prefixes as specified by prefix-acl.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
label allocate for pfx_acl_1
Step 3
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
36 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring Local Label Allocation ControlCommand or Action Purpose
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Related Topics
Local Label Allocation Control, on page 11
Configuring Local Label Allocation Control: Example, on page 57
Configuring Session Protection
Perform this task to configure LDP session protection.
By default, there is no protection is done for link sessions by means of targeted hellos.
SUMMARY STEPS
1. configure
2. mpls ldp
3. session protection [ for peer-acl ] [ duration seconds ]
4. Use one of the following commands:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 37
Implementing MPLS Label Distribution Protocol
Configuring Session ProtectionDETAILED STEPS
Command or Action Purpose
configure Enters the configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters the MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
Configures LDP session protection for peers specified by peer-acl with
a maximum duration, in seconds.
session protection [ for peer-acl ] [ duration
seconds ]
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
Step 3
session protection for peer_acl_1
duration 60
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Related Topics
Session Protection, on page 11
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
38 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring Session ProtectionConfiguring LDP Session Protection: Example, on page 58
Configuring LDP IGP Synchronization: OSPF
Perform this task to configure LDP IGP Synchronization under OSPF.
Note By default, there is no synchronization between LDP and IGPs.
SUMMARY STEPS
1. configure
2. router ospf process-name
3. Use one of the following commands:
• mpls ldp sync
• area area-id mpls ldp sync
• area area-id interface name mpls ldp sync
4. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Identifies the OSPF routing process and enters OSPF configuration
mode.
router ospf process-name
Example:
RP/0/RSP0/CPU0:router(config)# router ospf
100
Step 2
Step 3 Use one of the following commands: Enables LDP IGP synchronization on an interface.
• mpls ldp sync
• area area-id mpls ldp sync
• area area-id interface name mpls ldp sync
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 39
Implementing MPLS Label Distribution Protocol
Configuring LDP IGP Synchronization: OSPFCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-ospf)# mpls
ldp sync
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-ospf)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ospf)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
IGP Synchronization, on page 12
Configuring LDP IGP Synchronization—OSPF: Example, on page 58
Configuring LDP IGP Synchronization: ISIS
Perform this task to configure LDP IGP Synchronization under ISIS.
Note By default, there is no synchronization between LDP and ISIS.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
40 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP IGP Synchronization: ISISSUMMARY STEPS
1. configure
2. router isis instance-id
3. interface type interface-path-id
4. address-family ipv4 unicast
5. mpls ldp sync
6. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables the Intermediate System-to-Intermediate System (IS-IS)
routing protocol and defines an IS-IS instance.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis
Step 2
100
RP/0/RSP0/CPU0:router(config-isis)#
Configures the IS-IS protocol on an interface and enters ISIS
interface configuration mode.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-isis)#
Step 3
interface POS 0/2/0/0
RP/0/RSP0/CPU0:router(config-isis-if)#
Enters address family configuration mode for configuring IS-IS
routing for a standard IP Version 4 (IPv4) address prefix.
address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
Step 4
address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-isis-if-af)#
mpls ldp sync Enables LDP IGP synchronization.
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)#
mpls ldp sync
Step 5
Step 6 Use one of the following commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 41
Implementing MPLS Label Distribution Protocol
Configuring LDP IGP Synchronization: ISISCommand or Action Purpose
• When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-if-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
IGP Synchronization, on page 12
Configuring LDP IGP Synchronization—ISIS: Example, on page 58
Enabling LDP Auto-Configuration for a Specified OSPF Instance
Perform this task to enable IGP auto-configuration globally for a specified OSPF process name.
You can disable auto-configuration on a per-interface basis. This lets LDP enable all IGP interfaces except
those that are explicitly disabled.
Note This feature is supported for IPv4 unicast family in default VRF only.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
42 OL-26056-02
Implementing MPLS Label Distribution Protocol
Enabling LDP Auto-Configuration for a Specified OSPF InstanceSUMMARY STEPS
1. configure
2. router ospf process-name
3. mpls ldp auto-config
4. area area-id
5. interface type interface-path-id
6. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters a uniquely identifiable OSPF routing process. The process name
is any alphanumeric string no longer than 40 characters withoutspaces.
router ospf process-name
Example:
RP/0/RSP0/CPU0:router(config)# router ospf
Step 2
190
RP/0/RSP0/CPU0:router(config-ospf)#
mpls ldp auto-config Enables LDP auto-configuration.
Example:
RP/0/RSP0/CPU0:router(config-ospf)# mpls
ldp auto-config
Step 3
Step 4 area area-id Configures an OSPF area and identifier.
Example:
RP/0/RSP0/CPU0:router(config-ospf)# area
8
area-id
Either a decimal value or an IP address.
Step 5 interface type interface-path-id Enables LDP auto-configuration on the specified interface.
Example:
RP/0/RSP0/CPU0:router(config-ospf-ar)#
interface pos 0/6/0/0
LDP configurable limit for maximum number of interfaces
does not apply to IGP auto-configuration interfaces.
Note
Step 6 Use one of the following commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 43
Implementing MPLS Label Distribution Protocol
Enabling LDP Auto-Configuration for a Specified OSPF InstanceCommand or Action Purpose
• When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config-ospf-ar-if)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ospf-ar-if)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
IGP Auto-configuration, on page 13
Configuring LDP Auto-Configuration: Example, on page 59
Disabling LDP Auto-Configuration, on page 46
Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance
Perform this task to enable IGP auto-configuration in a defined area with a specified OSPF process name.
You can disable auto-configuration on a per-interface basis. This lets LDP enable all IGP interfaces except
those that are explicitly disabled.
Note This feature is supported for IPv4 unicast family in default VRF only.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
44 OL-26056-02
Implementing MPLS Label Distribution Protocol
Enabling LDP Auto-Configuration in an Area for a Specified OSPF InstanceSUMMARY STEPS
1. configure
2. router ospf process-name
3. area area-id
4. mpls ldp auto-config
5. interface type interface-path-id
6. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters a uniquely identifiable OSPF routing process. The process
name is any alphanumeric string no longer than 40 characters without
spaces.
router ospf process-name
Example:
RP/0/RSP0/CPU0:router(config)# router ospf
Step 2
100
RP/0/RSP0/CPU0:router(config-ospf)#
Step 3 area area-id Configures an OSPF area and identifier.
Example:
RP/0/RSP0/CPU0:router(config-ospf)# area
area-id
Either a decimal value or an IP address.
8
RP/0/RSP0/CPU0:router(config-ospf-ar)#
mpls ldp auto-config Enables LDP auto-configuration.
Example:
RP/0/RSP0/CPU0:router(config-ospf-ar)#
mpls ldp auto-config
Step 4
Enables LDP auto-configuration on the specified interface. The LDP
configurable limit for maximum number of interfaces does not apply
to IGP auto-config interfaces.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-ospf-ar)#
Step 5
interface pos 0/6/0/0
RP/0/RSP0/CPU0:router(config-ospf-ar-if)
Step 6 Use one of the following commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 45
Implementing MPLS Label Distribution Protocol
Enabling LDP Auto-Configuration in an Area for a Specified OSPF InstanceCommand or Action Purpose
• When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config-ospf-ar-if)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ospf-ar-if)#
commit
? Entering no exits the configuration session and returnsthe
router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
IGP Auto-configuration, on page 13
Configuring LDP Auto-Configuration: Example, on page 59
Disabling LDP Auto-Configuration, on page 46
Disabling LDP Auto-Configuration
Perform this task to disable IGP auto-configuration.
You can disable auto-configuration on a per-interface basis. This lets LDP enable all IGP interfaces except
those that are explicitly disabled.
SUMMARY STEPS
1. configure
2. mpls ldp
3. interface type interface-path-id
4. igp auto-config disable
5. Use one of the following commands:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
46 OL-26056-02
Implementing MPLS Label Distribution Protocol
Disabling LDP Auto-ConfigurationDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters the MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
RP/0/RSP0/CPU0:router(config-ldp)#
Step 2
interface type interface-path-id Enters interface configuration mode and configures an interface.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
interface pos 0/6/0/0
Step 3
igp auto-config disable Disables auto-configuration on the specified interface.
Example:
RP/0/RSP0/CPU0:router(config-ldp-if)# igp
auto-config disable
Step 4
Step 5 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-ldp-if)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp-if)#
commit
? Entering no exitsthe configuration session and returnsthe
router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 47
Implementing MPLS Label Distribution Protocol
Disabling LDP Auto-ConfigurationRelated Topics
IGP Auto-configuration, on page 13
Configuring LDP Auto-Configuration: Example, on page 59
Configuring LDP Nonstop Routing
Perform this task to configure LDP NSR.
Note By default, NSR is globally-enabled on all LDP sessions except AToM.
SUMMARY STEPS
1. configure
2. mpls ldp
3. nsr
4. Use one of the following commands:
• end
• commit
5. show mpls ldp nsr statistics
6. show mpls ldp nsr summary
7. show mpls ldp nsr pending
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters the MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
48 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP Nonstop RoutingCommand or Action Purpose
nsr Enables LDP nonstop routing.
Example:
RP/0/RSP0/CPU0:router(config-ldp)# nsr
Step 3
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
show mpls ldp nsr statistics Displays MPLS LDP NSR statistics.
Example:
RP/0/RSP0/CPU0:router# show mpls ldp nsr
statistics
Step 5
show mpls ldp nsr summary Displays MPLS LDP NSR summarized information.
Example:
RP/0/RSP0/CPU0:router# show mpls ldp nsr
summary
Step 6
show mpls ldp nsr pending Displays MPLS LDP NSR pending information.
Example:
RP/0/RSP0/CPU0:router# show mpls ldp nsr
pending
Step 7
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 49
Implementing MPLS Label Distribution Protocol
Configuring LDP Nonstop RoutingRelated Topics
LDP Nonstop Routing, on page 13
Configuring LDP Downstream on Demand mode
SUMMARY STEPS
1. configure
2. mpls ldp
3. downstream-on-demand
4. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
ldp
Step 2
Enters downstream on demand label advertisement mode. The ACL contains
the list of peer IDs that are configured for downstream-on-demand mode.
downstream-on-demand
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
Step 3
When the ACL is changed or configured, the list of established neighbor is
traversed.
downstream-on-demand with access-list
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
end
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
50 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP Downstream on Demand modeCommand or Action Purpose
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)#
commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Related Topics
Downstream on Demand, on page 15
Redistributing MPLS LDP Routes into BGP
Perform this task to redistribute Border Gateway Protocol (BGP) autonomous system into an MPLS LDP.
SUMMARY STEPS
1. configure
2. mpls ldp
3. redistribute bgp
4. Use one of these commands:
• end
• commit
5. show run mpls ldp
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 51
Implementing MPLS Label Distribution Protocol
Redistributing MPLS LDP Routes into BGPCommand or Action Purpose
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(conf)# mpls
Step 2
ldp
Step 3 redistribute bgp Allows the redistribution of BGP routes into an MPLS LDP processes.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
Autonomoussystem numbers(ASNs) are globally unique identifiers
used to identify autonomous systems (ASs) and enable ASs to
exchange exterior routing information between neighboring ASs.
A unique ASN is allocated to each AS for use in BGP routing. ASNs
are encoded as 2-byte numbers and 4-byte numbers in BGP.
Note
redistribute bgp {advertise-to
access-list | as}
Step 4 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)#
commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
show run mpls ldp Displays information about the redistributed route information.
Example:
RP/0/RSP0/CPU0:router# show run mpls
Step 5
ldp
Setting Up Implicit-Null-Override Label
Perform this task to configure implicit-null label for non-egress prefixes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
52 OL-26056-02
Implementing MPLS Label Distribution Protocol
Setting Up Implicit-Null-Override LabelSUMMARY STEPS
1. configure
2. mpls ldp
3. label
4. implicit-null-override for access-list
5. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
ldp
Step 2
label Configures the allocation, advertisement ,and acceptance of labels.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
label
Step 3
Step 4 implicit-null-override for access-list Configures implicit-null local label for non-egress prefixes.
Example:
RP/0/RSP0/CPU0:router(config-ldp-lbl)#
implicit-null-override for 70
This feature works with any prefix including static, IGP, and
BGP, when specified in the ACL.
Note
Step 5 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 53
Implementing MPLS Label Distribution Protocol
Setting Up Implicit-Null-Override LabelCommand or Action Purpose
or
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
RP/0/RSP0/CPU0:router(config-ldp)#
commit ? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuration Examples for Implementing MPLS LDP
These configuration examples are provided to implement LDP:
Configuring LDP with Graceful Restart: Example
The example shows how to enable LDP with graceful restart on the POS interface 0/2/0/0.
mpls ldp
graceful-restart
interface pos0/2/0/0
!
Configuring LDP Discovery: Example
The example shows how to configure LDP discovery parameters.
mpls ldp
router-id loopback0
discovery hello holdtime 15
discovery hello interval 5
!
show mpls ldp parameters
show mpls ldp discovery
Configuring LDP Link: Example
The example shows how to configure LDP link parameters.
mpls ldp
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
54 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuration Examples for Implementing MPLS LDPinterface pos 0/1/0/0
!
!
show mpls ldp discovery
Related Topics
Configuring LDP Discovery Over a Link, on page 19
LDP Control Plane, on page 3
Configuring LDP Discovery for Targeted Hellos: Example
The examples show how to configure LDP Discovery to accept targeted hello messages.
Active (tunnel head)
mpls ldp
router-id loopback0
interface tunnel-te 12001
!
!
Passive (tunnel tail)
mpls ldp
router-id loopback0
discovery targeted-hello accept
!
Related Topics
Configuring LDP Discovery for Active Targeted Hellos, on page 20
Configuring LDP Discovery for Passive Targeted Hellos, on page 22
LDP Control Plane, on page 3
Configuring Label Advertisement (Outbound Filtering): Example
The example shows how to configure LDP label advertisement control.
mpls ldp
label
advertise
disable
for pfx_acl_1 to peer_acl_1
for pfx_acl_2 to peer_acl_2
for pfx_acl_3
interface POS 0/1/0/0
interface POS 0/2/0/0
!
!
!
ipv4 access-list pfx_acl_1
10 permit ip host 1.0.0.0 any
!
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 55
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery for Targeted Hellos: Exampleipv4 access-list pfx_acl_2
10 permit ip host 2.0.0.0 any
!
ipv4 access-list peer_acl_1
10 permit ip host 1.1.1.1 any
20 permit ip host 1.1.1.2 any
!
ipv4 access-list peer_acl_2
10 permit ip host 2.2.2.2 any
!
show mpls ldp binding
Related Topics
Configuring Label Advertisement Control (Outbound Filtering), on page 24
Label Advertisement Control (Outbound Filtering), on page 10
Configuring LDP Neighbors: Example
The example shows how to disable label advertisement.
mpls ldp
router-id Loopback0
neighbor 1.1.1.1 password encrypted 110A1016141E
neighbor 2.2.2.2 implicit-withdraw
!
Related Topics
Setting Up LDP Neighbors, on page 26
Configuring LDP Forwarding: Example
The example shows how to configure LDP forwarding.
mpls ldp
explicit-null
!
show mpls ldp forwarding
show mpls forwarding
Related Topics
Setting Up LDP Forwarding, on page 29
LDP Forwarding, on page 5
Configuring LDP Nonstop Forwarding with Graceful Restart: Example
The example shows how to configure LDP nonstop forwarding with graceful restart.
mpls ldp
log
graceful-restart
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
56 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP Neighbors: Example!
graceful-restart
graceful-restart forwarding state-holdtime 180
graceful-restart reconnect-timeout 15
interface pos0/1/0/0
!
show mpls ldp graceful-restart
show mpls ldp neighbor gr
show mpls ldp forwarding
show mpls forwarding
Related Topics
Setting Up LDP NSF Using Graceful Restart, on page 31
LDP Graceful Restart, on page 6
Phases in Graceful Restart, on page 8
Recovery with Graceful-Restart, on page 9
Configuring Label Acceptance (Inbound Filtering): Example
The example shows how to configure inbound label filtering.
mpls ldp
label
accept
for pfx_acl_2 from 192.168.2.2
!
!
!
Related Topics
Configuring Label Acceptance Control (Inbound Filtering), on page 34
Label Acceptance Control (Inbound Filtering), on page 10
Configuring Local Label Allocation Control: Example
The example shows how to configure local label allocation control.
mpls ldp
label
allocate for pfx_acl_1
!
!
Related Topics
Configuring Local Label Allocation Control, on page 36
Local Label Allocation Control, on page 11
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 57
Implementing MPLS Label Distribution Protocol
Configuring Label Acceptance (Inbound Filtering): ExampleConfiguring LDP Session Protection: Example
The example shows how to configure session protection.
mpls ldp
session protection duration 60 for peer_acl_1
!
Related Topics
Configuring Session Protection, on page 37
Session Protection, on page 11
Configuring LDP IGP Synchronization—OSPF: Example
The example shows how to configure LDP IGP synchronization for OSPF.
router ospf 100
mpls ldp sync
!
mpls ldp
igp sync delay 30
!
Related Topics
Configuring LDP IGP Synchronization: OSPF, on page 39
IGP Synchronization, on page 12
Configuring LDP IGP Synchronization—ISIS: Example
The example shows how to configure LDP IGP synchronization.
router isis 100
interface POS 0/2/0/0
address-family ipv4 unicast
mpls ldp sync
!
!
!
mpls ldp
igp sync delay 30
!
Related Topics
Configuring LDP IGP Synchronization: ISIS, on page 40
IGP Synchronization, on page 12
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
58 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP Session Protection: ExampleConfiguring LDP Auto-Configuration: Example
The example shows how to configure the IGP auto-configuration feature globally for a specific OSPF interface
ID.
router ospf 100
mpls ldp auto-config
area 0
interface pos 1/1/1/1
The example shows how to configure the IGP auto-configuration feature on a given area for a given OSPF
interface ID.
router ospf 100
area 0
mpls ldp auto-config
interface pos 1/1/1/1
Related Topics
Enabling LDP Auto-Configuration for a Specified OSPF Instance, on page 42
Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance, on page 44
Disabling LDP Auto-Configuration, on page 46
IGP Auto-configuration, on page 13
Configure IP LDP Fast Reroute Loop Free Alternate: Example
The following examples show how to configure the IP LDP FRR LFA on the router.
The following example shows how to configure LFA FRR with default tie-break configuration:
router isis TEST
net 49.0001.0000.0000.0001.00
address-family ipv4 unicast
metric-style wide
interface GigabitEthernet0/6/0/13
point-to-point
address-family ipv4 unicast
fast-reroute per-prefix
# primary path GigabitEthernet0/6/0/13 will exclude the interface
# GigabitEthernet0/6/0/33 in LFA backup path computation.
fast-reroute per-prefix exclude interface GigabitEthernet0/6/0/33
!
interface GigabitEthernet0/6/0/23
point-to-point
address-family ipv4 unicast
!
interface GigabitEthernet0/6/0/24
point-to-point
address-family ipv4 unicast
!
interface GigabitEthernet0/6/0/33
point-to-point
address-family ipv4 unicast
!
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 59
Implementing MPLS Label Distribution Protocol
Configuring LDP Auto-Configuration: ExampleThe following example shows how to configure TE tunnel as LFA backup:
router isis TEST
net 49.0001.0000.0000.0001.00
address-family ipv4 unicast
metric-style wide
interface GigabitEthernet0/6/0/13
point-to-point
address-family ipv4 unicast
fast-reroute per-prefix
# primary path GigabitEthernet0/6/0/13 will exclude the interface
# GigabitEthernet0/6/0/33 in LFA backup path computation. TE tunnel 1001
# is using the link GigabitEthernet0/6/0/33.
fast-reroute per-prefix exclude interface GigabitEthernet0/6/0/33
fast-reroute per-prefix lfa-candidate interface tunnel-te1001
!
interface GigabitEthernet0/6/0/33
point-to-point
address-family ipv4 unicast
!
The following example shows how to configure LFA FRR with configurable tie-break configuration:
router isis TEST
net 49.0001.0000.0000.0001.00
address-family ipv4 unicast
metric-style wide
fast-reroute per-prefix tiebreaker ?
downstream Prefer backup path via downstream node
lc-disjoint Prefer line card disjoint backup path
lowest-backup-metric Prefer backup path with lowest total metric
node-protecting Prefer node protecting backup path
primary-path Prefer backup path from ECMP set
secondary-path Prefer non-ECMP backup path
fast-reroute per-prefix tiebreaker lc-disjoint index ?
<1-255> Index
fast-reroute per-prefix tiebreaker lc-disjoint index 10
Sample configuration:
router isis TEST
net 49.0001.0000.0000.0001.00
address-family ipv4 unicast
metric-style wide
fast-reroute per-prefix tiebreaker downstream index 60
fast-reroute per-prefix tiebreaker lc-disjoint index 10
fast-reroute per-prefix tiebreaker lowest-backup-metric index 40
fast-reroute per-prefix tiebreaker node-protecting index 30
fast-reroute per-prefix tiebreaker primary-path index 20
fast-reroute per-prefix tiebreaker secondary-path index 50
!
interface GigabitEthernet0/6/0/13
point-to-point
address-family ipv4 unicast
fast-reroute per-prefix
!
interface GigabitEthernet0/1/0/13
point-to-point
address-family ipv4 unicast
fast-reroute per-prefix
!
interface GigabitEthernet0/3/0/0.1
point-to-point
address-family ipv4 unicast
!
interface GigabitEthernet0/3/0/0.2
point-to-point
address-family ipv4 unicast
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
60 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configure IP LDP Fast Reroute Loop Free Alternate: ExampleRelated Topics
IP LDP Fast Reroute Loop Free Alternate, on page 14
Verify IP LDP Fast Reroute Loop Free Alternate: Example
The following examples show how to verify the IP LDP FRR LFA feature on the router.
The following example shows how to verify ISIS FRR output:
RP/0/RSP0/CPU0:router#show isis fast-reroute summary
IS-IS 1 IPv4 Unicast FRR summary
Critical High Medium Low Total
Priority Priority Priority Priority
Prefixes reachable in L1
All paths protected 0 0 4 1008 1012
Some paths protected 0 0 0 0 0
Unprotected 0 0 0 0 0
Protection coverage 0.00% 0.00% 100.00% 100.00% 100.00%
Prefixes reachable in L2
All paths protected 0 0 1 0 1
Some paths protected 0 0 0 0 0
Unprotected 0 0 0 0 0
Protection coverage 0.00% 0.00% 100.00% 0.00% 100.00%
The following example shows how to verify the IGP route 211.1.1.1/24 in ISIS Fast Reroute output:
RP/0/RSP0/CPU0:router#show isis fast-reroute 211.1.1.1/24
L1 211.1.1.1/24 [40/115]
via 12.0.0.2, GigabitEthernet0/6/0/13, NORTH
FRR backup via 14.0.2.2, GigabitEthernet0/6/0/0.3, SOUTH
RP/0/RSP0/CPU0:router#show isis fast-reroute 211.1.1.1/24 detail
L1 211.1.1.1/24 [40/115] low priority
via 12.0.0.2, GigabitEthernet0/6/0/13, NORTH
FRR backup via 14.0.2.2, GigabitEthernet0/6/0/0.3, SOUTH
P: No, TM: 130, LC: No, NP: Yes, D: Yes
src sr1.00-00, 173.1.1.2
L2 adv [40] native, propagated
The following example shows how to verify the IGP route 211.1.1.1/24 in RIB output:
RP/0/RSP0/CPU0:router#show route 211.1.1.1/24
Routing entry for 211.1.1.0/24
Known via "isis 1", distance 115, metric 40, type level-1
Installed Nov 27 10:22:20.311 for 1d08h
Routing Descriptor Blocks
12.0.0.2, from 173.1.1.2, via GigabitEthernet0/6/0/13, Protected
Route metric is 40
14.0.2.2, from 173.1.1.2, via GigabitEthernet0/6/0/0.3, Backup
Route metric is 0
No advertising protos.
The following example shows how to verify the IGP route 211.1.1.1/24 in FIB output:
RP/0/RSP0/CPU0:router#show cef 211.1.1.1/24
211.1.1.0/24, version 0, internal 0x40040001 (ptr 0x9d9e1a68) [1], 0x0 \
(0x9ce0ec40), 0x4500 (0x9e2c69e4)
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 61
Implementing MPLS Label Distribution Protocol
Verify IP LDP Fast Reroute Loop Free Alternate: ExampleUpdated Nov 27 10:22:29.825
remote adjacency to GigabitEthernet0/6/0/13
Prefix Len 24, traffic index 0, precedence routine (0)
via 12.0.0.2, GigabitEthernet0/6/0/13, 0 dependencies, weight 0, class 0, \
protected [flags 0x400]
path-idx 0, bkup-idx 1 [0x9e5b71b4 0x0]
next hop 12.0.0.2
local label 16080 labels imposed {16082}
via 14.0.2.2, GigabitEthernet0/6/0/0.3, 3 dependencies, weight 0, class 0, \
backup [flags 0x300]
path-idx 1
next hop 14.0.2.2
remote adjacency
local label 16080 labels imposed {16079}
RP/0/RSP0/CPU0:router#show cef 211.1.1.1/24 detail
211.1.1.0/24, version 0, internal 0x40040001 (ptr 0x9d9e1a68) [1], 0x0 \
(0x9ce0ec40), 0x4500 (0x9e2c69e4)
Updated Nov 27 10:22:29.825
remote adjacency to GigabitEthernet0/6/0/13
Prefix Len 24, traffic index 0, precedence routine (0)
gateway array (0x9cc622f0) reference count 1158, flags 0x28000d00, source lsd \
(2),
[387 type 5 flags 0x101001 (0x9df32398) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0x9ce0ec40, sh-ldi=0x9df32398]
via 12.0.0.2, GigabitEthernet0/6/0/13, 0 dependencies, weight 0, class 0, \
protected [flags 0x400]
path-idx 0, bkup-idx 1 [0x9e5b71b4 0x0]
next hop 12.0.0.2
local label 16080 labels imposed {16082}
via 14.0.2.2, GigabitEthernet0/6/0/0.3, 3 dependencies, weight 0, class 0, \
backup [flags 0x300]
path-idx 1
next hop 14.0.2.2
remote adjacency
local label 16080 labels imposed {16079}
Load distribution: 0 (refcount 387)
Hash OK Interface Address
0 Y GigabitEthernet0/6/0/13 remote
The following example shows how to verify the IGP route 211.1.1.1/24 in MPLS LDP output:
RP/0/RSP0/CPU0:router#show mpls ldp forwarding 211.1.1.1/24
Prefix Label Label Outgoing Next Hop GR Stale
In Out Interface
---------------- ------- ---------- ------------ ------------------- -- -----
211.1.1.0/24 16080 16082 Gi0/6/0/13 12.0.0.2 Y N
16079 Gi0/6/0/0.3 14.0.2.2 (!) Y N
RP/0/RSP0/CPU0:router#show mpls ldp forwarding 211.1.1.1/24 detail
Prefix Label Label Outgoing Next Hop GR Stale
In Out Interface
---------------- ------- ---------- ------------ ------------------- -- -----
211.1.1.0/24 16080 16082 Gi0/6/0/13 12.0.0.2 Y N
[ Protected; path-id 1 backup-path-id 33;
peer 20.20.20.20:0 ]
16079 Gi0/6/0/0.3 14.0.2.2 (!) Y N
[ Backup; path-id 33; peer 40.40.40.40:0 ]
Routing update : Nov 27 10:22:19.560 (1d08h ago)
Forwarding update: Nov 27 10:22:29.060 (1d08h ago)
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
62 OL-26056-02
Implementing MPLS Label Distribution Protocol
Verify IP LDP Fast Reroute Loop Free Alternate: ExampleRelated Topics
IP LDP Fast Reroute Loop Free Alternate, on page 14
Additional References
For additional information related to Implementing MPLS Label Distribution Protocol, refer to the following
references:
Related Documents
Related Topic Document Title
MPLS Label Distribution Protocol Commands on
Cisco ASR 9000 Series Router module in the
Cisco ASR 9000 Series Aggregation Services Router
MPLS Command Reference
LDP commands on Cisco ASR 9000 Series Router
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Getting started material
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
RFCs
RFCs Title
RFC 3031 Multiprotocol Label Switching Architecture
RFC 3036 LDP Specification
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 63
Implementing MPLS Label Distribution Protocol
Additional ReferencesRFCs Title
RFC 3037 LDP Applicability
Graceful Restart Mechanism for Label Distribution
Protocol
RFC 3478
RFC 3815 Definitions of Managed Objects for MPLS LDP
Label Distribution and Management
Downstream on Demand Label Advertisement
RFC 5036
Basic Specification for IP Fast Reroute: Loop-Free
Alternates
RFC 5286
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
64 OL-26056-02
Implementing MPLS Label Distribution Protocol
Additional ReferencesC H A P T E R 2
Implementing RSVP for MPLS-TE
This module describes how to implement Resource Reservation Protocol (RSVP) for MPLS Traffic
Engineering (MPLS-TE) on Cisco ASR 9000 Series Aggregation Services Routers.
The Multiprotocol Label Switching (MPLS) is a standards-based solution, driven by the Internet Engineering
Task Force (IETF), devised to convert the Internet and IP backbones from best-effort networks into
business-class transport media.
Resource Reservation Protocol (RSVP) is a signaling protocol that enables systems to request resource
reservations from the network. RSVP processes protocol messages from other systems, processes resource
requests from local clients, and generates protocol messages. As a result, resources are reserved for data
flows on behalf of local and remote clients. RSVP creates, maintains, and deletes these resource reservations.
RSVP provides a secure method to control quality-of-service (QoS) access to a network.
MPLS Traffic Engineering (MPLS-TE) uses RSVP to signal label switched paths (LSPs).
Feature History for Implementing RSVP for MPLS-TE
Release Modification
Release 3.7.2 This feature was introduced.
Release 3.9.0 The RSVP MIB feature was added.
• Prerequisites for Implementing RSVP for MPLS-TE , page 66
• Information About Implementing RSVP for MPLS-TE , page 66
• Information About Implementing RSVP Authentication, page 71
• How to Implement RSVP, page 75
• How to Implement RSVP Authentication, page 88
• Configuration Examples for RSVP, page 104
• Configuration Examples for RSVP Authentication, page 108
• Additional References, page 110
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 65Prerequisites for Implementing RSVP for MPLS-TE
These prerequisites are required to implement RSVP for MPLS-TE :
• You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
• Either a composite mini-image plus an MPLS package, or a full image, must be installed.
Information About Implementing RSVP for MPLS-TE
To implement MPLS RSVP, you must understand the these concepts:
Related Topics
How to Implement RSVP Authentication, on page 88
Overview of RSVP for MPLS-TE
RSVP is a network control protocol that enables Internet applications to signal LSPs for MPLS-TE . The
RSVP implementation is compliant with the IETF RFC 2205, and RFC 3209.
RSVP is automatically enabled on interfaces on which MPLS-TE is configured. For MPLS-TE LSPs with
nonzero bandwidth, the RSVP bandwidth has to be configured on the interfaces. There is no need to configure
RSVP, if all MPLS-TE LSPs have zero bandwidth .
RSVP Refresh Reduction, defined in RFC 2961, includes support for reliable messages and summary refresh
messages. Reliable messages are retransmitted rapidly if the message is lost. Because each summary refresh
message contains information to refresh multiple states, this greatly reduces the amount of messaging needed
to refresh states. For refresh reduction to be used between two routers, it must be enabled on both routers.
Refresh Reduction is enabled by default.
Message rate limiting for RSVP allows you to set a maximum threshold on the rate at which RSVP messages
are sent on an interface. Message rate limiting is disabled by default.
The process that implements RSVP is restartable. A software upgrade, process placement or process failure
of RSVP or any of its collaborators, has been designed to ensure Nonstop Forwarding (NSF) of the data plane.
RSVP supports graceful restart, which is compliant with RFC 3473. It follows the procedures that apply when
the node reestablishes communication with the neighbor’s control plane within a configured restart time.
It is important to note that RSVP is not a routing protocol. RSVP works in conjunction with routing protocols
and installs the equivalent of dynamic access lists along the routes that routing protocols calculate. Because
of this, implementing RSVP in an existing network does not require migration to a new routing protocol.
Related Topics
Configuring RSVP Packet Dropping, on page 81
Set DSCP for RSVP Packets: Example, on page 107
Verifying RSVP Configuration, on page 83
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
66 OL-26056-02
Implementing RSVP for MPLS-TE
Prerequisites for Implementing RSVP for MPLS-TELSP Setup
LSP setup is initiated when the LSP head node sends path messages to the tail node (see the RSVP Operation
figure ).
Figure 7: RSVP Operation
The Path messagesreserve resources along the path to each node, creating Path softstates on each node.When
the tail node receives a path message, it sends a reservation (RESV) message with a label back to the previous
node. When the reservation message arrives at the previous node, it causes the reserved resources to be locked
and forwarding entries are programmed with the MPLS label sent from the tail-end node. A new MPLS label
is allocated and sent to the next node upstream.
When the reservation message reaches the head node, the label is programmed and the MPLS data starts to
flow along the path.
High Availability
RSVP is designed to ensure nonstop forwarding under the following constraints:
• Ability to tolerate the failure of one RP of a 1:1 redundant pair.
• Hitless software upgrade.
The RSVP high availability (HA) design followsthe constraints of the underlying architecture where processes
can fail without affecting the operation of other processes. A processfailure of RSVP or any of its collaborators
does not cause any traffic loss or cause established LSPs to go down. When RSVP restarts, it recovers its
signaling states from its neighbors. No special configuration or manual intervention are required. You may
configure RSVP graceful restart, which offers a standard mechanism to recover RSVP state information from
neighbors after a failure.
Graceful Restart
RSVP graceful restart provides a control plane mechanism to ensure high availability (HA), which allows
detection and recovery from failure conditions while preserving nonstop forwarding services on the systems
running Cisco IOS XR software.
RSVP graceful restart provides a mechanism that minimizes the negative effects on MPLS traffic caused by
these types of faults:
• Disruption of communication channels between two nodes when the communication channels are separate
from the data channels. This is called control channel failure.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 67
Implementing RSVP for MPLS-TE
LSP Setup• Control plane of a node fails but the node preservesits data forwarding states. Thisis called node failure.
The procedure for RSVP graceful restart is described in the “Fault Handling” section of RFC 3473, Generalized
MPLS Signaling, RSVP-TE Extensions. One of the main advantages of using RSVP graceful restart isrecovery
of the control plane while preserving nonstop forwarding and existing labels.
Graceful Restart: Standard and Interface-Based
When you configure RSVP graceful restart, Cisco IOS XR software sends and expects node-id address based
Hello messages (that is, Hello Request and Hello Ack messages). The RSVP graceful restart Hello session is
not established if the neighbor router does not respond with a node-id based Hello Ack message.
You can also configure graceful restart to respond (send Hello Ack messages) to interface-address based Hello
messages sent from a neighbor router in order to establish a graceful restart Hello session on the neighbor
router. If the neighbor router does not respond with node-id based Hello Ack message, however, the RSVP
graceful restart Hello session is not established.
Cisco IOS XR software provides two commands to configure graceful restart:
• signalling hello graceful-restart
• signalling hello graceful-restart interface-based
By default, graceful restart is disabled. To enable interface-based graceful restart, you must first enable
standard graceful restart. You cannot enable interface-based graceful restart independently.
Note
Related Topics
Enabling Graceful Restart, on page 78
Enable Graceful Restart: Example, on page 106
Enable Interface-Based Graceful Restart: Example, on page 106
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
68 OL-26056-02
Implementing RSVP for MPLS-TE
Graceful RestartGraceful Restart: Figure
This figure illustrates how RSVP graceful restart handles a node failure condition.
Figure 8: Node Failure with RSVP
RSVP graceful restart requires the use of RSVP hello messages. Hello messages are used between RSVP
neighbors. Each neighbor can autonomously issue a hello message containing a hello request object. A receiver
that supports the hello extension replies with a hello message containing a hello acknowledgment (ACK)
object. This means that a hello message contains either a hello Request or a hello ACK object. These two
objects have the same format.
The restart cap object indicates a node’s restart capabilities. It is carried in hello messages if the sending node
supports state recovery. The restart cap object has the following two fields:
Restart Time
Time after a lossin Hello messages within which RSVP hello session can be reestablished. It is possible
for a user to manually configure the Restart Time.
Recovery Time
Time that the sender waits for the recipient to re-synchronize states after the re-establishment of hello
messages. This value is computed and advertised based on number of states that existed before the fault
occurred.
For graceful restart, the hello messages are sent with an IP Time to Live (TTL) of 64. This is because the
destination of the hello messages can be multiple hops away. If graceful restart is enabled, hello messages
(containing the restart cap object) are send to an RSVP neighbor when RSVP states are shared with that
neighbor.
Restart cap objects are sent to an RSVP neighbor when RSVP states are shared with that neighbor. If the
neighbor replies with hello messages containing the restart cap object, the neighbor is considered to be graceful
restart capable. If the neighbor does not reply with hello messages or replies with hello messages that do not
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 69
Implementing RSVP for MPLS-TE
Graceful Restartcontain the restart cap object, RSVP backs off sending hellos to that neighbor. If graceful restart is disabled,
no hello messages (Requests or ACKs) are sent. If a hello Request message is received from an unknown
neighbor, no hello ACK is sent back.
ACL-based Prefix Filtering
RSVP provides for the configuration of extended access lists (ACLs) to forward, drop, or perform normal
processing on RSVP router-alert (RA) packets. Prefix filtering is designed for use at core access routers in
order that RA packets (identified by a source/destination address) can be seamlessly forwarded across the
core from one access point to another (or, conversely to be dropped at this node). RSVP applies prefix filtering
rules only to RA packets because RA packets contain source and destination addresses of the RSVP flow.
RA packets forwarded due to prefix filtering must not be sent as RSVP bundle messages, because bundle
messages are hop-by-hop and do not contain RA. Forwarding a Bundle message does not work, because
the node receiving the messages is expected to apply prefix filtering rules only to RA packets.
Note
For each incoming RSVP RA packet, RSVP inspectsthe IP header and attemptsto match the source/destination
IP addresses with a prefix configured in an extended ACL. The results are as follows:
• If an ACL does not exist, the packet is processed like a normal RSVP packet.
• If the ACL match yields an explicit permit (and if the packet is not locally destined), the packet is
forwarded. The IP TTL is decremented on all forwarded packets.
• If the ACL match yields an explicit deny, the packet is dropped.
If there is no explicit permit or explicit deny, the ACL infrastructure returns an implicit (default) deny. RSVP
can be configured to drop the packet. By default, RSVP processes the packet if the ACL match yields an
implicit (default) deny.
Related Topics
Configuring ACLs for Prefix Filtering, on page 80
Configure ACL-based Prefix Filtering: Example, on page 107
RSVP MIB
RFC 2206, RSVP Management Information Base Using SMIv2 defines all the SNMP MIB objects that are
relevant to RSVP. By implementing the RSVP MIB, you can perform these functions:
• Specifies two traps (NetFlow and LostFlow) which are triggered when a new flow is created or deleted.
• Lets you use SNMP to access objects belonging to RSVP.
Related Topics
Enabling RSVP Traps, on page 86
Enable RSVP Traps: Example, on page 108
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
70 OL-26056-02
Implementing RSVP for MPLS-TE
ACL-based Prefix FilteringInformation About Implementing RSVP Authentication
Before implementing RSVP authentication, you must configure a keychain first. The name of the keychain
must be the same as the one used in the keychain configuration. For more information about configuring
keychains, see Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide .
Note RSVP authentication supports only keyed-hash message authentication code (HMAC) type algorithms.
To implement RSVP authentication on Cisco IOS XR software, you must understand the following concepts:
RSVP Authentication Functions
You can carry out these tasks with RSVP authentication:
• Set up a secure relationship with a neighbor by using secret keys that are known only to you and the
neighbor.
• Configure RSVP authentication in global, interface, or neighbor configuration modes.
• Authenticate incoming messages by checking if there is a valid security relationship that is associated
based on key identifier, incoming interface, sender address, and destination address.
• Add an integrity object with message digest to the outgoing message.
• Use sequence numbers in an integrity object to detect replay attacks.
RSVP Authentication Design
Network administrators need the ability to establish a security domain to control the set ofsystemsthat initiates
RSVP requests.
The RSVP authentication feature permits neighborsin an RSVP network to use a secure hash to sign all RSVP
signaling messages digitally, thus allowing the receiver of an RSVP message to verify the sender of the
message without relying solely on the sender's IP address.
The signature is accomplished on a per-RSVP-hop basis with an RSVP integrity object in the RSVP message
as defined in RFC 2747. This method provides protection against forgery or message modification. However,
the receiver must know the security key used by the sender to validate the digital signature in the received
RSVP message.
Network administrators manually configure a common key for each RSVP neighbor on the shared network.
The following reasons explain how to choose between global, interface, or neighbor configuration modes:
• Global configuration mode is optimal when a router belongs to a single security domain (for example,
part of a set of provider core routers). A single common key set is expected to be used to authenticate
all RSVP messages.
• Interface, or neighbor configuration mode, is optimal when a router belongs to more than one security
domain. For example, a provider router is adjacent to the provider edge (PE), or a PE is adjacent to an
edge device. Different keys can be used but not shared.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 71
Implementing RSVP for MPLS-TE
Information About Implementing RSVP AuthenticationGlobal configuration mode configures the defaults for interface and neighbor interface modes. These modes,
unless explicitly configured, inherit the parameters from global configuration mode, as follows:
• Window-size is set to 1.
• Lifetime is set to 1800.
• key-source key-chain command is set to none or disabled.
Related Topics
Configuring a Lifetime for an Interface for RSVP Authentication, on page 95
RSVP Authentication by Using All the Modes: Example, on page 110
Global, Interface, and Neighbor Authentication Modes
You can configure global defaults for all authentication parameters including key, window size, and lifetime.
These defaults are inherited when you configure authentication for each neighbor or interface. However, you
can also configure these parameters individually on a neighbor or interface basis, in which case the global
values (configured or default) are no longer inherited.
RSVP uses the following rules when choosing which authentication parameter to use when that parameter
is configured at multiple levels (interface, neighbor, or global). RSVP goes from the most specific to least
specific; that is, neighbor, interface, and global.
Note
Global keys simplify the configuration and eliminate the chances of a key mismatch when receiving messages
from multiple neighbors and multiple interfaces. However, global keys do not provide the best security.
Interface keys are used to secure specific interfaces between two RSVP neighbors. Because many of the RSVP
messages are IP routed, there are many scenarios in which using interface keys are not recommended. If all
keys on the interfaces are not the same, there is a risk of a key mismatch for the following reasons:
• When the RSVP graceful restart is enabled, RSVP hello messages are sent with a source IP address of
the local router ID and a destination IP address of the neighbor router ID. Because multiple routes can
exist between the two neighbors, the RSVP hello message can traverse to different interfaces.
• When the RSVP fast reroute (FRR) is active, the RSVP Path and Resv messages can traverse multiple
interfaces.
• When Generalized Multiprotocol Label Switching (GMPLS) optical tunnels are configured, RSVP
messages are exchanged with router IDs as the source and destination IP addresses. Since multiple
control channels can exist between the two neighbors, the RSVP messages can traverse different interfaces.
Neighbor-based keys are particularly useful in a network in which some neighborssupport RSVP authentication
procedures and others do not. When the neighbor-based keys are configured for a particular neighbor, you
are advised to configure all the neighbor’s addresses and router IDs for RSVP authentication.
Related Topics
Configuring a Lifetime for RSVP Authentication in Global Configuration Mode, on page 90
RSVP Authentication Global Configuration Mode: Example, on page 108
Specifying the RSVP Authentication Keychain in Interface Mode, on page 93
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
72 OL-26056-02
Implementing RSVP for MPLS-TE
Global, Interface, and Neighbor Authentication ModesRSVP Authentication by Using All the Modes: Example, on page 110
Security Association
A security association (SA) is defined as a collection of information that is required to maintain secure
communications with a peer to counter replay attacks, spoofing, and packet corruption.
This table lists the main parameters that define a security association.
Table 2: Security Association Main Parameters
Parameter Description
src IP address of the sender.
dst IP address of the final destination.
interface Interface of the SA.
direction Send or receive type of the SA.
Expiration timer value that is used to collect unused
security association data.
Lifetime
Lastsequence number that was eithersent or accepted
(dependent of the direction type).
Sequence Number
key-source Source of keys for the configurable parameter.
Key number (returned form the key-source) that was
last used.
keyID
digest Algorithm last used (returned from the key-source).
Specifiesthe tolerance for the configurable parameter.
The parameter is applicable when the direction
parameter is the receive type.
Window Size
Specifiesthe last window size value sequence number
that is received or accepted. The parameter is
applicable when the direction parameter isthe receive
type.
Window
An SA is created dynamically when sending and receiving messagesthat require authentication. The neighbor,
source, and destination addresses are obtained either from the IP header or from an RSVP object, such as a
HOP object, and whether the message is incoming or outgoing.
When the SA is created, an expiration timer is created. When the SA authenticates a message, it is marked as
recently used. The lifetime timer periodically checks if the SA is being used. If so, the flag is cleared and is
cleaned up for the next period unless it is marked again.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 73
Implementing RSVP for MPLS-TE
Security AssociationThis table shows how to locate the source and destination address keys for an SA that is based on the message
type.
Table 3: Source and Destination Address Locations for Different Message Types
Message Type Source Address Location Destination Address Location
Path HOP object SESSION object
PathTear HOP object SESSION object
PathError HOP object IP header
Resv HOP object IP header
ResvTear HOP object IP header
ResvError HOP object IP header
ResvConfirm IP header CONFIRM object
Ack IP header IP header
Srefresh IP header IP header
Hello IP header IP header
Bundle — —
Related Topics
Specifying the Keychain for RSVP Neighbor Authentication, on page 98
RSVP Neighbor Authentication: Example, on page 109
Configuring a Lifetime for RSVP Neighbor Authentication, on page 100
RSVP Authentication Global Configuration Mode: Example, on page 108
Key-source Key-chain
The key-source key-chain is used to specify which keys to use.
You configure a list of keys with specific IDs and have different lifetimes so that keys are changed at
predetermined intervals automatically, without any disruption of service. Rollover enhances network security
by minimizing the problems that could result if an untrusted source obtained, deduced, or guessed the current
key.
RSVP handles rollover by using the following key ID types:
• On TX, use the youngest eligible key ID.
• On RX, use the key ID that is received in an integrity object.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
74 OL-26056-02
Implementing RSVP for MPLS-TE
Key-source Key-chainFor more information about implementing keychain management,see Cisco ASR 9000 Series Router System
Security Configuration Guide Cisco ASR 9000 Series Router .
Related Topics
Enabling RSVP Authentication Using the Keychain in Global Configuration Mode, on page 88
RSVP Authentication Global Configuration Mode: Example, on page 108
Specifying the Keychain for RSVP Neighbor Authentication, on page 98
RSVP Neighbor Authentication: Example, on page 109
Guidelines for Window-Size and Out-of-Sequence Messages
These guidelines are required for window-size and out-of-sequence messages:
• Default window-size is set to 1. If a single message is received out-of-sequence, RSVP rejects it and
displays a message.
• When RSVP messages are sent in burst mode (for example, tunnel optimization), some messages can
become out-of-sequence for a short amount of time.
• Window size can be increased by using the window-size command. When the window size is increased,
replay attacks can be detected with duplicate sequence numbers.
Related Topics
Configuring the Window Size for RSVP Authentication in Global Configuration Mode, on page 91
Configuring the Window Size for an Interface for RSVP Authentication, on page 96
Configuring the Window Size for RSVP Neighbor Authentication, on page 102
RSVP Authentication by Using All the Modes: Example, on page 110
RSVP Authentication for an Interface: Example, on page 109
Caveats for Out-of-Sequence
These caveats are listed for out-of-sequence:
• When RSVP messages traverse multiple interface types with different maximum transmission unit
(MTU) values, some messages can become out-of-sequence if they are fragmented.
• Packets with some IP options may be reordered.
• Change in QoS configurations may lead to a transient reorder of packets.
• QoS policies can cause a reorder of packets in a steady state.
Because all out-of-sequence messages are dropped, the sender must retransmit them. Because RSVP state
timeouts are generally long, out-of-sequence messages during a transient state do not lead to a state timeout.
How to Implement RSVP
RSVP requires coordination among several routers, establishing exchange of RSVP messages to set up LSPs.
Depending on the client application, RSVP requires some basic configuration, as described in these topics:
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 75
Implementing RSVP for MPLS-TE
Guidelines for Window-Size and Out-of-Sequence MessagesConfiguring Traffic Engineering Tunnel Bandwidth
To configure traffic engineering tunnel bandwidth, you must firstset up TE tunnels and configure the reserved
bandwidth per interface (there is no need to configure bandwidth for the data channel or the control channel).
Cisco IOS XR software supports two MPLS DS-TE modes: Prestandard and IETF.
For prestandard DS-TE you do not need to configure bandwidth for the data channel or the control channel.
There is no other specific RSVP configuration required for this application. When no RSVP bandwidth
is specified for a particular interface, you can specify zero bandwidth in the LSP setup if it is configured
under RSVP interface configuration mode or MPLS-TE configuration mode.
Note
Related Topics
Configuring a Prestandard DS-TE Tunnel, on page 176
Configuring an IETF DS-TE Tunnel Using RDM, on page 178
Configuring an IETF DS-TE Tunnel Using MAM, on page 181
Confirming DiffServ-TE Bandwidth
Perform this task to confirm DiffServ-TE bandwidth.
In RSVP global and subpools, reservable bandwidths are configured per interface to accommodate TE tunnels
on the node. Available bandwidth from all configured bandwidth pools is advertised using IGP. RSVP signals
the TE tunnel with appropriate bandwidth pool requirements.
SUMMARY STEPS
1. configure
2. rsvp
3. interface type interface-path-id
4. bandwidth total-bandwidth max-flow sub-pool sub-pool-bw
5. Use one of the following commands:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
76 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring Traffic Engineering Tunnel BandwidthDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp Enters RSVP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
interface type interface-path-id Enters interface configuration mode for the RSVP protocol.
Example:
RP/0/RSP0/CPU0:router(config-rsvp)#
Step 3
interface pos 0/2/0/0
Sets the reservable bandwidth, the maximum RSVP bandwidth
available for a flow and the sub-pool bandwidth on this interface.
bandwidth total-bandwidth max-flow sub-pool
sub-pool-bw
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)#
Step 4
bandwidth 1000 100 sub-pool 150
Step 5 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
or returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-rsvp-if)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 77
Implementing RSVP for MPLS-TE
Confirming DiffServ-TE BandwidthCommand or Action Purpose
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Related Topics
Differentiated Services Traffic Engineering, on page 127
Bandwidth Configuration (MAM): Example, on page 104
Bandwidth Configuration (RDM): Example, on page 105
Enabling Graceful Restart
Perform this task to enable graceful restart for implementations using both node-id and interface-based hellos.
RSVP graceful restart provides a control plane mechanism to ensure high availability, which allows detection
and recovery from failure conditions while preserving nonstop forwarding services.
SUMMARY STEPS
1. configure
2. rsvp
3. signalling graceful-restart
4. signalling graceful-restart interface-based
5. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
78 OL-26056-02
Implementing RSVP for MPLS-TE
Enabling Graceful RestartCommand or Action Purpose
rsvp Enters the RSVP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
signalling graceful-restart Enables the graceful restart process on the node.
Example:
RP/0/RSP0/CPU0:router(config-rsvp)#
Step 3
signalling graceful-restart
signalling graceful-restart interface-based Enables interface-based graceful restart process on the node.
Example:
RP/0/RSP0/CPU0:router(config-rsvp)#
Step 4
signalling graceful-restart
interface-based
Step 5 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-rsvp)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Graceful Restart: Standard and Interface-Based, on page 68
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 79
Implementing RSVP for MPLS-TE
Enabling Graceful RestartEnable Graceful Restart: Example, on page 106
Enable Interface-Based Graceful Restart: Example, on page 106
Configuring ACL-based Prefix Filtering
Two procedures are provided to show how RSVP Prefix Filtering is associated:
• Configuring ACLs for Prefix Filtering, on page 80
• Configuring RSVP Packet Dropping, on page 81
Configuring ACLs for Prefix Filtering
Perform this task to configure an extended access list ACL that identifies the source and destination prefixes
used for packet filtering.
Note The extended ACL needs to be configured separately using extended ACL configuration commands.
SUMMARY STEPS
1. configure
2. rsvp
3. signalling prefix-filtering access-list
4. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp Enters the RSVP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
80 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring ACL-based Prefix FilteringCommand or Action Purpose
signalling prefix-filtering access-list Enter an extended access list name as a string.
Example:
RP/0/RSP0/CPU0:router(config-rsvp)#
Step 3
signalling prefix-filtering access-list
banks
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-rsvp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Related Topics
ACL-based Prefix Filtering, on page 70
Configure ACL-based Prefix Filtering: Example, on page 107
Configuring RSVP Packet Dropping
Perform this task to configure RSVP to drop RA packets when the ACL match returns an implicit (default)
deny.
The default behavior performs normal RSVP processing on RA packets when the ACL match returns an
implicit (default) deny.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 81
Implementing RSVP for MPLS-TE
Configuring ACL-based Prefix FilteringSUMMARY STEPS
1. configure
2. rsvp
3. signalling prefix-filtering default-deny-action
4. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp Enters the RSVP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
signalling prefix-filtering default-deny-action Drops RA messages.
Example:
RP/0/RSP0/CPU0:router(config-rsvp)#
Step 3
signalling prefix-filtering
default-deny-action
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-rsvp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
82 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring ACL-based Prefix FilteringCommand or Action Purpose
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Related Topics
Overview of RSVP for MPLS-TE , on page 66
Set DSCP for RSVP Packets: Example, on page 107
Verifying RSVP Configuration
This figure illustrates the topology.
Figure 9: Sample Topology
Perform the following steps to verify RSVP configuration.
SUMMARY STEPS
1. show rsvp session
2. show rsvp counters messages summary
3. show rsvp counters events
4. show rsvp interface type interface-path-id [detail]
5. show rsvp graceful-restart
6. show rsvp graceful-restart [neighbors ip-address | detail]
7. show rsvp interface
8. show rsvp neighbor
DETAILED STEPS
Step 1 show rsvp session
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 83
Implementing RSVP for MPLS-TE
Verifying RSVP ConfigurationVerifiesthat all routers on the path of the LSP are configured with at least one Path State Block (PSB) and one Reservation
State Block (RSB) per session.
Example:
RP/0/RSP0/CPU0:router# show rsvp session
Type Destination Add DPort Proto/ExtTunID PSBs RSBs Reqs
---- --------------- ----- --------------- ----- ----- ----- LSP4
172.16.70.70 6 10.51.51.51 1 1 0
In the example , the output represents an LSP from ingress (head) router 10.51.51.51 to egress (tail) router 172.16.70.70.
The tunnel ID (also called the destination port) is 6.
Example:
If no states can be found for a session that should be up, verify the
application (for example, MPLS-TE ) to see if
everything is in order. If a session has one PSB but no RSB, this indicates
that either the Path message is not making it to the egress (tail) router or
the reservation message is not making it back to the router R1 in question.
Go to the downstream router R2 and display the session information:
Example:
If R2 has no PSB, either the path message is not making it to the
router or the path message is being rejected (for example, due to lack of
resources). If R2 has a PSB but no RSB, go to the next downstream router R3
to investigate. If R2 has a PSB and an RSB, this means the reservation is
not making it from R2 to R1 or is being rejected.
Step 2 show rsvp counters messages summary
Verifies whether the RSVP message is being transmitted and received.
Example:
RP/0/RSP0/CPU0:router# show rsvp counters messages summary
All RSVP Interfaces Recv Xmit Recv Xmit Path 0 25
Resv 30 0 PathError 0 0 ResvError 0 1 PathTear 0 30 ResvTear 12 0
ResvConfirm 0 0 Ack 24 37 Bundle 0 Hello 0 5099 SRefresh 8974 9012
OutOfOrder 0 Retransmit 20 Rate Limited 0
Step 3 show rsvp counters events
Verifies how many RSVP states have expired. Because RSVP uses a soft-state mechanism, some failures will lead to
RSVP states to expire due to lack of refresh from the neighbor.
Example:
RP/0/RSP0/CPU0:router# show rsvp counters events
mgmtEthernet0/0/0/0 tunnel6 Expired Path states 0 Expired
Path states 0 Expired Resv states 0 Expired Resv states 0 NACKs received 0
NACKs received 0 POS0/3/0/0 POS0/3/0/1 Expired
Path states 0 Expired Path states 0 Expired Resv states 0 Expired Resv
states 0 NACKs received 0 NACKs received 0 POS0/3/0/2
POS0/3/0/3 Expired Path states 0 Expired Path
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
84 OL-26056-02
Implementing RSVP for MPLS-TE
Verifying RSVP Configurationstates 0 Expired Resv states 0 Expired Resv states 1 NACKs received 0 NACKs
received 1
Step 4 show rsvp interface type interface-path-id [detail]
Verifies that refresh reduction is working on a particular interface.
Example:
RP/0/RSP0/CPU0:router# show rsvp interface pos0/3/0/3 detail
INTERFACE: POS0/3/0/3 (ifh=0x4000D00). BW
(bits/sec): Max=1000M. MaxFlow=1000M. Allocated=1K (0%). MaxSub=0.
Signalling: No DSCP marking. No rate limiting. States in: 1. Max missed
msgs: 4. Expiry timer: Running (every 30s). Refresh interval: 45s. Normal
Refresh timer: Not running. Summary refresh timer: Running. Refresh
reduction local: Enabled. Summary Refresh: Enabled (4096 bytes max).
Reliable summary refresh: Disabled. Ack hold: 400 ms, Ack max size: 4096
bytes. Retransmit: 900ms. Neighbor information: Neighbor-IP Nbor-MsgIds
States-out Refresh-Reduction Expiry(min::sec) -------------- --------------
---------- ------------------ ---------------- 64.64.64.65 1 1 Enabled
14::45
Step 5 show rsvp graceful-restart
Verifies that graceful restart is enabled locally.
Example:
RP/0/RSP0/CPU0:router# show rsvp graceful-restart
Graceful restart: enabled Number of global
neighbors: 1 Local MPLS router id: 10.51.51.51 Restart time: 60 seconds
Recovery time: 0 seconds Recovery timer: Not running Hello interval: 5000
milliseconds Maximum Hello miss-count: 3
Step 6 show rsvp graceful-restart [neighbors ip-address | detail]
Verifies that graceful restart is enabled on the neighbor(s). These examples show that neighbor 192.168.60.60 is not
responding to hello messages.
Example:
RP/0/RSP0/CPU0:router# show rsvp graceful-restart neighbors 192.168.60.60
Neighbor App State Recovery Reason
Since LostCnt --------------- ----- ------ -------- ------------
-------------------- -------- 192.168.60.60 MPLS INIT DONE N/A 12/06/2003
19:01:49 0
RP/0/RSP0/CPU0:router# show rsvp graceful-restart neighbors detail
Neighbor: 192.168.60.60 Source: 10.51.51.51
(MPLS) Hello instance for application MPLS Hello State: INIT (for 3d23h)
Number of times communications with neighbor lost: 0 Reason: N/A Recovery
State: DONE Number of Interface neighbors: 1 address: 10.64.64.65 Restart
time: 0 seconds Recovery time: 0 seconds Restart timer: Not running Recovery
timer: Not running Hello interval: 5000 milliseconds Maximum allowed missed
Hello messages: 3
Step 7 show rsvp interface
Verifies the available RSVP bandwidth.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 85
Implementing RSVP for MPLS-TE
Verifying RSVP ConfigurationExample:
RP/0/RSP0/CPU0:router# show rsvp interface
Interface MaxBW MaxFlow Allocated MaxSub -----------
-------- -------- --------------- -------- Et0/0/0/0 0 0 0 ( 0%) 0 PO0/3/0/0
1000M 1000M 0 ( 0%) 0 PO0/3/0/1 1000M 1000M 0 ( 0%) 0 PO0/3/0/2 1000M 1000M
0 ( 0%) 0 PO0/3/0/3 1000M 1000M 1K ( 0%) 0
Step 8 show rsvp neighbor
Verifies the RSVP neighbors.
Example:
RP/0/RSP0/CPU0:router# show rsvp neighbor detail
Global Neighbor: 40.40.40.40 Interface Neighbor: 1.1.1.1
Interface: POS0/0/0/0 Refresh Reduction: "Enabled" or "Disabled". Remote
epoch: 0xXXXXXXXX Out of order messages: 0 Retransmitted messages: 0
Interface Neighbor: 2.2.2.2 Interface: POS0/1/0/0 Refresh Reduction:
"Enabled" or "Disabled". Remote epoch: 0xXXXXXXXX Out of order messages: 0
Retransmitted messages: 0
Related Topics
Overview of RSVP for MPLS-TE , on page 66
Enabling RSVP Traps
With the exception of the RSVP MIB traps, no action is required to activate the MIBs. This MIB feature is
automatically enabled when RSVP is turned on; however, RSVP traps must be enabled.
Perform this task to enable all RSVP MIB traps, NewFlow traps, and LostFlow traps.
SUMMARY STEPS
1. configure
2. snmp-server traps rsvp lost-flow
3. snmp-server traps rsvp new-flow
4. snmp-server traps rsvp all
5. Use one of these commands:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
86 OL-26056-02
Implementing RSVP for MPLS-TE
Enabling RSVP TrapsDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
snmp-server traps rsvp lost-flow Sends RSVP notifications to enable RSVP LostFlow traps.
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
Step 2
traps rsvp lost-flow
snmp-server traps rsvp new-flow Sends RSVP notifications to enable RSVP NewFlow traps.
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
Step 3
traps rsvp new-flow
snmp-server traps rsvp all Sends RSVP notifications to enable all RSVP MIB traps.
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
Step 4
traps rsvp all
Step 5 Use one of these commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 87
Implementing RSVP for MPLS-TE
Enabling RSVP TrapsCommand or Action Purpose
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
RSVP MIB, on page 70
Enable RSVP Traps: Example, on page 108
How to Implement RSVP Authentication
There are three types of RSVP authentication modes—global, interface, and neighbor. These topics describe
how to implement RSVP authentication for each mode:
Configuring Global Configuration Mode RSVP Authentication
These tasks describe how to configure RSVP authentication in global configuration mode:
Enabling RSVP Authentication Using the Keychain in Global Configuration Mode
Perform this task to enable RSVP authentication for cryptographic authentication by specifying the keychain
in global configuration mode.
You must configure a keychain before completing this task (see Cisco ASR 9000 Series Aggregation
Services Router System Security Configuration Guide ).
Note
SUMMARY STEPS
1. configure
2. rsvp authentication
3. key-source key-chain key-chain-name
4. Use one of the following commands:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
88 OL-26056-02
Implementing RSVP for MPLS-TE
How to Implement RSVP AuthenticationDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp authentication Enters RSVP authentication configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
authentication
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
Specifies the source of the key information to authenticate RSVP
signaling messages.
key-source key-chain key-chain-name
Example:
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
Step 3
key-chain-name
Name of the keychain. The maximum number of charactersis 32.
key-source key-chain mpls-keys
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
or the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 89
Implementing RSVP for MPLS-TE
Configuring Global Configuration Mode RSVP AuthenticationRelated Topics
Key-source Key-chain, on page 74
RSVP Authentication Global Configuration Mode: Example, on page 108
Configuring a Lifetime for RSVP Authentication in Global Configuration Mode
Perform this task to configure a lifetime value for RSVP authentication in global configuration mode.
SUMMARY STEPS
1. configure
2. rsvp authentication
3. life-time seconds
4. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp authentication Enters RSVP authentication configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
authentication
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
Controls how long RSVP maintains security associations with other
trusted RSVP neighbors.
life-time seconds
Example:
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
Step 3
seconds
Length of time (in seconds) that RSVP maintains idle security
associations with other trusted RSVP neighbors. Range is from
30 to 86400. The default value is 1800.
life-time 2000
Step 4 Use one of the following commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
90 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring Global Configuration Mode RSVP AuthenticationCommand or Action Purpose
• When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Related Topics
Global, Interface, and Neighbor Authentication Modes, on page 72
RSVP Authentication Global Configuration Mode: Example, on page 108
Configuring the Window Size for RSVP Authentication in Global Configuration Mode
Perform this task to configure the window size for RSVP authentication in global configuration mode.
SUMMARY STEPS
1. configure
2. rsvp authentication
3. window-size N
4. Use one of the following commands:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 91
Implementing RSVP for MPLS-TE
Configuring Global Configuration Mode RSVP AuthenticationDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp authentication Enters RSVP authentication configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
authentication
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
Specifies the maximum number of RSVP authenticated messages that
can be received out-of-sequence.
window-size N
Example:
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
Step 3
N
Size of the window to restrict out-of-sequence messages. The
range is from 1 to 64. The default value is 1, in which case all
out-of-sequence messages are dropped.
window-size 33
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
or the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
• Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
92 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring Global Configuration Mode RSVP AuthenticationRelated Topics
Guidelines for Window-Size and Out-of-Sequence Messages, on page 75
RSVP Authentication by Using All the Modes: Example, on page 110
RSVP Authentication for an Interface: Example, on page 109
Configuring an Interface for RSVP Authentication
These tasks describe how to configure an interface for RSVP authentication:
Specifying the RSVP Authentication Keychain in Interface Mode
Perform this task to specify RSVP authentication keychain in interface mode.
You must configure a keychain first (see Cisco ASR 9000 Series Aggregation Services Router System Security
Configuration Guide ).
SUMMARY STEPS
1. configure
2. rsvp interface type interface-path-id
3. authentication
4. key-source key-chain key-chain-name
5. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp interface type interface-path-id Enters RSVP interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
interface POS 0/2/1/0
RP/0/RSP0/CPU0:router(config-rsvp-if)#
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 93
Implementing RSVP for MPLS-TE
Configuring an Interface for RSVP AuthenticationCommand or Action Purpose
authentication Enters RSVP authentication configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)#
Step 3
authentication
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
Specifies the source of the key information to authenticate RSVP
signaling messages.
key-source key-chain key-chain-name
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
Step 4
key-chain-name
Name of the keychain. The maximum number of characters
is 32.
key-source key-chain mpls-keys
Step 5 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
or returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Global, Interface, and Neighbor Authentication Modes, on page 72
RSVP Authentication by Using All the Modes: Example, on page 110
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
94 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring an Interface for RSVP AuthenticationConfiguring a Lifetime for an Interface for RSVP Authentication
Perform this task to configure a lifetime for the security association for an interface.
SUMMARY STEPS
1. configure
2. rsvp interface type interface-path-id
3. authentication
4. life-time seconds
5. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp interface type interface-path-id Enters RSVP interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
interface POS 0/2/1/0
RP/0/RSP0/CPU0:router(config-rsvp-if)#
authentication Enters RSVP authentication configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)#
Step 3
authentication
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
Controls how long RSVP maintains security associations with other
trusted RSVP neighbors.
life-time seconds
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
Step 4
seconds
Length of time (in seconds) that RSVP maintainsidle security
associations with other trusted RSVP neighbors. Range isfrom
30 to 86400. The default value is 1800.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 95
Implementing RSVP for MPLS-TE
Configuring an Interface for RSVP AuthenticationCommand or Action Purpose
life-time 2000
Step 5 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
or returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
RSVP Authentication Design, on page 71
RSVP Authentication by Using All the Modes: Example, on page 110
Configuring the Window Size for an Interface for RSVP Authentication
Perform this task to configure the window size for an interface for RSVP authentication to check the validity
of the sequence number received.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
96 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring an Interface for RSVP AuthenticationSUMMARY STEPS
1. configure
2. rsvp interface type interface-path-d
3. authentication
4. window-size N
5. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp interface type interface-path-d Enters RSVP interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
interface POS 0/2/1/0
RP/0/RSP0/CPU0:router(config-rsvp-if)#
authentication Enters RSVP interface authentication configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)#
Step 3
authentication
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
Specifies the maximum number of RSVP authenticated messages
that can be received out-of-sequence.
window-size N
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
Step 4
N
Size of the window to restrict out-of-sequence messages. The
range is from 1 to 64. The default value is 1, in which case all
out-of-sequence messages are dropped.
window-size 33
Step 5 Use one of the following commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 97
Implementing RSVP for MPLS-TE
Configuring an Interface for RSVP AuthenticationCommand or Action Purpose
• When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• end
• commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Guidelines for Window-Size and Out-of-Sequence Messages, on page 75
RSVP Authentication by Using All the Modes: Example, on page 110
RSVP Authentication for an Interface: Example, on page 109
Configuring RSVP Neighbor Authentication
These tasks describe how to configure the RSVP neighbor authentication:
• Specifying the Keychain for RSVP Neighbor Authentication, on page 98
• Configuring a Lifetime for RSVP Neighbor Authentication, on page 100
• Configuring the Window Size for RSVP Neighbor Authentication, on page 102
Specifying the Keychain for RSVP Neighbor Authentication
Perform this task to specify the keychain RSVP neighbor authentication.
You must configure a keychain first (see Cisco ASR 9000 Series Aggregation Services Router System Security
Configuration Guide ).
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
98 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring RSVP Neighbor AuthenticationSUMMARY STEPS
1. configure
2. rsvp neighbor IP-address authentication
3. key-source key-chain key-chain-name
4. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters neighbor authentication configuration mode. Use the rsvp
neighbor command to activate RSVP cryptographic authentication
for a neighbor.
rsvp neighbor IP-address authentication
Example:
RP/0/RSP0/CPU0:router(config)# rsvp neighbor
Step 2
IP address
1.1.1.1 authentication
IP address of the neighbor. A single IP address for a specific
neighbor; usually one of the neighbor's physical or logical
(loopback) interfaces.
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
authentication
Configures the RSVP authentication parameters.
Specifies the source of the key information to authenticate RSVP
signaling messages.
key-source key-chain key-chain-name
Example:
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
Step 3
key-chain-name
Name of the keychain. The maximum number of characters
is 32.
key-source key-chain mpls-keys
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 99
Implementing RSVP for MPLS-TE
Configuring RSVP Neighbor AuthenticationCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
or
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
commit ? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Key-source Key-chain, on page 74
Security Association, on page 73
RSVP Neighbor Authentication: Example, on page 109
Configuring a Lifetime for RSVP Neighbor Authentication
Perform this task to configure a lifetime for security association for RSVP neighbor authentication mode.
SUMMARY STEPS
1. configure
2. rsvp neighbor IP-address authentication
3. life-time seconds
4. Use one of the following commands:
• end
• commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
100 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring RSVP Neighbor AuthenticationDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters RSVP neighbor authentication configuration mode. Use the
rsvp neighbor command to specify a neighbor under RSVP.
rsvp neighbor IP-address authentication
Example:
RP/0/RSP0/CPU0:router(config)# rsvp neighbor
Step 2
IP address
IP address of the neighbor. A single IP address for a specific
neighbor; usually one of the neighbor's physical or logical
(loopback) interfaces.
1.1.1.1 authentication
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
authentication
Configures the RSVP authentication parameters.
Controls how long RSVP maintains security associations with other
trusted RSVP neighbors. The argument specifies the
life-time seconds
Example:
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
Step 3
seconds
Length of time (in seconds) that RSVP maintainsidle security
associations with other trusted RSVP neighbors. Range is
from 30 to 86400. The default value is 1800.
life-time 2000
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
or returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 101
Implementing RSVP for MPLS-TE
Configuring RSVP Neighbor AuthenticationCommand or Action Purpose
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Security Association, on page 73
RSVP Authentication Global Configuration Mode: Example, on page 108
Configuring the Window Size for RSVP Neighbor Authentication
Perform this task to configure the RSVP neighbor authentication window size to check the validity of the
sequence number received.
SUMMARY STEPS
1. configure
2. rsvp neighbor IP address authentication
3. window-size N
4. Use one of the following commands:
• end
• commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters RSVP neighbor authentication configuration mode. Use the
rsvp neighbor command to specify a neighbor under RSVP.
rsvp neighbor IP address authentication
Example:
RP/0/RSP0/CPU0:router(config)# rsvp neighbor
Step 2
IP address
IP address of the neighbor. A single IP address for a specific
neighbor; usually one of the neighbor's physical or logical
(loopback) interfaces.
1.1.1.1 authentication
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
102 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring RSVP Neighbor AuthenticationCommand or Action Purpose
authentication
Configures the RSVP authentication parameters.
Specifies the maximum number of RSVP authenticated messages
that is received out-of-sequence.
window-size N
Example:
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
window-size 33
Step 3
N
Size of the window to restrict out-of-sequence messages. The
range is from 1 to 64. The default value is 1, in which case all
out-of-sequence messages are dropped.
Step 4 Use one of the following commands: Saves configuration changes.
• end • When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
• commit
Example:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
RP/0/RSP0/CPU0:router
(config-rsvp-nbor-auth)# end
or
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
RP/0/RSP0/CPU0:router configuration changes.
(config-rsvp-nbor-auth)# commit
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
• Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Guidelines for Window-Size and Out-of-Sequence Messages, on page 75
RSVP Authentication by Using All the Modes: Example, on page 110
RSVP Authentication for an Interface: Example, on page 109
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 103
Implementing RSVP for MPLS-TE
Configuring RSVP Neighbor AuthenticationVerifying the Details of the RSVP Authentication
To display the security associations that RSVP has established with other RSVP neighbors, use the show rsvp
authentication command.
Eliminating Security Associations for RSVP Authentication
To eliminate RSVP authentication SA’s, use the clear rsvp authentication command. To eliminate RSVP
counters for each SA, use the clear rsvp counters authentication command.
Configuration Examples for RSVP
Sample RSVP configurations are provided for some of the supported RSVP features.
• Bandwidth Configuration (Prestandard): Example, on page 104
• Bandwidth Configuration (MAM): Example, on page 104
• Bandwidth Configuration (RDM): Example, on page 105
• Refresh Reduction and Reliable Messaging Configuration: Examples, on page 105
• Configure Graceful Restart: Examples, on page 106
• Configure ACL-based Prefix Filtering: Example, on page 107
• Set DSCP for RSVP Packets: Example, on page 107
• Enable RSVP Traps: Example, on page 108
Bandwidth Configuration (Prestandard): Example
The example shows the configuration of bandwidth on an interface using prestandard DS-TE mode. The
example configures an interface for a reservable bandwidth of 7500, specifies the maximum bandwidth for
one flow to be 1000 and adds a sub-pool bandwidth of 2000.
rsvp interface pos 0/3/0/0
bandwidth 7500 1000 sub-pool 2000
Bandwidth Configuration (MAM): Example
The example shows the configuration of bandwidth on an interface using MAM. The example shows how to
limit the total of all RSVP reservations on POS interface 0/3/0/0 to 7500 kbps, and allows each single flow
to reserve no more than 1000 kbps.
rsvp interface pos 0/3/0/0
bandwidth mam 7500 1000
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
104 OL-26056-02
Implementing RSVP for MPLS-TE
Verifying the Details of the RSVP AuthenticationRelated Topics
Confirming DiffServ-TE Bandwidth, on page 76
Differentiated Services Traffic Engineering, on page 127
Bandwidth Configuration (RDM): Example
The example shows the configuration of bandwidth on an interface using RDM. The example shows how to
limit the total of all RSVP reservations on POS interface 0/3/0/0 to 7500 kbps, and allows each single flow
to reserve no more than 1000 kbps.
rsvp interface pos 0/3/0/0
bandwidth rdm 7500 1000
Related Topics
Confirming DiffServ-TE Bandwidth, on page 76
Differentiated Services Traffic Engineering, on page 127
Refresh Reduction and Reliable Messaging Configuration: Examples
Refresh reduction feature as defined by RFC 2961 issupported and enabled by default. The examplesillustrate
the configuration for the refresh reduction feature. Refresh reduction is used with a neighbor only if the
neighbor supports it also.
Refresh Interval and the Number of Refresh Messages Configuration: Example
The example shows how to configure the refresh interval to 30 seconds on POS 0/3/0/0 and how to change
the number of refresh messages the node can miss before cleaning up the state from the default value of 4 to
6.
rsvp interface pos 0/3/0/0
signalling refresh interval 30
signalling refresh missed 6
Retransmit Time Used in Reliable Messaging Configuration: Example
The example shows how to set the retransmit timer to 2 seconds. To prevent unnecessary retransmits, the
retransmit time value configured on the interface must be greater than the ACK hold time on its peer.
rsvp interface pos 0/4/0/1
signalling refresh reduction reliable retransmit-time 2000
Acknowledgement Times Configuration: Example
The example shows how to change the acknowledge hold time from the default value of 400 ms, to delay or
speed up sending of ACKs, and the maximum acknowledgment message size from default size of 4096 bytes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 105
Implementing RSVP for MPLS-TE
Bandwidth Configuration (RDM): ExampleThe example shows how to change the acknowledge hold time from the default value of 400 ms and how to
delay or speed up sending of ACKs. The maximum acknowledgment message default size is from 4096 bytes.
rsvp interface pos 0/4/0/1
signalling refresh reduction reliable ack-hold-time 1000
rsvp interface pos 0/4/0/1
signalling refresh reduction reliable ack-max-size 1000
Ensure retransmit time on the peers’ interface is at least twice the amount of the ACK hold time to prevent
unnecessary retransmissions.
Note
Summary Refresh Message Size Configuration: Example
The example shows how to set the summary refresh message maximum size to 1500 bytes.
rsvp interface pos 0/4/0/1
signalling refresh reduction summary max-size 1500
Disable Refresh Reduction: Example
If the peer node does notsupport refresh reduction, or for any other reason you want to disable refresh reduction
on an interface, the example shows how to disable refresh reduction on that interface.
rsvp interface pos 0/4/0/1
signalling refresh reduction disable
Configure Graceful Restart: Examples
RSVP graceful restart is configured globally or per interface (as are refresh-related parameters). These examples
show how to enable graceful restart, set the restart time, and change the hello message interval.
Enable Graceful Restart: Example
The example shows how to enable the RSVP graceful restart by default. If disabled, enable it with the following
command.
rsvp signalling graceful-restart
Related Topics
Enabling Graceful Restart, on page 78
Graceful Restart: Standard and Interface-Based, on page 68
Enable Interface-Based Graceful Restart: Example
The example shows how to enable the RSVP graceful restart feature on an interface.
signalling hello graceful-restart interface-based
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
106 OL-26056-02
Implementing RSVP for MPLS-TE
Configure Graceful Restart: ExamplesRelated Topics
Enabling Graceful Restart, on page 78
Graceful Restart: Standard and Interface-Based, on page 68
Change the Restart-Time: Example
The example shows how to change the restart time that is advertised in hello messages sent to neighbor nodes.
rsvp signalling graceful-restart restart-time 200
Change the Hello Interval: Example
The example shows how to change the interval at which RSVP graceful restart hello messages are sent per
neighbor, and change the number of hellos missed before the neighbor is declared down.
rsvp signalling hello graceful-restart refresh interval 4000
rsvp signalling hello graceful-restart refresh misses 4
Configure ACL-based Prefix Filtering: Example
The example shows when RSVP receives a Router Alert (RA) packet from source address 1.1.1.1 and 1.1.1.1
is not a local address. The packet is forwarded with IP TTL decremented. Packets destined to 2.2.2.2 are
dropped. All other RA packets are processed as normal RSVP packets.
show run ipv4 access-list
ipv4 access-list rsvpacl
10 permit ip host 1.1.1.1 any
20 deny ip any host 2.2.2.2
!
show run rsvp
rsvp
signalling prefix-filtering access-list rsvpacl
!
Related Topics
Configuring ACLs for Prefix Filtering, on page 80
ACL-based Prefix Filtering, on page 70
Set DSCP for RSVP Packets: Example
The configuration example setsthe Differentiated Services Code Point (DSCP) field in the IP header of RSVP
packets.
rsvp interface pos0/2/0/1
signalling dscp 20
Related Topics
Configuring RSVP Packet Dropping, on page 81
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 107
Implementing RSVP for MPLS-TE
Configure ACL-based Prefix Filtering: ExampleOverview of RSVP for MPLS-TE , on page 66
Enable RSVP Traps: Example
The example enables the router to send all RSVP traps:
configure
snmp-server traps rsvp all
The example enables the router to send RSVP LostFlow traps:
configure
snmp-server traps rsvp lost-flow
The example enables the router to send RSVP RSVP NewFlow traps:
configure
snmp-server traps rsvp new-flow
Related Topics
Enabling RSVP Traps, on page 86
RSVP MIB, on page 70
Configuration Examples for RSVP Authentication
These configuration examples are used for RSVP authentication:
• RSVP Authentication Global Configuration Mode: Example, on page 108
• RSVP Authentication for an Interface: Example, on page 109
• RSVP Neighbor Authentication: Example, on page 109
• RSVP Authentication by Using All the Modes: Example, on page 110
RSVP Authentication Global Configuration Mode: Example
The configuration example enables authentication of all RSVP messages and increases the default lifetime of
the SAs.
rsvp
authentication
key-source key-chain default_keys
life-time 3600
!
!
Note The specified keychain (default_keys) must exist and contain valid keys, or signaling will fail.
Related Topics
Enabling RSVP Authentication Using the Keychain in Global Configuration Mode, on page 88
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
108 OL-26056-02
Implementing RSVP for MPLS-TE
Enable RSVP Traps: ExampleKey-source Key-chain, on page 74
Configuring a Lifetime for RSVP Authentication in Global Configuration Mode, on page 90
Global, Interface, and Neighbor Authentication Modes, on page 72
Configuring a Lifetime for RSVP Neighbor Authentication, on page 100
Security Association, on page 73
RSVP Authentication for an Interface: Example
The configuration example enables authentication of all RSVP messages that are being sent or received on
one interface only, and sets the window-size of the SAs.
rsvp
interface GigabitEthernet0/6/0/0
authentication
window-size 64
!
!
Because the key-source keychain configuration is not specified, the global authentication mode keychain
is used and inherited. The global keychain must exist and contain valid keys or signaling fails.
Note
Related Topics
Configuring the Window Size for RSVP Authentication in Global Configuration Mode, on page 91
Configuring the Window Size for an Interface for RSVP Authentication, on page 96
Configuring the Window Size for RSVP Neighbor Authentication, on page 102
Guidelines for Window-Size and Out-of-Sequence Messages, on page 75
RSVP Neighbor Authentication: Example
The configuration example enables authentication of all RSVP messages that are being sent to and received
from only a particular IP address.
rsvp
neighbor 10.0.0.1
authentication
key-source key-chain nbr_keys
!
!
!
Related Topics
Specifying the Keychain for RSVP Neighbor Authentication, on page 98
Key-source Key-chain, on page 74
Security Association, on page 73
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 109
Implementing RSVP for MPLS-TE
RSVP Authentication for an Interface: ExampleRSVP Authentication by Using All the Modes: Example
The configuration example shows how to perform the following functions:
• Authenticates all RSVP messages.
• Authenticates the RSVP messages to or from 10.0.0.1 by setting the keychain for the key-source
key-chain command to nbr_keys, SA lifetime is set to 3600, and the default window-size is set to 1.
• Authenticates the RSVP messages not to or from 10.0.0.1 by setting the keychain for the key-source
key-chain command to default_keys, SA lifetime is set to 3600, and the window-size is set 64 when
using GigabitEthernet0/6/0/0; otherwise, the default value of 1 is used.
rsvp
interface GigabitEthernet0/6/0/0
authentication
window-size 64
!
!
neighbor 10.0.0.1
authentication
key-source key-chain nbr_keys
!
!
authentication
key-source key-chain default_keys
life-time 3600
!
!
If a keychain does not exist or contain valid keys, this is considered a configuration error because signaling
fails. However, this can be intended to preventsignaling. For example, when using the above configuration,
if the nbr_keys does not contain valid keys, all signaling with 10.0.0.1 fails.
Note
Related Topics
Configuring the Window Size for RSVP Authentication in Global Configuration Mode, on page 91
Configuring the Window Size for an Interface for RSVP Authentication, on page 96
Configuring the Window Size for RSVP Neighbor Authentication, on page 102
Guidelines for Window-Size and Out-of-Sequence Messages, on page 75
Specifying the RSVP Authentication Keychain in Interface Mode, on page 93
Global, Interface, and Neighbor Authentication Modes, on page 72
Configuring a Lifetime for an Interface for RSVP Authentication, on page 95
RSVP Authentication Design, on page 71
Additional References
These references are related to implementing MPLS RSVP:
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
110 OL-26056-02
Implementing RSVP for MPLS-TE
RSVP Authentication by Using All the Modes: ExampleRelated Documents
Related Topic Document Title
RSVP Infrastructure Commands on Cisco ASR 9000
Series Router module in Cisco ASR 9000 Series
Aggregation Services Router MPLS Command
Reference
Cisco IOS XR MPLS RSVP commands
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Getting started material
Configuring AAA Services on Cisco ASR 9000 Series
Router module in
Information about user groups and task IDs
Standards
Standard Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu:
http://cisco.com/public/sw-center/netmgmt/cmtk/
mibs.shtml
—
RFCs
RFCs Title
Resource Reservation Protocol Version 1 Functional
Specification
RFC 2205
RFC 2206 RSVP Management Information Base using SMIv2
RFC 2747 RSVP Cryptographic Authentication
RFC 2961 RSVP Refresh Overhead Reduction Extensions
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 111
Implementing RSVP for MPLS-TE
Additional ReferencesRFCs Title
RFC 3209 RSVP-TE: Extensions to RSVP for LSP Tunnels
RFC 3473 Generalized MPLS Signaling, RSVP-TE Extensions
RFC 4090 Fast Reroute Extensionsto RSVP-TE for LSP Tunnels
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
112 OL-26056-02
Implementing RSVP for MPLS-TE
Additional ReferencesC H A P T E R 3
Implementing MPLS Forwarding
This module describes how to implement MPLS Forwarding on Cisco ASR 9000 Series Aggregation Services
Routers.
All Multiprotocol Label Switching (MPLS) features require a core set of MPLS label management and
forwarding services; the MPLS Forwarding Infrastructure (MFI) supplies these services.
Feature History for Implementing MPLS-TE
Release Modification
Release 3.7.2 This feature was introduced.
• Prerequisites for Implementing Cisco MPLS Forwarding, page 113
• Restrictions for Implementing Cisco MPLS Forwarding, page 113
• Information About Implementing MPLS Forwarding, page 114
• Additional References, page 116
Prerequisites for Implementing Cisco MPLS Forwarding
These prerequisites are required to implement MPLS Forwarding:
• You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
• Router that runs Cisco IOS XR software.
• Installed composite mini-image and the MPLS package, or a full composite image.
Restrictions for Implementing Cisco MPLS Forwarding
• Label switching on a Cisco router requires that Cisco Express Forwarding (CEF) be enabled.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 113• CEF is mandatory for Cisco IOS XR software and it does not need to be enabled explicitly.
Information About Implementing MPLS Forwarding
To implement MPLS Forwarding, you should understand these concepts:
MPLS Forwarding Overview
MPLS combines the performance and capabilities of Layer 2 (data link layer) switching with the proven
scalability of Layer 3 (network layer) routing. MPLS enables service providers to meet the challenges of
growth in network utilization while providing the opportunity to differentiate services without sacrificing the
existing network infrastructure. The MPLS architecture is flexible and can be employed in any combination
of Layer 2 technologies. MPLS support is offered for all Layer 3 protocols, and scaling is possible well beyond
that typically offered in today’s networks.
Based on routing information that is stored in the VRF IP routing table and VRF CEF table, packets are
forwarded to their destination using MPLS.
A PE router binds a label to each customer prefix learned from a CE router and includes the label in the
network reachability information for the prefix that it advertisesto other PE routers. When a PE router forwards
a packet received from a CE router across the provider network, it labels the packet with the label learned
from the destination PE router. When the destination PE router receives the labeled packet it pops the label
and uses it to direct the packet to the correct CE router. Label forwarding across the provider backbone, is
based on either dynamic label switching or traffic engineered paths. A customer data packet carries two levels
of labels when traversing the backbone:
• Top label directs the packet to the correct PE router
• Second label indicates how that PE router should forward the packet to the CE router
Label Switching Functions
In conventional Layer 3 forwarding mechanisms, as a packet traverses the network, each router extracts all
the information relevant to forwarding the packet from the Layer 3 header. This information is then used as
an index for a routing table lookup to determine the next hop for the packet.
In the most common case, the only relevant field in the header is the destination address field, but in some
cases, other header fields might also be relevant. As a result, the header analysis must be done independently
at each router through which the packet passes. In addition, a complicated table lookup must also be done at
each router.
In label switching, the analysis of the Layer 3 header is done only once. The Layer 3 header is then mapped
into a fixed-length, unstructured value called a label.
Many different headers can map to the same label, as long as those headers always result in the same choice
of next hop. In effect, a label represents a forwarding equivalence class—that is, a set of packets which,
however different they may be, are indistinguishable by the forwarding function.
The initial choice of a label need not be based exclusively on the contents of the Layer 3 packet header; for
example, forwarding decisions at subsequent hops can also be based on routing policy.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
114 OL-26056-02
Implementing MPLS Forwarding
Information About Implementing MPLS ForwardingOnce a label is assigned, a short label header is added at the front of the Layer 3 packet. This header is carried
across the network as part of the packet. At subsequent hops through each MPLS router in the network, labels
are swapped and forwarding decisions are made by means of MPLS forwarding table lookup for the label
carried in the packet header. Hence, the packet header does not need to be reevaluated during packet transit
through the network. Because the label is of fixed length and unstructured, the MPLS forwarding table lookup
process is both straightforward and fast.
Distribution of Label Bindings
Each labelswitching router (LSR) in the network makes an independent, local decision asto which label value
to use to represent a forwarding equivalence class. This association is known as a label binding.
Note The distribution of label bindings cannot be done statically for the Layer 2 VPN pseudowire.
Each LSR informs its neighbors of the label bindings it has made. This awareness of label bindings by
neighboring routers is facilitated by these protocols:
Label Distribution Protocol (LDP)
Supports MPLS forwarding along normally routed paths.
Resource Reservation Protocol (RSVP)
Supports MPLS traffic engineering.
Border Gateway Protocol (BGP)
Supports MPLS virtual private networks (VPNs).
When a labeled packet is sent from LSR A to the neighboring LSR B, the label value carried by the IP packet
is the label value that LSR B assigned to represent the forwarding equivalence class of the packet. Thus, the
label value changes as the IP packet traverses the network.
MFI Control-Plane Services
The MFI control-plane provides services to MPLS applications, such as Label Distribution Protocol (LDP)
and Traffic Engineering (TE), that include enabling and disabling MPLS on an interface, local label allocation,
MPLS rewrite setup (including backup links), management of MPLS label tables, and the interaction with
other forwarding paths (IP Version 4 [IPv4] for example) to set up imposition and disposition.
MFI Data-Plane Services
The MFI data-plane provides a software implementation of MPLS forwarding in all of these forms:
• Imposition
• Disposition
• Label swapping
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 115
Implementing MPLS Forwarding
Distribution of Label BindingsMPLS Maximum Transmission Unit
MPLS maximum transmission unit (MTU) indicates that the maximum size of the IP packet can still be sent
on a data link, without fragmenting the packet. In addition, data linksin MPLS networks have a specific MTU,
but for labeled packets. All IPv4 packets have one or more labels. This does imply that the labeled packets
are slightly bigger than the IP packets, because for every label, four bytes are added to the packet. So, if n is
the number of labels, n * 4 bytes are added to the size of the packet when the packet is labeled. The MPLS
MTU parameter pertains to labeled packets.
Additional References
For additional information related to implementing MPLS Forwarding, refer to the following references:
Related Documents
Related Topic Document Title
MPLS Forwarding Commands on Cisco ASR 9000
Series Router module in Cisco ASR 9000 Series
Aggregation Services Routers MPLS Command
Reference
MPLS Forwarding commands
Cisco ASR 9000 Series Aggregation Services Routers
Getting Started Guide
Getting started material
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
—
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
116 OL-26056-02
Implementing MPLS Forwarding
MPLS Maximum Transmission UnitRFCs
RFCs Title
RFC 3031 Multiprotocol Label Switching Architecture
Time to Live (TTL) Processing in Multi-Protocol
Label Switching (MPLS) Networks
RFC 3443
Requirements for Inter-Area MPLS Traffic
Engineering
RFC 4105
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 117
Implementing MPLS Forwarding
Additional References Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
118 OL-26056-02
Implementing MPLS Forwarding
Additional ReferencesC H A P T E R 4
Implementing MPLS Traffic Engineering
This module describes how to implement MPLS Traffic Engineering on Cisco ASR 9000 Series Router.
Multiprotocol Label Switching (MPLS) is a standards-based solution driven by the Internet Engineering
Task Force (IETF) that was devised to convert the Internet and IP backbones from best-effort networks into
business-class transport mediums.
MPLS, with its label switching capabilities, eliminates the need for an IP route look-up and creates a virtual
circuit (VC)switching function, allowing enterprisesthe same performance on their IP-based network services
as with those delivered over traditional networks such as Frame Relay or Asynchronous Transfer Mode
(ATM).
MPLS traffic engineering (MPLS-TE) software enables an MPLS backbone to replicate and expand upon
the TE capabilities of Layer 2 ATM and Frame Relay networks. MPLS is an integration of Layer 2 and Layer
3 technologies. By making traditional Layer 2 features available to Layer 3, MPLS enablestraffic engineering.
Thus, you can offer in a one-tier network what now can be achieved only by overlaying a Layer 3 network
on a Layer 2 network.
Feature History for Implementing MPLS-TE
Release Modification
Release 3.7.2 This feature was introduced.
The MPLS Traffic Engineering (TE): Path Protection feature
was added.
Release 3.9.0
Release 3.9.1 The MPLS-TE automatic bandwidth feature is supported.
Support was added for the following features:
• AutoTunnel Backup
• MPLS-TE Automatic Bandwidth
• SRLG (Shared Risk Link Groups)
Release 4.0.0
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 119Release Modification
Support was added for the following features:
• Ignore Intermediate System-to-Intermediate System
Overload Bit Setting in MPLS-TE
• Point-to-Multipoint Traffic-Engineering
Release 4.1.0
Release 4.1.1 The Auto-Tunnel Mesh feature was added.
Support was added for the following features:
• Soft-Preemption
• Path Option Attributes
Release 4.2.0
The Auto-Tunnel Attribute-set feature was added for auto-backup
tunnels.
Release 4.2.1
• Prerequisites for Implementing Cisco MPLS Traffic Engineering, page 120
• Restrictions for Implementing Cisco MPLS Traffic Engineering, page 120
• Information About Implementing MPLS Traffic Engineering, page 121
• How to Implement Traffic Engineering, page 155
• Configuration Examples for Cisco MPLS-TE, page 260
• Additional References, page 283
Prerequisites for Implementing Cisco MPLS Traffic Engineering
These prerequisites are required to implement MPLS TE:
• You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
• Router that runs Cisco IOS XR software .
• Installed composite mini-image and the MPLS package, or a full composite image.
• IGP activated.
Restrictions for Implementing Cisco MPLS Traffic Engineering
In addition to the MPLS-TE Fast Reroute feature supporting the GigabitEthernet and TenGigE line cards, this
current release also supports the 8-port OC-12 SPA, 2-port OC-48 SPA, 1-port OC-192 SPA, along with the
Cisco ASR 9000 Series SPA Interface Processor-700. This feature is also supported on the main interfaces
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
120 OL-26056-02
Implementing MPLS Traffic Engineering
Prerequisites for Implementing Cisco MPLS Traffic Engineeringon the SPA line cards, not on sub-interfaces. There is no support for the MPLS-TE Fast Reroute feature on
the 2-port channelized OC-12 SPA or on the 1-port channelized OC-48 SPA.
Information About Implementing MPLS Traffic Engineering
To implement MPLS-TE, you should understand these concepts:
Overview of MPLS Traffic Engineering
MPLS-TE software enables an MPLS backbone to replicate and expand upon the traffic engineering capabilities
of Layer 2 ATM and Frame Relay networks. MPLS is an integration of Layer 2 and Layer 3 technologies.
By making traditional Layer 2 features available to Layer 3, MPLS enables traffic engineering. Thus, you can
offer in a one-tier network what now can be achieved only by overlaying a Layer 3 network on a Layer 2
network.
MPLS-TE is essential for service provider and Internet service provider (ISP) backbones. Such backbones
must support a high use of transmission capacity, and the networks must be very resilient so that they can
withstand link or node failures. MPLS-TE provides an integrated approach to traffic engineering.With MPLS,
traffic engineering capabilities are integrated into Layer 3, which optimizes the routing of IP traffic, given
the constraints imposed by backbone capacity and topology.
Related Topics
Configuring Forwarding over the MPLS-TE Tunnel, on page 161
Benefits of MPLS Traffic Engineering
MPLS-TE enables ISPs to route network traffic to offer the best service to their users in terms of throughput
and delay. By making the service provider more efficient, traffic engineering reduces the cost of the network.
Currently, some ISPs base their services on an overlay model. In the overlay model, transmission facilities
are managed by Layer 2 switching. The routers see only a fully meshed virtual topology, making most
destinations appear one hop away. If you use the explicit Layer 2 transit layer, you can precisely control how
traffic uses available bandwidth. However, the overlay model has numerous disadvantages. MPLS-TE achieves
the TE benefits of the overlay model without running a separate network and without a non-scalable, full
mesh of router interconnects.
How MPLS-TE Works
MPLS-TE automatically establishes and maintains label switched paths (LSPs) across the backbone by using
RSVP. The path that an LSP uses is determined by the LSP resource requirements and network resources,
such as bandwidth. Available resources are flooded by means of extensions to a link-state-based Interior
Gateway Protocol (IGP).
MPLS-TE tunnels are calculated at the LSP headend router, based on a fit between the required and available
resources (constraint-based routing). The IGP automatically routes the traffic to these LSPs.
Typically, a packet crossing the MPLS-TE backbone travels on a single LSP that connects the ingress point
to the egress point. MPLS-TE is built on these mechanisms:
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 121
Implementing MPLS Traffic Engineering
Information About Implementing MPLS Traffic EngineeringTunnel interfaces
From a Layer 2 standpoint, an MPLS tunnel interface represents the headend of an LSP. It is configured
with a set of resource requirements, such as bandwidth and media requirements, and priority. From a
Layer 3 standpoint, an LSP tunnel interface is the headend of a unidirectional virtual link to the tunnel
destination.
MPLS-TE path calculation module
This calculation module operates at the LSP headend. The module determines a path to use for an LSP.
The path calculation uses a link-state database containing flooded topology and resource information.
RSVP with TE extensions
RSVP operates at each LSP hop and is used to signal and maintain LSPs based on the calculated path.
MPLS-TE link management module
This module operates at each LSP hop, performs link call admission on the RSVP signaling messages,
and performs bookkeeping on topology and resource information to be flooded.
Link-state IGP (Intermediate System-to-Intermediate System [IS-IS] or Open Shortest Path First
[OSPF]—each with traffic engineering extensions)
These IGPs are used to globally flood topology and resource information from the link management
module.
Enhancements to the shortest path first (SPF) calculation used by the link-state IGP (IS-IS or OSPF)
The IGP automatically routes traffic to the appropriate LSP tunnel, based on tunnel destination. Static
routes can also be used to direct traffic to LSP tunnels.
Label switching forwarding
This forwarding mechanism provides routers with a Layer 2-like ability to direct traffic across multiple
hops of the LSP established by RSVP signaling.
One approach to engineering a backbone is to define a mesh of tunnels from every ingress device to every
egress device. The MPLS-TE path calculation and signaling modules determine the path taken by the LSPs
for these tunnels, subject to resource availability and the dynamic state of the network.
The IGP (operating at an ingress device) determines which traffic should go to which egress device, and steers
that traffic into the tunnel from ingress to egress. A flow from an ingress device to an egress device might be
so large that it cannot fit over a single link, so it cannot be carried by a single tunnel. In this case, multiple
tunnels between a given ingress and egress can be configured, and the flow is distributed using load sharing
among the tunnels.
Related Topics
Building MPLS-TE Topology, on page 155
Creating an MPLS-TE Tunnel, on page 158
Build MPLS-TE Topology and Tunnels: Example, on page 260
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
122 OL-26056-02
Implementing MPLS Traffic Engineering
Overview of MPLS Traffic EngineeringMPLS Traffic Engineering
Multiprotocol Label Switching (MPLS) is an Internet Engineering Task Force (IETF)-specified framework
that provides efficient designation, routing, forwarding, and switching of traffic flows through the network.
TE is the process of adjusting bandwidth allocations to ensure that enough bandwidth is available for
high-priority traffic.
In MPLS TE, the upstream router creates a network tunnel for a particular traffic stream and setsthe bandwidth
available for that tunnel.
Backup AutoTunnels
The MPLS Traffic Engineering AutoTunnel Backup feature enables a router to dynamically build backup
tunnels on the interfacesthat are configured with MPLS TE tunnels. Thisfeature enables a router to dynamically
build backup tunnels when they are needed. This prevents you from having to build MPLS TE tunnelsstatically.
The MPLS Traffic Engineering (TE)—AutoTunnel Backup feature has these benefits:
• Backup tunnels are built automatically, eliminating the need for usersto preconfigure each backup tunnel
and then assign the backup tunnel to the protected interface.
• Protection is expanded—FRR does not protect IP traffic that is not using the TE tunnel or Label
Distribution Protocol (LDP) labels that are not using the TE tunnel.
This feature protects against these failures:
• P2P Tunnel NHOP protection—Protects against link failure for the associated P2P protected tunnel
• P2P Tunnel NNHOP protection—Protects against node failure for the associated P2P protected tunnel
• P2MP Tunnel NHOP protection—Protects against link failure for the associated P2MP protected
tunnel
Related Topics
Enabling an AutoTunnel Backup, on page 169
Removing an AutoTunnel Backup, on page 170
Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPs, on page 172
Establishing Next-Hop Tunnels with Link Protection, on page 174
Configure the MPLS-TE Auto-Tunnel Backup: Example, on page 269
AutoTunnel Attribute-set
This feature supports auto-tunnels configuration using attribute templates, known as attribute-set. The TE
attribute-set template that specifies a set of TE tunnel attributes, is locally configured at the head-end of
auto-tunnels. The control plane triggers the automatic provisioning of a corresponding TE tunnel, whose
characteristics are specified in the respective attribute-set.
Currently, auto-tunnel backups are created with the default values of all tunnel attributes. To support
configurable attributes for auto-tunnel backup, it is required to configure attribute-set and assign it to the
backup tunnels. The attribute-set consists of a set of tunnel attributes such as priority, affinity, signaled
bandwidth, logging, policy-class, record-route and so on.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 123
Implementing MPLS Traffic Engineering
MPLS Traffic EngineeringThe following rules (consistent across all auto-tunnels) apply while configuring the attribute-set:
• If no attribute-set template is defined, the auto-tunnels is created using default attribute values.
• If an attribute-set is defined and the attribute-set template is already configured, the auto-tunnel is created
using the attributes specified in the associated attribute-set.
• If an attribute-set is assigned, but it is not defined or configured, auto-tunnel is not created.
• Any number of attribute-sets can be configured with same attribute settings.
• Empty tunnel attribute implies all parameters have default values.
• When specific attribute is not specified in the attribute-set, a default value for that attribute is used.
Link Protection
The backup tunnels that bypass only a single link of the LSP path provide link protection. They protect LSPs,
if a link along their path fails, by rerouting the LSP traffic to the next hop, thereby bypassing the failed link.
These are referred to as NHOP backup tunnels because they terminate at the LSP's next hop beyond the point
of failure.
This figure illustrates link protection.
Figure 10: Link Protection
Node Protection
The backup tunnels that bypass next-hop nodes along LSP paths are called NNHOP backup tunnels because
they terminate at the node following the next-hop node of the LSPs, thereby bypassing the next-hop node.
They protect LSPs by enabling the node upstream of a link or node failure to reroute the LSPs and their traffic
around a node failure to the next-hop node. NNHOP backup tunnels also provide protection from link failures
because they bypass the failed link and the node.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
124 OL-26056-02
Implementing MPLS Traffic Engineering
MPLS Traffic EngineeringThis figure illustrates node protection.
Figure 11: Node Protection
Backup AutoTunnel Assignment
At the head or mid points of a tunnel, the backup assignment finds an appropriate backup to protect a given
primary tunnel for FRR protection.
The backup assignment logic is performed differently based on the type of backup configured on the output
interface used by the primary tunnel. Configured backup types are:
• Static Backup
• AutoTunnel Backup
• No Backup (In this case no backup assignment is performed and the tunnels is unprotected.)
Static backup and Backup AutoTunnel cannot exist together on the same interface or
link.
Note
Node protection is always preferred over link protection in the Backup AutoTunnel
assignment.
Note
In order that the Backup AutoTunnel feature operatessuccessfully, the following configuration must be applied
at global configuration level:
ipv4 unnumbered mpls traffic-eng Loopback 0
Note The Loopback 0 is used as router ID.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 125
Implementing MPLS Traffic Engineering
MPLS Traffic EngineeringExplicit Paths
Explicit paths are used to create backup autotunnels as follows:
For NHOP Backup Autotunnels:
• NHOP excludes the protected link's local IP address.
• NHOP excludes the protected link’s remote IP address.
• The explicit-path name is _autob_nhop_tunnelxxx, where xxx matches the dynamically created backup
tunnel ID.
For NNHOP Backup Autotunnels:
• NNHOP excludes the protected link’s local IP address.
• NNHOP excludes the protected link’s remote IP address (link address on next hop).
• NNHOP excludes the NHOP router ID of the protected primary tunnel next hop.
• The explicit-path name is _autob_nnhop_tunnelxxx, where xxx matchesthe dynamically created backup
tunnel ID.
Periodic Backup Promotion
The periodic backup promotion attemptsto find and assign a better backup for primary tunnelsthat are already
protected.
With AutoTunnel Backup, the only scenario where two backups can protect the same primary tunnel is when
both an NHOP and NNHOP AutoTunnel Backups get created. The backup assignment takes place as soon as
the NHOP and NNHOP backup tunnels come up. So, there is no need to wait for the periodic promotion.
Although there is no exception for AutoTunnel Backups, periodic backup promotion has no impact on primary
tunnels protected by AutoTunnel Backup.
One exception is when a manual promotion is triggered by the user using the mpls traffic-eng fast-reroute
timers promotion command, where backup assignment or promotion istriggered on all FRR protected primary
tunnels--even unprotected ones. This may trigger the immediate creation of some AutoTunnel Backup, if the
command is entered within the time window when a required AutoTunnel Backup has not been yet created.
You can configure the periodic promotion timer using the global configuration mpls traffic-eng fast-reroute
timers promotion sec command. The range is 0 to 604800 seconds.
Note A value of 0 for the periodic promotion timer disables the periodic promotion.
Protocol-Based CLI
Cisco IOS XR software provides a protocol-based command line interface. The CLI provides commands that
can be used with the multiple IGP protocols supported by MPLS-TE.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
126 OL-26056-02
Implementing MPLS Traffic Engineering
Protocol-Based CLIDifferentiated Services Traffic Engineering
MPLS Differentiated Services (Diff-Serv) Aware Traffic Engineering (DS-TE) is an extension of the regular
MPLS-TE feature. Regular traffic engineering does not provide bandwidth guarantees to different traffic
classes. A single bandwidth constraint is used in regular TE that is shared by all traffic. To support various
classes of service (CoS), users can configure multiple bandwidth constraints. These bandwidth constraints
can be treated differently based on the requirement for the traffic class using that constraint.
MPLS DS-TE providesthe ability to configure multiple bandwidth constraints on an MPLS-enabled interface.
Available bandwidths from all configured bandwidth constraints are advertised using IGP. TE tunnel is
configured with bandwidth value and class-type requirements. Path calculation and admission control take
the bandwidth and class-type into consideration. RSVP is used to signal the TE tunnel with bandwidth and
class-type requirements.
MPLS DS-TE is deployed with either Russian Doll Model (RDM) or Maximum Allocation Model (MAM)
for bandwidth calculations.
Cisco IOS XR software supports two DS-TE modes: Prestandard and IETF.
Related Topics
Confirming DiffServ-TE Bandwidth, on page 76
Bandwidth Configuration (MAM): Example, on page 104
Bandwidth Configuration (RDM): Example, on page 105
Prestandard DS-TE Mode
Prestandard DS-TE uses the Cisco proprietary mechanisms for RSVP signaling and IGP advertisements. This
DS-TE mode does not interoperate with third-party vendor equipment. Note that prestandard DS-TE is enabled
only after configuring the sub-pool bandwidth values on MPLS-enabled interfaces.
Prestandard Diff-Serve TE mode supports a single bandwidth constraint model a Russian Doll Model (RDM)
with two bandwidth pools: global-pool and sub-pool.
TE class map is not used with Prestandard DS-TE mode.
Related Topics
Configuring a Prestandard DS-TE Tunnel, on page 176
Configure IETF DS-TE Tunnels: Example, on page 261
IETF DS-TE Mode
IETF DS-TE mode usesIETF-defined extensionsfor RSVP and IGP. This mode interoperates with third-party
vendor equipment.
IETF mode supports multiple bandwidth constraint models, including RDM and MAM, both with two
bandwidth pools. In an IETF DS-TE network, identical bandwidth constraint models must be configured on
all nodes.
TE class map is used with IETF DS-TE mode and must be configured the same way on all nodes in the
network.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 127
Implementing MPLS Traffic Engineering
Differentiated Services Traffic EngineeringBandwidth Constraint Models
IETF DS-TE mode provides support for the RDM and MAM bandwidth constraints models. Both models
support up to two bandwidth pools.
Cisco IOS XR software provides global configuration for the switching between bandwidth constraint models.
Both models can be configured on a single interface to preconfigure the bandwidth constraints before swapping
to an alternate bandwidth constraint model.
Note NSF is not guaranteed when you change the bandwidth constraint model or configuration information.
By default, RDM is the default bandwidth constraint model used in both pre-standard and IETF mode.
Maximum Allocation Bandwidth Constraint Model
The MAM constraint model has the following characteristics:
• Easy to use and intuitive.
• Isolation across class types.
• Simultaneously achieves isolation, bandwidth efficiency, and protection against QoS degradation.
Related Topics
Configuring an IETF DS-TE Tunnel Using MAM, on page 181
Russian Doll Bandwidth Constraint Model
The RDM constraint model has these characteristics:
• Allows greater sharing of bandwidth among different class types.
• Ensures bandwidth efficiency simultaneously and protection against QoS degradation of all class types.
• Specifies that it is used in conjunction with preemption to simultaneously achieve isolation across
class-types such that each class-type is guaranteed its share of bandwidth, bandwidth efficiency, and
protection against QoS degradation of all class types.
We recommend that RDM not be used in DS-TE environmentsin which the use of preemption is precluded.
Although RDM ensures bandwidth efficiency and protection against QoS degradation of class types, it
does guarantee isolation across class types.
Note
Related Topics
Configuring an IETF DS-TE Tunnel Using RDM, on page 178
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
128 OL-26056-02
Implementing MPLS Traffic Engineering
Differentiated Services Traffic EngineeringTE Class Mapping
Each of the eight available bandwidth values advertised in the IGP corresponds to a TE class. Because the
IGP advertises only eight bandwidth values, there can be a maximum of only eight TE classes supported in
an IETF DS-TE network.
TE class mapping must be exactly the same on all routers in a DS-TE domain. It is the responsibility of the
operator configure these settings properly as there is no way to automatically check or enforce consistency.
The operator must configure TE tunnel class types and priority levels to form a valid TE class. When the TE
class map configuration is changed, tunnels already up are brought down. Tunnels in the down state, can be
set up if a valid TE class map is found.
The default TE class and attributes are listed. The default mapping includes four class types.
Table 4: TE Classes and Priority
TE Class Class Type Priority
0 0 7
1 1 7
2 Unused —
3 Unused —
4 0 0
5 1 0
6 Unused —
7 Unused —
Flooding
Available bandwidth in all configured bandwidth poolsisflooded on the network to calculate accurate constraint
paths when a new TE tunnel is configured. Flooding usesIGP protocol extensions and mechanismsto determine
when to flood the network with bandwidth.
Flooding Triggers
TE Link Management (TE-Link) notifies IGP for both global pool and sub-pool available bandwidth and
maximum bandwidth to flood the network in these events:
• Periodic timer expires (this does not depend on bandwidth pool type).
• Tunnel origination node has out-of-date information for either available global pool orsub-pool bandwidth,
causing tunnel admission failure at the midpoint.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 129
Implementing MPLS Traffic Engineering
Flooding• Consumed bandwidth crosses user-configured thresholds. The same threshold is used for both global
pool and sub-pool. If one bandwidth crosses the threshold, both bandwidths are flooded.
Flooding Thresholds
Flooding frequently can burden a network because all routers must send out and process these updates.
Infrequent flooding causes tunnel heads (tunnel-originating nodes) to have out-of-date information, causing
tunnel admission to fail at the midpoints.
You can control the frequency of flooding by configuring a set of thresholds. When locked bandwidth (at one
or more priority levels) crosses one of these thresholds, flooding is triggered.
Thresholds apply to a percentage of the maximum available bandwidth (the global pool), which is locked,
and the percentage of maximum available guaranteed bandwidth (the sub-pool), which is locked. If, for one
or more priority levels, either of these percentages crosses a threshold, flooding is triggered.
Setting up a global pool TE tunnel can cause the locked bandwidth allocated to sub-pool tunnels to be
reduced (and hence to cross a threshold). A sub-pool TE tunnel setup can similarly cause the locked
bandwidth for global pool TE tunnels to cross a threshold. Thus, sub-pool TE and global pool TE tunnels
can affect each other when flooding is triggered by thresholds.
Note